|
VMS Help CDSA, CDSA_API, TP ConfirmCredResult *Conan The Librarian |
NAME
TP_ConfirmCredResult,
CSSM_TP_ConfirmCredResult - Confirm credentials (CDSA)
SYNOPSIS
# include <cssm.h>
API:
CSSM_RETURN CSSMAPI CSSM_TP_ConfirmCredResult
(CSSM_TP_HANDLE TPHandle,
const CSSM_DATA *ReferenceIdentifier,
const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
const CSSM_TP_CONFIRM_RESPONSE *Responses,
const CSSM_TP_AUTHORITY_ID *PreferredAuthority)
SPI:
CSSM_RETURN CSSMTPI TP_ConfirmCredResult
(CSSM_TP_HANDLE TPHandle,
const CSSM_DATA *ReferenceIdentifier,
const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials,
const CSSM_TP_CONFIRM_RESPONSE *Responses,
const CSSM_TP_AUTHORITY_ID *PreferredAuthority)
LIBRARY
Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)
PARAMETERS
TPHandle (input)
The handle that describes the certification authority module
used to perform this function.
ReferenceIdentifier (input)
A reference identifier that uniquely identifies execution of
the call sequence CSSM_TP_SubmitCredRequest() and
CSSM_TP_RetrieveCredResult() (or the equivalent TP SPI call
pair) to submit a set of requests and to retrieve the results
of those requests.
CallerAuthCredentials (input/optional)
This structure contains a set of caller authentication
credentials. The authentication information can be a
passphrase, a PIN, a completed registration form, a
certificate, or a template of user-specific data. The
required set of credentials is defined by the service
provider module and recorded in a record in the MDS Primary
relation. Multiple credentials can be required. If the local
service provider module does not require credentials from a
caller, then the Credentials field of this verification
context structure can be NULL. The structure optionally
contains additional credentials that can be used to support
the authentication process. Authentication credentials
required by the authority should be included in the
RequestInput. The local TP module can forward information
from the CallerAuthCredentials to the authority, as
appropriate, but is not required to do so.
Responses (input)
An ordered vector of acknowledges indicating the caller's
acceptance or rejection of results. The vector contains
one acknowledgement per result returned by
CSSM_TP_RetrieveCredResult() (CSSM API), or
TP_RetrieveCredResult() (TP SPI).
PreferredAuthority (input/optional)
The identifier which uniquely describes the Authority to
receive the acknowledgements. The structure can include:
· An identity certificate for the authority
· The location of the authority
DESCRIPTION
This function submits a vector of acknowledgements to a Certificate
Authority for a set of requests and corresponding results identified
by ReferenceIdentifier. The caller must execute the call sequence
CSSM_TP_SubmitCredRequest() and CSSM_TP_RetrieveCredResult()(or the
equivalent TP SPI calls) to submit a set of requests and to retrieve
the results of those requests. Some Certificate Authority services
accessed through the request and retrieve functions require
confirmation. The function CSSM_TP_RetrieveCredResult() (CSSM API),
or TP_RetrieveCredResult() (TP SPI), returns a value indicating
whether the caller must invoke CSSM_TP_ConfirmCredResult(),
(CSSM API), or TP_ConfirmCredResult() (TP SPI), to successfully
complete the service.
The Responses vector accepts or rejects each result independently.
If the caller rejects a returned result, the action taken by the
authority depends on the requested type of service.
The ReferenceIdentifier also identifies the authority process state
associated with the function pair CSSM_TP_SubmitCredRequest() and
CSSM_TP_RetrieveCredResult() (or the equivalent TP SPI calls). The
PreferredAuthority information can be used to further identify the
authority to receive the acknowledgement. After successful execution
of this function, the value of the ReferenceIdentifier is undefined
and should not be used in subsequent operations in the current module
attach session.
This function fails if ReferenceIdentifier is invalid or the
Authority process can not be located.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular
error condition. The value CSSM_OK indicates success. All other
values represent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See CDSA.
CSSMERR_TP_INVALID_IDENTIFIER_POINTER
CSSMERR_TP_INVALID_IDENTIFIER
CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
CSSMERR_TP_INVALID_TIMESTRING
CSSMERR_TP_INVALID_STOP_ON_POLICY
CSSMERR_TP_INVALID_CALLBACK
CSSMERR_TP_INVALID_ANCHOR_CERT
CSSMERR_TP_CERTGROUP_INCOMPLETE
CSSMERR_TP_INVALID_DL_HANDLE
CSSMERR_TP_INVALID_DB_HANDLE
CSSMERR_TP_INVALID_DB_LIST_POINTER
CSSMERR_TP_INVALID_DB_LIST
CSSMERR_TP_AUTHENTICATION_FAILED
CSSMERR_TP_INSUFFICIENT_CREDENTIALS
CSSMERR_TP_NOT_TRUSTED
CSSMERR_TP_CERT_REVOKED
CSSMERR_TP_CERT_SUSPENDED
CSSMERR_TP_CERT_EXPIRED
CSSMERR_TP_CERT_NOT_VALID_YET
CSSMERR_TP_INVALID_CERT_AUTHORITY
CSSMERR_TP_INVALID_SIGNATURE
CSSMERR_TP_INVALID_NAME
CSSMERR_TP_INVALID_RESPONSE_VECTOR
CSSMERR_TP_INVALID_AUTHORITY
CSSMERR_TP_NO_DEFAULT_AUTHORITY
CSSMERR_TP_UNSUPPORTED_ADDR_TYPE
CSSMERR_TP_INVALID_NETWORK_ADDR
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA)
Other Help Topics
Functions for the CSSM API:
CSSM_TP_SubmitCredRequest
CSSM_TP_RetrieveCredResult
CSSM_TP_ReceiveConfirmation
Functions for the TP SPI:
TP_SubmitCredRequest
TP_RetrieveCredResult
TP_ReceiveConfirmation
|
|