This method is used to replace server or client credentials (private key, certificate, and an optional certificate chain) in the keystore with those from the specified PKCS12 format file.
For server credentials, the private key is stored in the P6SSL_SERVERAUTH_NAMESPACE namespace ("p6r.serverauth"), under the value specified in pszID which must be a string containing the server sockets IP address and port (eg. "0.0.0.0:443"). The SSL networking layer will look this information up in the keysore automatically using the server sockets bind address and port.
For client credentials, the private key is stored in the P6SSL_CLIENTAUTH_NAMESPACE namespace ("p6r.clientauth"), under the value specified in pszID which must be a string containing the remote server's hostname and port (eg. "www.example.com:8443"). The SSL networking layer will look this information up in the keysore automatically using the remote hostname and port information passed in when the secure client socket is initialized using p6ITcpSecureSocket::initSecureSocket(). For testing, many times hostnames have not been assigned to the remote server and in this case an IP address and port string (eg. "10.1.1.50:443") can be passed into pszID, however in this case the P6SSF_VRFY_DISABLEHOSTMATCH must be used when calling the p6ITcpSecureSocket::initSecureSocket() method.
- Parameters
-
| bClient | [ in ] A P6BOOL, that when equal to P6TRUE, indicates that client credentials are being imported. When equal to P6FALSE, it indicates that server credentials are beging imported. |
| pszID | [ in ] A pointer to a NULL terminated string containing the unique identifier for the credentials. For Server Credentials, this MUST be the ip address string, preferably with port information. For example "0.0.0.0:443" or "192.168.1.10:8443". For client connections, this would be the hostname and port of the remote server the connection is being established with. For example "kmip01.example.com:443". IP addresses with port information can also be used if certificate verification is disabled when creating the connection. |
| pszFilepath | [ in ] A pointer to a NULL terminated string containg the pathname of the PKCS12 file to load. |
| pszPassPhrase | [ in ] (optional) If the PKCS12 file being imported is encrypted, this argument provides a NULL terminating string containing the passphrase to use for decrypting the file. |
| pUUID | [ out ] (optional) The address of a P6UUID in which will be placed the UUID of the provided private key in the keystore. This identifier can be used to lookup the private key and certfifciate chain at a later time. |
- Returns
| Success | P6R::eOk | The import was successful |
| Failure | P6R::eNotInitialized | The p6IKeystoreInit::initialize() method has not yet been called successfuly for this instance of the keystore. |
| P6R::eInvalidArg | pszID or pszFilePath was NULL. |
| P6R::eTooBig | pszID is larger than P6KSMAXNAME. |
| P6R::eTooSmall | pszID has length of zero. |
| P6R::eExists | A key using the same ID already exists in the keystore. |
