Parameters
The parameter definitions for CSNDT34C.
For the definitions of the return_code, reason_code, exit_data_length, and exit_data parameters, see Parameters common to all verbs.
- rule_array_count
-
The number of keywords you supplied in the rule_array parameter. The value must be 1 - 4.Direction Type Input Integer - rule_array
-
Direction Type Input Character The rule_array contains keywords that provide control information to the callable service. The keywords must be 8 bytes of contiguous storage with the keyword left-justified in its 8-byte location and padded on the right with blanks.Table 1. Keywords for TR-34 Bind-Complete Keywords for TR-34 Bind-Complete. This table contains two columns: Keyword and Meaning, and it contains rows for Requested action (one, required) and Public key infrastructure usage (one, optional).
Keyword Meaning Requested action (one, required). BINDKRDC TR34 BIND CTKRD creation service. Creates the KRD credential token that is needed by the KDH to take the next step in the TR-34 BIND action. BINDRV TR34 BIND CTKDH RECEIVE service. Receives and processes the token sent by the KDH to the KRD to accomplish the BIND action in the TR-34 protocol. This binds the KRD to the KDH for a later key distribution action. UNBINDRV TR34 UNBIND UBTKDH RECEIVE service. Receives and processes the token sent by the KDH to the KRD to accomplish the UNBIND action in the TR-34 protocol. This frees the KRD from the currently bound KDH and causes the KRD to remove all keys received while bound to this KDH. REBINDRV TR34 REBIND RBTKDH RECEIVE service. Receives and processes the token sent by the KDH to the KRD to accomplish the REBIND action in the TR-34 protocol. This frees the KRD from the current binding key of the KDH and binds the KRD to a new binding key from the KDH. This also causes the KRD to remove all keys received while bound to the KDH under the prior binding key. Public key infrastructure usage (one, optional). PKI-CHK Specifies that the X.509 certificate for the other party (KRD) is to be validated against the trust chain of the PKI hosted in the adapter. This requires that the CA credentials have been installed using the Trusted Key Entry (TKE) workstation. This is required for compliance-tagged key token export with TR-34 services. This is the default.
Cannot be combined with BINDKRDC. There are no other-party credentials to evaluate.
PKI-NONE Specifies that the X.509 certificate for the other party (KRD) is not to be validated against the trust chain of the PKI hosted in the adapter. This is suitable if the certificate has been validated using host-based PKI services. Cannot be combined with BINDKRDC. There are no other-party credentials to evaluate.
CRL expiration date checking (one, optional). CRLEXPCK CRL Expiration Check - Check the expiration date of the certificate revocation list (CRL) and return an error if the CRL is expired. This is the default. CRLEXPAL CRL Expiration Allow - Check the expiration date of the certificate revocation list (CRL) and return an informational message if the CRL is expired. KRD certificate date checking (one, optional). RCTEXPCK KRD Certificate Expiration Check - Check the expiration date of the key receiving device (KRD) certificate and return an error if the certificate is expired. This is the default. RCTEXPAL KRD Certificate Expiration Allow - Check the expiration date of the key receiving device (KRD) certificate and return an informational message if the certificate is expired. - input_token_length
-
The length of the input_token parameter in bytes. The maximum length is 9000 bytes. When the requested action keyword is BINDKRDC, the value must be 0.Direction Type Input Integer - input_token
-
The DER encoded TR-34 token object. The requested action keyword defines the object.Direction Type Input String When the input_token_length is zero, this parameter is ignored.
The requested action keyword determines the input token:- BINDRV
- The BIND token received from the KDH (CTKDH).
- UNBINDRV
- The UNBIND token received from the KDH (UBTKDH).
- REBINDRV
- The REBIND token received from the KDH (RBTKDH).
- cred_kdh_length
-
The length of the cred_kdh parameter in bytes. The maximum length is 3500 bytes. When the requested action keyword is BINDKRDC or BINDRV, the value must be 0.Direction Type Input Integer - cred_kdh
-
The X.509 certificate that is the credential of the KDH for the requested service. The certificate may be in DER or PEM format.Direction Type Input String When the cred_kdh_length is zero, this parameter is ignored.
Note: This service is acting as the KDH so the cred_kdh is not expected to validate against the internal PKI of the adapter. Use the PKI-NONE keyword to override this validation. - cred_krd_length
-
The length of the cred_krd parameter in bytes. The maximum length is 3500 bytes. When the requested action keyword is BINDRV, the value must be 0.Direction Type Input/Output Integer - cred_krd
-
The X.509 certificate that is the credential of the KRD for the requested service (the CredKRD). The certificate may be in DER or PEM format.Direction Type Input/Output String When the cred_krd_length is zero, this parameter is ignored.
Note: This service is acting as the KDH so the cred_krd is normally expected to validate against the internal PKI of the adapter. Use the PKI-NONE keyword to override this validation, - random_number_token_length
-
The length of the random_number_token parameter. The maximum length is 200 bytes. When the requested action keyword is BINDKRDC or BINDRV, the value must be zero.Direction Type Input Integer - random_number_token
-
The DER encoded random number token RTKRD that was sent to the KDH. The random_number_token is used by the KRD to validate the random number sent by the KDH in the input_token parameter.Direction Type Input String When the random_number_token_length is zero, this parameter is ignored.
- output_token_length
-
The length of the output_token parameter in bytes. The maximum length is 3500 bytes. On input, the value is the size of the buffer to receive the output_token. On output, the value is the actual size of the data returned in the output_token parameter.Direction Type Input/Output Integer When the requested action keyword is UNBINDRV, the value must be zero.
- output_token
-
The generated DER encoded TR-34 token.Direction Type Output String - BINDKRDC
- The TR-34 credential token for the KRD (CTKRD).
- BINDRV and REBINDRV
- The TR-34 credential X.509 certificate for the KDH (CredKDH).
When the output_token_length is zero, this parameter is ignored.
- reserved_data_length
-
This parameter is reserved. The value must be zero.Direction Type Input/Output Integer - reserved_data
-
This parameter is ignored.Direction Type Input/Output String