SecureBlackbox 2020 iOS Edition

Questions / Feedback?

KMIPServer Class

Properties   Methods   Events   Configuration Settings   Errors  

The KMIPServer class provides server-side functionality for Key Management Interoperability Protocol (KMIP).

Syntax

SecureBlackboxKMIPServer
SecureBlackboxKMIPServerSwift

Remarks

The Key Management Interoperability Protocol (KMIP) is an OASIS standard for communication between different key management servers and clients.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

- activeIndicates if the KMIP server is active and listening to incoming connections.
- CACertBytesReturns raw certificate data in DER format.
- CACertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
- certRequestBytesProvides access to raw certificate request data in DER format.
- certRequestCurveSpecifies the elliptic curve of the EC public key.
- certRequestHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
- certRequestHashAlgorithmSpecifies the hash algorithm to be used in the operations on the certificate request (such as signing).
- certRequestKeyAlgorithmSpecifies the public key algorithm of this certificate request.
- certRequestKeyBitsReturns the length of the public key.
- certRequestKeyUsageIndicates the purposes of the key contained in the certificate request, in the form of an OR'ed flag set.
- certRequestKeyValidReturns True if the certificate's key is cryptographically valid, and False otherwise.
- certRequestPrivateKeyBytesContains the certificate's private key.
- certRequestPublicKeyBytesContains the public key incorporated in the request, in DER format.
- certRequestSigAlgorithmIndicates the algorithm that was used by the requestor to sign this certificate request.
- certRequestSubjectThe common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name.
- certRequestSubjectRDNA collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject).
- certRequestValidIndicates whether or not the signature on the request is valid and matches the public key contained in the request.
- certStorageCountThe number of records in the CertStorage arrays.
- certStorageBytes:(int)certStorageIndexReturns raw certificate data in DER format.
- certStorageHandle:(int)certStorageIndexAllows to get or set a 'handle', a unique identifier of the underlying property object.
- encoderTypeSpecifies the KMIP encoder type.
- externalCryptoCustomParamsCustom parameters to be passed to the signing service (uninterpreted).
- externalCryptoDataAdditional data to be included in the async state and mirrored back by the requestor.
- externalCryptoExternalHashCalculationSpecifies whether the message hash is to be calculated at the external endpoint.
- externalCryptoHashAlgorithmSpecifies the request's signature hash algorithm.
- externalCryptoKeyIDThe ID of the pre-shared key used for DC request authentication.
- externalCryptoKeySecretThe pre-shared key used for DC request authentication.
- externalCryptoMethodSpecifies the asynchronous signing method.
- externalCryptoModeSpecifies the external cryptography mode.
- externalCryptoPublicKeyAlgorithmProvide public key algorithm here if the certificate is not available on the pre-signing stage.
- generatedCertBytesReturns raw certificate data in DER format.
- generatedCertHandleAllows to get or set a 'handle', a unique identifier of the underlying property object.
- portA port to listen for connections on.
- socketIncomingSpeedLimitThe maximum number of bytes to read from the socket, per second.
- socketLocalAddressThe local network interface to bind the socket to.
- socketLocalPortThe local port number to bind the socket to.
- socketOutgoingSpeedLimitThe maximum number of bytes to write to the socket, per second.
- socketTimeoutThe maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
- socketUseIPv6Enables or disables IP protocol version 6.
- storageFileNameA path to the KMIP object database.
- TLSAutoValidateCertificatesSpecifies whether server-side TLS certificates should be validated automatically using internal validation rules.
- TLSBaseConfigurationSelects the base configuration for the TLS settings.
- TLSCiphersuitesA list of ciphersuites separated with commas or semicolons.
- TLSECCurvesDefines the elliptic curves to enable.
- TLSForceResumeIfDestinationChangesWhether to force TLS session resumption when the destination address changes.
- TLSPreSharedIdentityDefines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
- TLSPreSharedKeyContains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
- TLSPreSharedKeyCiphersuiteDefines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
- TLSRenegotiationAttackPreventionModeSelects renegotiation attack prevention mechanism.
- TLSRevocationCheckSpecifies the kind(s) of revocation check to perform.
- TLSSSLOptionsVarious SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
- TLSTLSModeSpecifies the TLS mode to use.
- TLSUseExtendedMasterSecretEnables Extended Master Secret Extension, as defined in RFC 7627.
- TLSUseSessionResumptionEnables or disables TLS session resumption capability.
- TLSVersionsTh SSL/TLS versions to enable by default.
- userCountThe number of records in the User arrays.
- userAssociatedData:(int)userIndexContains the user's Associated Data when SSH AEAD (Authenticated Encryption with Associated Data) algorithm is used.
- userBasePath:(int)userIndexBase path for this user in the server's file system.
- userCert:(int)userIndexContains the user's certificate.
- userData:(int)userIndexContains uninterpreted user-defined data that should be associated with the user account, such as comments or custom settings.
- userHandle:(int)userIndexAllows to get or set a 'handle', a unique identifier of the underlying property object.
- userHashAlgorithm:(int)userIndexSpecifies the hash algorithm used to generate TOTP (Time-based One-Time Passwords) passwords for this user.
- userIncomingSpeedLimit:(int)userIndexSpecifies the incoming speed limit for this user.
- userOtpAlgorithm:(int)userIndexThe algorithm used to generate one-time passwords (OTP) for this user, either HOTP (Hash-based OTP) or TOTP (Time-based OTP).
- userOtpValue:(int)userIndexThe user's time interval (TOTP) or Counter (HOTP).
- userOutgoingSpeedLimit:(int)userIndexSpecifies the outgoing speed limit for this user.
- userPassword:(int)userIndexThe user's authentication password.
- userPasswordLen:(int)userIndexSpecifies the length of the user's OTP password.
- userSharedSecret:(int)userIndexContains the user's secret key, which is essentially a shared secret between the client and server.
- userSSHKey:(int)userIndexContains the user's SSH key.
- userUsername:(int)userIndexThe registered name (login) of the user.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

- configSets or retrieves a configuration setting.
- getClientCertPopulates the per-connection certificate object.
- getClientCertRequestPopulates the per-connection certificate request object.
- setClientCertCommits the per-connection certificate object to the connection context.
- startStart the KMIP server.
- stopStops the KMIP server.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

- onAfterGenerateCertSignifies completion of certificate generation.
- onAfterGenerateKeySignifies completion of key generation.
- onAuthAttemptFires when a connected client makes an authentication attempt.
- onBeforeGenerateCertFires when a certificate generation request is received.
- onBeforeGenerateKeyFires when a key generation request is received.
- onDestroyActionFires when an object destruction request is received.
- onErrorInformation about any errors that occur during KMIP operations.
- onExternalSignHandles remote or external signing initiated by the server protocol.
- onNotificationThis event notifies the application about an underlying control flow event.
- onRequestFires when a request is received from the client.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

AuthBasicTurns on/off the basic authentication.
AuthDigestTurns on/off the digest authentication.
DualStackAllows the use of ip4 and ip6 simultaneously.
MajorProtocolVersionMajor protocol version on the KMIP server.
MinorProtocolVersionMinor protocol version on the KMIP server.
SSLModeWhether to establish a TLS-secured connection.
UseChunkedTransferWhether to use chunked encoding of the data.
UseCompressionWhether to use GZip compression.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client classes should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 iOS Edition - Version 20.0 [Build 8166]