PKI.CAServer
persistent class PKI.CAServer extends %Library.Persistent, %SOAP.WebService
SQL Table Name: PKI.CAServer
Certificate Authority server. Use with PKI.CAClient.Property Inventory
- AdminEmail
- AttributePrompt
- AttributeType
- CAFilename
- CAPath
- Days
- Name
- SMTPPassword
- SMTPServer
- SMTPUsername
Method Inventory
Parameters
parameter NAMESPACE = http://pki.intersystems.com;
SOAP Namespace for the WebService
parameter SERVICENAME = CAServer;
Name of the WebService.
parameter USECLASSNAMESPACES = 1;
Namespaces of referenced classes will be used in the WSDL.
Properties
property AdminEmail as %String;
Email address of the administrator of this Certificate Authority server.
Email notification will be sent to this address on receipt of a
Certificate Signing Request.
Property methods: AdminEmailDisplayToLogical(), AdminEmailGet(), AdminEmailGetStored(), AdminEmailIsValid(), AdminEmailLogicalToDisplay(), AdminEmailLogicalToOdbc(), AdminEmailNormalize(), AdminEmailSet()
property AttributePrompt as %String (MAXLEN = 100) [ InitialExpression = "Country,State or Province,Locality,Organization,Organizational Unit,Common Name" ];
Prompts to use when building a %List for constructing a Subject Distinguished Name.
Property methods: AttributePromptDisplayToLogical(), AttributePromptGet(), AttributePromptGetStored(), AttributePromptIsValid(), AttributePromptLogicalToDisplay(), AttributePromptLogicalToOdbc(), AttributePromptNormalize(), AttributePromptSet()
property AttributeType as %String [ InitialExpression = "C,ST,L,O,OU,CN" ];
Attribute type keywords to use when building the "-subject" argument to the "openssl req" command
Property methods: AttributeTypeDisplayToLogical(), AttributeTypeGet(), AttributeTypeGetStored(), AttributeTypeIsValid(), AttributeTypeLogicalToDisplay(), AttributeTypeLogicalToOdbc(), AttributeTypeNormalize(), AttributeTypeSet()
property CAFilename as %String [ Required ];
Name of this Certificate Authority server's Certificate (.cer) and Private Key (.key) files
Property methods: CAFilenameDisplayToLogical(), CAFilenameGet(), CAFilenameGetStored(), CAFilenameIsValid(), CAFilenameLogicalToDisplay(), CAFilenameLogicalToOdbc(), CAFilenameNormalize(), CAFilenameSet()
property CAPath as %String (MAXLEN = 200);
Path to this Certificate Authority server's Certificate (.cer) and Private Key (.key) files
Property methods: CAPathDisplayToLogical(), CAPathGet(), CAPathGetStored(), CAPathIsValid(), CAPathLogicalToDisplay(), CAPathLogicalToOdbc(), CAPathNormalize(), CAPathSet()
property Days as %Integer [ InitialExpression = 365 , Required ];
Validity period (in days) for issued certificates
Property methods: DaysDisplayToLogical(), DaysGet(), DaysGetStored(), DaysIsValid(), DaysLogicalToDisplay(), DaysNormalize(), DaysSet()
property Name as %String [ InitialExpression = "Cache CA" , Required ];
The default Certificate Authority server has the name "Cache CA".
There is at most one per Cache instance.
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property SMTPPassword as %String;
SMTP password for sending email notification on receipt of a
Certificate Signing Request or issuance of a Certificate
Property methods: SMTPPasswordDisplayToLogical(), SMTPPasswordGet(), SMTPPasswordGetStored(), SMTPPasswordIsValid(), SMTPPasswordLogicalToDisplay(), SMTPPasswordLogicalToOdbc(), SMTPPasswordNormalize(), SMTPPasswordSet()
property SMTPServer as %String;
SMTP server for sending email notification on receipt of a
Certificate Signing Request or issuance of a Certificate
Property methods: SMTPServerDisplayToLogical(), SMTPServerGet(), SMTPServerGetStored(), SMTPServerIsValid(), SMTPServerLogicalToDisplay(), SMTPServerLogicalToOdbc(), SMTPServerNormalize(), SMTPServerSet()
property SMTPUsername as %String;
SMTP username for sending email notification on receipt of a
Certificate Signing Request or issuance of a Certificate
Property methods: SMTPUsernameDisplayToLogical(), SMTPUsernameGet(), SMTPUsernameGetStored(), SMTPUsernameIsValid(), SMTPUsernameLogicalToDisplay(), SMTPUsernameLogicalToOdbc(), SMTPUsernameNormalize(), SMTPUsernameSet()
Methods
Build the "-subject" argument to the "openssl req" command from a %List
classmethod Configure(server As PKI.CAServer, attrList As %List, password As %String, days As %Integer, ByRef st As %Status) as %String
Configure this Certificate Authority server.
