Home > Class Reference > ENSLIB namespace > %SYS.X509Credentials

%SYS.X509Credentials

persistent class %SYS.X509Credentials extends %Library.Persistent, %XML.Adaptor, %SYSTEM.Help

SQL Table Name: %SYS.X509Credentials

The %SYS.X509Credentials class defines the X.509 credentials which consist of an X.509 certificate and an optionally associated private key. An optional OwnerList may be specified to restrict which users have access to these credentials. The normal Cache object and SQL methods for accessing this data should not be used and will not work with normal security in order to maintain the security of the credentials.

Property Inventory (Including Private)

Method Inventory (Including Private)

Parameters

parameter DOMAIN = %Utility;
Default Localization Domain

Properties (Including Private)

property Alias as %String (MAXLEN = 150) [ Required ];
The Alias is defined on import and identifies the X.509 certificate and private key.
Property methods: AliasDisplayToLogical(), AliasGet(), AliasGetStored(), AliasIsValid(), AliasLogicalToDisplay(), AliasLogicalToOdbc(), AliasNormalize(), AliasSet()
property CAFile as %String (MAXLEN = 255);
File containing X.509 certificate(s) of trusted Certificate Authorities.
Can be an absolute pathname or a pathname relative to the Cache' manager's directory.
When WS-Security validates a Signature where the the certificate is not included in the SOAP message, the certificate is found in an %SYS.X509Credentials object. If the CAFile property is specified in the %SYS.X509Credentials object, CAFile gives the path of the CA file. If the CAFile property is not specified, then cache.cer in the mgr directory is used as the CA file.
Property methods: CAFileDisplayToLogical(), CAFileGet(), CAFileGetStored(), CAFileIsValid(), CAFileLogicalToDisplay(), CAFileLogicalToOdbc(), CAFileNormalize(), CAFileSet()
property Certificate as %Binary) [ Required ];
The X.509 certificate.
Property methods: CertificateGet(), CertificateGetStored(), CertificateIsValid(), CertificateLogicalToXSD(), CertificateSet(), CertificateXSDToLogical()
property IssuerDN as %String);
Issuer DistinguishedName of the certificate. This property is only set via the LoadCertificate method.
Property methods: IssuerDNDisplayToLogical(), IssuerDNGet(), IssuerDNGetStored(), IssuerDNIsValid(), IssuerDNLogicalToDisplay(), IssuerDNLogicalToOdbc(), IssuerDNNormalize(), IssuerDNSet()
property OwnerList as %String);
The optional comma separated list of usernames which may access these credentials. If no OwnerList is specified, the credentials are available to any user.
Property methods: OwnerListDisplayToLogical(), OwnerListGet(), OwnerListGetStored(), OwnerListIsValid(), OwnerListLogicalToDisplay(), OwnerListLogicalToOdbc(), OwnerListNormalize(), OwnerListSet()
property PeerNames as %String);
PeerNames is an optional comma separated list of peers which expect this certificate to be used. Each peer name will normally be a DNS name. However, any application defined name may be used.
Property methods: PeerNamesDisplayToLogical(), PeerNamesGet(), PeerNamesGetStored(), PeerNamesIsValid(), PeerNamesLogicalToDisplay(), PeerNamesLogicalToOdbc(), PeerNamesNormalize(), PeerNamesSet()
property PrivateKey as %String) [ Transient ];
The private key associated with the certificate stored as PEM encoded text. The private key will be in memory only when set before save. The private key will not be loaded from global during open since transient.
