CSSM_TP_CertSign
CSSM_BOOL CSSMAPI CSSM_TP_CertSign
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle,
const CSSM_DL_DB_LIST_PTR DBList,
CSSM_DATA_PTR CertToBeSigned,
const CSSM_CERTGROUP_PTR SignerCertGroup,
const CSSM_VERIFYCONTEXT_PTR SignerVerifyContext,
const CSSM_FIELD_PTR SignScope,
uint32 ScopeSize);
This functions co-signs or notorizes the certificate if the signer is authorized to perform the signing operation. The verification context provides the input parameters required to verify the signer's certificate. Once verified, the signer's private key is used to perform the operation, hence the passphrase associated with the signer's key must be provided. The SignScope is used to control the signing process.
- TPHandle (input)
The handle that describes the add-in trust policy module used to perform this function.
- CLHandle (input/optional)
The handle that describes the add-in certificate library module that can be used to manipulate the subject certificate and anchor certificates. If no certificate library module is specified, the TP module uses an assumed CL module, if required.
- CCHandle (input/optional)
The handle that describes the cryptographic context for signing the certificate. This context also identifies the cryptographic service provider to be used to perform the signing operation. If this handle is not provided by the caller, the trust policy module can assume a default signing algorithm and a default CSP, but the trust policy module may be unable to unlock the caller's private key without the caller's passphrase. If the trust policy module does not assume defaults or the default CSP, is not available on the local system an error occurs.
- DBList (input/optional)
The structure is a list of data storage library handles and data store handles. These handles can be used to store or retrieve objects (such as certificate and CRLs) related to the signer's certificate and anchor certificates. If no data store is specified, the TP module uses an assumed data storage library module and one or more assumed data stores, if required.
- CertToBeSigned (input)
A pointer to the CSSM_DATA structure containing the certificate to be co-signed.
- SignerCertGroup (input)
A pointer to the CSSM_CERTGROUP containing a set of certificates of or related to the signer.
- SignerVerifyContext (input)
A pointer to the CSSM_VERIFYCONTEXT structure containing a set of input and output parameters for the signature process. The input parameters describe how the verification process should be performed. Most of the input parameters are optional. If not specified, the TP module can use default values for unspecified inputs.
- SignScope (input/optional)
A pointer to the CSSM_FIELD structures specifying OIDs for the certificate fields to be included in the signature. If no signing scope is specified, a default scope is assumed.
- ScopeSize (input)
A count of the number of OIDs specified in the SignScope. If no scope is specified, this value must be zero.
A pointer to the CSSM_DATA containing the signed certificate. When NULL is returned, either the certificate template cannot be signed or an error has occurred. Use CSSM_GetError to obtain the error code.
- CSSM_INVALID_TP_HANDLE
Invalid handle.
- CSSM_INVALID_CL_HANDLE
Invalid handle.
- CSSM_INVALID_DL_HANDLE
Invalid handle.
- CSSM_INVALID_DB_HANDLE
Invalid handle.
- CSSM_TP_INVALID_CERT_GROUP
Invalid certificate group structure.
- CSSM_TP_CERTIFICATE_CANT_OPERATE
Signer certificate can't sign subject.
- CSSM_TP_MEMORY_ERROR
Error in allocating memory.
- CSSM_TP_CERT_VERIFY_FAIL
Unable to verify signer's certificate.
CSSM_TP_CertVerify, CSSM_CL_CertRequest, CSSM_CL_CertRetrieve
| Contents | Next section | Index |