PKI.CAClient
persistent class PKI.CAClient extends %Library.Persistent
SQL Table Name: PKI.CAClient
Certificate Authority client. Use with PKI.CAServer.Property Inventory
- AttributePrompt
- AttributeType
- ContactEmail
- ContactName
- ContactPhone
- Name
- Path
- Port
- Server
- TLSConfiguration
- UseTLS
Method Inventory
Properties
property AttributePrompt as %String (MAXLEN = 100) [ InitialExpression = "Country,State or Province,Locality,Organization,Organizational Unit,Common Name" ];
Prompts to use when building a %List for constructing a Subject Distinguished Name.
Property methods: AttributePromptDisplayToLogical(), AttributePromptGet(), AttributePromptGetStored(), AttributePromptIsValid(), AttributePromptLogicalToDisplay(), AttributePromptLogicalToOdbc(), AttributePromptNormalize(), AttributePromptSet()
property AttributeType as %String [ InitialExpression = "C,ST,L,O,OU,CN" ];
Attribute type keywords to use when building the "-subject" argument to the "openssl req" command
Property methods: AttributeTypeDisplayToLogical(), AttributeTypeGet(), AttributeTypeGetStored(), AttributeTypeIsValid(), AttributeTypeLogicalToDisplay(), AttributeTypeLogicalToOdbc(), AttributeTypeNormalize(), AttributeTypeSet()
property ContactEmail as %String;
Email address of the local technical contact for this Certificate Authority client.
Email notification will be sent to this address when an X.509 Certificate is issued
for a Certificate Signing Request from this Certificate Authority client.
Property methods: ContactEmailDisplayToLogical(), ContactEmailGet(), ContactEmailGetStored(), ContactEmailIsValid(), ContactEmailLogicalToDisplay(), ContactEmailLogicalToOdbc(), ContactEmailNormalize(), ContactEmailSet()
property ContactName as %String [ Required ];
Name of the local technical contact for this Certificate Authority client.
This is the person who will be contacted by the Certificate Authority server's
administrator to verify the validity of Certificate Signing Requests from this client.
Property methods: ContactNameDisplayToLogical(), ContactNameGet(), ContactNameGetStored(), ContactNameIsValid(), ContactNameLogicalToDisplay(), ContactNameLogicalToOdbc(), ContactNameNormalize(), ContactNameSet()
property ContactPhone as %String;
Phone number of the local technical contact for this Certificate Authority client.
Property methods: ContactPhoneDisplayToLogical(), ContactPhoneGet(), ContactPhoneGetStored(), ContactPhoneIsValid(), ContactPhoneLogicalToDisplay(), ContactPhoneLogicalToOdbc(), ContactPhoneNormalize(), ContactPhoneSet()
property Name as %String [ InitialExpression = "IRIS CA" , Required ];
The default Certificate Authority client has the name "IRIS CA".
There is at most one per InterSystems IRIS instance.
Property methods: NameDisplayToLogical(), NameGet(), NameGetStored(), NameIsValid(), NameLogicalToDisplay(), NameLogicalToOdbc(), NameNormalize(), NameSet()
property Path as %String [ InitialExpression = "/isc/pki/PKI.CAServer.cls" , Required ];
Path used to access the PKI.CAServer Web service
Property methods: PathDisplayToLogical(), PathGet(), PathGetStored(), PathIsValid(), PathLogicalToDisplay(), PathLogicalToOdbc(), PathNormalize(), PathSet()
property Port as %Integer [ Required ];
TCP port used to access the PKI.CAServer Web service
Property methods: PortDisplayToLogical(), PortGet(), PortGetStored(), PortIsValid(), PortLogicalToDisplay(), PortNormalize(), PortSet()
property Server as %String (MAXLEN = 100) [ Required ];
DNS hostname used to access the PKI.CAServer Web service
Property methods: ServerDisplayToLogical(), ServerGet(), ServerGetStored(), ServerIsValid(), ServerLogicalToDisplay(), ServerLogicalToOdbc(), ServerNormalize(), ServerSet()
property TLSConfiguration as %String (MAXLEN = 64);
Property methods: TLSConfigurationDisplayToLogical(), TLSConfigurationGet(), TLSConfigurationGetStored(), TLSConfigurationIsValid(), TLSConfigurationLogicalToDisplay(), TLSConfigurationLogicalToOdbc(), TLSConfigurationNormalize(), TLSConfigurationSet()
property UseTLS as %Boolean;
Property methods: UseTLSDisplayToLogical(), UseTLSGet(), UseTLSGetStored(), UseTLSIsValid(), UseTLSLogicalToDisplay(), UseTLSNormalize(), UseTLSSet()
Methods
Build the "-subject" argument to the "openssl req" command
or the "-dname" argument to the "keytool -genkeypair" command
from a %List
classmethod Configure(client As PKI.CAClient, ByRef st As %Status) as %String
Configure this Certificate Authority client.
Must be called before Certificate Signing Requests can be submitted.
Creates the OpenSSL configuration file "openssl.cnf" if it does not exist.
