|
IRISLIB database
|
|
|
IRISLIB database
|
|
This class can be used to query the SSL PeerCertificate retrieved by Net.HttpRequest when SSLCheckIdentityServer is enabled. More...
Public Member Functions | |
| Extension (_.Library.String pX509Extension, _.Library.Status pStatus) | |
| This class can be used to query the SSL PeerCertificate retrieved by Net.HttpRequest when SSLCheckIdentityServer is enabled. More... | |
| Field (_.Library.String pX509Field, _.Library.Status pStatus) | |
| Call X509GetField on the <property>Certificate</property> for the. More... | |
| _.Library.Boolean | RunVerificationChecks (_.Library.Boolean pVerifyCertChain, _.Library.Integer pLifeSpanMaxDays) |
| Run the methods: More... | |
| _.Library.String | VerifyCertChain () |
| Output from running $SYSTEM.Encryption.X509VerifyCertChain as. More... | |
| _.Library.Boolean | VerifyLifeSpan (_.Library.Integer pMaxDays) |
| Boolean test result of checking if the number of days between the ValidityNotBefore and. More... | |
| _.Library.Boolean | VerifyNotAfter () |
| Boolean test result of checking if ValidityNotAfter field in <property>Certificate</property> More... | |
| _.Library.Boolean | VerifyNotBefore () |
| Boolean test result of checking if ValidityNotBefore field in <property>Certificate</property> More... | |
 Public Member Functions inherited from RegisteredObject | |
| _.Library.Status | OnAddToSaveSet (_.Library.Integer depth, _.Library.Integer insert, _.Library.Integer callcount) |
| This callback method is invoked when the current object is added to the SaveSet,. More... | |
| _.Library.Status | OnClose () |
| This callback method is invoked by the <METHOD>Close</METHOD> method to. More... | |
| _.Library.Status | OnConstructClone (_.Library.RegisteredObject object, _.Library.Boolean deep, _.Library.String cloned) |
| This callback method is invoked by the <METHOD>ConstructClone</METHOD> method to. More... | |
| _.Library.Status | OnNew () |
| This callback method is invoked by the <METHOD>New</METHOD> method to. More... | |
| _.Library.Status | OnValidateObject () |
| This callback method is invoked by the <METHOD>ValidateObject</METHOD> method to. More... | |
Static Public Member Functions | |
| _.Library.Status | RetrievePeerCertUsingJSON (_.Library.DynamicObject pHttpInfo, _.Net.HttpRequest pHttpRequest, _.Net.X509Certificate pSSLPeerCert) |
| Convenience method to call <method>RetrievePeerCertificate</method> using a <class>Library.DynamicObject</class> More... | |
| _.Library.Status | RetrievePeerCertificate (_.Net.HttpRequest pHttpRequest, _.Library.String pURL, _.Library.String pVerb, _.Net.X509Certificate pSSLPeerCert) |
| Convenience method to make an HTTPS Request that will populate the SSLPeerCertificate. More... | |
Public Attributes | |
| CAFile | |
| CAFile - Name of a file containing trusted Certificate Authority certificates More... | |
| CRLFile | |
| CRLFile - Name of a file containing Certificate Revocation lists (optional) More... | |
| CertChainCheck | |
| Output from running $SYSTEM.Encryption.X509VerifyCertChain as. More... | |
| Certificate | |
| X.509 digital certificate. More... | |
| LifeSpanCheck | |
| Boolean test result of checking if the number of days between the ValidityNotBefore and. More... | |
| NotAfterCheck | |
| Boolean test result of checking if ValidityNotAfter field in <property>Certificate</property> More... | |
| NotBeforeCheck | |
| Boolean test result of checking if ValidityNotBefore field in <property>Certificate</property> More... | |
| SSLCNCheck | |
| Status returned by <class>Net.HttpRequest</class> CheckSSLCN. More... | |
Additional Inherited Members | |
| Static Public Attributes inherited from RegisteredObject | |
| CAPTION = None | |
| Optional name used by the Form Wizard for a class when generating forms. More... | |
| JAVATYPE = None | |
| The Java type to be used when exported. | |
| PROPERTYVALIDATION = None | |
| This parameter controls the default validation behavior for the object. More... | |
This class can be used to query the SSL PeerCertificate retrieved by Net.HttpRequest when SSLCheckIdentityServer is enabled.
It also contains convenience wrappers for SYSTEM.Encryption X509 methods.
Passing all the validity checks in this class does not mean the SSL Peer Certificate is valid.
| Extension | ( | _.Library.String | pX509Extension, |
| _.Library.Status | pStatus | ||
| ) |
This class can be used to query the SSL PeerCertificate retrieved by Net.HttpRequest when SSLCheckIdentityServer is enabled.
It also contains convenience wrappers for SYSTEM.Encryption X509 methods.
Passing all the validity checks in this class does not mean the SSL Peer Certificate is valid.
Convenience method to prepend Extension: to the <parameter>pX509Extension</parameter>
before calling <method>Field</method>
| Field | ( | _.Library.String | pX509Field, |
| _.Library.Status | pStatus | ||
| ) |
Call X509GetField on the <property>Certificate</property> for the.
