|
%SYS
|
|
|
%SYS
|
|
The SYS.X509Credentials class defines the X.509 credentials which consist of an X.509 certificate and an optionally associated private key. More...
Public Member Functions | |
| _.Library.Status | OnValidateObject (_.Library.Boolean ReadOnly) |
| Validate the object during save. More... | |
| _.Library.Boolean | CheckPeerName (_.Library.String peerName) |
| Check if specified peer name is valid for this set of credentials. | |
| _.Library.Boolean | Equals (_.SYS.X509Credentials credentials) |
| Return true if the same credentials – same certificate in this case. | |
| _.Library.Status | LoadCertificate (_.Library.String filename) |
| Load a certificate from a certificate file. | |
| _.Library.Status | LoadPrivateKey (_.Library.String filename) |
| Load a private key from a private key file. | |
| _.Library.String | RSADecrypt (_.Library.String ciphertext, _.Library.Integer encoding) |
| Decrypt using the private key and password for these credentials. | |
| _.Library.String | RSASHASign (_.Library.Integer bitlength, _.Library.String data) |
| Sign using the private key and password for these credentials. | |
| _.Library.Integer | RSASize () |
| Find the size of the signature using the private key and password for these credentials. | |
| _.Library.Status | Save () |
| The Save method saves an X509Credentials object. More... | |
Static Public Member Functions | |
| _.Library.String | BinaryToHexString (_.Library.Binary input) |
| Change the binary data (stored in Thumbprint and SubjectKeyIdentifier) into formatted hex string. More... | |
| _.Library.Status | Delete (_.Library.String alias) |
| The Delete method deletes an existing X509Credentials object specified by its alias. | |
| _.Library.Boolean | Exists (_.Library.String Name, _.Library.ObjectHandle X509Credential, _.Library.Status Status) |
| X509Credential exists. More... | |
| _.Library.Status | Export (_.Library.String FileName, _.Library.Integer NumExported, _.Library.String X509Credentials, _.Library.Boolean IncludePrivateKey) |
| This method exports X509Credential records to a file in xml format. More... | |
| _.Library.ListOfObjects | FindByField (_.Library.String fieldName, _.Library.String searchValue, _.Library.ListOfObjects credentialsList) |
| Find the SYS.X509Credentials instances which have a match in the specified. More... | |
| _.Library.ListOfObjects | FindByFieldNumber (_.Library.Integer field, _.Library.String searchValue, _.Library.Boolean caseSensitive, _.Library.Boolean contains, _.Library.ListOfObjects credentialsList) |
| Internal function to find the SYS.X509Credentials instances which have a match in the specified. More... | |
| _.SYS.X509Credentials | GetByAlias (_.Library.String alias, _.Library.String pwd) |
| Get a X.509 credentials record based on the unique alias. More... | |
| _.SYS.X509Credentials | GetByCertificate (_.Library.Binary searchValue) |
| Get a X.509 credentials record based on the unique X.509 certificate. More... | |
| _.SYS.X509Credentials | GetByCertificateWithPrivateKey (_.Library.Binary searchValue) |
| Get a X.509 credentials record based on the unique X.509 certificate for use with a private key. More... | |
| _.SYS.X509Credentials | GetByRSAKeyValue (_.XML.Security.RSAKeyValue searchValue) |
| Get a X.509 credentials record which has a certificate whose. More... | |
| _.SYS.X509Credentials | GetBySubjectKeyIdentifier (_.Library.Binary searchValue) |
| Get a X.509 credentials record based on the unique SubjectKeyIdentifier. More... | |
| _.SYS.X509Credentials | GetByThumbprint (_.Library.Binary searchValue) |
| Get a X.509 credentials record based on the unique SHA1 Thumbprint. More... | |
| _.SYS.X509Credentials | GetNext (_.Library.String alias) |
| Return the next X.509 credentials object that is accessible to. More... | |
| _.Library.Status | GetProperties (_.Library.ObjectHandle X509Credential, _.Library.String Properties) |
| Get a X509Credential's properties. More... | |
| _.Library.Status | Import (_.Library.String FileName, _.Library.Integer NumImported, _.Library.Integer Flags) |
| Import X509Credential records from an xml file. More... | |
| _.Library.Status | Modify (_.Library.String Name, _.Library.String Properties) |
| Modify a X509Credential. More... | |
| _.Library.String | NormalizeDN (_.Library.String name) |
| Convert variants of the string representation of a Distinguished Name as defined by. More... | |
Public Attributes | |
| Alias | |
| The Alias is defined on import and identifies the X.509 certificate and private key. More... | |
| CAFile | |
| File containing X.509 certificate(s) of trusted Certificate Authorities. More... | |
| Certificate | |
