node-x509
Simple X509 certificate parser. This fork provides a compatibility with Node.js versions later than 10. The original library seems like stopped being supported.
Installation
From NPM (recommended):
npm install @ghaiklor/x509
Building and testing from source:
npm install
npm test
Usage
Reading from a file:
const x509 = require('@ghaiklor/x509');
const issuer = x509.getIssuer(__dirname + '/certs/your.crt');
Reading from a string:
const fs = require('fs');
const x509 = require('@ghaiklor/x509');
const issuer = x509.getIssuer(fs.readFileSync('./certs/your.crt').toString());
Methods
Notes:
-
cert
may be a filename or a raw base64 encoded PEM string in any of these methods.
cert
)
x509.getAltNames(Parse certificate with x509.parseCert
and return the alternate names.
const x509 = require('@ghaiklor/x509');
const altNames = x509.getAltNames(__dirname + '/certs/nodejitsu.com.crt');
// altNames = [ '*.nodejitsu.com', 'nodejitsu.com' ]
cert
)
x509.getIssuer(Parse certificate with x509.parseCert
and return the issuer.
const x509 = require('@ghaiklor/x509');
const issuer = x509.getIssuer(__dirname + '/certs/nodejitsu.com.crt');
// issuer = {
// countryName: 'GB',
// stateOrProvinceName: 'Greater Manchester',
// localityName: 'Salford',
// organizationName: 'COMODO CA Limited',
// commonName: 'COMODO High-Assurance Secure Server CA'
// }
cert
)
x509.getSubject(Parse certificate with x509.parseCert
and return the subject.
const x509 = require('@ghaiklor/x509');
const subject = x509.getSubject(__dirname + '/certs/nodejitsu.com.crt');
// subject = {
// countryName: 'US',
// postalCode: '10010',
// stateOrProvinceName: 'NY',
// localityName: 'New York',
// streetAddress: '902 Broadway, 4th Floor',
// organizationName: 'Nodejitsu',
// organizationalUnitName: 'PremiumSSL Wildcard',
// commonName: '*.nodejitsu.com'
// }
cert
)
x509.parseCert(Parse subject, issuer, valid before and after date, and alternate names from certificate.
const x509 = require('@ghaiklor/x509');
const cert = x509.parseCert(__dirname + '/certs/nodejitsu.com.crt');
// cert = {
// subject: {
// countryName: 'US',
// postalCode: '10010',
// stateOrProvinceName: 'NY',
// localityName: 'New York',
// streetAddress: '902 Broadway, 4th Floor',
// organizationName: 'Nodejitsu',
// organizationalUnitName: 'PremiumSSL Wildcard',
// commonName: '*.nodejitsu.com'
// },
// issuer: {
// countryName: 'GB',
// stateOrProvinceName: 'Greater Manchester',
// localityName: 'Salford',
// organizationName: 'COMODO CA Limited',
// commonName: 'COMODO High-Assurance Secure Server CA'
// },
// notBefore: Sun Oct 28 2012 20:00:00 GMT-0400 (EDT),
// notAfter: Wed Nov 26 2014 18:59:59 GMT-0500 (EST),
// altNames: [ '*.nodejitsu.com', 'nodejitsu.com' ],
// signatureAlgorithm: 'sha1WithRSAEncryption',
// fingerPrint: 'E4:7E:24:8E:86:D2:BE:55:C0:4D:41:A1:C2:0E:06:96:56:B9:8E:EC',
// publicKey: {
// algorithm: 'rsaEncryption',
// e: '65537',
// n: '.......'
// }
// }
cert
, CABundlePath
, function(err, result){ /.../})
x509.verify(Performs basic certificate validation against a bundle of ca certificates.
It accepts an error-first callback as first argument. If the error is null, then the certificate is valid.
The error messages are the same returned by openssl
: x509_verify_cert_error_string
Note: As now, this function only accepts absolute paths to existing files as arguments.
const x509 = require('@ghaiklor/x509');
x509.verify(
__dirname + '/certs/user.com.crt',
__dirname + 'end-user-example.com.chain',
function(err, result) { /*...*/ }
);
Examples
Checking the date to make sure the certificate is active:
const x509 = require('@ghaiklor/x509');
const cert = x509.parseCert('your_cert.crt');
const date = new Date();
if (cert.notBefore > date) {
// Certificate isn't active yet.
}
if (cert.notAfter < date) {
// Certificate has expired.
}
License
MIT