948 lines
30 KiB
HTML
948 lines
30 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<title>Register Application for Certificate Use (QSYRGAP,
|
||
|
QsyRegisterAppForCertUse) API</title>
|
||
|
<!-- Begin Header Records ========================================== -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Sec SCRIPT A converted by B2H R4.1 (346) (CMS) by V2KEA304 -->
|
||
|
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
|
||
|
<!-- Change History: -->
|
||
|
<!-- YYMMDD USERID Change description -->
|
||
|
<!-- Edited by Kersten Jan 02 -->
|
||
|
<!--End Header Records -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<a name="Top_Of_Page"></a>
|
||
|
<!-- Java sync-link -->
|
||
|
<script language="Javascript" src="../rzahg/synch.js" type="text/javascript">
|
||
|
</script>
|
||
|
|
||
|
<h2>Register Application for Certificate Use (QSYRGAP,
|
||
|
QsyRegisterAppForCertUse) API</h2>
|
||
|
|
||
|
<div class="box" style="width: 80%;">
|
||
|
<br>
|
||
|
<img src="delta.gif" alt="Start of change">Required Parameter Group for QSYRGAP:<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
<table width="100%">
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">1</td>
|
||
|
<td align="left" valign="top" width="50%">Application ID</td>
|
||
|
<td align="left" valign="top" width="20%">Input</td>
|
||
|
<td align="left" valign="top" width="20%">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">2</td>
|
||
|
<td align="left" valign="top">Length of application ID</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Binary(4)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3</td>
|
||
|
<td align="left" valign="top">Application controls</td>
|
||
|
<td align="left" valign="top">Input</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="left" valign="top">Error Code</td>
|
||
|
<td align="left" valign="top">I/O</td>
|
||
|
<td align="left" valign="top">Char(*)</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
Default Public Authority: *EXCLUDE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: Yes<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
</div>
|
||
|
<br>
|
||
|
<div class="box" style="width: 80%;">
|
||
|
<br>
|
||
|
Syntax for QsyRegisterAppForCertUse:<br>
|
||
|
<pre>
|
||
|
#include <qsyrgap1.h>
|
||
|
|
||
|
void QsyRegisterAppForCertUse
|
||
|
(char *<em>Application_ID</em>,
|
||
|
int *<em>Length_of_application_ID</em>,
|
||
|
Qsy_App_Controls_T *<em>Application_controls</em>,
|
||
|
void *<em>Error_code</em>);
|
||
|
|
||
|
</pre>
|
||
|
Service Program: QSYRGAP1<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Default Public Authority: *EXCLUDE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: Yes<img src="deltaend.gif" alt="End of change"><br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
</div>
|
||
|
|
||
|
<p>The Register Application For Certificate Use (OPM, QSYRGAP; ILE,
|
||
|
QsyRegisterAppForCertUse) API registers an application with the
|
||
|
registration facility. The application controls provide additional
|
||
|
information needed to define the application.</p>
|
||
|
|
||
|
<p>You can update an application entry by reregistering the application
|
||
|
(using the replace control key) with new values for the application
|
||
|
control keys.</p>
|
||
|
|
||
|
<p>The application type control key is set the first time the application
|
||
|
is registered and cannot be changed.</p>
|
||
|
|
||
|
<p>When an application is registered, the registration information is
|
||
|
stored using the Registration Facility.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
<h3>Authorities and Locks</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><em>API Public Authority</em></dt>
|
||
|
|
||
|
<dd>*EXCLUDE<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>Registration Lock</em></dt>
|
||
|
|
||
|
<dd>*EXCL</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
<h3>Required Parameter Group</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>Application ID</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The application ID to register. IBM-supplied iSeries applicationss are
|
||
|
named QIBM_<em>ccc</em>_<em>name</em>, where <em>ccc</em> is the component
|
||
|
identifier. User-supplied application IDs should not preface their
|
||
|
application ID with QIBM. User-supplied application IDs should start with
|
||
|
the company name to eliminate most problems that involve unique names.
