CSR
parse turns a DER or PEM CSR into a structured object: version, subject distinguished name, subject public-key info, the requested attributes (each with its raw values), and the signature over the CertificationRequestInfo. It composes the same schema engine and shared PKIX sub-schemas (AlgorithmIdentifier, Name, SubjectPublicKeyInfo) the certificate parser uses, so the request inherits the identical fail-closed structural rules, and the raw certificationRequestInfoBytes are returned for signature checking.
A CSR is self-signed only in the sense that the requester proves possession of the private key; unlike a certificate or CRL there is no inner signature algorithm to agree with, the subject MAY be empty, and the attribute set has no uniqueness constraint — the parser deliberately omits those three certificate/CRL guards.
pki.schema.csr.parse
pki.schema.csr.parse(input) -> csr
Parse a DER Buffer or a PEM (CERTIFICATE REQUEST) string into a structured PKCS#10 request: { version, subject, subjectPublicKeyInfo, attributes, certificationRequestInfoBytes, tbsBytes, signatureAlgorithm, signatureValue }. Every field is validated on the way in; a malformed CertificationRequest / CertificationRequestInfo throws a typed CsrError (csr/*) and a leaf-level codec fault surfaces as asn1/*. Attribute values are returned as raw DER buffers so an unrecognized attribute type never fails the parse.
Example
var csr = pki.schema.csr.parse(der);
csr.subject.dn; // → "CN=req.example"
csr.attributes[0].type; // → "1.2.840.113549.1.9.14"
References
- spec RFC 2986
pki.schema.csr.pemDecode
pki.schema.csr.pemDecode(text, label?) -> Buffer
Extract the DER bytes from a PEM CSR block (default label CERTIFICATE REQUEST). Throws PemError on a missing / mismatched envelope or a non-base64 body.
Example
var der = pki.schema.csr.pemDecode(pemText);
References
pki.schema.csr.pemEncode
pki.schema.csr.pemEncode(der, label?) -> string
Wrap DER bytes in a PEM CSR envelope (default label CERTIFICATE REQUEST).
Example
var pem = pki.schema.csr.pemEncode(der);
References
- spec RFC 7468