Parameter:
client - PKI.CAClient object, with all required properties set
st - On return, contains a status code
Return value:
String describing successful configuration, or error
client - PKI.CAClient object, with all required properties set
st - On return, contains a status code
Return value:
String describing successful configuration, or error
method ConfigureData()
Get an X.509 Certificate issued by the Certificate Authority server.
This method retrieves a PKI.Certificate object and saves the contents in a Certificate (.cer) file.
Parameter:
number - serial number of the X.509 Certificate requested, or 0 to request the Certificate Authority server's X.509 Certificate
st - On return, contains a status code
Return value:
String describing saved Certificate file, or error
Parameter:
number - serial number of the X.509 Certificate requested, or 0 to request the Certificate Authority server's X.509 Certificate
st - On return, contains a status code
Return value:
String describing saved Certificate file, or error
method ListCertificates(hostname As %String = "", instance As %String = "", ByRef st As %Status) as %XML.DataSet
Get a list of X.509 Certificates issued by the Certificate Authority server.
Parameters:
hostname - Hostname from which signing requests for certificates was received
instance - InterSystems IRIS instance from which signing requests for certificates were received
Note: If both hostname and instance are not specified, all issued certificates are listed. st - On return, contains a status code
Return value:
An %XML.DataSet object
Parameters:
hostname - Hostname from which signing requests for certificates was received
instance - InterSystems IRIS instance from which signing requests for certificates were received
Note: If both hostname and instance are not specified, all issued certificates are listed. st - On return, contains a status code
Return value:
An %XML.DataSet object
method SubmitCSR(filename As %String, attrList As %List, password As %String, ByRef st As %Status) as %String
Generate and submit a Certificate Signing Request to the Certificate Authority server.
This method creates Certificate Signing Request (.csr) and Private Key (.key) files,
creates a PKI.CSR object, and submits that object to the Certificate Authority server.
Parameters:
filename - Name to use for created Certificate Signing Request (.csr) and Private Key (.key) files
attrList - %List containing attribute values to be used in constructing this Certificate Signing Request's Subject Distinguished Name
password - Password used to protect Private Key file (optional)
st - On return, contains a status code or SOAP fault
Return value:
String describing successful submission, or error
Parameters:
filename - Name to use for created Certificate Signing Request (.csr) and Private Key (.key) files
attrList - %List containing attribute values to be used in constructing this Certificate Signing Request's Subject Distinguished Name
password - Password used to protect Private Key file (optional)
st - On return, contains a status code or SOAP fault
Return value:
String describing successful submission, or error
Indexes
index (NameIndex on Name) [IdKey, Type = key];
Index methods: NameIndexCheck(), NameIndexDelete(), NameIndexExists(), NameIndexOpen(), NameIndexSQLCheckUnique(), NameIndexSQLExists(), NameIndexSQLFindPKeyByConstraint(), NameIndexSQLFindRowIDByConstraint()
Inherited Members
Inherited Methods
- %%CLASSNAMELogicalToStorage()
- %%CLASSNAMEStorageToLogical()
- %AddToSaveSet()
- %AddToSyncSet()
- %BMEBuilt()
- %BuildIndicesAsync()
- %BuildIndicesAsyncResponse()
- %CheckConstraints()
- %CheckConstraintsForExtent()
- %ClassIsLatestVersion()
- %ClassName()
- %ComposeOid()
- %ConstructClone()
- %Delete()
- %DeleteExtent()
- %DeleteId()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Exists()
- %ExistsId()
- %Extends()
- %GUID()
- %GUIDSet()
- %GetLock()
- %GetParameter()
- %GetSwizzleObject()
- %Id()
- %InsertBatch()
- %IsA()
- %IsModified()
- %IsNull()
- %KillExtent()
- %KillExtentData()
- %LoadFromMemory()
- %LockExtent()
- %LockId()
- %New()
- %NormalizeObject()
- %ObjectIsNull()
- %ObjectModified()
- %Oid()
- %OnBeforeAddToSync()
- %OnDeleteFinally()
- %OnDetermineClass()
- %OnOpenFinally()
- %OnSaveFinally()
- %Open()
- %OpenId()
- %OriginalNamespace()
- %PackageName()
- %PhysicalAddress()
- %PurgeIndices()
- %Reload()
- %RemoveFromSaveSet()
- %ResolveConcurrencyConflict()
- %RollBack()
- %Save()
- %SaveDirect()
- %SaveIndices()
- %SerializeObject()
- %SetModified()
- %SortBegin()
- %SortEnd()
- %SyncObjectIn()
- %SyncTransport()
- %UnlockExtent()
- %UnlockId()
- %ValidateIndices()
- %ValidateObject()
- %ValidateTable()
Storage
Storage Model: Storage (PKI.CAClient)
^PKI.CAClientD(ID) |
= | %%CLASSNAME
Server
Port
Path
AttributeType
AttributePrompt
ContactName
ContactPhone
ContactEmail
UseTLS
TLSConfiguration
|