|
||
|
Application IDs should use an underscore (_) to separate parts of the name
|
||
|
(for example, QIBM_OS400_HOSTSERVER). Also, IDs for related applications
|
||
|
should start with the same name (for example, QIBM_DIRSRV_SERVER and
|
||
|
QIBM_DIRSRV_REPLICATION).</p>
|
||
|
|
||
|
<p>The first character of the application ID must be one of the
|
||
|
following:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="10 90" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top" nowrap><em>A-Z</em></td>
|
||
|
<td align="left" valign="top">Uppercase A-Z</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p>The remaining characters in the application ID must be made up of the
|
||
|
following characters:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="10 90" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top" nowrap><em>A-Z</em></td>
|
||
|
<td align="left" valign="top">Uppercase A-Z</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>0-9</em></td>
|
||
|
<td align="left" valign="top">Digits 0-9</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>.</em></td>
|
||
|
<td align="left" valign="top">Period</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>_</em></td>
|
||
|
<td align="left" valign="top">Underscore</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Length of application ID</strong></dt>
|
||
|
|
||
|
<dd>INPUT; BINARY(4)
|
||
|
|
||
|
<p>The length of the specified application ID. The length must be a value
|
||
|
from 1 to 100. If the application type is 4 (object signing application),
|
||
|
then the length must be a value from 1 to 30.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Application controls</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(*)
|
||
|
|
||
|
<p>The application control fields for defining the application. Any field
|
||
|
not specified will be given the default value. The information must be in
|
||
|
the following format:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top">Number of variable length records</td>
|
||
|
<td align="left" valign="top">BINARY(4)<br>
|
||
|
The total number of all of the variable length records.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">Variable length records</td>
|
||
|
<td align="left" valign="top">The fields of the application controls to set. Refer to
|
||
|
<a href="#HDRRGSAVR1">Format for Variable Length Record</a> for more
|
||
|
information.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Error code</strong></dt>
|
||
|
|
||
|
<dd>I/O; CHAR(*)
|
||
|
|
||
|
<p>The structure in which to return error information. For the format of
|
||
|
the structure, see <a href="../apiref/error.htm#hdrerrcod">Error code
|
||
|
parameter</a>.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
<h3><a name="HDRRGSAVR1">Format for Variable Length Record</a></h3>
|
||
|
|
||
|
<p>The following table shows the layout of the variable length record. For
|
||
|
a detailed description of each field, see <a href="#HDRRGAPFD1">Field
|
||
|
Descriptions</a>.</p>
|
||
|
|
||
|
<table border width="80%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">0</td>
|
||
|
<td align="center" valign="top" width="10%">0</td>
|
||
|
<td align="left" valign="top" width="20%">BINARY(4)</td>
|
||
|
<td align="left" valign="top" width="60%">Length of variable length
|
||
|
record</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="left" valign="top">BINARY(4)</td>
|
||
|
<td align="left" valign="top">Application control key</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">8</td>
|
||
|
<td align="center" valign="top">8</td>
|
||
|
<td align="left" valign="top">BINARY(4)</td>
|
||
|
<td align="left" valign="top">Length of data</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">12</td>
|
||
|
<td align="center" valign="top">C</td>
|
||
|
<td align="left" valign="top">CHAR(*)</td>
|
||
|
<td align="left" valign="top">Data</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
<p>If the length of the data is longer than the key field's data length,
|
||
|
the data is truncated at the right. No message is issued.</p>
|
||
|
|
||
|
<p>If the length of the data is shorter than the key field's data length
|
||
|
and the key contains binary data, an error message is issued. If the key
|
||
|
does not contain binary data, the field is padded with blanks.</p>
|
||
|
|
||
|
<p>It is not an error to specify a key more than once. If duplicate keys
|
||
|
are specified, the last specified value for that key is used.</p>
|
||
|
|
||
|
<p>Each variable length record must be 4-byte aligned. If not,
|
||
|
unpredictable results may occur.</p>
|
||
|
|
||
|
<p>Refer to <a href="#HDRRGAP1">Application Control Keys</a> for more
|
||
|
information about the valid values for these fields.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
<h3><a name="HDRRGAPFD1">Field Descriptions</a></h3>
|
||
|
|
||
|
<strong>Application control key.</strong> The application control to be
|
||
|
set. Refer to the "Key" column in the <a href="#HDRRGAP1">Application
|
||
|
Control Keys</a> table for the list of valid control keys.
