roKeyStore

this object allows you to register client certificates with the player these certificates can be used by rohtmlwidget and rourltransfer objects when communicating with servers and rovideoplayer objects when accessing streams all object instances share the same certificate database the javascript equivalent is docid 6alp0aixrzlhv4cbkebvz while ca packages (added using the addcapackage() method) are persistent, individual certificates added using the addcacertificate() and addclientcertificate() methods must be applied on each boot ifkeystore getfailurereason() as string returns additional useful information if an ifkeystore method returns false addcacertificate(certificate file as string) as boolean registers the specified ca certificate with the certificate database client certificates can be either self signed or signed using a 3rd party certificate issuer (versign, digicert, etc ) addcapackage(filename as string) as boolean adds the specified ca package file to the certificate database the package name resides in the file and does not need to be the same as the filename you will need to work with brightsign to create a ca package to add to brightsign players; see the /#generating a ca package section below for more details attempting to modify a ca package file that has been added to the database will invalidate it if a package is invalidated, it will need to be removed from the database (using the removecapackage() method) and added again removecapackage(package name as string) as boolean removes the specified ca package from the certificate database use the getcapackagesinstalled() method to retrieve a list of package names in the database getcapackagesinstalled() as roarray returns a list of names of ca packages contained in the certificate database addclientcertificate(parameters as roassociativearray) as boolean registers a p12 client certificate with the certificate database this method accepts an associative array with the following parameters certificate file the file name and path of the p12 client certificate passphrase a passphrase for the p12 client certificate obfuscated passphrase an obfuscated passphrase for the p12 client certificate provide the passphrase using either the "passphrase" or "obfuscated passphrase" parameter (not both) we recommend using the "obfuscated passphrase" in production environments, while the "passphrase" should be used for testing purposes only contact mailto\ support\@brightsign biz to learn more about generating a key for obfuscation and storing it on the player brightsign players use the "nickname" of a p12 client certificate to match it with a website the "nickname" consists of the host\ port of the web address you wish to match for example, to use a client certificate for https //brightsign biz , you would specify a "nickname" of "brightsign biz 443" the following example uses an openssl terminal to generate a p12 client certificate to use with https //brightsign biz openssl pkcs12 export clcerts in client crt inkey client key out client p12 name "brightsign biz 443" ifuserdata setuserdata(user data as object) sets the user data that will be returned when events are raised getuserdata() as object returns the user data that has previously been set via setuserdata() it will return invalid if no data has been set ifmessageport setport(port as romessageport) posts messages to the attached message port generating a ca package contact mailto\ support\@brightsign biz for help generating a ca package you will need to provide a pem file to brightsign containing one or more root cas that you would like the player to trust brightsign will hash the ca file using sha 256 and package it with an x 509 certificate containing the hash the package will be signed by a ca that is trusted by the brightsignos for ca packaging only brightsign packages the x 509 certificate with two strings "friendly name" specifies the package name, which will be returned by the getcapackagesinstalled() method (and can be different from the filename of the ca package) you should specify the friendly name when you provide the ca file "action" currently, the only supported action is "add", which adds the contents of the ca package to the default brightsign cas brightsign will send you the ca package as a bsca file, which can then be added to brightsign players using the addcapackage() method you can also inspect the package contents to determine if they are correct example k=createobject("rokeystore") k addcacertificate("ssd /apache crt") aa = createobject("roassociativearray") aa addreplace("certificate file", "ssd /client p12") aa addreplace("passphrase", "1q2w3e4r") k addclientcertificate(aa) if k addcapackage("ssd /example bsca") then print "ca package added" pkglist = k getcapackagesinstalled() print pkglist if k removecapackage("example") then print "removed ca package"