TP_CrlSign
CSSM_DATA_PTR CSSMTPI TP_CrlSign
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle,
const CSSM_DL_DB_LIST_PTR DBList,
const CSSM_DATA_PTR CrlToBeSigned,
CSSM_CRL_TYPE CrlType,
CSSM_CRL_ENCODING CrlEncoding,
const CSSM_CERTGROUP_PTR SignerCertGroup,
const CSSM_VERIFYCONTEXT_PTR SignerVerifyContext,
const CSSM_FIELD_PTR SignScope,
uint32 ScopeSize)
The TP module decides whether the signer certificate is trusted to sign the entire certificate revocation list. The signer certificate group is first authenticated and its applicability to perform this operation is determined. Once the trust is established, this operation signs the entire certificate revocation list. Individual records within the certificate revocation list were signed when they were added to the list.
- TPHandle (input)
The handle that describes the add-in trust policy module used to perform this function.
- CLHandle (input/optional)
The handle that describes the add-in certificate library module used to perform this function.
- CCHandle (input/optional)
The handle that describes the cryptographic context for signing the CRL. This context also identifies the cryptographic service provider to be used to perform the signing operation. If this handle is not provided by the caller, the trust policy module can assume a default signing algorithm and a default CSP. If the trust policy module does not assume defaults or the default CSP is not available on the local system an error occurs.
- DBList (input/optional)
A list of certificate databases containing certificates that may be used to construct the trust structure of the signer certificate group.
- CrlToBeSigned (input)
A pointer to the CSSM_DATA structure containing the certificate revocation list to be signed.
- CrlType (input)
An indicator of the type of CRL contained in the CrlToBeSigned.
- CrlEncoding (input)
An indicator of the encoding of CRL contained in the CrlToBeSigned.
- SignerCertGroup (input)
A group of one or more certificates that partially or fully represent the signer for this operation. The first certificate in the group is the target certificate representing the signer. Use of subsequent certificates is specific to the trust domain. For example, in a hierarchical trust model subsequent members are intermediate certificates of a certificate chain.
- SignerVerifyContext (input)
A structure containing policy elements useful in verifying certificates and their use with respect to a security policy. Optional elements in the verify context left unspecified will cause the internal default values to be used. Default values are specified in the TP module vendor release documents.
- SignScope (input/optional)
A pointer to the CSSM_FIELD array containing the tags of the fields to be signed. A NULL input signs a default set of fields in the certificate revocation list.
- ScopeSize (input)
The number of entries in the sign scope list.
A pointer to the CSSM_DATA structure containing the signed certificate revocation list. If the pointer is NULL, an error has occurred. This function can also return errors specific to CSP, CL and DL modules.
- CSSM_TP_INVALID_CERTIFICATE
Invalid certificate.
- CSSM_TP_CERTIFICATE_CANT_OPERATE
Signer certificate can't sign certificate revocation list.
- CSSM_TP_MEMORY_ERROR
Error in allocating memory.
- CSSM_TP_CRL_SIGN_FAIL
Unable to sign certificate revocation list.
- CSSM_INVALID_TP_HANDLE
Invalid handle.
- CSSM_INVALID_CL_HANDLE
Invalid handle.
- CSSM_INVALID_DL_HANDLE
Invalid handle.
- CSSM_INVALID_DB_HANDLE
Invalid handle.
- CSSM_FUNCTION_NOT_IMPLEMENTED
Function not implemented.
CSSM_CL_CrlSign
Contents | Next section | Index |