|
||
|
|
||
|
<p><strong>Data.</strong> The value to which a specific application
|
||
|
control is to be set.</p>
|
||
|
|
||
|
<p><strong>Length of data.</strong> The length of the application control
|
||
|
value.</p>
|
||
|
|
||
|
<p><strong>Length of variable length record.</strong> The length of the
|
||
|
record, including this field.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
<h3><a name="HDRRGAP1">Application Control Keys</a></h3>
|
||
|
|
||
|
<p>The following table shows the valid application control keys for the
|
||
|
application control key field of the variable length record. For a
|
||
|
detailed description of each field, see <a href="#HDRRGAPFD2">Field
|
||
|
Descriptions</a>.</p>
|
||
|
|
||
|
<table border width="80%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Key</th>
|
||
|
<th align="left" valign="bottom">Type</th>
|
||
|
<th align="left" valign="bottom">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="15%">1</td>
|
||
|
<td align="left" valign="top" width="20%">CHAR(20)</td>
|
||
|
<td align="left" valign="top" width="65%">Qualified exit program name</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">2</td>
|
||
|
<td align="left" valign="top">CHAR(50)</td>
|
||
|
<td align="left" valign="top">Application description</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">3</td>
|
||
|
<td align="left" valign="top">CHAR(27)</td>
|
||
|
<td align="left" valign="top">Qualified message file name and message
|
||
|
identifier for application description</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">4</td>
|
||
|
<td align="left" valign="top">CHAR(1)</td>
|
||
|
<td align="left" valign="top">Limit CA certificates trusted</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">5</td>
|
||
|
<td align="left" valign="top">CHAR(1)</td>
|
||
|
<td align="left" valign="top">Replace</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">6</td>
|
||
|
<td align="left" valign="top">CHAR(1)</td>
|
||
|
<td align="left" valign="top">Threadsafe</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">7</td>
|
||
|
<td align="left" valign="top">CHAR(1)</td>
|
||
|
<td align="left" valign="top">Multithreaded job action</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">8</td>
|
||
|
<td align="left" valign="top">CHAR(1)</td>
|
||
|
<td align="left" valign="top">Application type</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">9</td>
|
||
|
<td align="left" valign="top">CHAR(10)</td>
|
||
|
<td align="left" valign="top">Application user profile</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">10</td>
|
||
|
<td align="left" valign="top">CHAR(1)</td>
|
||
|
<td align="left" valign="top">Client authentication supported</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">11</td>
|
||
|
<td align="left" valign="top">CHAR(1)</td>
|
||
|
<td align="left" valign="top">Client authentication required</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">12</td>
|
||
|
<td align="left" valign="top">CHAR(1)</td>
|
||
|
<td align="left" valign="top">Perform certificate revocation
|
||
|
processing</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3><a name="HDRRGAPFD2">Field Descriptions</a></h3>
|
||
|
|
||
|
<strong>Application description.</strong> The text for the application
|
||
|
description. When this key is specified, the qualified message file name
|
||
|
and message identifier for application description key must not be
|
||
|
specified. The default value is blanks.
|
||
|
|
||
|
<p><strong>Application type.</strong> The type of application. This
|
||
|
control is set when the application is registered and cannot be changed.
