DocBook|Search
Class Reference
%SYSTEM.Security.Users
    
Server:basexml
Instance:SOAXML
User:UnknownUser
  
-
  [BASEXML] >  [%SYSTEM] >  [Security] >  [Users]
Private  Storage  

abstract class %SYSTEM.Security.Users

Inventory

Parameters Properties Methods Queries Indices ForeignKeys Triggers
7


Summary

Methods
SSLGetCipher SSLGetCipherList SSLGetLastError SSLGetPeerCertificate
SSLGetPeerName SSLGetProtocol SSLPeekClientHello


Methods

• classmethod SSLGetCipher() as %String
Returns the name of the SSL/TLS ciphersuite currently in use over the principal device, if an SSL/TLS connection is currently established.
• classmethod SSLGetCipherList(Direction As %Integer, Protocols As %Integer, CipherList As %String) as %String
Returns a colon-delimited list of the names of all supported ciphersuites that are consistent with the input parameters.
Parameters:

Direction:
0 = client
1 = server

Protocols enabled, bitwise-or of:
1 = SSLv2
2 = SSLv3
4 = TLSv1

CipherList, a colon-delimited string constraining the return values, as specified in the OpenSSL Cipher man page
• classmethod SSLGetLastError() as %String
Returns a description of the SSL/TLS error encountered, if any, during the most recent SSL/TLS operation over the principal device.
• classmethod SSLGetPeerCertificate() as %String
Returns the X.509 certificate used to verify the peer for the SSL/TLS session running over the current principal TCP device, in binary DER format. The certificate can be used as input to $System.Encryption.X509GetField() and the RSA* functions. To save the certificate to a file in PEM format:

Do file.Write("-----BEGIN CERTIFICATE-----"_$c(13,10))
Do file.Write($System.Encryption.Base64Encode(certificate))
Do file.Write($c(13,10)_"-----END CERTIFICATE-----"_$c(13,10))
• classmethod SSLGetPeerName(Entry As %String) as %String
Returns a string representation of the X.500 distinguished name contained in the X.509 certificate used to verify the peer for the SSL/TLS session running over the principal device. Called with no arguments it returns the entire name on one line. Called with an optional argument specifying a component name entry it retuns just that entry, if present. Legal values for the entry argument, and their legal short abreviations, are:

"commonName","CN"
"countryName","C"
"localityName","L"
"stateOrProvinceName","ST"
"organizationName","O"
"organizationalUnitName","OU"
"givenName","G"
"surname","S"
"initials","I"
"uniqueIdentifier","UID"
"serialNumber","SN"
"title","T"
"description","D"

Also supports the IA5 string components of the X.509 v3 subjectAltName extension. Additional legal values for the entry argument are:

"email"
"DNS"
"URI"
• classmethod SSLGetProtocol() as %String
Returns the name of the protocol currently in use over the principal device, if an SSL/TLS connection is currently established.
• classmethod SSLPeekClientHello(Timeout As %Integer) as %Integer
If the principal device is a TCP device, peek into the TCP receive buffer.
Returns 1 if it contains an SSLv3 or TLSv1 Client Hello message, or an SSLv2 Client Hello message requesting SSLv3 or later. Otherwise returns 0. Parameter:

Timeout, time to wait for data, in seconds