ClientCertificate (System function): Difference between revisions
No edit summary |
m (add <var>s) |
||
Line 28: | Line 28: | ||
==Examples== | ==Examples== | ||
Probably the best way to examine the contents of the client certificate is by using the | Probably the best way to examine the contents of the client certificate is by using the <var>[[X509CertificateToXmlDoc (String function)|X509CertificateToXmlDoc]]</var> <var>String</var> method to convert the <var>Longstring</var> containing the client certificate to an <var>XmlDoc</var>, as in the following: | ||
<p class="code">%doc is object xmlDoc | <p class="code">%doc is object xmlDoc | ||
%ls is longstring | %ls is longstring |
Latest revision as of 21:39, 1 September 2016
Get client certificate (System class)
[Introduced in Sirius Mods 8.0]
The ClientCertificate function returns to a Janus server a Longstring that contains the binary content of a client SSL certificate.
Syntax
%string = %(System):ClientCertificate[( [RequestCertificate= boolean])] Throws NotJanusConnection
Syntax terms
%string | This Longstring contains a copy of the binary, ASN.1 encoded, content of the SSL certificate presented by this server's client. If no client certificate is provided (possibly because the port is not using SSL, or the certificate was already provided), %string is a null string. |
---|---|
%(System) | The class name in parentheses denotes a shared method. ClientCertificate can also be invoked via a System object variable, which may be null. |
RequestCertificate | This name required argument is a Boolean enumeration. If True, a certificate is requested from the client at the time of the method call. If False, no certificate is requested. |
Usage notes
- This method can be used only on a Janus Web Server, Janus Telnet Server, or Janus Sockets Server thread. If used on any other kind of thread, it throws a NotJanusConnection exception.
- Specifying
RequestCertificate=True
only has an effect on a Janus SSL port whose definition does not include SSLCLCERT or SSLCLCERTR. These parameters request a client certificate at connection-establishment time, and a client certificate may only be requested once for an SSL session (whether or not the request successfully gets a certificate in return).
Examples
Probably the best way to examine the contents of the client certificate is by using the X509CertificateToXmlDoc String method to convert the Longstring containing the client certificate to an XmlDoc, as in the following:
%doc is object xmlDoc %ls is longstring %doc is object xmlDoc %node is object xmlNode ... %ls = %(system):clientCertificate if %ls:length then %doc = %ls:x509CertificateToXmlDoc %node = %doc:selectSingleNode('/Certificate/tbsCertificate/subject') if %node:value('RelativeDistinguishedName/commonName') ne "myBuddy.com" then $web_done(403, "Forbidden") stop end if end if
See also
System methods:
Stringlist methods:
- AppendCertificateInfo
- AppendCertificateRequest
- AppendCertificateRequestInfo
- AppendClientCertificateRequest
- AppendEncryptedSecurityData
- AppendGeneratedPrivateKey
- AppendPemData
- AppendPrivateKeyInfo
- AppendSignedCertificate
- AppendSignedClientCertificate
- CheckCertificate
- CheckCertificateRequest
- PemToString
String methods:
- CertificateRequest
- SignedCertificate
- DerToXmlDoc
- RSAPrivateKeyToXmlDoc
- X509CertificateToXmlDoc
- X509CrlToXmlDoc
- Multiple cryptographic cipher methods
Socket methods:
HttpRequest methods:
Background information: