WebCrypto GOST Class: TrustedCAPolicy

GostCert. TrustedCAPolicy


new TrustedCAPolicy(trustedCACerts, requireCRL, requireCA)

A certificate trust policy based on a set of trusted root CAs.

In this policy, a certificate will be trusted if and only if it is part of a valid certificate chain which terminates in one of the trusted root CAs.

This policy has two options for certificate chain verification:
  • requireCRL - If true, then for every certificate in a chain (unless it is one of the trusted root CA certificates) a valid CRL must be provided to determine its revocation status. The default is false.
  • requireCAFlag - If true, then every intermediate CA certificate (excluding the root CA or the end entity certificate) must contain a Basic Constraints extension, with the CA flag set. The default for this option is true.
Name Type Description
trustedCACerts Array.<GostCert.X509>
requireCRL boolean
requireCA boolean



getValidCertificate(selector, certificates, crls, date) → {Promise}

Returns a certificate, known to be valid (according to criteria dependent on the verification scheme), which has the given selector, certificate and CRL lists to implement a particular certificate verification scheme, such a forming valid certificate chains.
Second and third argument to this method may be undefined, and such a case must be treated exactly the same as if the particular argument was an empty array.
Name Type Description
selector GostCert.CertificateSelector Certificate selector
certificates Array.<GostASN1.Certificate> Certificates
crls Array.<GostASN1.CertificateList> CLRs
date Date Validation date. Default today
Promise to return valid GostCert.X509