RSA BSAFE Cert-C
API Reference

scep.h File Reference

This file contains the initialization data for the SCEP PKI service provider.

destList and proxiesList are lists of ITEMs containing URL strings. These strings need not be NUL-terminated, although they may be. For example, destList might contain the following two ITEMs:

    http://onsite.verisign.com/cgi-bin/scep.exe
    http://onsite2.verisign.com/cgi-bin/scep.exe

The protocol field in the optional proxies specified in the proxyList should match the protocol(s) used in destList.

Similarly, proxyList may contain the following:

    http://proxy1.mycompany.com:80
    http://proxy2.mycompany.com:80

One or more destinations must be specified. Proxy use is optional and zero or more may be specified. Specification of a profile is mandatory. The value must be one of the PKI_SCEP_PROFILE_* values below:

Value Description

PKI_SCEP_PROFILE_GENERIC An unspecified, unknown, or generic profile

PKI_SCEP_PROFILE_KEON An RSA Keon CA (KCS 5.x) profile

PKI_SCEP_PROFILE_VERISIGN A VeriSign profile

PKI_SCEP_PROFILE_KCA6 An RSA Keon CA (KCA 6.x) profile

PKI_SCEP_PROFILE_MSCA A Microsoft Win2000 CA profile

PKI_SCEP_PROFILE_MAX A symbol not for use by the application

#include "transprt.h"

Go to the source code of this file.

Data Structures

struct PKI_SCEP_INIT_PARAMS

This structure is holds initialization parameters for the Cert-C SCEP PKI Database Service Provider. More...

struct PKI_SCEP_INIT_STRUCT

This structure is used by the Cert-C SCEP PKI Database Service Provider. More...

Functions

int S_InitializeSCEPPKI (POINTER ctx, POINTER params, SERVICE_FUNCS *funcs, POINTER *handle)

The S_InitializeSCEPPKI() function is never called directly. More...

int S_SCEP_GetRequestFingerprint (CERTC_CTX ctx, POINTER handle, PKI_MSG_OBJ certRequest, ITEM *pDataItem)

Use the S_SCEP_GetRequestFingerprint() interface to generate a cryptographic hash of the data inside the certification request, certRequest, as suggested in the SCEP Specification. More...

Function Documentation

int S_InitializeSCEPPKI ( POINTER ctx,

POINTER params,

SERVICE_FUNCS * funcs,

POINTER * handle

) ;

The S_InitializeSCEPPKI() function is never called directly. Instead, to initialize or register the Cert-C SCEP PKI Service Provider, call the C_InitializeCertC() or C_RegisterService() function.
Both functions take SERVICE_HANDLER and a POINTER to a parameters structure as parameters. SERVICE_HANDLER's Initialize parameter points to the S_InitializeSCEPPKI() function, and the corresponding POINTER should point to a PKI_SCEP_INIT_PARAMS structure.
Cert-C uses S_InitializeSCEPPKI() to initialize the Cert-C SCEP PKI Service Provider’s functions and initialization parameters. S_InitializeSCEPPKI() stores pointers to the Cert-C SCEP PKI Service Provider’s functions in funcs’s pki member, which is a PKI_FUNCS structure. S_InitializeSCEPPKI() uses the Cert-C SCEP PKI Service Provider’s initialization parameters in params, which points to an instance of a PKI_SCEP_INIT_PARAMS structure.
Parameters:

ctx This input parameter points to an initialized Cert-C context handle.

params This input parameter specifies provider-specific parameters.

funcs This output parameter contains the PKI_FUNCS function pointers for the Cert-C SCEP PKI Service Provider.

handle This output parameter points to the service provider handle for this instance of the Cert-C SCEP PKI Service Provider.

Returns:
If successful, returns 0. If not, returns a Cert-C error code.

int S_SCEP_GetRequestFingerprint ( CERTC_CTX ctx,

POINTER handle,

PKI_MSG_OBJ certRequest,

ITEM * pDataItem

) ;

Use the S_SCEP_GetRequestFingerprint() interface to generate a cryptographic hash of the data inside the certification request, certRequest, as suggested in the SCEP Specification. The data returned in pDataItem.data may be requested by the CA as a requirement to approve the certificate request. This process protects against a man-in-the-middle attack of the certificate request.
Parameters:

ctx This input parameter points to an initialized Cert-C context handle.

handle This input parameter specifies the service provider-specific data handle returned by the service provider’s initialization function.

certRequest This input parameter specifies a certification request object from which to extract the fingerprint.

pDataItem This output parameter points to an existing ITEM that contains the allocated fingerprint information to be freed by the caller.

Returns:
If successful, returns 0. If not, returns a Cert-C error code.

RSA BSAFE^® Cert-C 2.7 API Reference

Value	Description
`PKI_SCEP_PROFILE_GENERIC`	An unspecified, unknown, or generic profile
`PKI_SCEP_PROFILE_KEON`	An RSA Keon CA (KCS 5.x) profile
`PKI_SCEP_PROFILE_VERISIGN`	A VeriSign profile
`PKI_SCEP_PROFILE_KCA6`	An RSA Keon CA (KCA 6.x) profile
`PKI_SCEP_PROFILE_MSCA`	A Microsoft Win2000 CA profile
`PKI_SCEP_PROFILE_MAX`	A symbol not for use by the application

Data Structures
struct	PKI_SCEP_INIT_PARAMS
	This structure is holds initialization parameters for the Cert-C SCEP PKI Database Service Provider. More...
struct	PKI_SCEP_INIT_STRUCT
	This structure is used by the Cert-C SCEP PKI Database Service Provider. More...
Functions
int	S_InitializeSCEPPKI (POINTER ctx, POINTER params, SERVICE_FUNCS funcs, POINTER handle)
	The S_InitializeSCEPPKI() function is never called directly. More...
int	S_SCEP_GetRequestFingerprint (CERTC_CTX ctx, POINTER handle, PKI_MSG_OBJ certRequest, ITEM *pDataItem)
	Use the S_SCEP_GetRequestFingerprint() interface to generate a cryptographic hash of the data inside the certification request, certRequest, as suggested in the SCEP Specification. More...