Summary:
See also: The Genero Web Services XML Library
The CryptoX509 class provides methods to manipulate X509 certificates needed for identification of individual persons, groups or any entities during XML encryption or signature process. It also provides additional load and save functions to interact with other applications in XML or in BASE64, such as in WS-Security compliant applications. It follows the XML-Signature and XML-Encryption specifications.
The status is set to zero after a successful method call.
Syntax
xml.CryptoX509
| Class Methods | |
| Name | Description |
xml.CryptoX509.Create()
|
Constructor of an
empty CryptoX509 object. Returns a CryptoX509 object or NULL. Throws an exception in case of errors, and updates status with an error code. |
xml.CryptoX509.CreateFromNode( |
Constructor of a
new CryptoX509 object from a XML X509 certificate node, according to the XML-Signature specification; where node is an ELEMENT node with X509Data as local name, and belonging to the XML-Signature namespace http://www.w3.org/2000/09/xmldsig#. Returns a CryptoX509 object or NULL. Note : if the X509 certificate is incomplete, the certificate will be created from the application global certificate list if one of SubjectName or Issuer matches. (See addCertificate for more details) Throws an exception in case of errors, and updates status with an error code. |
| Object Methods | |
| Name | Description |
getIdentifier()
|
Returns the indentification part of
this X509 certificate in a STRING. Example: /C=FR/ST=France/L=Schiltigheim/O=MC/OU=My Company Name/CN=cert Throws an exception in case of errors, and updates status with an error code. |
| Object Methods | |
| Name | Description |
createPublicKey( |
Creates a new public CryptoKey
object for the given url,
from the public key embedded in this certificate if any; NULL
otherwise. Throws an exception in case of errors, and updates status with an error code. |
| Object Methods | |
| Name | Description |
loadPEM( |
Loads a X509 certificate from a file
in PEM format, where file is the filename or an entry in the
FGLPROFILE file. Throws an exception in case of errors, and updates status with an error code. |
loadDER( |
Loads a X509 certificate from a file
in DER format, where file is the filename or an entry in the
FGLPROFILE file. Throws an exception in case of errors, and updates status with an error code. |
save() |
Saves the CryptoX509 certificate
into a XML document with ds:X509Data
as root node according to the XML-Signature specification. (See also the RetrievalMethod feature) Throws an exception in case of errors, and updates status with an error code. |
saveToString()
|
Saves the CryptoX509 certificate
into a BASE64 string format. Throws an exception in case of errors, and updates status with an error code. |
load( |
Loads the given XML document with ds:X509Data
as root node according to the XML-Signature specification, into the
CryptoX509 object. Note: if the X509 certificate in the XML document is incomplete, the certificate will be loaded from the global certificate list if one of SubjectName or Issuer matches. Throws an exception in case of errors, and updates status with an error code. |
loadFromString( |
Loads the given X509 certificate in
BASE64 string format into this CryptoX509 object. Throws an exception in case of errors, and updates status with an error code. |
| Object Methods | |
| Name | Description |
setFeature(
|
Sets or resets the given feature for this CryptoX509
object. Throws an exception in case of errors, and updates status with an error code. |
getFeature( |
Returns the value of the given feature for this CryptoX509
object, or NULL if feature is not set. Throws an exception in case of errors, and updates status with an error code. |
| Feature | Description |
| X509Certificate (See specification for details) |
Defines or
returns whether the complete X509 certificate is added during XML signature
or encryption. Note: default value is FALSE. |
| X509SubjectName (See specification for details) |
Defines or
returns whether the subject name of the X509 certificate is added
during XML signature or encryption.
Note: default value is FALSE. |
| X509IssuerSerial (See specification for details) |
Defines or
returns whether the issuer name and serial number of the X509
certificate is added during XML signature or encryption.
Note: default value is FALSE. |
| RetrievalMethod (See specification for details) |
Defines or
returns the URL where the XML form of the X509 certificate will be set
during a XML signature, and loaded during a XML verification
process, and based on that CryptoX509 object. Note 1: default value is NULL, meaning that no retrieval method is used. Note 2: the XML form of a X509 certificate can be obtain by the save() method. |
|
01IMPORT xml0203MAIN04DEFINE x509 xml.CryptoX50905DEFINE key xml.CryptoKey06LET x509 = xml.CryptoX509.Create()07TRY08CALL x509.loadPEM("RSA1024Certificate.crt");09CATCH10DISPLAY "Unable to load certificate :",STATUS11EXIT PROGRAM12END TRY13TRY14LET key = x509.createPublicKey("http://www.w3.org/2000/09/xmldsig#rsa-sha1")15DISPLAY "Key size (in bytes) : ",key.getSize() # displays 1024 (bits)16DISPLAY "Key type : ",key.getType() # displays PUBLIC17DISPLAY "Key usage : ",key.getUsage() # displays SIGNATURE18CATCH19DISPLAY "Unable to create public key :",STATUS20END TRY21END MAIN
01IMPORT xml0203MAIN04DEFINE x509 xml.CryptoX50905DEFINE key xml.CryptoKey06DEFINE doc xml.DomDocument07LET x509 = xml.CryptoX509.Create()08TRY09CALL x509.loadPEM("RSA1024Certificate.crt");10CATCH11DISPLAY "Unable to load certificate :",STATUS12EXIT PROGRAM13END TRY14TRY15CALL x509.setFeature("X509SubjectName",TRUE)16LET doc = x509.save()17CALL doc.setFeature("format-pretty-print",TRUE)18CALL doc.save("RSAX509SubjectName.xml")19CATCH20DISPLAY "Unable to save certificate :",STATUS21END TRY22END MAIN
Note: All certificates in PEM format were created with the OpenSSL tool