Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

NAME

TP_CertSign

SYNOPSIS

CSSM_DATA_PTR CSSMTPI TP_CertSign
    (CSSM_TP_HANDLE TPHandle,
    CSSM_CL_HANDLE CLHandle,
    CSSM_CC_HANDLE CCHandle,
    const CSSM_DL_DB_LIST_PTR DBList,
    const CSSM_DATA_PTR CertToBeSigned,
    const CSSM_CERTGROUP_PTR SignerCertGroup,
    const CSSM_VERIFYCONTEXT_PTR SignerVerifyContext,
    const CSSM_FIELD_PTR SignScope,
    uint32 ScopeSize)

DESCRIPTION

The TP module first decides whether the signer certificate group is trusted to co-sign or notarize the certificate. The signer certificate is authenticated and checked for authority to perform the signing operation. Once trust is established, the TP signs the certificate template using the signer's certificate group and the SignScope to control the signing process.

PARAMETERS

TPHandle (input)

The handle that describes the add-in trust policy module used to perform this function.

CLHandle (input/optional)

The handle that describes the add-in certificate library module used to perform this function.

CCHandle (input/optional)

The handle that describes the cryptographic context for signing the certificate. This context also identifies the cryptographic service provider to be used to perform the signing operation. If this handle is not provided by the caller, the trust policy module can assume a default signing algorithm and a default CSP, but the trust policy module may be unable to unlock the caller's private key without the caller's passphrase.If the trust policy module does not assume defaults or the default CSP is not available on the local system an error occurs.

DBList (input/optional)

A list of certificate databases containing certificates that may be used to construct the trust structure of the signer certificate group.

CertToBeSigned (input)

A pointer to the CSSM_DATA structure containing the certificate to be co-signed.

SignerCertGroup (input)

A group of one or more certificates that partially or fully represent the signer for this operation. The first certificate in the group is the target certificate used to perform the signing operation. The use of all subsequent certificates in the ordering is specific to the trust domain. For example, in a hierarchical trust model subsequent members are intermediate certificates of a certificate chain.

SignerVerifyContext (input)

A structure containing policy elements useful in verifying the signer's certificate with respect to the security policy. Optional elements in the verify context left unspecified will cause the internal default values to be used. Default values are specified in the TP module vendor release documents.

SignScope (input/optional)

A pointer to the CSSM_FIELD array containing the tags of the fields to be signed. A NULL input signs a default set of fields in the certificate.

ScopeSize (input)

The number of entries in the sign scope list.

RETURN VALUE

A pointer to the CSSM_DATA structure containing the signed certificate. If the pointer is NULL, an error has occurred. This function can also return errors specific to CSP, CL, and DL modules.

ERRORS

CSSM_TP_INVALID_CERT_GROUP

Invalid certificate group structure.

CSSM_TP_CERTIFICATE_CANT_OPERATE

Signer certificate can't sign subject.

CSSM_TP_MEMORY_ERROR

Error in allocating memory.

CSSM_TP_CERT_SIGN_FAIL

Unable to sign certificate.

CSSM_INVALID_TP_HANDLE

Invalid handle.

CSSM_INVALID_CL_HANDLE

Invalid handle.

CSSM_INVALID_DL_HANDLE

Invalid handle.

CSSM_INVALID_DB_HANDLE

Invalid handle.

CSSM_FUNCTION_NOT_IMPLEMENTED

Function not implemented.

SEE ALSO

TP_CertVerify, CSSM_CL_CertRequest, CSSM_CL_CertRetrieve
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index