VMS Help  —  CDSA  CDSA_API, CL CertGroupFromVerifiedBundle
 NAME

   CL_CertGroupFromVerifiedBundle,
   CSSM_CL_CertGroupFromVerifiedBundle - Verify the signature of a
                                         bundle (CDSA)

 SYNOPSIS

   # include <cssm.h>

        API:
        CSSM_RETURN CSSMAPI CSSM_CL_CertGroupFromVerifiedBundle
        (CSSM_CL_HANDLE CLHandle,
        CSSM_CC_HANDLE CCHandle,
        const CSSM_CERT_BUNDLE *CertBundle,
        const CSSM_DATA *SignerCert,
        CSSM_CERTGROUP_PTR *CertGroup)
        SPI:
        CSSM_RETURN CSSMCLI CL_CertGroupFromVerifiedBundle
        (CSSM_CL_HANDLE CLHandle,
        CSSM_CC_HANDLE CCHandle,
        const CSSM_CERT_BUNDLE *CertBundle,
        const CSSM_DATA *SignerCert,
        CSSM_CERTGROUP_PTR *CertGroup)

 LIBRARY

   Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

 PARAMETERS

   CLHandle (input)
           The handle that describes the add-in certificate library module
           used to perform this function.

   CCHandle (input/optional)
           The handle of the cryptographic context to control the
           verification operation.

   CertBundle (input)
           A structure containing a reference to a signed, encoded bundle
           of certificates and to descriptors of the type and encoding of
           the bundle.  The bundled certificates are to be separated into
           a certificate group (list of individual encoded certificates).
           If the bundle type and bundle encoding are not specified, the
           add-in module might either attempt to decode the bundle
           assuming a default type and encoding or might immediately fail.

   SignerCert (input/optional)
           The certificate to be used to verify the signature on the
           certificate bundle.  If the bundle is signed but this field is
           not specified, then the module will assume a default certificate
           for verification.

   CertGroup (output)
           A pointer to the certificate group, represented as an array
           of individual, encoded certificates. The certificate group
           and CSSM_CERTGROUP substructures are allocated by the serivce
           provider and must be deallocated by the application. The group
           contains all certificates contained in the certificate bundle.

 DESCRIPTION

   This function accepts as input a certificate bundle (a codified and
   signed aggregation of the certificates in the group), verifies the
   signature of the bundle (if a signature is present), and returns a
   certificate group (as an array of individual certificates) including
   every certificate contained in the bundle. The signature on the
   certificate aggregate is verified using the cryptographic context and
   possibly using the input signer certificate.  The CL module embeds the
   knowledge of the verification scope for the bundle types that it
   supports. A CL module's supported bundle types and encodings are
   available to applications by querying the CSSM registry. The type and
   encoding of the certificate bundle must be specified with the input
   bundle.  If signature verification is successful, the certificate
   aggregate will be parsed into a certificate group whose order
   corresponds to the certificate aggregate ordering. This certificate
   group will then be returned to the calling application.

 RETURN VALUE

   A CSSM_RETURN value indicating success or specifying a particular
   error condition. The value CSSM_OK indicates success. All other values
   represent an error condition.

 ERRORS

   Errors are described in the CDSA technical standard.  See CDSA.

        CSSMERR_CL_INVALID_CONTEXT_HANDLE
        CSSMERR_CL_INVALID_BUNDLE_POINTER
        CSSMERR_CL_INVALID_BUNDLE_INFO
        CSSMERR_CL_INVALID_CERT_POINTER
        CSSMERR_CL_INVALID_CERTGROUP_POINTER
        CSSMERR_CL_UNKNOWN_FORMAT

 SEE ALSO

   Books

   Intel CDSA Application Developer's Guide (see CDSA)

   Other Help Topics

   Functions for the CSSM API:

       CSSM_CL_CertGroupToSignedBundle

   Functions for the CLI SPI:

       CL_CertGroupToSignedBundle
Close Help