Must be called before Certificate Signing Requests can be submitted or Certificates issued.
Creates the OpenSSL configuration file "openssl.cnf" if it does not exist.
When called for the first time, this method creates this Certificate Authority server's Certificate (.cer) and Private Key (.key) files,
and creates and saves its PKI.Certificate object. Once created these can not be changed.
The other properties of this Certificate Authority server can be updated later.
Parameters:
server - PKI.CAServer object, with all required properties set
attrList - %List containing attribute values to be used in constructing this Certificate Authority server's Subject Distinguished Name (first invocation only)
password - Password used to encrypt Private Key file (first invocation only)
days - desired validity period of CA certificate, in days
st - On return, contains a status code
Return value:
String describing successful configuration, or error
Parameters:
server - PKI.CAServer object, with all required properties set
attrList - %List containing attribute values to be used in constructing this Certificate Authority server's Subject Distinguished Name (first invocation only)
password - Password used to encrypt Private Key file (first invocation only)
days - desired validity period of CA certificate, in days
st - On return, contains a status code
Return value:
String describing successful configuration, or error
method GetCertificate(number As %String) as PKI.Certificate [ WebMethod ]
Web method for retrieving an X.509 Certificate issued by this Certificate Authority server.
Parameter:
number - serial number of the X.509 Certificate requested, or 0 to request this Certificate Authority server's X.509 Certificate
Return value:
A PKI.Certificate object
Parameter:
number - serial number of the X.509 Certificate requested, or 0 to request this Certificate Authority server's X.509 Certificate
Return value:
A PKI.Certificate object
method ListCertificates(hostname As %String, instance As %String) as %XML.DataSet [ WebMethod ]
Web method for retrieving a list of X.509 Certificates issued by this Certificate Authority server.
Return value:
An %XML.DataSet object
Return value:
An %XML.DataSet object
method Sign(name As %String, password As %String, certType As %Integer, ByRef st As %Status) as %String
Issue an X.509 Certificate for a Certificate Signing Request.
This method creates and saves a PKI.Certificate object and sends notification to the
email address of the local technical contact of the Certificate Authority client
that generated the Certificate Signing Request.
Parameters:
name - Name of the Certificate Signing Request to be processed
password - Password for this Certificate Authority server's Private Key file
certType - Intended usage of the issued certificate
1 = TLS/SSL, XML encryption and signature verification
2 = Intermediate Certificate Authority server
st - On return, contains a status code
Return value:
String describing successful Certificate issuance, or error
Parameters:
name - Name of the Certificate Signing Request to be processed
password - Password for this Certificate Authority server's Private Key file
certType - Intended usage of the issued certificate
1 = TLS/SSL, XML encryption and signature verification
2 = Intermediate Certificate Authority server
st - On return, contains a status code
Return value:
String describing successful Certificate issuance, or error
Web method for submitting a Certificate Signing Request.
This method saves the PKI.CSR object and sends notification to the
email address of the administrator of this Certificate Authority server.
