Index Index for
Section 3
Index Alphabetical
listing for T
Bottom of page Bottom of
page		 

TP_ApplyCrlToDb(3)


NAME

  TP_ApplyCrlToDb, CSSM_TP_ApplyCrlToDb - Update persistent storage (CDSA)


SYNOPSIS

  # include <cdsa/cssm.h>

       API:
       CSSM_RETURN CSSMAPI CSSM_TP_ApplyCrlToDb
       (CSSM_TP_HANDLE TPHandle,
       CSSM_CL_HANDLE CLHandle,
       CSSM_CSP_HANDLE CSPHandle,
       const CSSM_ENCODED_CRL *CrlToBeApplied,
       const CSSM_CERTGROUP *SignerCertGroup,
       const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR ApplyCrlVerifyResult)
       SPI:
       CSSM_RETURN CSSMTPI TP_ApplyCrlToDb
       (CSSM_TP_HANDLE TPHandle,
       CSSM_CL_HANDLE CLHandle,
       CSSM_CSP_HANDLE CSPHandle,
       const CSSM_ENCODED_CRL *CrlToBeApplied,
       const CSSM_CERTGROUP *SignerCertGroup,
       const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR ApplyCrlVerifyResult)


LIBRARY

  Common Security Services Manager library (libcssm.so)


PARAMETERS

  TPHandle (input)
	  The handle that describes the add-in trust policy module used to
	  perform this function.

  CLHandle (input/optional)
	  The handle that describes the add-in certificate library module
	  that can be used to manipulate the CRL as it is applied to the data
	  store and to manipulate the certificates effected by the CRL, if
	  required. If no certificate library module is specified, the TP
	  module uses an assumed CL module, if required.

  CSPHandle (input/optional)
	  The handle referencing a Cryptographic Service Provider to be used
	  to verify signatures on the CRL determining whether to trust the
	  CRL and apply it to the data store. The TP module is responsible
	  for creating the cryptographic context structures required to
	  perform the verification operation. If no CSP is specified, the TP
	  module uses an assumed CSP to perform these operations.  If
	  optional, the caller will set this value to 0.

  CrlToBeApplied (input)
	  A pointer to a structure containing the encoded certificate
	  revocation list to be applied to the data store. The CRL type and
	  encoding are included in this structure.

  SignerCertGroup (input)
	  A pointer to the CSSM_CERTGROUP structure containing one or more
	  related certificates that partially or fully represent the signer
	  of the certificate revocation list. The first certificate in the
	  group is the target certificate representing the CRL signer. Use of
	  subsequent certificates is specific to the trust domain. For
	  example, in a hierarchical trust model subsequent members are
	  intermediate certificates of a certificate chain.

  ApplyCrlVerifyContext (input/optional)
	  A structure containing credentials, policy information, and
	  contextual information to be used in the verification process. All
	  of the input values in the context are optional. The service
	  provider can define default values or can attempt to operate
	  without input for all the other fields of this input structure. The
	  operation can fail if a necessary input value is omitted and the
	  service module can not define an appropriate default value.

  ApplyCrlVerifyResult (output/optional)
	  A pointer to a structure containing information generated during
	  the verification process. The information can include:

	  Evidence	      (output/optional)
	  NumberOfEvidences   (output/optional)


DESCRIPTION

  This function updates persistent storage to reflect entries in the
  certificate revocation list. The TP module determines whether the memory-
  resident CRL is trusted, and if it should be applied to one or more of the
  persistent databases.	 Side effects of this function can include saving a
  persistent copy of the CRL in a data store, or removing certificate records
  from a data store.


RETURN VALUE

  A CSSM_RETURN value indicating success or specifying a particular error
  condition. The value CSSM_OK indicates success. All other values represent
  an error condition.


ERRORS

  Errors are described in the CDSA technical standard.	See CDSA_intro(3).

       CSSMERR_TP_INVALID_CL_HANDLE
       CSSMERR_TP_INVALID_CSP_HANDLE
       CSSMERR_TP_INVALID_CRL_TYPE
       CSSMERR_TP_INVALID_CRL_ENCODING
       CSSMERR_TP_INVALID_CRL_POINTER
       CSSMERR_TP_INVALID_CRL
       CSSMERR_TP_INVALID_CERTGROUP_POINTER
       CSSMERR_TP_INVALID_CERTGROUP
       CSSMERR_TP_INVALID_CERTIFICATE
       CSSMERR_TP_INVALID_ACTION
       CSSMERR_TP_INVALID_ACTION_DATA
       CSSMERR_TP_VERIFY_ACTION_FAILED
       CSSMERR_TP_INVALID_CRLGROUP_POINTER
       CSSMERR_TP_INVALID_CRLGROUP
       CSSMERR_TP_INVALID_CRL_AUTHORITY
       CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
       CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
       CSSMERR_TP_INVALID_TIMESTRING
       CSSMERR_TP_INVALID_STOP_ON_POLICY
       CSSMERR_TP_INVALID_CALLBACK
       CSSMERR_TP_INVALID_ANCHOR_CERT
       CSSMERR_TP_CERTGROUP_INCOMPLETE
       CSSMERR_TP_INVALID_DL_HANDLE
       CSSMERR_TP_INVALID_DB_HANDLE
       CSSMERR_TP_INVALID_DB_LIST_POINTER
       CSSMERR_TP_INVALID_DB_LIST
       CSSMERR_TP_AUTHENTICATION_FAILED
       CSSMERR_TP_INSUFFICIENT_CREDENTIALS
       CSSMERR_TP_NOT_TRUSTED
       CSSMERR_TP_CERT_REVOKED
       CSSMERR_TP_CERT_SUSPENDED
       CSSMERR_TP_CERT_EXPIRED
       CSSMERR_TP_CERT_NOT_VALID_YET
       CSSMERR_TP_INVALID_CERT_AUTHORITY
       CSSMERR_TP_INVALID_SIGNATURE
       CSSMERR_TP_INVALID_NAME
       CSSMERR_TP_CERTIFICATE_CANT_OPERATE


SEE ALSO

  Books

  Intel CDSA Application Developer's Guide (see CDSA_intro(3))

  Reference Pages

  Functions for the CSSM API:

  CSSM_CL_CrlGetFirstItem(3), CSSM_CL_CrlGetNextItem(3),
  CSSM_DL_CertRevoke(3)

  Functions for the TP SPI:

  CL_CrlGetFirstItem(3), CL_CrlGetNextItem(3), DL_CertRevoke(3)

Index Index for
Section 3
Index Alphabetical
listing for T
Top of page Top of
page