CSSM_TP_CrlSign
CSSM_DATA_PTR CSSMAPI CSSM_TP_CrlSign
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CSPHandle,
const CSSM_DL_DB_LIST_PTR DBList,
const CSSM_DATA_PTR CrlToBeSigned,
CSSM_CRL_TYPE CrlType,
CSSM_CRL_ENCODING CrlEncoding,
const CSSM_CERTGROUP_PTR SignerCertGroup,
const CSSM_VERIFYCONTEXT_PTR SignerVerifyContext,
const CSSM_FIELD_PTR SignScope,
uint32 ScopeSize);
This function signs an entire certificate revocation list. The TP module determines whether the signer's certificate is trusted to sign the certificate revocation list. If trust is satisfied, then the TP module signs the revocation list using the signer's private key. Individual records in the CRL were signed when they were added to the CRL. Once the entire CRL is signed, revocation records can no longer be added to that CRL. To do so, would break the integrity of the signature resulting in a non-verifiable, rejected CRL.
- TPHandle (input)
The handle that describes the add-in trust policy module used to perform this function.
- CLHandle (input/optional)
The handle that describes the add-in certificate library module that can be used to manipulate the certificates to be verified. If no certificate library module is specified, the TP module uses an assumed CL module, if required.
- CCHandle (input/optional)
The handle that describes the cryptographic context for signing the CRL. This context also identifies the cryptographic service provider to be used to perform the signing operation. If this handle is not provided by the caller, the trust policy module can assume a default signing algorithm and a default CSP. If the trust policy module does not assume defaults or the default CSP is not available on the local system an error occurs.
- DBList (input/optional)
A list of handle pairs specifying a data storage library module and a data store managed by that module. These data stores can be used to store or retrieve objects (such as certificate and CRLs) related to the signer's certificate or a data store for storing a resulting signed CRL. If no DL and DB handle pairs are specified, the TP module can use an assumed DL module and an assumed data store, if required.
- CrlToBeSigned (input)
A pointer to the CSSM_DATA structure containing a certificate revocation list to be signed.
- CrlType (input)
An indicator of the type of CRL contained in the CrlToBeSigned.
- CrlEncoding (input)
An indicator of the encoding of CRL contained in the CrlToBeSigned.
- SignerCertGroup (input)
A pointer to the CSSM_CERTGROUP structure containing one or more related certificates used to sign the CRL.
- SignerVerifyContext (input)
A pointer to the CSSM_VERIFYCONTEXT structure containing input and output parameters to control verification of the signer's certificate group. Many parameters in the context structure are optional. Default values are used for each optional, unspecified value.
- SignScope (input/optional)
A pointer to the CSSM_FIELD array containing the OIDs of the CRL fields to be included in the signing process. If the signing scope is null, the TP Module must assume a default scope (portions of the CRL to be hashed) when performing the signing process.
- ScopeSize (input)
The number of entries in the sign scope list. If the signing scope is not specified, the input parameter value for scope size must be zero.
A pointer to the CSSM_DATA structure containing the signed certificate revocation list. If the pointer is NULL, an error has occurred. Use CSSM_GetError to obtain the error code.
- CSSM_TP_INVALID_CERTIFICATE
Invalid certificate.
- CSSM_TP_CERTIFICATE_CANT_OPERATE
Signer certificate can't sign certificate revocation list.
- CSSM_TP_MEMORY_ERROR
Error in allocating memory.
- CSSM_TP_CRL_SIGN_FAIL
Unable to sign certificate revocation list.
- CSSM_INVALID_TP_HANDLE
Invalid handle.
- CSSM_INVALID_CL_HANDLE
Invalid handle.
- CSSM_INVALID_DL_HANDLE
Invalid handle.
- CSSM_INVALID_DB_HANDLE
Invalid handle.
- CSSM_FUNCTION_NOT_IMPLEMENTED
Function not implemented.
CSSM_CL_CrlSign
Contents | Next section | Index |