| The X.509 certificate. More... | |
| IssuerDN | |
| Issuer DistinguishedName of the certificate. More... | |
| OwnerList | |
| The optional comma separated list of usernames which may access these credentials. More... | |
| PeerNames | |
| PeerNames is an optional comma separated list of peers which expect this. More... | |
| PrivateKey | |
| The private key associated with the certificate stored as PEM encoded text. More... | |
| PrivateKeyPassword | |
| Optional password for the private key. More... | |
| PrivateKeyType | |
| The type of the associated private key. More... | |
| SerialNumber | |
| SerialNumber of the certificate – unique for the Issuer. More... | |
| SubjectDN | |
| Subject DistinguishedName of the certificate. More... | |
| SubjectKeyIdentifier | |
| X.509 SubjectKeyIdentifier from the certificate. More... | |
| Thumbprint | |
| SHA1 Thumbprint of the certificate. More... | |
| ValidityNotAfter | |
| X.509 ValidityNotAfter from the certificate. More... | |
| ValidityNotBefore | |
| X.509 ValidityNotBefore from the certificate. More... | |
Static Public Attributes | |
| DOMAIN = None | |
| The SYS.X509Credentials class defines the X.509 credentials which consist of an X.509 certificate and an optionally associated private key. More... | |
The SYS.X509Credentials class defines the X.509 credentials which consist of an X.509 certificate and an optionally associated private key.
An optional OwnerList may be specified to restrict which users have access to these credentials. The normal ObjectScript and SQL methods for accessing this data should not be used and will not work with normal security in order to maintain the security of the credentials.
| _.Library.Status OnValidateObject | ( | _.Library.Boolean | ReadOnly | ) |
Validate the object during save.
Note that the PrivateKey property is accessed from memory during save.
|
static |
Change the binary data (stored in Thumbprint and SubjectKeyIdentifier) into formatted hex string.
Like zzdump, 8-bit strings will be displayed in 1-byte words, ziswide() strings will be displayed in 2-byte words.
|
static |
X509Credential exists.
This method checks for the existence of a X509Credential in the security database.
Parameters:
Name - Name of the X509Credential to check existence of
Return values:
If Value of the method = 0 (X509Credential does not exist, or some error occurred)
X509Credential = Null
Status = X509Credential "x" does not exist, or other error message<br>
If Value of the method = 1 (X509Credential exists)
X509Credential = Object handle to X509Credential
Status = $$$OK
|
static |
This method exports X509Credential records to a file in xml format.
Parameters:
Filename - Output file name
NumExported (byref) - Returns number of records exported.
X509Credentials - Comma separated list of X509Credentials to export, "*" = All
IncludePrivateKey - boolean value. If 1 (true), then the private key and password will be included in the export file, otherwise it will be omitted. It is the responsibility of the caller to secure the resulting file.
|
static |
Find the SYS.X509Credentials instances which have a match in the specified.
field to the specified value. If the credentialsList property is specified, then only matches from this list are returned. Otherwise all matches from the database are returned.
The following searches are supported: Alias - Unique, exact match on the Alias Certificate - Unique, exact match on the certificate SubjectKeyIdentifier - Unique, exact match to the SubjectKeyIdentifier Thumbprint - Unique, exact match to the Thumbprint SerialNumber - Exact match to the serial number IssuerDN - Case insensitive match to the Issuer DistinguishedName IssuerName - Case insensitive match to any Issuer DistinguishedName which contains the searchValue. SubjectDN - Case insensitive match to the Subject DistinguishedName SubjectName - Case insensitive match to any Subject DistinguishedName which contains the searchValue PeerNames - Case insensitive match to any PeerNames list which contains the searchValue OwnerList - Case insensitive match to any OwnerList list which contains the searchValue
A ListOfObjects is returned containing the matching SYS.X509Credentials instances. The ListOfObjects will have no entries if there are no matches. If the field name is not valid, then "" will be returned.
|
static |
Internal function to find the SYS.X509Credentials instances which have a match in the specified.
field number to the specified value. If the credentialsList property is specified, then only matches from this list are returned. Otherwise all matches from the database are returned.
|
static |
Get a X.509 credentials record based on the unique alias.
