(Node.js) Get Certificate Authority Information Access

Demonstrates how to get a certificate's Authority Information Access extension data (if it exists).

Note: This example requires Chilkat v9.5.0.76 or greater.

Install Chilkat for Node.js and Electron using npm at Chilkat npm packages for Node.js Chilkat npm packages for Electron on Windows, Linux, MacOSX, and ARM

var os = require('os');
if (os.platform() == 'win32') {  
    if (os.arch() == 'ia32') {
        var chilkat = require('@chilkat/ck-node21-win-ia32');
    } else {
        var chilkat = require('@chilkat/ck-node21-win64'); 
    }
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node21-arm');
    } else if (os.arch() == 'x86') {
        var chilkat = require('@chilkat/ck-node21-linux32');
    } else {
        var chilkat = require('@chilkat/ck-node21-linux64');
    }
} else if (os.platform() == 'darwin') {
    if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node21-mac-m1');
    } else {
        var chilkat = require('@chilkat/ck-node21-macosx');
    }
}

function chilkatExample() {

    var cert = new chilkat.Cert();

    var success = cert.LoadFromFile("qa_data/certs/test_haswdt.cer");
    if (success !== true) {
        console.log(cert.LastErrorText);
        return;
    }

    // Get the Authority Information Access extension, which is at OID 1.3.6.1.5.5.7.1.1
    var extensionXmlStr = cert.GetExtensionAsXml("1.3.6.1.5.5.7.1.1");
    if (cert.LastMethodSuccess == false) {
        console.log("Certificate does not have the AuthInfoAccess extension.");
        return;
    }

    var xml = new chilkat.Xml();
    xml.LoadXml(extensionXmlStr);

    // See what we have..
    console.log(xml.GetXml());

    // We should get XML like this:

    // <?xml version="1.0" encoding="utf-8" ?>
    // <sequence>
    //     <sequence>
    //         <oid>1.3.6.1.5.5.7.48.2</oid>
    //         <contextSpecific tag="6" constructed="0">aHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1
    // cmVFbWFpbENBLmNydA==</contextSpecific>
    //     </sequence>
    //     <sequence>
    //         <oid>1.3.6.1.5.5.7.48.1</oid>
    //         <contextSpecific tag="6" constructed="0">aHR0cDovL29jc3AuY29tb2RvY2EuY29t</contextSpecific>
    //     </sequence>
    // </sequence>

    // Typically, a certificate AIA(Authority Information access) contains 2 parts:
    // 
    //     On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
    //     Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
    // 
    // The base64 content for each OID (in this case) is just a string.  
    // The data can be accessed and decoded like this:

    var sbOcsp = new chilkat.StringBuilder();
    success = xml.GetChildContentSb("/C/oid,1.3.6.1.5.5.7.48.1|++",sbOcsp);
    if (success == true) {
        sbOcsp.Decode("base64","utf-8");
        console.log("1.3.6.1.5.5.7.48.1:  " + sbOcsp.GetAsString());
    }

    var sbIssuer = new chilkat.StringBuilder();
    success = xml.GetChildContentSb("/C/oid,1.3.6.1.5.5.7.48.2|++",sbIssuer);
    if (success == true) {
        sbIssuer.Decode("base64","utf-8");
        console.log("1.3.6.1.5.5.7.48.2:  " + sbIssuer.GetAsString());
    }

    // The output looks like this:

    // 1.3.6.1.5.5.7.48.1:  http://ocsp.comodoca.com
    // 1.3.6.1.5.5.7.48.2:  http://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt

    // -------------------------------------------------------------------------------
    // Note: The Chilkat path passed to GetChildContentSb is composed of two commands:
    // The first command is "/C/oid,1.3.6.1.5.5.7.48.1".   It says "traverse the XML tree from the caller
    // node and stop at the 1st node having tag = "oid" and content = "1.3.6.1.5.5.7.48.1".
    // The "|" char separates the 1st command from the 2nd.
    // The 2nd command is "++" and says "move to the next sibling".

}

chilkatExample();