RSA BSAFE Cert-C

PKI_STATUS_INFO Struct Reference

This structure is used in PKI_CERTRESP_FIELDS and as a parameter to C_SendPKIMsg().

Data Fields

status

An unsigned int value that contains the overall status of the requested operation. The status field in the PKI_STATUS_INFO structure should contain one of the following values:

PKI Status Value	Description
`PKI_STATUS_GRANTED`	The application was approved, exactly as requested.
`PKI_STATUS_GRANTED_MODS`	The application was approved; however, the requester is responsible for ascertaining the differences.
`PKI_STATUS_REJECTED`	The application was rejected; more information is usually found elsewhere in the message.
`PKI_STATUS_WAITING`	The request has not yet been processed; expect further processing (in some cases, it is necessary to poll the recipient for updated status).
`PKI_STATUS_WARNING_REVOCATION`	Warning that a revocation is imminent.
`PKI_STATUS_REVOCATION`	Notification that a revocation has occurred.
`PKI_STATUS_WARNING_KEY_UPDATE`	The requested key update was previously performed.

failInfo

An unsigned int value that contains additional information about failure cases. Because a request can fail in more than one way, the failure codes are defined as 1- bit flags that are 'OR'ed together. The failInfo field of the PKI_STATUS_INFO structure should contain some combination of the following bit- flags, or it should contain zero (0) if none of the listed conditions apply:

PKI Failure Info Flag	Description
`PKI_FAIL_BAD_ALG`	Unrecognized or unsupported algorithm identifier.
`PKI_FAIL_BAD_MESSAGE_CHECK`	Integrity check failed (for example, the signature did not verify).
`PKI_FAIL_BAD_REQUEST`	Transaction not permitted or supported.
`PKI_FAIL_BAD_TIME`	The message time was not sufficiently close to the system time as defined by local policy.
`PKI_FAIL_BAD_CERT_ID`	No certificate could be found matching the provided criteria.
`PKI_FAIL_BAD_DATA_FORMAT`	The data submitted has the wrong format.
`PKI_FAIL_WRONG_AUTHORITY`	The authority indicated in the request is different from the one creating the response message.
`PKI_FAIL_INCORRECT_DATA`	The requester's data is incorrect.
`PKI_FAIL_MISSING_TIMESTAMP`	When the timestamp is missing but should be there (by policy).
`PKI_FAIL_BAD_POP`	The Proof-of-Possession failed.
`PKI_FAIL_SERVER_ERROR`	The requester was unable to contact the transaction end-point.
`PKI_FAIL_REMOTE_SERVER_ERROR`	Some back-end server or process behind the transaction end-point failed.

statusString A LIST_OBJ object that contains a list of NUL- terminated text strings representing the status value. Each entry in the list is a pointer to an ITEM, where the ITEM specifies the string. The text is displayed to a user. Usually, multiple text strings are present only when the same text is provided in multiple (human) languages, with each individual string containing the text in a single language. Each string should consist of UTF8 characters, with the language tag, if any, specified at the beginning of the string. (In the absence of a language tag, the sender and receiver should have some out-of- band agreement on the language of the string.)

failInfoAux An unsigned int value that contains a PKI service provider- specific failure code.

00638 typedef struct {
00639   unsigned int      status;        /* one of PKI_STATUS_* above          */
00640   unsigned int      failInfo;      /* one of PKI_FAIL_* above            */
00641   LIST_OBJ          statusString;  /* list of UTF8 strings               */
00642   unsigned int      failInfoAux;   /* detailed, SP-specific failure code */
00643 } PKI_STATUS_INFO;