CL_CertGroupFromVerifiedBundle(3)CL_CertGroupFromVerifiedBundle(3)NAME
CL_CertGroupFromVerifiedBundle, CSSM_CL_CertGroupFromVerifiedBundle -
Verify the signature of a bundle (CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_CL_CertGroupFromVerifiedBundle
(CSSM_CL_HANDLE CLHandle, CSSM_CC_HANDLE CCHandle, const CSSM_CERT_BUN‐
DLE *CertBundle, const CSSM_DATA *SignerCert, CSSM_CERTGROUP_PTR *Cert‐
Group) SPI: CSSM_RETURN CSSMCLI CL_CertGroupFromVerifiedBundle
(CSSM_CL_HANDLE CLHandle, CSSM_CC_HANDLE CCHandle, const CSSM_CERT_BUN‐
DLE *CertBundle, const CSSM_DATA *SignerCert, CSSM_CERTGROUP_PTR *Cert‐
Group)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
The handle that describes the add-in certificate library module used to
perform this function. The handle of the cryptographic context to con‐
trol the verification operation. A structure containing a reference to
a signed, encoded bundle of certificates and to descriptors of the type
and encoding of the bundle. The bundled certificates are to be sepa‐
rated into a certificate group (list of individual encoded certifi‐
cates). If the bundle type and bundle encoding are not specified, the
add-in module might either attempt to decode the bundle assuming a
default type and encoding or might immediately fail. The certificate
to be used to verify the signature on the certificate bundle. If the
bundle is signed but this field is not specified, then the module will
assume a default certificate for verification. A pointer to the cer‐
tificate group, represented as an array of individual, encoded certifi‐
cates. The certificate group and CSSM_CERTGROUP substructures are allo‐
cated by the serivce provider and must be deallocated by the applica‐
tion. The group contains all certificates contained in the certificate
bundle.
DESCRIPTION
This function accepts as input a certificate bundle (a codified and
signed aggregation of the certificates in the group), verifies the sig‐
nature of the bundle (if a signature is present), and returns a cer‐
tificate group (as an array of individual certificates) including every
certificate contained in the bundle. The signature on the certificate
aggregate is verified using the cryptographic context and possibly
using the input signer certificate. The CL module embeds the knowledge
of the verification scope for the bundle types that it supports. A CL
module's supported bundle types and encodings are available to applica‐
tions by querying the CSSM registry. The type and encoding of the cer‐
tificate bundle must be specified with the input bundle. If signature
verification is successful, the certificate aggregate will be parsed
into a certificate group whose order corresponds to the certificate
aggregate ordering. This certificate group will then be returned to the
calling application.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_CL_INVALID_CONTEXT_HANDLE CSS‐
MERR_CL_INVALID_BUNDLE_POINTER CSSMERR_CL_INVALID_BUNDLE_INFO CSS‐
MERR_CL_INVALID_CERT_POINTER CSSMERR_CL_INVALID_CERTGROUP_POINTER CSS‐
MERR_CL_UNKNOWN_FORMAT
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_CL_CertGroupToSignedBundle(3)
Functions for the CLI SPI:
CL_CertGroupToSignedBundle(3)CL_CertGroupFromVerifiedBundle(3)