|
||
|
The default value is 1. Valid values for this key are:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="5 95" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>1</em></td>
|
||
|
<td align="left" valign="top">Server application. A server
|
||
|
application provides a service for another process on the system, host, or
|
||
|
network.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>2</em></td>
|
||
|
<td align="left" valign="top">Client application. A client application
|
||
|
requests a service from another process on the system, host, or
|
||
|
network.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>4</em></td>
|
||
|
<td align="left" valign="top">Object signing application. This application
|
||
|
is used when signing objects. The application ID for this application can
|
||
|
be specified on the Sign Object (QYDOSGNO) API. When an object signing
|
||
|
application is registered, a corresponding function is registered with the
|
||
|
same ID (see <a href="qsyrgfn.htm">Register Function</a> (QSYRGFN,
|
||
|
QsyRegisterFunction) API). A user must have access to the corresponding
|
||
|
function to sign objects using this application ID. By default, only users
|
||
|
with *ALLOBJ special authority will have access to the corresponding
|
||
|
function.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p><strong>Application user profile.</strong> The user profile associated
|
||
|
with the application. This is the user profile under which the application
|
||
|
runs. If a user profile name is
|
||
|
specified, then the
|
||
|
specified user profile is given access to the QIBM_QSY_SYSTEM_CERT_STORE
|
||
|
function (see <a href="qsyrgfn.htm">Register Function</a> (QSYRGFN,
|
||
|
QsyRegisterFunction) API). This function gives the specified user profile
|
||
|
access to the *SYSTEM certificate store without having to be authorized to
|
||
|
the actual object, but only when using the certificate associated with the
|
||
|
application to establish a secure session. The default value is *NONE. The
|
||
|
following special value may be specified:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="10 90" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>*NONE</em></td>
|
||
|
<td align="left" valign="top">No user profile will be
|
||
|
associated with the application. This value must be specified if the
|
||
|
application type is 4 (object signing application).</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p><strong>Client authentication required.</strong> Whether client
|
||
|
authentication is required. The default value is 0.</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="5 95" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>0</em></td>
|
||
|
<td align="left" valign="top">No client authentication is
|
||
|
done. This value must be specified if the client authentication supported
|
||
|
value is 0.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>1</em></td>
|
||
|
<td align="left" valign="top">Client authentication is required. The
|
||
|
client is authenticated as part of the SSL handshake protocol processing.
|
||
|
During the SSL handshake processing, the server requests a certificate
|
||
|
from the client. The certificate must be valid and must be signed by a
|
||
|
Certificate Authority (CA) that the server recognizes and trusts. If the
|
||
|
client does not have a valid certificate, then the server ends the SSL
|
||
|
handshake and does not establish an SSL session between the client and
|
||
|
server.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p><strong>Client authentication supported.</strong> Whether the
|
||
|
application supports client authentication. The default value is 0.</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="5 95" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>0</em></td>
|
||
|
<td align="left" valign="top">The application does not support
|
||
|
client authentication. If this value is specified, the client
|
||
|
authentication required value must be 0. This value must be specified if
|
||
|
the application type is 2 (client application) or 4 (object signing
|
||
|
application).</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>1</em></td>
|
||
|
<td align="left" valign="top">The application supports client
|
||
|
authentication.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p><strong>Limit CA certificates trusted.</strong> Whether the application
|
||
|
trusts all of the CA certificates that are trusted in the *SYSTEM
|
||
|
certificate store or a subset of the CA certificates. A client application
|
||
|
uses the list of trusted CA certificates to validate the peer certificate
|
||
|
that is sent to the application. A server application that supports client
|
||
|
authentication uses the list of trusted CA certificates to validate the
|
||
|
certificate that is sent from the client. The default value is 1.</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="5 95" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>0</em></td>
|
||
|
<td align="left" valign="top">The application trusts all the
|
||
|
CA certificates that are trusted in the *SYSTEM certificate store. This
|
||
|
value must be specified if the application type is 4 (object signing
|
||
|
application). This value is recommended for server applications that do
|
||
|
not support client authentication.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>1</em></td>
|
||
|
<td align="left" valign="top">The application trusts a subset of the list
|
||
|
of CA certificates that are trusted in the *SYSTEM certificate store. If
|
||
|
this value is specified, the system administrator must specify which of
|
||
|
the CA certificates that are trusted in the *SYSTEM certificate store also
|
||
|
