|
|
CL_CertGroupToSignedBundle(3)
Contents |
CL_CertGroupFromVerifiedBundle(3CL_CertGroupFromVerifiedBundle(3)
CL_CertGroupFromVerifiedBundle, CSSM_CL_CertGroupFromVerifiedBundle
- Verify the signature of a bundle (CDSA)
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_CL_CertGroupFromVerifiedBundle
(CSSM_CL_HANDLE CLHandle, CSSM_CC_HANDLE CCHandle,
const CSSM_CERT_BUNDLE *CertBundle, const CSSM_DATA *SignerCert,
CSSM_CERTGROUP_PTR *CertGroup) SPI: CSSM_RETURN
CSSMCLI CL_CertGroupFromVerifiedBundle (CSSM_CL_HANDLE
CLHandle, CSSM_CC_HANDLE CCHandle, const CSSM_CERT_BUNDLE
*CertBundle, const CSSM_DATA *SignerCert, CSSM_CERTGROUP_PTR
*CertGroup)
Common Security Services Manager library (libcssm.so)
The handle that describes the add-in certificate library
module used to perform this function. The handle of the
cryptographic context to control the verification operation.
A structure containing a reference to a signed,
encoded bundle of certificates and to descriptors of the
type and encoding of the bundle. The bundled certificates
are to be separated into a certificate group (list of
individual encoded certificates). If the bundle type and
bundle encoding are not specified, the add-in module might
either attempt to decode the bundle assuming a default
type and encoding or might immediately fail. The certificate
to be used to verify the signature on the certificate
bundle. If the bundle is signed but this field is not
specified, then the module will assume a default certificate
for verification. A pointer to the certificate
group, represented as an array of individual, encoded certificates.
The certificate group and CSSM_CERTGROUP substructures
are allocated by the serivce provider and must
be deallocated by the application. The group contains all
certificates contained in the certificate bundle.
This function accepts as input a certificate bundle (a
codified and signed aggregation of the certificates in the
group), verifies the signature of the bundle (if a signature
is present), and returns a certificate group (as an
array of individual certificates) including every certificate
contained in the bundle. The signature on the certificate
aggregate is verified using the cryptographic
context and possibly using the input signer certificate.
The CL module embeds the knowledge of the verification
scope for the bundle types that it supports. A CL module's
supported bundle types and encodings are available to
applications by querying the CSSM registry. The type and
encoding of the certificate bundle must be specified with
the input bundle. If signature verification is successful,
the certificate aggregate will be parsed into a certificate
group whose order corresponds to the certificate
aggregate ordering. This certificate group will then be
returned to the calling application.
A CSSM_RETURN value indicating success or specifying a
particular error condition. The value CSSM_OK indicates
success. All other values represent an error condition.
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_CL_INVALID_CONTEXT_HANDLE CSSMERR_CL_INVALID_BUNDLE_POINTER
CSSMERR_CL_INVALID_BUNDLE_INFO
CSSMERR_CL_INVALID_CERT_POINTER CSSMERR_CL_INVALID_CERTGROUP_POINTER
CSSMERR_CL_UNKNOWN_FORMAT
Books
Intel CDSA Application Developer's Guide (see
CDSA_intro(3))
Reference Pages [Toc] [Back]
Functions for the CSSM API:
CSSM_
CL_CertGroupFromVerifiedBundle(3)
[ Back ] | 