Parameter:
csr - a PKI.CSR object
Return value:
String describing successful Certificate Signing Request submission, or a SOAP fault on error
Parameter:
csr - a PKI.CSR object
Return value:
String describing successful Certificate Signing Request submission, or a SOAP fault on error
Indexes
index (NameIndex on Name) [IdKey, Type = key];
Index methods: NameIndexCheck(), NameIndexDelete(), NameIndexExists(), NameIndexOpen(), NameIndexSQLCheckUnique(), NameIndexSQLExists(), NameIndexSQLFindPKeyByConstraint(), NameIndexSQLFindRowIDByConstraint()
Inherited Members
Inherited Properties
- AddressingIn
- AddressingOut
- Attachments
- Base64LineBreaks
- BodyId
- BodyXmlId
- ContentId
- ContentLocation
- FaultAddressing
- FaultHeaders
- HeadersIn
- HeadersOut
- ImportHandler
- IsMTOM
- Location
- MTOMRequired
- MsgClass
- OutputTypeAttribute
- Password
- RMSession
- ReferencesInline
- RequestMessageStart
- ResponseAttachments
- ResponseContentId
- ResponseContentLocation
- SAXFlags
- SecurityContextToken
- SecurityIn
- SecurityNamespace
- SecurityOut
- SessionCookie
- SoapFault
- SoapVersion
- Timeout
- Transport
- Username
- WriteSOAPBodyMethod
Inherited Methods
- %AddEnvelopeNamespace()
- %AddToSaveSet()
- %AddToSyncSet()
- %BMEBuilt()
- %CheckConstraints()
- %CheckConstraintsForExtent()
- %ClassIsLatestVersion()
- %ClassName()
- %ComposeOid()
- %ConstructClone()
- %Delete()
- %DeleteExtent()
- %DeleteId()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Exists()
- %ExistsId()
- %Extends()
- %GUID()
- %GUIDSet()
- %GetLock()
- %GetParameter()
- %GetSwizzleObject()
- %Id()
- %InsertBatch()
- %IsA()
- %IsModified()
- %IsNull()
- %KillExtent()
- %KillExtentData()
- %LoadFromMemory()
- %LockExtent()
- %LockId()
- %New()
- %NormalizeObject()
- %ObjectIsNull()
- %ObjectModified()
- %Oid()
- %OnBeforeAddToSync()
- %OnCreateRMSession()
- %OnDetermineClass()
- %Open()
- %OpenId()
- %OriginalNamespace()
- %PackageName()
- %PhysicalAddress()
- %PurgeIndices()
- %Reload()
- %RemoveFromSaveSet()
- %ResolveConcurrencyConflict()
- %RollBack()
- %Save()
- %SaveDirect()
- %SaveIndices()
- %SerializeObject()
- %SetModified()
- %SortBegin()
- %SortEnd()
- %SyncObjectIn()
- %SyncTransport()
- %UnlockExtent()
- %UnlockId()
- %ValidateIndices()
- %ValidateObject()
- ConvertParameter()
- Decrypt()
- Encrypt()
- EscapeHTML()
- EscapeURL()
- FileWSDL()
- GetBodyId()
- HyperEventCall()
- HyperEventHead()
- Include()
- Initialize()
- InsertHiddenField()
- InsertHiddenFields()
- IsPrivate()
- Link()
- MakeFault()
- MakeFault12()
- MakeSecurityFault()
- MakeStatusFault()
- NormalizeName()
- OnCancelSecureConversation()
- OnPageError()
- OnPostHTTP()
- OnPostHyperEvent()
- OnPostWebMethod()
- OnPreHyperEvent()
- OnPreWebMethod()
- OnRequestMessage()
- OnSOAPRequest()
- OnStartSecureConversation()
- Page()
- Process()
- ProcessBinary()
- ProcessBody()
- ProcessBodyNode()
- QuoteJS()
- Reset()
- ReturnFault()
- ReturnOneWay()
- RewriteURL()
- ShowError()
- StartTimer()
- StopTimer()
- ThrowError()
- UnescapeHTML()
- UnescapeURL()
- WSAddSignatureConfirmation()
Storage
Storage Model: CacheStorage (PKI.CAServer)
^PKI.CAServerD(ID) | = | %%CLASSNAME
SoapVersion
CAFileName
Timeout
OutputTypeAttribute
AddressingIn
AddressingOut
IsMTOM
Days
AdminEmail
SMTPServer
SMTPUsername
SMTPPassword
CAFilename
CANumber
CAPath
AttributePrompt
AttributeType
|