SignedCertificate (String function): Difference between revisions

Revision as of 22:54, 30 March 2016

Sign a certificate request (String class)

[Requires Janus Network Security]

This callable method generates a signed SSL client certificate from a given certificate request and private key. It adds the lines of the signed certificate to the end of the object certificate-request and optionally to an output string variable.

Syntax

[%signedCert =] string:SignedCertificate( [PrivateKey=] string, - [[Signer=] string], - [[StartDate=] string], - [[EndDate=] string], - [[SerialNumber=] number], - [SignatureAlgorithm= digestAlgorithm]) Throws PKCSError

Syntax terms

%signedCert	A `String` or `Longstring` to contain the signed certificate that the method creates.
string	A `String` or `Longstring` that contains a base64 encoded X.509 certificate request.
`PrivateKey`	This name allowed parameter is a `String` or `Longstring` that contains an RSA-generated private key. This value must be less than or equal to 2048 bits.
`Signer`	This optional, name allowed, argument is a string that contains the base64 encoded CA (certifying authority) X.509 certificate. If not specified, the method object `string` is used, and the certificate is self-signed.
`StartDate`	This optional, name allowed, argument is a string that contains the Start date for the signed certificate (in YYMMDDHHMISS format). The default is today's date.
`EndDate`	This optional, name allowed, argument is a string that contains the End date for the signed certificate (in YYMMDDHHMISS format). The default is 24 hours from `StartDate`.
`SerialNumber`	This optional, name allowed, argument is a numeric value that is the Serial number for the signed certificate. The default is a number guaranteed to increase by 1 for every call and guaranteed to increase from run to run, unless there is an extreme amount of signing occurrences.
`SignatureAlgorithm`	This optional, name required, argument is a `DigestAlgorithm` enumeration value. Valid options are: `MD5`, `SHA1`, `SHA256`. The default value is `SHA256` as of Model 204 7.7 (and zap maintenance for versions 7.6 and 7.5). Note: Although supported and formerly the default, most modern browsers are deprecating `SHA1`.

Example

This example uses a generic private key and certificate request and then prints a view of the SignedCertificate output.

The DerToXmlDoc method that is used to "unpack" the content does not understand the semantics of the standard tags for the signed certificate items, so the output is also somewhat generic. No SOUL method interprets signed certificate items as well as, for example, the RSAPrivateKeyToXmlDoc does for a private key.

b %ls is longstring %cr is longstring %sc is longstring %ls = %(System):GeneratedPrivateKey(Length=512) %cr = %ls:CertificateRequest %sc =%cr:SignedCertificate(%ls) %sc:derToXmlDoc:print end

The result is:

%sc:derToXmlDoc:print: <Sequence> <Sequence> <Integer>16030188579305029649</Integer> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier> <Null/> </Sequence> <Sequence/> <Sequence> <UTCTime>20160330222419.000Z</UTCTime> <UTCTime>20160330222419.000Z</UTCTime> </Sequence> <Sequence/> <Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier> <Null/> </Sequence> <BitString bits="576"> 304602410082FCF711CB0B1C ... 06B82C686516711F8769127D0D- BE318606B7529E5020103 </BitString> </Sequence> </Sequence> <Sequence> <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier> <Null/> </Sequence> <BitString bits="512"> 5D076DA8C002B5077047EA27 ... 5C9CEBB9ED37CF1A0096B47220 </BitString> </Sequence>

