CSSM_TP_CertSign man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

TP_CertSign(3)							TP_CertSign(3)

NAME
       TP_CertSign,  CSSM_TP_CertSign  -  Determine  if	 signer certificate is
       trusted (CDSA)

SYNOPSIS
       # include <cdsa/cssm.h>

       API: CSSM_RETURN	 CSSMAPI  CSSM_TP_CertSign  (CSSM_TP_HANDLE  TPHandle,
       CSSM_CL_HANDLE	CLHandle,  CSSM_CC_HANDLE  CCHandle,  const  CSSM_DATA
       *CertTemplateToBeSigned, const CSSM_CERTGROUP  *SignerCertGroup,	 const
       CSSM_TP_VERIFY_CONTEXT	  *SignerVerifyContext,	   CSSM_TP_VERIFY_CON‐
       TEXT_RESULT_PTR	SignerVerifyResult,  CSSM_DATA_PTR  SignedCert)	  SPI:
       CSSM_RETURN  CSSMTPI TP_CertSign (CSSM_TP_HANDLE TPHandle, CSSM_CL_HAN‐
       DLE CLHandle, CSSM_CC_HANDLE CCHandle, const  CSSM_DATA	*CertTemplate‐
       ToBeSigned,  const  CSSM_CERTGROUP *SignerCertGroup, const CSSM_TP_VER‐
       IFY_CONTEXT   *SignerVerifyContext,   CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
       SignerVerifyResult, CSSM_DATA_PTR SignedCert)

LIBRARY
       Common Security Services Manager library (libcssm.so)

PARAMETERS
       The  handle  that describes the add-in trust policy module used to per‐
       form this function.  The handle that describes the  add-in  certificate
       library	module	used  to  perform  this	 function.   The  handle  that
       describes the cryptographic context for signing the certificate.	  This
       context	also  identifies the cryptographic service provider to be used
       to perform the signing operation. If this handle is not provided by the
       caller,	the trust policy module can assume a default signing algorithm
       and a default CSP. If the trust policy module does not assume  defaults
       or  the	default	 CSP  is  not  available on the local system, an error
       occurs.	A pointer to a structure containing a certificte  template  to
       be  signed. The CRL type and encoded are included in this structure.  A
       group of one or more certificates that partially or fully represent the
       signer  for  this  operation. The first certificate in the group is the
       target certificate representing the signer. Use of subsequent  certifi‐
       cates  is  specific to the trust domain. For example, in a hierarchical
       trust model subsequent members are intermediate certificates of a  cer‐
       tificate	 chain.	  A  structure containing credentials, policy informa‐
       tion, and  contextual  information  to  be  used	 in  the  verification
       process.	 All of the input values in the context are optional. The ser‐
       vice provider can define default values or can attempt to operate with‐
       out  input for all the other fields of this input structure. The opera‐
       tion can fail if a necessary input value is  omitted  and  the  service
       module  can  not	 define	 an appropriate default value.	A pointer to a
       structure containing  information  generated  during  the  verification
       process. The information can include:

	      Evidence		  .PP (output/optional)
	      NumberOfEvidences	  .PP (output/optional)
	      A	 pointer to the CSSM_DATA structure containing the signed cer‐
	      tificate. The  SignedCert->Data  is  allocated  by  the  service
	      provider and must be deallocated by the application.

DESCRIPTION
       The TP module decides whether the signer certificate is trusted to sign
       the CertTemplateToBeSigned.  The	 signer	 certificate  group  is	 first
       authenticated and its applicability to perform this operation is deter‐
       mined. Once the trust is established, this operation signs  the	entire
       certificate.  The  caller  must	provide	 a credential that permits the
       caller to use the private key for this signing operation.  The  creden‐
       tial can be provided in the cryptographic context CCHandle. If CCHandle
       is NULL, the credentials in the SignerVerifyContext specify the creden‐
       tial value.

RETURN VALUE
       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

ERRORS
       Errors	are   described	  in   the   CDSA   technical  standard.   See
       CDSA_intro(3).	CSSMERR_TP_INVALID_CL_HANDLE   CSSMERR_TP_INVALID_CON‐
       TEXT_HANDLE	    CSSMERR_TP_INVALID_CERTGROUP_POINTER	  CSS‐
       MERR_TP_INVALID_CERTGROUP      CSSMERR_TP_INVALID_CERTIFICATE	  CSS‐
       MERR_TP_UNKNOWN_FORMAT	       CSSMERR_TP_INVALID_ACTION	  CSS‐
       MERR_TP_INVALID_ACTION_DATA    CSSMERR_TP_VERIFY_ACTION_FAILED	  CSS‐
       MERR_TP_INVALID_CRLGROUP_POINTER	   CSSMERR_TP_INVALID_CRLGROUP	  CSS‐
       MERR_TP_INVALID_CRL_AUTHORITY	    CSSMERR_TP_INVALID_CALLERAUTH_CON‐
       TEXT_POINTER	    CSSMERR_TP_INVALID_POLICY_IDENTIFIERS	  CSS‐
       MERR_TP_INVALID_TIMESTRING    CSSMERR_TP_INVALID_STOP_ON_POLICY	  CSS‐
       MERR_TP_INVALID_CALLBACK	      CSSMERR_TP_INVALID_ANCHOR_CERT	  CSS‐
       MERR_TP_CERTGROUP_INCOMPLETE	CSSMERR_TP_INVALID_DL_HANDLE	  CSS‐
       MERR_TP_INVALID_DB_HANDLE    CSSMERR_TP_INVALID_DB_LIST_POINTER	  CSS‐
       MERR_TP_INVALID_DB_LIST	    CSSMERR_TP_AUTHENTICATION_FAILED	  CSS‐
       MERR_TP_INSUFFICIENT_CREDENTIALS	      CSSMERR_TP_NOT_TRUSTED	  CSS‐
       MERR_TP_CERT_REVOKED CSSMERR_TP_CERT_SUSPENDED  CSSMERR_TP_CERT_EXPIRED
       CSSMERR_TP_CERT_NOT_VALID_YET   CSSMERR_TP_INVALID_CERT_AUTHORITY  CSS‐
       MERR_TP_INVALID_SIGNATURE  CSSMERR_TP_INVALID_NAME  CSSMERR_TP_CERTIFI‐
       CATE_CANT_OPERATE

SEE ALSO
       Books

       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions for the CSSM API:

       CSSM_TP_CertCreateTemplate(3), CSSM_TP_CrlSign(3)

       Functions for the TP SPI:

       TP_CertCreateTemplate(3), TP_CrlSign(3)

								TP_CertSign(3)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net