This method is used to import server or client credentials (private key, certificate, and an optional certificate chain) from the supplied objects into the appropriate places in the keystore.
For server credentials, the private key is stored in the P6SSL_SERVERAUTH_NAMESPACE namespace ("p6r.serverauth"), under the value specified in pszID which must be a string containing the server sockets IP address and port (eg. "0.0.0.0:443"). The SSL networking layer will look this information up in the keysore automatically using the server sockets bind address and port.
For client credentials, the private key is stored in the P6SSL_CLIENTAUTH_NAMESPACE namespace ("p6r.clientauth"), under the value specified in pszID which must be a string containing the remote server's hostname and port (eg. "www.example.com:8443"). The SSL networking layer will look this information up in the keysore automatically using the remote hostname and port information passed in when the secure client socket is initialized using p6ITcpSecureSocket::initSecureSocket(). For testing, many times hostnames have not been assigned to the remote server and in this case an IP address and port string (eg. "10.1.1.50:443") can be passed into pszID, however in this case the P6SSF_VRFY_DISABLEHOSTMATCH must be used when calling the p6ITcpSecureSocket::initSecureSocket() method.
- Parameters
-
| bClient | [ in ] A P6BOOL, that when equal to P6TRUE, indicates that client credentials are being imported. When equal to P6FALSE, it indicates that server credentials are beging imported. |
| pszID | [ in ] A pointer to a NULL terminated string containing the unique identifier for the credentials. The strings length must be less than or equal to P6KSMAXNAME. For Server Credentials, this MUST be the ip address string, preferably with port information (not a hostname). For example "0.0.0.0:443" or "192.168.1.10:8443". For client connections, this must be the hostname and port of the remote server the connection is being established with. For example "www.example.com:443". IP addresses with port information can also be used if certificate verification is disabled when creating the connection using the P6SSF_VRFY_DISABLEHOSTMATCH flag. |
| pPrvKey | [ in ] A pointer to the p6ICryptoKey object containing the private key to import into the keystore. |
| pCert | [ in ] A pointer to the p6ICert object containing the client or server certificate to import. This must be the certificate that is associated with the private key passed in as pPrvKey. |
| parChain | [ in ] (optional) The address of an array of p6ComPtr<p6ICert>'s that contains the certificate chain to use. The chain must be ordered with the root cert (lowest level) as the last entry in the chain, and the highest level cert in the chain as the first. |
| cChain | [ in ] An P6UINT32 contianing the number of valid array entries in parChain. |
| pUUID | [ out ] (optional) The address of a P6UUID in which will be placed the UUID of the provided private key in the keystore. This identifier can be used to lookup the private key and certfifciate chain at a later time. |
- Returns
| Success | P6R::eOk | The import was successfult |
| Failure | P6R::eNotInitialized | The p6IKeystoreInit::initialize() method has not yet been called successfuly for this instance of the keystore. |
| P6R::eInvalidArg | pszID, pPrvKey or pCert were NULL. |
| P6R::eTooBig | pszID is larger than P6KSMAXNAME, or the number of certs in the chain specified in parChain is greater than 20 |
| P6R::eTooSmall | pszID has length of zero. |
| P6R::eExists | A key with the same ID already exists in the keystore. |
