ClientCertificate (System function): Difference between revisions
m (→See also: add mention of String cipher methods) |
m (add <var>s) |
||
(4 intermediate revisions by 2 users not shown) | |||
Line 26: | Line 26: | ||
may only be requested once for an SSL session (whether or not the request successfully gets a certificate in return). | may only be requested once for an SSL session (whether or not the request successfully gets a certificate in return). | ||
</ul> | </ul> | ||
==Examples== | |||
Probably the best way to examine the contents of the client certificate is by using the <var>[[X509CertificateToXmlDoc (String function)|X509CertificateToXmlDoc]]</var> <var>String</var> method to convert the <var>Longstring</var> containing the client certificate to an <var>XmlDoc</var>, as in the following: | |||
<p class="code">%doc is object xmlDoc | |||
%ls is longstring | |||
%doc is object xmlDoc | |||
%node is object xmlNode | |||
... | |||
%ls = %(system):clientCertificate | |||
if %ls:length then | |||
%doc = %ls:x509CertificateToXmlDoc | |||
%node = %doc:selectSingleNode('/Certificate/tbsCertificate/subject') | |||
if %node:value('RelativeDistinguishedName/commonName') ne "myBuddy.com" then | |||
$web_done(403, "Forbidden") | |||
stop | |||
end if | |||
end if | |||
</p> | |||
==See also== | ==See also== | ||
<p> | |||
<var>System</var> methods: </p> | |||
<ul> | <ul> | ||
<li><var>System</var> | <li><var>[[ClientCertificate (System function)|ClientCertificate]]</var> </li> | ||
<li><var>[[GeneratedPrivateKey (System function)|GeneratedPrivateKey]]</var> </li> | |||
</ul> | |||
<p> | |||
<var>Stringlist</var> methods: </p> | |||
{{Template:Stringlist crypto methods}} | |||
<p> | |||
<var>String</var> methods:</p> | |||
<ul> | |||
<li><var>[[CertificateRequest (String function)|CertificateRequest]]</var> </li> | |||
<li><var>[[SignedCertificate (String function)|SignedCertificate]]</var> </li> | |||
<li><var>[[DerToXmlDoc (String function)|DerToXmlDoc]]</var> </li> | |||
<li> | <li><var>[[RSAPrivateKeyToXmlDoc (String function)|RSAPrivateKeyToXmlDoc]]</var></li> | ||
<li> | <li><var>[[X509CertificateToXmlDoc (String function)|X509CertificateToXmlDoc]]</var> </li> | ||
<li> | <li><var>[[X509CrlToXmlDoc (String function)|X509CrlToXmlDoc]]</var> </li> | ||
<li><var> | <li>Multiple cryptographic cipher methods </li> | ||
</ul> | |||
<p> | |||
<var>Socket</var> methods: </p> | |||
<ul> | |||
<li><var>[[Certificate (Socket function)|Certificate]]</var> </li> | |||
</ul> | |||
<p><var>HttpRequest</var> methods: </p> | |||
<ul> | |||
<li><var>[[Get (HttpRequest function)|Get]]</var>, <var>[[Post (HttpRequest function)|Post]]</var>, and <var>[[Send (HttpRequest function)|Send]]</var> </li> | |||
</ul> | </ul> | ||
<p> | <p> |
Latest revision as of 21:39, 1 September 2016
Get client certificate (System class)
[Introduced in Sirius Mods 8.0]
The ClientCertificate function returns to a Janus server a Longstring that contains the binary content of a client SSL certificate.
Syntax
%string = %(System):ClientCertificate[( [RequestCertificate= boolean])] Throws NotJanusConnection
Syntax terms
%string | This Longstring contains a copy of the binary, ASN.1 encoded, content of the SSL certificate presented by this server's client. If no client certificate is provided (possibly because the port is not using SSL, or the certificate was already provided), %string is a null string. |
---|---|
%(System) | The class name in parentheses denotes a shared method. ClientCertificate can also be invoked via a System object variable, which may be null. |
RequestCertificate | This name required argument is a Boolean enumeration. If True, a certificate is requested from the client at the time of the method call. If False, no certificate is requested. |
Usage notes
- This method can be used only on a Janus Web Server, Janus Telnet Server, or Janus Sockets Server thread. If used on any other kind of thread, it throws a NotJanusConnection exception.
- Specifying
RequestCertificate=True
only has an effect on a Janus SSL port whose definition does not include SSLCLCERT or SSLCLCERTR. These parameters request a client certificate at connection-establishment time, and a client certificate may only be requested once for an SSL session (whether or not the request successfully gets a certificate in return).
Examples
Probably the best way to examine the contents of the client certificate is by using the X509CertificateToXmlDoc String method to convert the Longstring containing the client certificate to an XmlDoc, as in the following:
%doc is object xmlDoc %ls is longstring %doc is object xmlDoc %node is object xmlNode ... %ls = %(system):clientCertificate if %ls:length then %doc = %ls:x509CertificateToXmlDoc %node = %doc:selectSingleNode('/Certificate/tbsCertificate/subject') if %node:value('RelativeDistinguishedName/commonName') ne "myBuddy.com" then $web_done(403, "Forbidden") stop end if end if
See also
System methods:
Stringlist methods:
- AppendCertificateInfo
- AppendCertificateRequest
- AppendCertificateRequestInfo
- AppendClientCertificateRequest
- AppendEncryptedSecurityData
- AppendGeneratedPrivateKey
- AppendPemData
- AppendPrivateKeyInfo
- AppendSignedCertificate
- AppendSignedClientCertificate
- CheckCertificate
- CheckCertificateRequest
- PemToString
String methods:
- CertificateRequest
- SignedCertificate
- DerToXmlDoc
- RSAPrivateKeyToXmlDoc
- X509CertificateToXmlDoc
- X509CrlToXmlDoc
- Multiple cryptographic cipher methods
Socket methods:
HttpRequest methods:
Background information: