CSSM_TP_CertSign

· Home

+ man pages

-> Linux

-> FreeBSD

-> OpenBSD

-> NetBSD

-> Tru64 Unix

-> HP-UX 11i

-> IRIX

· Linux HOWTOs

· FreeBSD Tips

· *niX Forums

man pages->Tru64 Unix man pages -> CSSM_TP_CertSign (3)

TP_CertSign(3)

NAME [Toc] [Back]

       TP_CertSign,  CSSM_TP_CertSign  - Determine if signer certificate
 is trusted (CDSA)

SYNOPSIS [Toc] [Back]

       # include <cdsa/cssm.h>

       API: CSSM_RETURN CSSMAPI CSSM_TP_CertSign  (CSSM_TP_HANDLE
       TPHandle,  CSSM_CL_HANDLE  CLHandle, CSSM_CC_HANDLE CCHandle,
  const   CSSM_DATA   *CertTemplateToBeSigned,   const
       CSSM_CERTGROUP *SignerCertGroup, const CSSM_TP_VERIFY_CONTEXT
       *SignerVerifyContext,       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
  SignerVerifyResult, CSSM_DATA_PTR SignedCert)
 SPI: CSSM_RETURN CSSMTPI TP_CertSign (CSSM_TP_HANDLE
       TPHandle,  CSSM_CL_HANDLE  CLHandle, CSSM_CC_HANDLE CCHandle,
  const   CSSM_DATA   *CertTemplateToBeSigned,   const
       CSSM_CERTGROUP *SignerCertGroup, const CSSM_TP_VERIFY_CONTEXT
       *SignerVerifyContext,       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
  SignerVerifyResult, CSSM_DATA_PTR SignedCert)

LIBRARY [Toc] [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS [Toc] [Back]

       The handle that describes the add-in trust  policy  module
       used  to perform this function.  The handle that describes
       the add-in certificate library module used to perform this
       function.   The  handle  that  describes the cryptographic
       context for signing the certificate.   This  context  also
       identifies  the  cryptographic service provider to be used
       to perform the signing operation. If this  handle  is  not
       provided by the caller, the trust policy module can assume
       a default signing algorithm and  a  default  CSP.  If  the
       trust  policy  module  does  not  assume  defaults  or the
       default CSP is not available on the local system, an error
       occurs.   A pointer to a structure containing a certificte
       template to be  signed.  The  CRL  type  and  encoded  are
       included  in  this structure.  A group of one or more certificates
 that partially or fully represent the signer for
       this  operation. The first certificate in the group is the
       target certificate representing the signer. Use of  subsequent
  certificates  is  specific to the trust domain. For
       example, in a hierarchical trust model subsequent  members
       are  intermediate  certificates of a certificate chain.  A
       structure containing credentials, policy information,  and
       contextual information to be used in the verification process.
 All of the input values in the context are optional.
       The  service  provider  can  define  default values or can
       attempt to operate without input for all the other  fields
       of  this input structure. The operation can fail if a necessary
 input value is omitted and the service  module  can
       not  define  an appropriate default value.  A pointer to a
       structure containing information generated during the verification
 process. The information can include:






              Evidence            .PP (output/optional)
              NumberOfEvidences   .PP (output/optional)
              A pointer to the CSSM_DATA structure containing the
              signed certificate. The SignedCert->Data  is  allocated
  by  the service provider and must be deallocated
 by the application.

DESCRIPTION [Toc] [Back]

       The TP module decides whether the  signer  certificate  is
       trusted  to  sign  the  CertTemplateToBeSigned. The signer
       certificate group is first authenticated and its  applicability
  to  perform this operation is determined. Once the
       trust is established, this operation signs the entire certificate.
  The  caller must provide a credential that permits
 the caller to use the private key  for  this  signing
       operation.  The  credential can be provided in the cryptographic
 context CCHandle. If CCHandle is NULL, the credentials
  in  the  SignerVerifyContext specify the credential
       value.

RETURN VALUE [Toc] [Back]

       A CSSM_RETURN value indicating  success  or  specifying  a
       particular  error  condition.  The value CSSM_OK indicates
       success. All other values represent an error condition.

ERRORS [Toc] [Back]

       Errors are described in the CDSA technical standard.   See
       CDSA_intro(3).       CSSMERR_TP_INVALID_CL_HANDLE     CSSMERR_TP_INVALID_CONTEXT_HANDLE
    CSSMERR_TP_INVALID_CERTGROUP_POINTER
       CSSMERR_TP_INVALID_CERTGROUP      CSSMERR_TP_INVALID_CERTIFICATE
 CSSMERR_TP_UNKNOWN_FORMAT CSSMERR_TP_INVALID_ACTION
 CSSMERR_TP_INVALID_ACTION_DATA CSSMERR_TP_VERIFY_ACTION_FAILED
       CSSMERR_TP_INVALID_CRLGROUP_POINTER
       CSSMERR_TP_INVALID_CRLGROUP       CSSMERR_TP_INVALID_CRL_AUTHORITY
   CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
 CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
       CSSMERR_TP_INVALID_TIMESTRING                         CSSMERR_TP_INVALID_STOP_ON_POLICY
 CSSMERR_TP_INVALID_CALLBACK
       CSSMERR_TP_INVALID_ANCHOR_CERT CSSMERR_TP_CERTGROUP_INCOMPLETE
           CSSMERR_TP_INVALID_DL_HANDLE          CSSMERR_TP_INVALID_DB_HANDLE
                             CSSMERR_TP_INVALID_DB_LIST_POINTER
 CSSMERR_TP_INVALID_DB_LIST
       CSSMERR_TP_AUTHENTICATION_FAILED       CSSMERR_TP_INSUFFICIENT_CREDENTIALS
        CSSMERR_TP_NOT_TRUSTED       CSSMERR_TP_CERT_REVOKED
    CSSMERR_TP_CERT_SUSPENDED     CSSMERR_TP_CERT_EXPIRED
   CSSMERR_TP_CERT_NOT_VALID_YET  CSSMERR_TP_INVALID_CERT_AUTHORITY
   CSSMERR_TP_INVALID_SIGNATURE
      CSSMERR_TP_INVALID_NAME      CSSMERR_TP_CERTIFICATE_CANT_OPERATE

TP_CertSign(3)

Contents

NAME [Toc] [Back]

SYNOPSIS [Toc] [Back]

LIBRARY [Toc] [Back]

PARAMETERS [Toc] [Back]

DESCRIPTION [Toc] [Back]

RETURN VALUE [Toc] [Back]

ERRORS [Toc] [Back]

SEE ALSO [Toc] [Back]