CL_CertGroupFromVerifiedBundle

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP Open Source Security for OpenVMS Volume 1:...

API Functions

CL_CertGetNextFieldValue

CL_CertGroupToSignedBundle

CL_CertGroupFromVerifiedBundle

Library
Description
Errors

Parameters
Return Value
See Also

NAME

CL_CertGroupFromVerifiedBundle: CSSM_CL_CertGroupFromVerifiedBundle - Verify the signature of a bundle (CDSA)

SYNOPSIS

# include <cssm.h>

API:CSSM_RETURN CSSMAPI CSSM_CL_CertGroupFromVerifiedBundle(CSSM_CL_HANDLE CLHandle,CSSM_CC_HANDLE CCHandle,const CSSM_CERT_BUNDLE *CertBundle,const CSSM_DATA *SignerCert,CSSM_CERTGROUP_PTR *CertGroup)SPI:CSSM_RETURN CSSMCLI CL_CertGroupFromVerifiedBundle(CSSM_CL_HANDLE CLHandle,CSSM_CC_HANDLE CCHandle,const CSSM_CERT_BUNDLE *CertBundle,const CSSM_DATA *SignerCert,CSSM_CERTGROUP_PTR *CertGroup)

LIBRARY

Common Security Services Manager library (cdsa$incssm300_shr.exe)

PARAMETERS

`CLHandle` (input)
		The handle that describes the add-in certificatelibrary module used to perform this function.
`CCHandle` (input/optional)
		The handle of the cryptographic context to controlthe verification operation.
`CertBundle` (input)
		A structure containing a reference to a signed,encoded bundle of certificates and to descriptors of the type andencoding of the bundle. The bundled certificates are to be separatedinto a certificate group (list of individual encoded certificates).If the bundle type and bundle encoding are not specified, the add-inmodule might either attempt to decode the bundle assuming a defaulttype and encoding or might immediately fail.
`SignerCert` (input/optional)
		The certificate to be used to verify the signatureon the certificate bundle. If the bundle is signed but this fieldis not specified, then the module will assume a default certificatefor verification.
`CertGroup` (output)
		A pointer to the certificate group, representedas an array of individual, encoded certificates. The certificategroup and CSSM_CERTGROUP substructures are allocated by the serivceprovider and must be deallocated by the application. The group containsall certificates contained in the certificate bundle.

DESCRIPTION

This function accepts as input a certificate bundle (a codifiedand signed aggregation of the certificates in the group), verifiesthe signature of the bundle (if a signature is present), and returnsa certificate group (as an array of individual certificates) includingevery certificate contained in the bundle. The signature on the certificateaggregate is verified using the cryptographic context and possiblyusing the input signer certificate. The CL module embeds the knowledgeof the verification scope for the bundle types that it supports.A CL module's supported bundle types and encodings are availableto applications by querying the CSSM registry. The type and encodingof the certificate bundle must be specified with the input bundle.If signature verification is successful, the certificate aggregatewill be parsed into a certificate group whose order correspondsto the certificate aggregate ordering. This certificate group willthen be returned to the calling application.

RETURN VALUE

A CSSM_RETURN value indicating success or specifying a particularerror condition. The value CSSM_OK indicates success. All othervalues represent an error condition.

ERRORS

Errors are described in the CDSA Technical Standard.

CSSMERR_CL_INVALID_CONTEXT_HANDLECSSMERR_CL_INVALID_BUNDLE_POINTERCSSMERR_CL_INVALID_BUNDLE_INFOCSSMERR_CL_INVALID_CERT_POINTERCSSMERR_CL_INVALID_CERTGROUP_POINTERCSSMERR_CL_UNKNOWN_FORMAT