are trusted by the application. Otherwise, the application will not trust
|
||
|
any of the CA certificates. Using Digital Certificate Manager (DCM), the
|
||
|
system administrator can add and remove CA certificates from the list of
|
||
|
trusted CA certificates for the application. The application must be a
|
||
|
client application or a server application that supports client
|
||
|
authentication to be able to use DCM to manage the list of CA certificates
|
||
|
that the application trusts.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p><strong>Multithreaded job action.</strong> The action to take in a
|
||
|
multithreaded job. This key has no direct relationship with the threadsafe
|
||
|
key; however, the value for the threadsafe key can be used to determine
|
||
|
the multithreaded job action. The default value is 0. Valid values for
|
||
|
this key are:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="5 95" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>0</em></td>
|
||
|
<td align="left" valign="top">Use the QMLTTHDACN system value
|
||
|
to determine the action to take.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>1</em></td>
|
||
|
<td align="left" valign="top">Run the exit program in a multithreaded
|
||
|
job.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>2</em></td>
|
||
|
<td align="left" valign="top">Run the exit program in a multithreaded job
|
||
|
and send informational message CPI3C80.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>3</em></td>
|
||
|
<td align="left" valign="top">Do not run the exit program in a
|
||
|
multithreaded job and send informational message CPI3C80.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p>If you do use the threadsafe value to determine the value for the
|
||
|
multithreaded job action, consider the following recommendations:</p>
|
||
|
|
||
|
<ol type="1">
|
||
|
<li>If the threadsafe value is 0, the multithreaded job action should be
|
||
|
set to 3.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>If the threadsafe value is 1, the multithreaded job action should be
|
||
|
set to 0.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>If the threadsafe value is 2, the multithreaded job action should be
|
||
|
set to 1.</li>
|
||
|
</ol>
|
||
|
|
||
|
<p><strong>Perform certificate revocation processing.</strong> Whether
|
||
|
certificate revocation processing is performed when the certificate
|
||
|
associated with the application is validated. The default value is 0.</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="5 95" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>0</em></td>
|
||
|
<td align="left" valign="top">Certificate revocation
|
||
|
processing is not performed when the certificate associated with the
|
||
|
application is validated. If the certificate has been revoked, it will
|
||
|
still be considered valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>1</em></td>
|
||
|
<td align="left" valign="top">Certificate revocation processing is
|
||
|
performed when the certificate associated with the application is
|
||
|
validated. If the certificate has been revoked, it will not be valid.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p><strong>Qualified exit program name.</strong> The exit program name and
|
||
|
library for the application. The first 10 characters contain the exit
|
||
|
program name; the next 10 characters contain the library name in which the
|
||
|
exit program resides. The exit program does not need to exist at
|
||
|
registration time. A specific library name must be specified. The special
|
||
|
values *LIBL and *CURLIB are not supported. The default value is program
|
||
|
QSY_NOPGM in library QSY_NOLIB.</p>
|
||
|
|
||
|
<p>This exit program is called when a certificate is assigned to the
|
||
|
application, an assigned certificate is changed, or an assigned
|
||
|
certificate is removed. It is called when a Certificate Authority (CA)
|
||
|
certificate is added to or removed from the list of trusted CA
|
||
|
certificates for the application. It also is called when an attempt is
|
||
|
made to deregister the application. The exit program can determine whether
|
||
|
or not the application can be deregistered. This exit program also is
|
||
|
called when the information for a registered application is updated. Refer
|
||
|
to <a href="secex2.htm">Digital Certificate Management exit programs</a>
|
||
|
for detailed information about the information that is passed to the exit
|
||
|
program for each of the possible calls to the program.If the exit program
|
||
|
is the default value, then it will not be called.</p>
|
||
|
|
||
|
<p><strong>Qualified message file name and message identifier for
|
||
|
application description.</strong> A message file and message identifier
|
||
|
that contains the application description. When this key is specified, the
|
||
|
application description key must not be specified. The message file and
|
||
|
message identifier do not have to exist at the time of registration. The
|
||
|
default value is blanks. Refer to <a href="#HDRRGAPMF">Qualified Message
|
||
|
File Format</a> for the format of this field.</p>
|
||
|
|
||
|
<p><strong>Replace.</strong> Whether to replace an existing registered
|
||
|
application. The default value is 0.</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="5 95" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>0</em></td>
|
||
|
<td align="left" valign="top">Do not replace an existing
|
||
|
registered application. If this value is specified and the application is
|
||
|
already registered, the request will fail.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>1</em></td>
|
||
|
<td align="left" valign="top">Replace an existing registered application.
