|
 HP Open Source Security for OpenVMS Volume 1:... |
 API Functions |
|
|
| |
| Library Description Errors | Parameters Return Value See Also |
API:CSSM_RETURN CSSMAPI CSSM_TP_SubmitCredRequest(CSSM_TP_HANDLE TPHandle,const CSSM_TP_AUTHORITY_ID *PreferredAuthority,CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType,const CSSM_TP_REQUEST_SET *RequestInput,const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,sint32 *EstimatedTime,CSSM_DATA_PTR ReferenceIdentifier)SPI:CSSM_RETURN CSSMTPI TP_SubmitCredRequest(CSSM_TP_HANDLE TPHandle,const CSSM_TP_AUTHORITY_ID *PreferredAuthority,CSSM_TP_AUTHORITY_REQUEST_TYPE RequestType,const CSSM_TP_REQUEST_SET *RequestInput,const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthContext,sint32 *EstimatedTime,CSSM_DATA_PTR ReferenceIdentifier)
LIBRARY Common Security Services Manager library (
cdsa$incssm300_shr.exe) PARAMETERS TPHandle (input) | ||
| The handle that describes the certification authoritymodule used to perform this function. | |
PreferredAuthority (input/optional) | ||
| The identifier which uniquely describes the CertificateService Authority to submit the request to. | |
RequestType (input) | ||
| The identifier of the type of request to submit. | |
RequestInput (input) | ||
| A pointer to the input parameters to be submittedto the authority who will perform the requested service. | |
CallerAuthContext (input/optional) | ||
| This structure contains a set of caller authenticationcredentials. The authentication information can be a passphrase,a PIN, a completed registration form, a certificate, or a templateof user-specific data. The required set of credentials is definedby the service provider module and recorded in the MDS Primary relation.Multiple credentials can be required. If the local service providermodule does not require credentials from a caller, then the CallerCredentials fieldof this verification context structure can be NULL. The structureoptionally contains additional credentials that can be used to supportthe authentication process. Authentication credentials requiredby the authority should be included in the RequestInput.The local service provider module can forward this credential informationto the authority, as appropriate, but is not required to do so. | |
EstimatedTime (output) | ||
| The number of estimated seconds before the serviceresults are ready to be retrieved. A (default) value of zero indicatesthat the results can be retrieved immediately via the corresponding CSSM_TP_RetrieveCredResult() (CSSM API), or TP_RetrieveCredResult() (TP SPI), function call. When the local service providermodule or the authority cannot estimate the time required to performthe requested service, the output value for estimated time is CSSM_ESTIMATED_TIME_UNKNOWN. | |
ReferenceIdentifier (output) | ||
| A reference identifier, which uniquely identifiesthis specific request. The handle persists across application executionsand becomes undefined when all local processing of the request hascompleted. Local processing is completed in one of two ways:
| |
DESCRIPTION If the caller is successfully authenticated, then this functionsubmits a request to the Authority identified by PreferredAuthority.The authority service can be local or remote. If the Authority isnot specified, then the TP module can assume a default authoritybased on the RequestType and the CallerAuthContext. RequestType indicatesthe type of Authority request and RequestInput specifiesthe input parameters needed by the authority to perform the request.The request is submitted to the authority only if the TP modulecan successfully authenticate the caller. The CallerAuthContext presentsthe caller's credentials and a list of one or more policies underwhich the caller should be authenticated. Caller credentials canbe presented in several forms:
The local service provider must select and forward the credentialsrequired by the Authority. The caller must provide all necessarycredentials through the CallerAuthContext parameter.
If the caller can not be authenticated by the local serviceprovider, the function fails and the request is not submitted tothe selected authority.
This function returns a ReferenceIdentifier andan EstimatedTime (specified in seconds). ReferenceIdentifier isan ID for the submitted request. EstimatedTime definesthe expected time to process the request. This time may be substantialwhen the request requires offline authentication procedures by theAuthority process. In contrast, the estimated time can be zero,meaning the result can be obtained immediately using CSSM_TP_RetrieveCredResult() (CSSM API), or TP_RetrieveCredResult() (TP SPI). After the specified time has elapsed, thecaller must use the function CSSM_TP_RetrieveCredResult() (CSSMAPI), or TP_RetrieveCredResult() (TP SPI), with the reference identifier, to obtain theresult of the request.
RETURN VALUE A CSSM_RETURN value indicating success or specifying a particularerror condition. The value CSSM_OK indicates success. All othervalues represent an error condition. ERRORS Errors are described in the CDSA Technical Standard. CSSMERR_TP_INVALID_AUTHORITYCSSMERR_TP_NO_DEFAULT_AUTHORITYCSSMERR_TP_UNSUPPORTED_ADDR_TYPECSSMERR_TP_INVALID_NETWORK_ADDRCSSMERR_TP_UNSUPPORTED_SERVICECSSMERR_TP_INVALID_REQUEST_INPUTSCSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTERCSSMERR_TP_INVALID_POLICY_IDENTIFIERSCSSMERR_TP_INVALID_TIMESTRINGCSSMERR_TP_INVALID_STOP_ON_POLICYCSSMERR_TP_INVALID_CALLBACKCSSMERR_TP_INVALID_ANCHOR_CERTCSSMERR_TP_CERTGROUP_INCOMPLETECSSMERR_TP_INVALID_DL_HANDLECSSMERR_TP_INVALID_DB_HANDLECSSMERR_TP_INVALID_DB_LIST_POINTERCSSMERR_TP_INVALID_DB_LISTCSSMERR_TP_AUTHENTICATION_FAILEDCSSMERR_TP_INSUFFICIENT_CREDENTIALSCSSMERR_TP_NOT_TRUSTEDCSSMERR_TP_CERT_REVOKEDCSSMERR_TP_CERT_SUSPENDEDCSSMERR_TP_CERT_EXPIREDCSSMERR_TP_CERT_NOT_VALID_YETCSSMERR_TP_INVALID_CERT_AUTHORITYCSSMERR_TP_INVALID_SIGNATURECSSMERR_TP_INVALID_NAME
SEE ALSO BooksIntel CDSA Application Developer's Guide
Functions for the CSSM API:
CSSM_TP_RetrieveCredResult
Functions for the TP SPI:
TP_RetrieveCredResult
|
|