 |
Index for
Section 3 |
|
 |
Alphabetical
listing for C |
|
 |
Bottom of
page |
|
CL_CertGroupFromVerifiedBundle(3)
NAME
CL_CertGroupFromVerifiedBundle, CSSM_CL_CertGroupFromVerifiedBundle -
Verify the signature of a bundle (CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API:
CSSM_RETURN CSSMAPI CSSM_CL_CertGroupFromVerifiedBundle
(CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle,
const CSSM_CERT_BUNDLE *CertBundle,
const CSSM_DATA *SignerCert,
CSSM_CERTGROUP_PTR *CertGroup)
SPI:
CSSM_RETURN CSSMCLI CL_CertGroupFromVerifiedBundle
(CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle,
const CSSM_CERT_BUNDLE *CertBundle,
const CSSM_DATA *SignerCert,
CSSM_CERTGROUP_PTR *CertGroup)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
CLHandle (input)
The handle that describes the add-in certificate library module
used to perform this function.
CCHandle (input/optional)
The handle of the cryptographic context to control the verification
operation.
CertBundle (input)
A structure containing a reference to a signed, encoded bundle of
certificates and to descriptors of the type and encoding of the
bundle. The bundled certificates are to be separated into a
certificate group (list of individual encoded certificates). If the
bundle type and bundle encoding are not specified, the add-in
module might either attempt to decode the bundle assuming a default
type and encoding or might immediately fail.
SignerCert (input/optional)
The certificate to be used to verify the signature on the
certificate bundle. If the bundle is signed but this field is not
specified, then the module will assume a default certificate for
verification.
CertGroup (output)
A pointer to the certificate group, represented as an array of
individual, encoded certificates. The certificate group and
CSSM_CERTGROUP substructures are allocated by the serivce provider
and must be deallocated by the application. The group contains all
certificates contained in the certificate bundle.
DESCRIPTION
This function accepts as input a certificate bundle (a codified and signed
aggregation of the certificates in the group), verifies the signature of
the bundle (if a signature is present), and returns a certificate group (as
an array of individual certificates) including every certificate contained
in the bundle. The signature on the certificate aggregate is verified using
the cryptographic context and possibly using the input signer certificate.
The CL module embeds the knowledge of the verification scope for the bundle
types that it supports. A CL module's supported bundle types and encodings
are available to applications by querying the CSSM registry. The type and
encoding of the certificate bundle must be specified with the input bundle.
If signature verification is successful, the certificate aggregate will be
parsed into a certificate group whose order corresponds to the certificate
aggregate ordering. This certificate group will then be returned to the
calling application.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values represent
an error condition.
ERRORS
Errors are described in the CDSA technical standard. See CDSA_intro(3).
CSSMERR_CL_INVALID_CONTEXT_HANDLE
CSSMERR_CL_INVALID_BUNDLE_POINTER
CSSMERR_CL_INVALID_BUNDLE_INFO
CSSMERR_CL_INVALID_CERT_POINTER
CSSMERR_CL_INVALID_CERTGROUP_POINTER
CSSMERR_CL_UNKNOWN_FORMAT
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_CL_CertGroupToSignedBundle(3)
Functions for the CLI SPI:
CL_CertGroupToSignedBundle(3)
|
Index for
Section 3 |
|
|
Alphabetical
listing for C |
|
 |
Top of
page |
|