|
||
|
If this value is specified and the application is not already registered,
|
||
|
the application will be registered. If the application is already registered,
|
||
|
only the application control keys that are specified on this call are
|
||
|
replaced. Any other application control keys that were previously
|
||
|
specified will keep their values.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>2</em></td>
|
||
|
<td align="left" valign="top">Replace an existing registered application, but do not
|
||
|
replace application control keys that are controlled by a system administrator. If this
|
||
|
value is specified and the application is not already registered, the application
|
||
|
will be registered. If the application is already registered, only the application
|
||
|
control keys that are specified on this call are replaced. Any other application
|
||
|
control keys that were previously specified will keep their values. Application
|
||
|
control keys that are controlled by a system administrator are not replaced, even
|
||
|
if they are specified on this call. These application control keys include:
|
||
|
<ul>
|
||
|
<li>Client authentication required</li>
|
||
|
<li>Limit CA certificates trusted</li>
|
||
|
<li>Perform certificate revocation processing</li>
|
||
|
</ul>
|
||
|
<p>This value should be used by install exit programs to ensure that values set by the
|
||
|
system adminstrator are not replaced by the install exit program.
|
||
|
</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p><strong>Threadsafe.</strong> Whether the exit program entry is
|
||
|
threadsafe. This key has no direct relationship with the multithreaded job
|
||
|
action key. It is intended for documentation purposes only. The default
|
||
|
value is 1. Valid values for this key are:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="5 95" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>0</em></td>
|
||
|
<td align="left" valign="top">The exit program entry is not
|
||
|
threadsafe.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>1</em></td>
|
||
|
<td align="left" valign="top">The threadsafe status of the exit program
|
||
|
entry is not known.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>2</em></td>
|
||
|
<td align="left" valign="top">The exit program entry is threadsafe.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3><a name="HDRRGAPMF">Qualified Message File Format</a></h3>
|
||
|
|
||
|
<p>The following table shows the layout of the qualified message file name
|
||
|
and message identifier for the application description field. For a
|
||
|
detailed description of each field, see <a href="#HDRRGAPFD3">Field
|
||
|
Descriptions</a>.</p>
|
||
|
|
||
|
<table border width="80%">
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom" colspan="2">Offset</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Type</th>
|
||
|
<th align="left" valign="bottom" rowspan="2">Field</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<th align="center" valign="bottom">Dec</th>
|
||
|
<th align="center" valign="bottom">Hex</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top" width="10%">0</td>
|
||
|
<td align="center" valign="top" width="10%">0</td>
|
||
|
<td align="left" valign="top" width="20%">CHAR(10)</td>
|
||
|
<td align="left" valign="top" width="60%">Message file name</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">10</td>
|
||
|
<td align="center" valign="top">A</td>
|
||
|
<td align="left" valign="top">CHAR(10)</td>
|
||
|
<td align="left" valign="top">Message file library name</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="center" valign="top">20</td>
|
||
|
<td align="center" valign="top">14</td>
|
||
|
<td align="left" valign="top">CHAR(7)</td>
|
||
|
<td align="left" valign="top">Message identifier</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3><a name="HDRRGAPFD3">Field Descriptions</a></h3>
|
||
|
|
||
|
<p><strong>Message file library name.</strong> The library name in which the
|
||
|
message file resides. The special value *CURLIB is not supported. The
|
||
|
possible values are:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="15 85" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>*LIBL</em></td>
|
||
|
<td align="left" valign="top">Search the library list for the
