|
|
TP_ConfirmCredResult(3)
Contents |
TP_ConfirmCredResult, CSSM_TP_ConfirmCredResult - Confirm
credentials (CDSA)
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_TP_ConfirmCredResult
(CSSM_TP_HANDLE TPHandle, const CSSM_DATA *ReferenceIdentifier,
const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
const CSSM_TP_CONFIRM_RESPONSE *Responses, const
CSSM_TP_AUTHORITY_ID *PreferredAuthority) SPI: CSSM_RETURN
CSSMTPI TP_ConfirmCredResult (CSSM_TP_HANDLE TPHandle,
const CSSM_DATA *ReferenceIdentifier, const
CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, const
CSSM_TP_CONFIRM_RESPONSE *Responses, const CSSM_TP_AUTHORITY_ID
*PreferredAuthority)
Common Security Services Manager library (libcssm.so)
The handle that describes the certification authority module
used to perform this function. A reference identifier
that uniquely identifies execution of the call sequence
CSSM_TP_SubmitCredRequest() and CSSM_TP_RetrieveCredResult()
(or the equivalent TP SPI call pair) to submit a
set of requests and to retrieve the results of those
requests. This structure contains a set of caller authentication
credentials. The authentication information can
be a passphrase, a PIN, a completed registration form, a
certificate, or a template of user-specific data. The
required set of credentials is defined by the service
provider module and recorded in a record in the MDS Primary
relation. Multiple credentials can be required. If
the local service provider module does not require credentials
from a caller, then the Credentials field of this
verification context structure can be NULL. The structure
optionally contains additional credentials that can be
used to support the authentication process. Authentication
credentials required by the authority should be included
in the RequestInput. The local TP module can forward
information from the CallerAuthCredentials to the authority,
as appropriate, but is not required to do so. An
ordered vector of acknowledges indicating the caller's
acceptance or rejection of results. The vector contains
one acknowledgement per result returned by
CSSM_TP_RetrieveCredResult() (CSSM API), or TP_RetrieveCredResult()
(TP SPI). The identifier which uniquely
describes the Authority to receive the acknowledgements.
The structure can include: An identity certificate for the
authority The location of the authority
This function submits a vector of acknowledgements to a
Certificate Authority for a set of requests and corresponding
results identified by ReferenceIdentifier. The
caller must execute the call sequence CSSM_TP_SubmitCredRequest()
and CSSM_TP_RetrieveCredResult()(or the equivalent
TP SPI calls) to submit a set of requests and to
retrieve the results of those requests. Some Certificate
Authority services accessed through the request and
retrieve functions require confirmation. The function
CSSM_TP_RetrieveCredResult() (CSSM API), or TP_RetrieveCredResult()
(TP SPI), returns a value indicating whether
the caller must invoke CSSM_TP_ConfirmCredResult(), (CSSM
API), or TP_ConfirmCredResult() (TP SPI), to successfully
complete the service.
The Responses vector accepts or rejects each result independently.
If the caller rejects a returned result, the
action taken by the authority depends on the requested
type of service.
The ReferenceIdentifier also identifies the authority process
state associated with the function pair CSSM_TP_SubmitCredRequest()
and CSSM_TP_RetrieveCredResult() (or the
equivalent TP SPI calls). The PreferredAuthority information
can be used to further identify the authority to
receive the acknowledgement. After successful execution of
this function, the value of the ReferenceIdentifier is
undefined and should not be used in subsequent operations
in the current module attach session.
This function fails if ReferenceIdentifier is invalid or
the Authority process can not be located.
A CSSM_RETURN value indicating success or specifying a
particular error condition. The value CSSM_OK indicates
success. All other values represent an error condition.
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_TP_INVALID_IDENTIFIER_POINTER CSSMERR_TP_INVALID_IDENTIFIER
CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
CSSMERR_TP_INVALID_TIMESTRING CSSMERR_TP_INVALID_STOP_ON_POLICY
CSSMERR_TP_INVALID_CALLBACK
CSSMERR_TP_INVALID_ANCHOR_CERT CSSMERR_TP_CERTGROUP_INCOMPLETE
CSSMERR_TP_INVALID_DL_HANDLE CSSMERR_TP_INVALID_DB_HANDLE
CSSMERR_TP_INVALID_DB_LIST_POINTER
CSSMERR_TP_INVALID_DB_LIST
CSSMERR_TP_AUTHENTICATION_FAILED CSSMERR_TP_INSUFFICIENT_CREDENTIALS
CSSMERR_TP_NOT_TRUSTED CSSMERR_TP_CERT_REVOKED
CSSMERR_TP_CERT_SUSPENDED CSSMERR_TP_CERT_EXPIRED
CSSMERR_TP_CERT_NOT_VALID_YET CSSMERR_TP_INVALID_CERT_AUTHORITY
CSSMERR_TP_INVALID_SIGNATURE
CSSMERR_TP_INVALID_NAME CSSMERR_TP_INVALID_RESPONSE_VECTOR
CSSMERR_TP_INVALID_AUTHORITY
CSSMERR_TP_NO_DEFAULT_AUTHORITY CSSMERR_TP_UNSUPPORTED_ADDR_TYPE
CSSMERR_TP_INVALID_NETWORK_ADDR
Books
Intel CDSA Application Developer's Guide (see
CDSA_intro(3))
Reference Pages [Toc] [Back]
Functions for the CSSM API:
CSSM_TP_SubmitCredRequest(3), CSSM_TP_RetrieveCredResult(3), CSSM_TP_ReceiveConfirmation(3)
Functions for the TP SPI:
TP_SubmitCredRequest(3), TP_RetrieveCredResult(3),
TP_ReceiveConfirmation(3)
TP_ConfirmCredResult(3)
[ Back ] | 