GALANTHUS / ABI FUNCTION REFERENCE
gln_download_ebics_bank_keys
Declared in <galanthus/c_api/gln_capi.h>.
GLN_API gln_status_t GLN_CALL gln_download_ebics_bank_keys(
gln_backend_t* in_backend,
gln_backend_result_t** out_result);
Purpose
gln_download_ebics_bank_keys runs HPB, stages the downloaded bank keys as pending, and returns the digests needed for out-of-band verification.
When To Use
Use this after INI/HIA when no trusted bank keys exist, or when deliberately staging a legitimate bank-key rotation.
Call Contract
GLN_OK from the function means an envelope was produced in *out_result; it does not mean the backend operation succeeded. Inspect the envelope with gln_get_backend_result_outcome, gln_get_backend_result_status, and gln_get_backend_result_kind.
out_result == NULL is the no-envelope invalid-argument case. In that case the function returns GLN_ERR_INVALID_ARG directly.
The parameter table is binding for required handles and output slots.
Return
Returns GLN_OK when the call produced a gln_backend_result_t envelope in out_result. Operation success, caller action, provider rejection, and operation errors are reported inside that envelope.
| Type | Nullability | Ownership |
|---|---|---|
gln_status_t | value | value |
Parameters
| Name | Direction | Type | Nullability | Ownership |
|---|---|---|---|---|
in_backend | input | gln_backend_t* | nonnull | borrowed |
out_result | output | gln_backend_result_t** | nonnull | transferred_out |
Success Result
The normal HPB staging result has status GLN_ERR_FOLLOW_UP_REQUIRED, outcome GLN_BACKEND_OUTCOME_ERROR, and kind GLN_BACKEND_RESULT_KIND_EBICS_BANK_KEYS. Borrow the typed bank-key view with gln_get_backend_result_ebics_bank_keys even though the status is follow-up-required.
Compare gln_get_ebics_bank_keys_authentication_digest and gln_get_ebics_bank_keys_encryption_digest against a bank-provided out-of-band source before calling gln_verify_pending_ebics_bank_keys.
Outcomes
GLN_BACKEND_OUTCOME_REJECTED: inspectgln_get_backend_result_statusandgln_get_backend_result_errorfor EBICS rejection details.GLN_BACKEND_OUTCOME_ERROR: inspectgln_get_backend_result_statusandgln_get_backend_result_error. The normal HPB staging path uses statusGLN_ERR_FOLLOW_UP_REQUIRED; the envelope still carries the typed bank-key digests for out-of-band verification.
The HPB follow-up is not a resumable continuation. Read the typed bank-key payload, verify both digests out of band, then call gln_verify_pending_ebics_bank_keys.
Ownership And Lifetime
The envelope returned through out_result is caller-owned and must be released with gln_destroy_backend_result.
Typed views, result rows or fields, borrowed strings, and the JSON string are borrowed from the envelope. They become invalid when the envelope is destroyed. Copy strings or row data before destroying the envelope when the caller needs to keep them.