RSA BSAFE Cert-C

PKI_CERTRESP_FIELDS Struct Reference

Note that not all of the fields of the structure are used by every PKI service provider. The application can indicate that specific fields are to be ignored when it sets the value of a PKI_MSG_OBJ, and the PKI service provider can indicate that specific fields are to be uninitialized when the application gets the value of a PKI_MSG_OBJ. Use PKI_CERTRESP_FIELDS with the C_SetPKICertResponseFields() and C_GetPKICertResponseFields() functions.

In Cert-C 2.5, a new object PKI_CERT_RESP_OBJ is introduced to handle certification responses. A new set of APIs are also introduced to retrieve and update the individual fields inside the response object. PKI_CERTRESP_FIELDS, C_SetPKICertResponseFields(), and C_GetPKICertResponseFields() are deprecated in this release, and will be removed from its successor.

Data Fields

flags

An unsigned int value that indicates which fields in the PKI_CERTRESP_FIELDS structure are to be ignored by Cert-C. The flags field should contain some combination of the following bit-flags, or it should contain zero (0) if none of the listed conditions apply. Individual flags can be combined by 'OR'ing them together.

PKI Certification Response Flag	Description
`PKI_CERTRESPFLAGS_IGNORE_STATUS_STATUS`	The statusInfo.status field is undefined.
`PKI_CERTRESPFLAGS_IGNORE_STATUS_STATUSSTRING`	The statusInfo.statusString field is undefined.
`PKI_CERTRESPFLAGS_IGNORE_STATUS_ FAILINFO`	The statusInfo.failInfo field is undefined.
`PKI_CERTRESPFLAGS_IGNORE_STATUS_FAILINFOAUX`	The statusInfo.failInfoAux field is undefined.
`PKI_CERTRESPFLAGS_IGNORE_CERTREQID`	The certReqID field is undefined.
`PKI_CERTRESPFLAGS_IGNORE_CERT`	The cert field is undefined.
`PKI_CERTRESPFLAGS_IGNORE_PRIVATEKEY`	The privateKey field is undefined.
`PKI_CERTRESPFLAGS_IGNORE_REGINFO`	The regInfo field is undefined.
`PKI_CERTRESPFLAGS_IGNORE_CACERTS`	The caCerts field is undefined.

statusInfo A PKI_STATUS_INFO structure that contains the status of the corresponding request.

certReqID An ITEM structure that specifies the identifier of the corresponding certification request.

cert A CERT_OBJ object that is updated with the contents of the new certificate if it was returned in the response message.

privateKey Some PKI services may generate the key pair on behalf of the sender. In such cases, the private key in B_KEY_OBJ will be updated with the contents of the key returned in the response message.

regInfo Some PKI services return additional information in the response message. In such cases, the attributes object in ATTRIBUTES_OBJ will be updated with the information returned in the response message.

caCerts Optionally, the PKI service returns a LIST_OBJ that contains a list of certificates for the sender to trust as root certificates. (This is different than the extraCerts list in the general message body, where no assumption of trust is made.) The authenticity of the response message must first be trusted if the caCerts list is to be trusted. Some type of message protection may be useful in establishing trustworthiness.

Deprecated:

This structure is deprecated in Cert-C 2.5. New set and get APIs are introduced to retrieve and update individual fields. PKI_CERTRESP_FIELDS, C_SetPKICertResponseFields(), and C_GetPKICertResponseFields() are deprecated in this release, and will be removed from its successor.

#include <pkimsg.h>

00949 typedef struct {
00950   unsigned int      flags;       /* bit field of PKI_CERTRESPFLAGS_* */
00951   PKI_STATUS_INFO   statusInfo;  /* certification status             */
00952   ITEM              certReqID;   /* ID to match request and response */
00953   CERT_OBJ          cert;        /* returned certificate             */
00954   B_KEY_OBJ         privateKey;  /* corresponding private key        */
00955   ATTRIBUTES_OBJ    regInfo;     /* supplementary information        */
00956   LIST_OBJ          caCerts;     /* list of CA CERT_OBJs             */
00957 } PKI_CERTRESP_FIELDS;