X509CertificateToXmlDoc (String function)
Convert BER encoded X.509 certificate to XML (String class)
[Introduced in Sirius Mods 8.0]
X509 is a general authentication framework that establishes standard formats for for public-key certificates, certificate revocation lists (CRLs), and more. X509CertificateToXmlDoc converts a string (Longstring) that contains a certificate to an XmlDoc. DER (Distinguished Encoding Rules), a subset of BER (Basic Encoding Rules, provide a way to uniquely encode an Abstract Syntax Notation One (ASN.1) type value as a string of eight-bit octets.
Syntax
%doc = string:X509CertificateToXmlDoc Throws InvalidBerData
Syntax terms
%doc | An XmlDoc object variable to contain the decoded value of the method object, string. |
---|---|
string | A DER encoded string that contains the contents of a digital certificate. Note: This method fails if the XML representation of string is longer than 650 characters. |
Exceptions
X509CertificateToXmlDoc can throw the following exception:
- InvalidBerData
- If the method encounters non-BER-conforming data, properties of the exception object may indicate the position and description of the error.
Usage notes
- X509CertificateToXmlDoc is very similar to DerToXmlDoc, except that X509CrlToXmlDoc understands the semantics of the certificate tags, so it provides more meaningful XML element names. Contrast the DerToXmlDoc example with the X509CertificateToXmlDoc example, below.
- X509CertificateToXmlDoc is a complete implementation of the PKCS standards for X509 certificates.
- Currently, no method is available to produce a DER stream from an XmlDoc nor to validate the signature on a certificate.
Examples
- In the following example, the PemToString method loads Longstring
%ls
with the contents of a base64 encoded Certificate. The Longstring is then converted to an XmlDoc whose contents are printed:... text to %sl = new raw -----BEGIN X509 CERTIFICATE----- MIIDyjCCArICBQG6t2wFMA0GCSqGSIb3DQEBBAUAMIGpMQswCQYDVQQGEwJVUzEL MAkGA1UECBMCTUExEjAQBgNVBAcTCUNhbWJyaWRnZTEdMBsGA1UEChMUU2lyaXVz IFNvZnR3YXJlIEluYy4xHTAbBgNVBAsTFFNvZnR3YXJlIERldmVsb3BtZW50MTsw OQYDVQQDEzJzaXJpdXN8c2lyaXVzLXNvZnR3YXJlLmNvbXx3d3cuc2lyaXVzLXNv ... 3YJysceP8RdU9u6KMFca9AaXKIiBhDClAq0jXk/0ew4xlXJM8bRUXEVVWPGjXiP6 owT5jqCxVO6YyYMabVa1+fIu7g2EKOW26+2xdOBoti8wUHV5u/v7EhX4gl1SFRA0 HDqjT/PVYzAkLPr7LrMVUtPaE6ostjP4uLKr5K8IUz/Q7oab+sHeiTGk9qhflTMA K7EE6AGXgEWr5q18Xc0= -----END X509 CERTIFICATE----- end text %ls = %sl:pemToString('X509 CERTIFICATE') %doc = %ls:x509certificateToXmldoc:print %doc:print ...
The result is shown below:
<Certificate> <tbsCertificate> <version>0</version> <serialNumber>7427550213</serialNumber> <signature> <algorithm name="md5WithRSAEncryption"> 1.2.840.113549.1.1.4 </algorithm> <parameters/> </signature> <issuer> <RelativeDistinguishedName> <countryName>US</countryName> </RelativeDistinguishedName> <RelativeDistinguishedName> <stateOrProvinceName type="PrintableString"> MA </stateOrProvinceName> </RelativeDistinguishedName> <RelativeDistinguishedName> <localityName type="PrintableString"> Cambridge </localityName> </RelativeDistinguishedName> <RelativeDistinguishedName> <organizationName type="PrintableString"> Sirius Software Inc. </organizationName> </RelativeDistinguishedName> <RelativeDistinguishedName> <organizationalUnitName type="PrintableString"> Software Development </organizationalUnitName> </RelativeDistinguishedName> <commonName type="PrintableString"> sirius|sirius-software.com|www.sirius-software.com </commonName> </RelativeDistinguishedName> </issuer> <validity> <notBefore type="UTCTime"> 20120129174641.000Z </notBefore> <notAfter type="UTCTime"> 20130129174641.000Z </notAfter> </validity> <subject> <RelativeDistinguishedName> <countryName>US</countryName> </RelativeDistinguishedName> <RelativeDistinguishedName> <stateOrProvinceName type="PrintableString"> MA </stateOrProvinceName> </RelativeDistinguishedName> <RelativeDistinguishedName> ... </RelativeDistinguishedName> </subject> <subjectPublicKeyInfo> <algorithm> <algorithm name="rsaEncryption"> 1.2.840.113549.1.1.1 </algorithm> <parameters/> </algorithm> <subjectPublicKey bits="2144"> 308201080282010100AEB80E3AE26B644C90081484D304F327CFD79BE9ACA168 ... ... 1046851C2ED4C04DD9020103 </subjectPublicKey> </subjectPublicKeyInfo> </tbsCertificate> <signatureAlgorithm> <algorithm name="md5WithRSAEncryption"> 1.2.840.113549.1.1.4 </algorithm> <parameters/> </signatureAlgorithm> <signatureValue bits="2048"> 0A35414FEEDD883CB4195B1D3F5164E2108A1C3A1CC0C38E3170 ... ... 002BB104E801978045ABE6AD7C5DCD </signatureValue> </Certificate>
- To load a client certificate, you might do the following:
%string = %(System):ClientCertificate(RequestCertificate=true) %doc = %string:X509CertificateToXmlDoc
See also
Related methods:
- String class: DerToXmlDoc, X509CrlToXmlDoc, and RSAPrivateKeyToXmlDoc
- System class: ClientCertificate
- Socket class: Certificate
- HttpRequest class: Get, Post, and Send
- Stringlist class: PemToString
Background information: