|
TP_ApplyCrlToDb(3)
Contents |
TP_ApplyCrlToDb, CSSM_TP_ApplyCrlToDb - Update persistent
storage (CDSA)
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_TP_ApplyCrlToDb
(CSSM_TP_HANDLE TPHandle, CSSM_CL_HANDLE CLHandle,
CSSM_CSP_HANDLE CSPHandle, const CSSM_ENCODED_CRL *CrlToBeApplied,
const CSSM_CERTGROUP *SignerCertGroup, const
CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
CSSM_TP_VERIFY_CONTEXT_RESULT_PTR ApplyCrlVerifyResult)
SPI: CSSM_RETURN CSSMTPI TP_ApplyCrlToDb (CSSM_TP_HANDLE
TPHandle, CSSM_CL_HANDLE CLHandle, CSSM_CSP_HANDLE CSPHandle,
const CSSM_ENCODED_CRL *CrlToBeApplied, const
CSSM_CERTGROUP *SignerCertGroup, const CSSM_TP_VERIFY_CONTEXT
*ApplyCrlVerifyContext, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
ApplyCrlVerifyResult)
Common Security Services Manager library (libcssm.so)
The handle that describes the add-in trust policy module
used to perform this function. The handle that describes
the add-in certificate library module that can be used to
manipulate the CRL as it is applied to the data store and
to manipulate the certificates effected by the CRL, if
required. If no certificate library module is specified,
the TP module uses an assumed CL module, if required. The
handle referencing a Cryptographic Service Provider to be
used to verify signatures on the CRL determining whether
to trust the CRL and apply it to the data store. The TP
module is responsible for creating the cryptographic context
structures required to perform the verification operation.
If no CSP is specified, the TP module uses an
assumed CSP to perform these operations. If optional, the
caller will set this value to 0. A pointer to a structure
containing the encoded certificate revocation list to be
applied to the data store. The CRL type and encoding are
included in this structure. A pointer to the CSSM_CERTGROUP
structure containing one or more related certificates
that partially or fully represent the signer of the
certificate revocation list. The first certificate in the
group is the target certificate representing the CRL
signer. Use of subsequent certificates is specific to the
trust domain. For example, in a hierarchical trust model
subsequent members are intermediate certificates of a certificate
chain. A structure containing credentials, policy
information, and contextual information to be used in
the verification process. All of the input values in the
context are optional. The service provider can define
default values or can attempt to operate without input for
all the other fields of this input structure. The operation
can fail if a necessary input value is omitted and
the service module can not define an appropriate default
value. A pointer to a structure containing information
generated during the verification process. The information
can include:
Evidence (output/optional)
NumberOfEvidences (output/optional)
This function updates persistent storage to reflect
entries in the certificate revocation list. The TP module
determines whether the memory-resident CRL is trusted, and
if it should be applied to one or more of the persistent
databases. Side effects of this function can include saving
a persistent copy of the CRL in a data store, or
removing certificate records from a data store.
A CSSM_RETURN value indicating success or specifying a
particular error condition. The value CSSM_OK indicates
success. All other values represent an error condition.
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_TP_INVALID_CL_HANDLE CSSMERR_TP_INVALID_CSP_HANDLE
CSSMERR_TP_INVALID_CRL_TYPE
CSSMERR_TP_INVALID_CRL_ENCODING CSSMERR_TP_INVALID_CRL_POINTER
CSSMERR_TP_INVALID_CRL CSSMERR_TP_INVALID_CERTGROUP_POINTER
CSSMERR_TP_INVALID_CERTGROUP
CSSMERR_TP_INVALID_CERTIFICATE CSSMERR_TP_INVALID_ACTION
CSSMERR_TP_INVALID_ACTION_DATA CSSMERR_TP_VERIFY_ACTION_FAILED
CSSMERR_TP_INVALID_CRLGROUP_POINTER
CSSMERR_TP_INVALID_CRLGROUP CSSMERR_TP_INVALID_CRL_AUTHORITY
CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
CSSMERR_TP_INVALID_TIMESTRING CSSMERR_TP_INVALID_STOP_ON_POLICY
CSSMERR_TP_INVALID_CALLBACK
CSSMERR_TP_INVALID_ANCHOR_CERT CSSMERR_TP_CERTGROUP_INCOMPLETE
CSSMERR_TP_INVALID_DL_HANDLE CSSMERR_TP_INVALID_DB_HANDLE
CSSMERR_TP_INVALID_DB_LIST_POINTER
CSSMERR_TP_INVALID_DB_LIST
CSSMERR_TP_AUTHENTICATION_FAILED CSSMERR_TP_INSUFFICIENT_CREDENTIALS
CSSMERR_TP_NOT_TRUSTED CSSMERR_TP_CERT_REVOKED
CSSMERR_TP_CERT_SUSPENDED CSSMERR_TP_CERT_EXPIRED
CSSMERR_TP_CERT_NOT_VALID_YET CSSMERR_TP_INVALID_CERT_AUTHORITY
CSSMERR_TP_INVALID_SIGNATURE
CSSMERR_TP_INVALID_NAME CSSMERR_TP_CERTIFICATE_CANT_OPERATE
Books
Intel CDSA Application Developer's Guide (see
CDSA_intro(3))
Reference Pages [Toc] [Back]
Functions for the CSSM API:
CSSM_CL_CrlGetFirstItem(3), CSSM_CL_CrlGetNextItem(3),
CSSM_DL_CertRevoke(3)
Functions for the TP SPI:
CL_CrlGetFirstItem(3), CL_CrlGetNextItem(3), DL_CertRevoke(3)
TP_ApplyCrlToDb(3)
[ Back ] |