X.509
parse — turn a DER or PEM certificate into a structured, fully-decoded object: version, serial, signature algorithm, issuer and subject distinguished names, validity window (as real Dates), subject public-key info, and the extension list. The parser composes the strict DER codec and the OID registry, so every field is validated on the way in and every algorithm / attribute / extension is named where the registry knows it.
The raw tbsCertificate bytes are returned alongside the parsed fields so a signature-verification layer can hash exactly the bytes that were signed rather than re-encoding and hoping for round-trip fidelity.
pki.schema.x509.pemDecode
pki.schema.x509.pemDecode(text, label?) -> Buffer
Extract the DER bytes from a PEM block. With label given (e.g. "CERTIFICATE") the block type must match; without it, the first block is taken. Throws PemError on a missing / mismatched envelope or a non-base64 body.
Example
var der = pki.schema.x509.pemDecode(pemText, "CERTIFICATE");
References
pki.schema.x509.pemEncode
pki.schema.x509.pemEncode(der, label) -> string
Wrap DER bytes in a PEM envelope with 64-column base64 lines.
Example
var pem = pki.schema.x509.pemEncode(der, "CERTIFICATE");
References
pki.schema.x509.parse
pki.schema.x509.parse(input) -> certificate
Parse a DER Buffer or a PEM string/Buffer into a structured certificate: { version, serialNumber, serialNumberHex, signatureAlgorithm, issuer, subject, validity, subjectPublicKeyInfo, extensions, tbsBytes, signatureValue }. Distinguished names come back both as a rendered dn string and as structured rdns; the validity window is real Dates; tbsBytes is the exact signed byte range for a downstream verifier.
Throws CertificateError when the bytes are not a well-formed certificate and Asn1Error when the underlying DER is malformed.
Example
var cert = pki.schema.x509.parse(pemString);
cert.subject.dn; // "CN=example.com, O=Example"
cert.validity.notAfter; // Date
cert.signatureAlgorithm.name; // "sha256WithRSAEncryption"