X509CrlToXmlDoc (String function): Difference between revisions

Revision as of 23:33, 15 March 2016

Convert BER encoded X.509 CRL to XML (String class)

[Introduced in Sirius Mods 8.0]

X509 is a general authentication framework that establishes standard formats for for public-key certificates, certificate revocation list (CRLs), and more. X509CrlToXmlDoc converts a string (Longstring) that contains a CRL to an XmlDoc. DER (Distinguished Encoding Rules), a subset of BER (Basic Encoding Rules, provide a way to uniquely encode an Abstract Syntax Notation One (ASN.1) type value as a string of eight-bit octets.

Syntax

%doc = string:X509CrlToXmlDoc Throws InvalidBerData

Syntax terms

%doc	An `XmlDoc` object variable to contain the decoded value of the method object, `string`.
string	A DER encoded string that contains the contents of a CRL (Certificate Revocation List). Note: This method fails if the XML representation of `string` is longer than 650 characters.

Exceptions

X509CrlToXmlDoc can throw the following exception:

InvalidBerData: If the method encounters non-BER-conforming data, properties of the exception object may indicate the position and description of the error.

Usage notes

X509CrlToXmlDoc is very similar to DerToXmlDoc, except that X509CrlToXmlDoc understands the semantics of the CRL tags, so it provides more meaningful XML element names. Contrast the DerToXmlDoc example with the X509CrlToXmlDoc example, below.
X509CrlToXmlDoc is a complete implementation of the PKCS standards for CRLs.
Janus Web Server is not equipped to use the XmlDoc CRLs automatically; you have to process them yourself. Probably, for efficiency, you want to get the CRL at startup time, then store it somewhere easy to get at (a global NamedArraylist, for example, or a file, depending on how many certificates are in the list.
Currently, no method is available to produce a DER stream from an XmlDoc nor to validate the signature on a CRL.

Examples

The PemToString example loads a Longstring with the contents of the base64 encoded CRL (Certificate Revocation List). If that Longstring is %ls below, the following statement converts that string to the XmlDoc whose contents are printed thereafter:
%ls:x509CrlToXmlDoc:print

The result is shown in part below:

<CertificateList> <tbsCertList> <signature> <algorithm name="md5WithRSAEncryption"> 1.2.840.113549.1.1.4 </algorithm> <parameters/> </signature> <issuer> <RelativeDistinguishedName> <countryName>AU</countryName> </RelativeDistinguishedName> <RelativeDistinguishedName> <stateOrProvinceName type="PrintableString"> QLD </stateOrProvinceName> </RelativeDistinguishedName> ... </issuer> <thisUpdate type="UTCTime"> 20010115162657.000Z </thisUpdate> <nextUpdate type="UTCTime"> 20010214162657.000Z </nextUpdate> <revokedCertificates> <revokedCertificate> <userCertificate>1</userCertificate> <revocationDate type="UTCTime"> 19951009233205.000Z </revocationDate> </revokedCertificate> <revokedCertificate> <userCertificate>3</userCertificate> <revocationDate type="UTCTime"> 19951201010000.000Z </revocationDate> </revokedCertificate> <revokedCertificate> <userCertificate>4660</userCertificate> <revocationDate type="UTCTime"> 20010115161947.000Z </revocationDate> </revokedCertificate> ... </revokedCertificates> </tbsCertList> ... </CertificateList>
If you have a web port from which you can get a CRL, you might do something like this:
%httprequest:url = %crlUrl %httpResponse = %httpRequest:Get %doc = %httpResponse:X509CrlToXmlDoc

Note: Janus will not validate a signature on a CRL returned by a Get.

@@ Line 95: / Line 95: @@
 ==See also==
-Related methods:
+<p>
+<var>String</var> methods:</p>
 <ul>
-<li><var>String</var> class: <var>[[DerToXmlDoc_(String_function)|DerToXmlDoc]]</var>, <var>[[X509CertificateToXmlDoc_(String_function)|X509CertificateToXmlDoc]]</var>, <var>[[RSAPrivateKeyToXmlDoc (String function)|RSAPrivateKeyToXmlDoc]]</var>, <var>[[CertificateRequest (String function)|CertificateRequest]]</var>, <var>[[SignedCertificate (String function)|SignedCertificate]]</var>, and multiple cryptographic cipher methods </li>
+<li><var>[[CertificateRequest (String function)|CertificateRequest]]</var> </li>
-<li><var>System</var> class: <var>[[ClientCertificate (System function)|ClientCertificate]]</var>, <var>[[GeneratedPrivateKey (System function)|GeneratedPrivateKey]]</var></li>
+<li><var>[[SignedCertificate (String function)|SignedCertificate]]</var> </li>
-<li><var>Socket</var> class: <var>[[Certificate (Socket function)|Certificate]]</var> </li>
+<li><var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var> </li>
-<li><var>HttpRequest</var> class: <var>[[Get (HttpRequest function)|Get]]</var>, <var>[[Post (HttpRequest function)|Post]]</var>, and <var>[[Send (HttpRequest function)|Send]]</var> </li>
+<li><var>[[RSAPrivateKeyToXmlDoc (String function)|RSAPrivateKeyToXmlDoc]]</var></li>
-<li><var>Stringlist</var> class: <var>[[AppendPemData (Stringlist subroutine)|AppendPemData]]</var>, <var>[[PemToString_(Stringlist_function)|PemToString]]</var>, <var>[[AppendCertificateRequest (Stringlist function)|AppendCertificateRequest]]</var>, and several more </li>
+<li><var>[[X509CertificateToXmlDoc (String function)|X509CertificateToXmlDoc]]</var> </li>
+<li><var>[[X509CrlToXmlDoc (String function)|X509CrlToXmlDoc]]</var> </li>
+<li>Multiple cryptographic cipher methods </li>
+</ul>
+<p>
+<var>Stringlist</var> methods: </p>
+{{Template:Stringlist crypto methods}}
+<p>
+<var>System</var> methods: </p>
+<ul>
+<li><var>[[ClientCertificate (System function)|ClientCertificate]]</var>, <li><var>[[GeneratedPrivateKey (System function)|GeneratedPrivateKey]]</var> </li>
+</ul>
+<p>
+<var>Socket</var> methods: </p>
+<ul>
+<li><var>[[Certificate (Socket function)|Certificate]]</var> </li>
 </ul>

Float class String class Unicode class	List of Float methods List of String methods List of Unicode methods List of Intrinsic methods	Float methods syntax String methods syntax Unicode methods syntax
Notation conventions for methods