Property methods: PrivateKeyDisplayToLogical(), PrivateKeyGet(), PrivateKeyIsValid(), PrivateKeyLogicalToDisplay(), PrivateKeyLogicalToOdbc(), PrivateKeyNormalize(), PrivateKeyPasswordDisplayToLogical(), PrivateKeyPasswordGet(), PrivateKeyPasswordIsValid(), PrivateKeyPasswordLogicalToDisplay(), PrivateKeyPasswordLogicalToOdbc(), PrivateKeyPasswordNormalize(), PrivateKeyPasswordSet(), PrivateKeySet(), PrivateKeyTypeDisplayToLogical(), PrivateKeyTypeGet(), PrivateKeyTypeGetStored(), PrivateKeyTypeIsValid(), PrivateKeyTypeLogicalToDisplay(), PrivateKeyTypeLogicalToOdbc(), PrivateKeyTypeNormalize(), PrivateKeyTypeSet()
property PrivateKeyPassword as %String (MAXLEN = 128, XMLPROJECTION = "NONE") [ Transient ];
Optional password for the private key. The private key password will be in memory only when set before save. The private key password will not be loaded from global during open since transient.
Property methods: PrivateKeyPasswordDisplayToLogical(), PrivateKeyPasswordGet(), PrivateKeyPasswordIsValid(), PrivateKeyPasswordLogicalToDisplay(), PrivateKeyPasswordLogicalToOdbc(), PrivateKeyPasswordNormalize(), PrivateKeyPasswordSet()
property PrivateKeyType as %String (VALUELIST = ",RSA,DSA") [ InitialExpression = "RSA" , Required ];
The type of the associated private key. Only RSA is aupported initially.
Property methods: PrivateKeyTypeDisplayToLogical(), PrivateKeyTypeGet(), PrivateKeyTypeGetStored(), PrivateKeyTypeIsValid(), PrivateKeyTypeLogicalToDisplay(), PrivateKeyTypeLogicalToOdbc(), PrivateKeyTypeNormalize(), PrivateKeyTypeSet()
property SerialNumber as %String;
SerialNumber of the certificate -- unique for the Issuer. This property is only set via the LoadCertificate method.
Property methods: SerialNumberDisplayToLogical(), SerialNumberGet(), SerialNumberGetStored(), SerialNumberIsValid(), SerialNumberLogicalToDisplay(), SerialNumberLogicalToOdbc(), SerialNumberNormalize(), SerialNumberSet()
property SubjectDN as %String);
Subject DistinguishedName of the certificate. This property is only set via the LoadCertificate method.
Property methods: SubjectDNDisplayToLogical(), SubjectDNGet(), SubjectDNGetStored(), SubjectDNIsValid(), SubjectDNLogicalToDisplay(), SubjectDNLogicalToOdbc(), SubjectDNNormalize(), SubjectDNSet()
property SubjectKeyIdentifier as %Binary;
X.509 SubjectKeyIdentifier from the certificate. This property is only set via the LoadCertificate method.
Property methods: SubjectKeyIdentifierGet(), SubjectKeyIdentifierGetStored(), SubjectKeyIdentifierIsValid(), SubjectKeyIdentifierLogicalToXSD(), SubjectKeyIdentifierSet(), SubjectKeyIdentifierXSDToLogical()
property Thumbprint as %Binary;
SHA1 Thumbprint of the certificate This property is only set via the LoadCertificate method.
Property methods: ThumbprintGet(), ThumbprintGetStored(), ThumbprintIsValid(), ThumbprintLogicalToXSD(), ThumbprintSet(), ThumbprintXSDToLogical()
property ValidityNotAfter as %TimeStamp [ Calculated , Transient , ReadOnly ];
X.509 ValidityNotAfter from the certificate.
Property methods: ValidityNotAfterCompute(), ValidityNotAfterDisplayToLogical(), ValidityNotAfterGet(), ValidityNotAfterIsValid(), ValidityNotAfterLogicalToDisplay(), ValidityNotAfterLogicalToXSD(), ValidityNotAfterNormalize(), ValidityNotAfterOdbcToLogical(), ValidityNotAfterSQLCompute(), ValidityNotAfterSet(), ValidityNotAfterXSDToLogical()
property ValidityNotBefore as %TimeStamp [ Calculated , Transient , ReadOnly ];
X.509 ValidityNotBefore from the certificate.
Property methods: ValidityNotBeforeCompute(), ValidityNotBeforeDisplayToLogical(), ValidityNotBeforeGet(), ValidityNotBeforeIsValid(), ValidityNotBeforeLogicalToDisplay(), ValidityNotBeforeLogicalToXSD(), ValidityNotBeforeNormalize(), ValidityNotBeforeOdbcToLogical(), ValidityNotBeforeSQLCompute(), ValidityNotBeforeSet(), ValidityNotBeforeXSDToLogical()

Method