SeaCat client state

This section describes a state indicator provided by a SeaCat client. A state contains a complete and detailed information about the connectivity and required crypto-graphical elements such as private-public key pair (PPK), client certificate and CSR.

The state is provided by a seacatcc_state() SeaCat C-Core function respectively by SeaCatClient.getState() method in the SeaCat client or equivalent.

The state is a string of minimal length of 6 ASCII characters and terminating NUL. For a future compatibility, the length of the text can be up to 31 ASCII characters. An example of a state string is D**YNn.

Position Description Possible values
1 Gateway connection state * i D C p P H E c r n f
2 Client certificate renewal state * ! C S s I Q
3 Discover state * s S g G
4 Private/Public key pair ready Y n r
5 Client authorization level A N
6 Client CSR state ? Y n

Gateway connection state

State Description
D Disconnected and idling
C Connection (IP level)
H Handshake in progress (TLS level)
E Established / connected
c Closing connection
p Sending the request to a proxy server
P Waiting for a proxy server response
* Not initalized
i Initialized but not running
r Recoverable error (by timeout)
n Network error (waiting for network availability change)
f Fatal error (non-recoverable)

Typical gateway connection state flow

D -> C -> H -> E -> c -> D -> …

Client certificate renewal state

A Client certificate renewal process is used to (1) obtain a first client certificate for a freshly on-boarding client or (2) for a renewal of expired or close-to-expiration client certificate.

State Description
* Client certificate renewal is not running
! Client certificate renewal is started
C CSR is being generated
S CSR is submitted to a SeaCat Server
s CSR is accepted by a SeaCat Server
I Client is idling
Q Client is querying a new certificate from a SeaCat Server

Typical client certificate renewal flow

* -> ! -> C -> S -> s -> I -> Q -> I -> … -> Q -> *

Discover state

The discover process obtains an IP address and port of the SeaCat Server via DNS service.

State Description
* Discover process is not running
s Sending SVR requests to DNS server(s)
S Waiting for SVR reply from DNS server(s)
g Sending A/AAAA requests to DNS server(s)
G Waiting for A/AAAA reply from DNS server(s)

Private/Public key pair ready

State Description
Y Private/Public key pair is ready
n Private/Public key pair is not ready
r Private/Public key pair is being generated

Client authorization level

Level Description
A Anonymous (no client certificate)
N Normal

Client CSR state

State Description
? Not known yet
Y Client CSR is available
n Client CSR is not available