The record must have a null OwnerList or be owned by the current user to be returned.
|
static |
Get a X.509 credentials record based on the unique X.509 certificate.
The record must have a null OwnerList or be owned by the current user to be returned.
|
static |
Get a X.509 credentials record based on the unique X.509 certificate for use with a private key.
The record must have a null OwnerList or be owned by the current user to be returned.
|
static |
Get a X.509 credentials record which has a certificate whose.
public key matches the specified RSAKeyValue. The record must have a null OwnerList or be owned by the current user to be returned.
|
static |
Get a X.509 credentials record based on the unique SubjectKeyIdentifier.
The record must have a null OwnerList or be owned by the current user to be returned.
|
static |
Get a X.509 credentials record based on the unique SHA1 Thumbprint.
The record must have a null OwnerList or be owned by the current user to be returned.
|
static |
Return the next X.509 credentials object that is accessible to.
the current user based on the alias argument. Return "" if no more objects available. The alias argument is updated to correspond to the returned object.
|
static |
Get a X509Credential's properties.
Gets a X509Credential's properties from the security database.
Parameters:
X509Credential - Object handle to a X509Credentials record
Return values:
Properties - See the Get method for more information on properties returned
|
static |
Import X509Credential records from an xml file.
Parameters:
FileName - Filename to import X509Credential records from
NumImported (byref) - Returns number of records imported
Flags - Control import
Bit 0 - Do not import records, just return count
Note: On failure, no records will be imported
|
static |
Modify a X509Credential.
Modify an existing X509Credential's properties in the security database.
Parameters:
Name - Name of the X509Credential to modify
Properties - Array of properties to modify.
See the Get() method for a description of the Properties parameter.
If a specific property is not passed in the properties array, the value is not modified.
|
static |
Convert variants of the string representation of a Distinguished Name as defined by.
section 4 of RFC 2253 to normal form
| _.Library.Status Save | ( | ) |
The Save method saves an X509Credentials object.
To save a new X509Credentials object use the following procedure:
|
static |
The SYS.X509Credentials class defines the X.509 credentials which consist of an X.509 certificate and an optionally associated private key.
An optional OwnerList may be specified to restrict which users have access to these credentials. The normal ObjectScript and SQL methods for accessing this data should not be used and will not work with normal security in order to maintain the security of the credentials.
Default Localization Domain
| Alias |
The Alias is defined on import and identifies the X.509 certificate and private key.
| CAFile |
File containing X.509 certificate(s) of trusted Certificate Authorities.
Can be an absolute pathname or a pathname relative to the manager's directory.
When WS-Security validates a Signature where the certificate is not included in the SOAP message, the certificate is found in an SYS.X509Credentials object. If the CAFile property is specified in the SYS.X509Credentials object, CAFile gives the path of the CA file. If the CAFile property is not specified, then iris.cer in the mgr directory is used as the CA file.
| Certificate |
The X.509 certificate.
| IssuerDN |
Issuer DistinguishedName of the certificate.
This property is only set via the LoadCertificate method.
| OwnerList |
The optional comma separated list of usernames which may access these credentials.
If no OwnerList is specified, the credentials are available to any user.
| PeerNames |
PeerNames is an optional comma separated list of peers which expect this.
certificate to be used. Each peer name will normally be a DNS name. However, any application defined name may be used.
| PrivateKey |
The private key associated with the certificate stored as PEM encoded text.
The private key will be in memory only when set before save. The private key will not be loaded from global during open since transient.
| PrivateKeyPassword |
Optional password for the private key.
The private key password will be in memory only when set before save. The private key password will not be loaded from global during open since transient.
| PrivateKeyType |
The type of the associated private key.
Only RSA is supported initially.
| SerialNumber |
SerialNumber of the certificate – unique for the Issuer.
This property is only set via the LoadCertificate method.
| SubjectDN |
Subject DistinguishedName of the certificate.
This property is only set via the LoadCertificate method.
| SubjectKeyIdentifier |
X.509 SubjectKeyIdentifier from the certificate.
This property is only set via the LoadCertificate method.
| Thumbprint |
SHA1 Thumbprint of the certificate.
This property is only set via the LoadCertificate method.
| ValidityNotAfter |
X.509 ValidityNotAfter from the certificate.
| ValidityNotBefore |
X.509 ValidityNotBefore from the certificate.
1.9.1