@@ Line 1: / Line 1: @@
 {{Template:String:SignedCertificate subtitle}}
-This page is [[under construction]].
 This [[Notation conventions for methods#Callable functions|callable]] method generates a signed SSL client certificate from a given certificate request and private key. It adds the lines of the signed certificate to the end of the object certificate-request and optionally to an output string variable.
@@ Line 10: / Line 8: @@
 <table>
 <tr><th>%signedCert</th>
-<td>string</td></tr>
+<td>A <var>String</var> or <var>Longstring</var> to contain the signed certificate that the method creates.</td></tr>
 <tr><th>string</th>
-<td>A string hat contains a base-64 encoded X.509 certificate request.</td></tr>
+<td>A <var>String</var> or <var>Longstring</var> that contains a base64 encoded X.509 certificate request.</td></tr>
 <tr><th><var>PrivateKey</var></th>
-<td>This [[Notation conventions for methods#Named parameters|name allowed]] parameter is a <var>Longstring</var> that contains an RSA-generated private key. This value must be less than or equal to 2048 bits.</td></tr>
+<td>This [[Notation conventions for methods#Named parameters|name allowed]] parameter is a <var>String</var> or <var>Longstring</var> that contains an RSA-generated private key. This value must be less than or equal to 2048 bits.</td></tr>
 <tr><th><var>Signer</var></th>
-<td>This optional, name allowed, argument is a string that contains the base-64 encoded CA (certifying authority) X.509 certificate. If not specified, ???????????????????, the certificate will be self-signed. </td></tr>
+<td>This optional, name allowed, argument is a string that contains the base64 encoded CA (certifying authority) X.509 certificate. If not specified, the method object <var class="term">string</var> is used, and the certificate is self-signed. </td></tr>
 <tr><th><var>StartDate</var></th>
@@ Line 36: / Line 34: @@
 </table>
-==Usage notes==
+==Example==
+This example uses a generic private key and certificate request and then prints a view of the <var>SignedCertificate</var> output.
+The <var>DerToXmlDoc</var> method that is used to "unpack" the content does not understand the semantics of the standard tags for the signed certificate items, so the output is also somewhat generic. No SOUL method interprets signed certificate items as well as, for example, the <var>[[RSAPrivateKeyToXmlDoc (String function)|RSAPrivateKeyToXmlDoc]]</var> does for a private key. </p>
+<p class="code">b
+%ls   is longstring
+%cr   is longstring
+%sc   is longstring
+%ls = [[GeneratedPrivateKey_(System_function)|%(System):GeneratedPrivateKey]](Length=512)
+%cr = %ls:[[CertificateRequest_(String_function)|CertificateRequest]]
-==Examples==
+%sc =%cr:SignedCertificate(%ls)
+%sc:derToXmlDoc:print
+end </p>
+<p>
+The result is:  </p>
+<p class="output">%sc:derToXmlDoc:print:
+<Sequence>
+   <Sequence>
+      <Integer>16030188579305029649</Integer>
+      <Sequence>
+         <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier>
+         <Null/>
+      </Sequence>
+      <Sequence/>
+      <Sequence>
+         <UTCTime>20160330222419.000Z</UTCTime>
+         <UTCTime>20160330222419.000Z</UTCTime>
+      </Sequence>
+      <Sequence/>
+      <Sequence>
+         <Sequence>
+            <ObjectIdentifier>1.2.840.113549.1.1.1</ObjectIdentifier>
+            <Null/>
+         </Sequence>
+         <BitString bits="576">
+304602410082FCF711CB0B1C ... 06B82C686516711F8769127D0D-
+BE318606B7529E5020103
+         </BitString>
+      </Sequence>
+   </Sequence>
+   <Sequence>
+      <ObjectIdentifier>1.2.840.113549.1.1.11</ObjectIdentifier>
+      <Null/>
+   </Sequence>
+   <BitString bits="512">
+D076DA8C002B5077047EA27 ... 5C9CEBB9ED37CF1A0096B47220
+   </BitString>
+</Sequence>
+</p>
 ==See also==

Float class String class Unicode class	List of Float methods List of String methods List of Unicode methods List of Intrinsic methods	Float methods syntax String methods syntax Unicode methods syntax
Notation conventions for methods

SignedCertificate (String function): Difference between revisions

Revision as of 22:54, 30 March 2016

Contents

Syntax

Syntax terms

Example

See also

Navigation menu