Creates a new CertificateList instance.
Configuration object
The signature algorithm
The signature bytes or BitString
The TBS certificate list
Algorithm used to sign the CRL
Digital signature over the TBS CRL
The TBS (To Be Signed) portion of the CRL containing the revocation list
Gets the PEM header for CRL encoding.
The PEM header string
Gets the PKI type name for this object (typically the class name). Used for PEM headers and debugging output.
Compares this PKI object with another for equality. Two objects are considered equal if their DER encodings are identical.
The other PKI object to compare with
true if the objects are equal, false otherwise
Parses this object as a different PKI type. Useful for converting between related PKI structures.
The target type to parse as
The target type constructor with parsing capabilities
A new instance of the target type
Converts the CRL to its ASN.1 representation.
ASN.1 structure representing the CRL
Converts this PKI object to DER (Distinguished Encoding Rules) format.
The DER-encoded bytes of this object
Returns a human-readable string representation of this object. By default, returns the same as toString(), but subclasses can override for more user-friendly output.
A human-readable string representation
Converts this PKI object to PEM (Privacy-Enhanced Mail) format.
A PEM-encoded string with appropriate headers
Returns a string representation of this PKI object. Includes the type name and ASN.1 structure.
A string representation for debugging
StaticcreateCreates an empty CRL with no revoked certificates.
This method is useful for initializing a new CRL or for testing purposes. The created CRL will have a validity period of 30 days by default.
Configuration for the empty CRL
The name of the CA issuing the CRL
The CA's private key for signing
OptionalsignatureAlgorithmParams?: AsymmetricEncryptionAlgorithmParamsOptional signature algorithm, defaults to RSA-SHA256
Promise resolving to the created empty CRL
const emptyCrl = await CertificateList.createEmpty({
issuer: new Name({ commonName: 'Test CA' }),
privateKey: caPrivateKey,
signatureAlgorithmParams: {
type: 'RSASSA_PKCS1_v1_5',
params: { hash: 'SHA-384' }
}
})
// CRL is valid for 30 days from creation
console.log(emptyCrl.tbsCertList.thisUpdate) // Current time
console.log(emptyCrl.tbsCertList.nextUpdate) // 30 days later
StaticfetchFetches a CRL from a URL and parses it.
This is commonly used to retrieve CRLs from Certificate Distribution Points specified in X.509 certificates.
The URL to fetch the CRL from
Promise resolving to the fetched and parsed CRL
StaticfromCreates a CertificateList from an ASN.1 structure.
Parses the ASN.1 SEQUENCE structure and extracts the TBS certificate list, signature algorithm, and signature value components.
The ASN.1 structure to parse
The parsed CertificateList object
StaticfromCreates a CertificateList from DER-encoded bytes.
The DER-encoded CRL bytes
The parsed CertificateList
StaticfromCreates a CertificateList from PEM-encoded text.
The PEM-encoded CRL string
The parsed CertificateList
X.509 Certificate Revocation List (CRL) implementation.
A CRL is a time-stamped list identifying revoked certificates that is signed by a CA. CRLs are used to check if a certificate has been revoked before relying on it. Each CRL has a validity period and contains information about when the next update will be available.
Asn
CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING }
Example
See
RFC 5280 Section 5 - CRL and CRL Extensions Profile