RetrieveRecipientPublicKeys

The RetrieveRecipientPublicKeys operation is used to remotely fetch the public X509 certificates assigned to an intended recipient to faciliate the payload encipherment of a DocumentSet. The response may include more than one public certificate with the ReferralNet service ignoring any public keys that have been revoked or expired. The source location of the certificates is governed by the network implementation specified within the request urn.

Each certificate element returns the eight keyUsage attributes of the public key and it is left up to the consumer of the response to parse and decide which certificate to use and for what function to use it for based on these attributes, with the actual certificate payload being available as the base64 encoded content of the child text node.

RetrieveRecipientPublicKeysRequest xmlns="urn:global-health:referralnet">urn:refnet:???</RetrieveRecipientPublicKeysRequest>
<ns6:RetrieveRecipientPublicKeysResponse xmlns:ns6="urn:global-health:referralnet">
   <ns3:RegistryResponse status="Success" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0"></ns3:RegistryResponse>
   <ns6:Certificate cRLSign="false" dataEncipherment="false" 
                    decipherOnly="false" digitalSignature="false" 
                    encipherOnly="false" issuer="CN=Test Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU"   keyAgreement="false" 
                    keyCertSign="false" keyEncipherment="true" nonRepudiation="false">MIIFHzCCBAegAwIBAgICWogwDQYJKoZIhvcNAQEFBQA0vEA==
   </ns6:Certificate>
   <ns6:Certificate cRLSign="false" dataEncipherment="false" decipherOnly="false" digitalSignature="true" 
                    encipherOnly="false" issuer="CN=Test Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU"  keyAgreement="false" 
                    keyCertSign="false" keyEncipherment="false" nonRepudiation="true">MIIFHzCCBAegAwIBAgICWociBvMA==
   </ns6:Certificate>
</ns6:RetrieveRecipientPublicKeysResponse>

If the recipient identifier is not recognised by ReferralNet or other participating networks then the below response is returned.

<ns6:RetrieveRecipientPublicKeysResponse xmlns:ns6="urn:global-health:referralnet">
   <ns3:RegistryResponse status="Failure" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0">
      <ns3:RegistryErrorList>
         <ns3:RegistryError codeContext="InvalidUserException: Invalid user: timj" errorCode="CertificateException" severity="Error">
         </ns3:RegistryError>
      </ns3:RegistryErrorList>
   </ns3:RegistryResponse>
</ns6:RetrieveRecipientPublicKeysResponse>

If public keys could not be located for the specified recipient then a successful response is returned without a certificate collection.

<ns6:RetrieveRecipientPublicKeysResponse xmlns:ns6="urn:global-health:referralnet">
   <ns3:RegistryResponse status="Success" xmlns:ns3="urn:oasis:names:tc:ebxml-regrep:xsd:rs:3.0">
   </ns3:RegistryResponse>
</ns6:RetrieveRecipientPublicKeysResponse>
 
dev/fetch_public_keys_by_email.txt · Last modified: 2009/02/25 15:29 by timc