Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

NAME

CSSM_TP_CertGroupConstruct

SYNOPSIS

CSSM_CERTGROUP_PTR CSSMAPI CSSM_TP_CertGroupConstruct
    (CSSM_TP_HANDLE TPHandle,
    CSSM_CL_HANDLE CLHandle,
    CSSM_CSP_HANDLE CSPHandle,
    const CSSM_DL_DB_LIST_PTR DBList,
    CSSM_CERTGROUP_PTR CertGroupFrag);

DESCRIPTION

This function constructs an ordered certificate group using the certificates in CertGroupFrag as a starting point. There is no implied ordering for the certificates in CertGroupFrag except that the certificate in position 0 of the certificate group is assumed to be the starting point for constructing the remaining certificate group. An ordering relationship may be defined and recorded in the certificates themselves or assumed by the trust policy model.

The certificate group is augmented by adding semantically-related certificates obtained by searching the certificate data stores specified in DBList. In a hierarchical model of certificate chains, the leaf certificate in the chain is a CertGroup fragment and the complete certificate chain including the root certificate is the anticipated result of the construction operation.

PARAMETERS

TPHandle (input)

The handle to the trust policy module to perform this operation.

CLHandle (input/optional)

The handle to the certificate library module that can be used to manipulate and parse values in stored in the certgroup certificates. If no certificate library module is specified, the TP module uses an assumed CL module.

CSPHandle (input./optional)

A handle specifying the Cryptographic Service Provider to be used to verify certificates as the certificate group is constructed. If the a CSP handle is not specified, the trust policy module can assume a default CSP. If the module cannot assume a default, or the default CSP is not available on the local system, an error occurs.

DBList (input)

A list of handle pairs specifying a data storage library module and a data store managed by that module. These data stores should contain certificates (and possibly other security objects). The data stores should be searched to complete construction of a semantically-related certificate group.

CertGroupFrag (input)

A list of certificates that form a possibly incomplete set of certificates. The first certificate in the group represents the target certificate for which a group of semantically related certificates will be assembled

RETURN VALUE

A CSSM_CERTGROUP_PTR to a list of certificates that form a complete certificate group based on the original subset of certificates and the certificate data stores. A NULL list indicates an error. Use CSSM_GetError to obtain the error code.

ERRORS

CSSM_INVALID_TP_HANDLE

Invalid trust policy handle.

CSSM_INVALID_CL_HANDLE

Invalid certificate library handle.

CSSM_INVALID_DL_HANDLE

Invalid data storage library handle.

CSSM_INVALID_DB_HANDLE

Bad database handle.

CSSM_CL_INVALID_CERTIFICATE

Invalid certificate.

CSSM_TP_CERTGROUP_NOT_FOUND

Unable to construct meaningful cert group.

CSSM_MEMORY_ERROR

Not enough memory to allocate.

SEE ALSO

CSSM_TP_CertGroupPrune, CSSM_TP_CertVerify
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index