<parameter>pX509Field</paramter>
Returns in the <parameter>pStatus</paramter> status of the call.
See <class>SYSTEM.Encryption</class> for documention on the X509GetField method.
|
static |
Convenience method to call <method>RetrievePeerCertificate</method> using a <class>Library.DynamicObject</class>
to create the initial Net.HttpRequest object and provide the other optional parameters.
The structure of the pHttpInfo dynamic object is:
{"url":<optional default="/">,
{"verb":<optional default=OPTIONS>>},
{"request":{"properties of %Net.HttpRequest...","Server":"docs.intersystems.com","SSLConfiguration":"ClientSSLConfig"}}
|
static |
Convenience method to make an HTTPS Request that will populate the SSLPeerCertificate.
property of <class>Net.HttpRequest</class> using a pre-existing Net.HttpRequest object and instantiate <parameter>pSSLPeerCert</parameter> of type <class>Net.X509Certificate</class> if the certificate was retrieved or Server identification check failed.
For convenience the property SSLCheckServerIdentity is set to true.
<parameter>pURL</parameter> defaults to /
<parameter>pVerb</parameter> defaults to OPTIONS
The status returned will be the status returned by the Net.HttpRequest Send method unless the error is $$$SSLNoCertificate or $$$SSLCertificateNoMatch in which an $$$OK will be returned and the <property>SSLCNCheck</property> will contain SSL Server Identity Check error.
| _.Library.Boolean RunVerificationChecks | ( | _.Library.Boolean | pVerifyCertChain, |
| _.Library.Integer | pLifeSpanMaxDays | ||
| ) |
Run the methods:
<method>VerifyCertChain</method> if <parameter>pVerifyCertChains</parameter> is true (the default is true)
<method>VerifyLifeSpan</method> using <parameter>pLifeSpanMaxDays</parameter> (the default is 730 days)
<method>VerifyNotBefore</method>
<method>VerifyNotAfter</method>
This method returns true if the checks that were run passed and and if the initial SSL Server Identity check (SSLCNCheck) passed.
| _.Library.String VerifyCertChain | ( | ) |
Output from running $SYSTEM.Encryption.X509VerifyCertChain as.
on <property>Certificate</property> with <property>CAFile</property> and optional <property>CRLFile</property>.
Also populates return in <property>CertChainCheck</property>
| _.Library.Boolean VerifyLifeSpan | ( | _.Library.Integer | pMaxDays | ) |
Boolean test result of checking if the number of days between the ValidityNotBefore and.
the ValidityNotBefore fields in <property>Certificate</property> is less than the maximum number of days used by <parameter>pMaxDays</parameter>
The default maximum days is set to 730.
The result is also stored in <property>LifeSpanCheck</property>
If an error is encountered retrieving the value of ValidityNotBefore or ValidityNotAfter from the certificate the returned value is False.
| _.Library.Boolean VerifyNotAfter | ( | ) |
Boolean test result of checking if ValidityNotAfter field in <property>Certificate</property>
is after or the same as the current time.
The result is also stored in <property>NotBeforeAfter</property>
If an error is encountered retrieving the value of ValidityNotAfter from the certificate the returned value is False.
| _.Library.Boolean VerifyNotBefore | ( | ) |
Boolean test result of checking if ValidityNotBefore field in <property>Certificate</property>
is before or the same as the current time.
The result is also stored in <property>NotBeforeCheck</property>
If an error is encountered retrieving the value of ValidityNotBefore from the certificate the returned value is False.
| CAFile |
CAFile - Name of a file containing trusted Certificate Authority certificates
Used by <method>VerifyCertChain</method>
| CRLFile |
CRLFile - Name of a file containing Certificate Revocation lists (optional)
Used by <method>VerifyCertChain</method>
| CertChainCheck |
Output from running $SYSTEM.Encryption.X509VerifyCertChain as.
executed by <method>VerifyCertChain</method> on <property>Certificate</property> with <property>CAFile</property> and optional <property>CRLFile</property>
| Certificate |
X.509 digital certificate.
| LifeSpanCheck |
Boolean test result of checking if the number of days between the ValidityNotBefore and.
the ValidityNotBefore fields in <property>Certificate</property> is less than the maximum number of days used by <method>VerifyLifeSpan</method>
The default maximum days is set to 730.
| NotAfterCheck |
Boolean test result of checking if ValidityNotAfter field in <property>Certificate</property>
is after or the same as the current time.
| NotBeforeCheck |
Boolean test result of checking if ValidityNotBefore field in <property>Certificate</property>
is before or the same as the current time.
| SSLCNCheck |
Status returned by <class>Net.HttpRequest</class> CheckSSLCN.
method when SSLCheckServerIdentity is true.
By examining the return from Net.HttpRequest Send the <method>RetrievePeerCertificate</method> will set this to $$$OK if the return from Send is $$$OK or the errors SSLCertificateNoMatch or SSLNoCertificate as returned by Net.HttpRequest Send
If a different error is returned then SSLCNCheck is left as empty
1.9.1