|
||
|
message file. This value uses the first message file in the library list
|
||
|
that contains the message identifier.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" nowrap><em>library name</em></td>
|
||
|
<td align="left" valign="top">The name of the message library in which the
|
||
|
message file resides.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p><strong>Message file name.</strong> The name of the message file that
|
||
|
contains the application description.</p>
|
||
|
|
||
|
<p><strong>Message identifier.</strong> The message identifier for the
|
||
|
application description.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
<h3>Error Messages</h3>
|
||
|
|
||
|
<table width="100%" cellpadding="5">
|
||
|
<!-- cols="15 85" -->
|
||
|
<tr>
|
||
|
<th align="left" valign="top" nowrap>Message ID</th>
|
||
|
<th align="left" valign="top">Error Message Text</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPFA0AA E</td>
|
||
|
<td align="left" valign="top">Error occurred while attempting to obtain
|
||
|
space.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF2225 E</td>
|
||
|
<td align="left" valign="top">Not able to allocate internal system object.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF222E E</td>
|
||
|
<td align="left" valign="top">&1 special authority is required.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF220E E</td>
|
||
|
<td align="left" valign="top">Application &1 not registered.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF220F E</td>
|
||
|
<td align="left" valign="top">Application &1 already registered.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF229E E</td>
|
||
|
<td align="left" valign="top">Application ID &1 not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C3C E</td>
|
||
|
<td align="left" valign="top">Value for parameter &1 not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C4D E</td>
|
||
|
<td align="left" valign="top">Length &1 for key &2 not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C81 E</td>
|
||
|
<td align="left" valign="top">Value for key &1 not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C82 E</td>
|
||
|
<td align="left" valign="top">Key &1 not valid for API &2.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C83 E</td>
|
||
|
<td align="left" valign="top">Key &1 not allowed with value specified for key
|
||
|
&2.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C84 E</td>
|
||
|
<td align="left" valign="top">Key &1 required with value specified for key
|
||
|
&2.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C88 E</td>
|
||
|
<td align="left" valign="top">Number of variable length records &1 is not
|
||
|
valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C90 E</td>
|
||
|
<td align="left" valign="top">Literal value cannot be changed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3CD9 E</td>
|
||
|
<td align="left" valign="top">Requested function cannot be performed at this time.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3CDA E</td>
|
||
|
<td align="left" valign="top">Registration facility repository not available for
|
||
|
use.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3CF1 E</td>
|
||
|
<td align="left" valign="top">Error code parameter not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3CF2 E</td>
|
||
|
<td align="left" valign="top">Error(s) occurred during running of &1 API.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF8100 E</td>
|
||
|
<td align="left" valign="top">All CPF81xx messages could be returned. xx is from 01 to
|
||
|
FF.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF9810 E</td>
|
||
|
<td align="left" valign="top">Library &1 not found.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF9811 E</td>
|
||
|
<td align="left" valign="top">Program &1 in library &2 not found.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF9872 E</td>
|
||
|
<td align="left" valign="top">Program or service program &1 in library &2
|
||
|
ended. Reason code &3.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
<br>
|
||
|
|
||
|
<hr>
|
||
|
API introduced: V4R4
|
||
|
|
||
|
<hr>
|
||
|
<table align="center" cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</body>
|
||
|
</html>
|