HELPLIB.HLB  —  CDSA  CDSA_API, TP CertRevoke
 NAME
   TP_CertRevoke,
   CSSM_TP_CertRevoke - Determine if the revoking certificate
                        group can revoke the subject certificate
                        group (CDSA)

 SYNOPSIS
   # include <cssm.h>

    API:
        CSSM_RETURN CSSMAPI CSSM_TP_CertRevoke
        (CSSM_TP_HANDLE TPHandle,
        CSSM_CL_HANDLE CLHandle,
        CSSM_CSP_HANDLE CSPHandle,
        const CSSM_DATA *OldCrlTemplate,
        const CSSM_CERTGROUP *CertGroupToBeRevoked,
        const CSSM_CERTGROUP *RevokerCertGroup,
        const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,
        CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,
        CSSM_TP_CERTCHANGE_REASON Reason,
        CSSM_DATA_PTR NewCrlTemplate)
    SPI:
        CSSM_RETURN CSSMTPI TP_CertRevoke
        (CSSM_TP_HANDLE TPHandle,
        CSSM_CL_HANDLE CLHandle,
        CSSM_CSP_HANDLE CSPHandle,
        const CSSM_DATA *OldCrlTemplate,
        const CSSM_CERTGROUP *CertGroupToBeRevoked,
        const CSSM_CERTGROUP *RevokerCertGroup,
        const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,
        CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,
        CSSM_TP_CERTCHANGE_REASON Reason,
        CSSM_DATA_PTR NewCrlTemplate)

 LIBRARY
   Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

 PARAMETERS
   TPHandle (input)
           The handle that describes the add-in trust policy module
           used to perform this function.

   CLHandle (input/optional)
           The handle that describes the add-in certificate library
           module used to perform this function.

   CSPHandle (input/optional)
           The handle that describes the add-in cryptographic service
           provider module used to perform this function.

   OldCrlTemplate (input/optional)
           A pointer to the CSSM_DATA structure containing an existing
           certificate revocation list. If this input is NULL, a new
           list is created or the operation fails.

   CertGroupToBeRevoked (input)
           A group of one or more certificates that partially or fully
           represent the certificate to be revoked by this operation.
           The first certificate in the group is the target certificate.
           The use of subsequent certificates is specific to the trust
           domain. For example, in a hierarchical trust model subsequent
           members are intermediate certificates of a certificate chain.

   RevokerCertGroup (input)
           A group of one or more certificates that partially or fully
           represent the revoking entity for this operation. The first
           certificate in the group is the target certificate representing
           the revoker. The use of subsequent certificates is specific to
           the trust domain.

   RevokerVerifyContext (input)
           A structure containing policy elements useful in verifying
           certificates and their use with respect to a security policy.
           Optional elements in the verify context left unspecified will
           cause the internal default values to be used. Default values
           are specified in the TP module vendor release documents.  This
           context is used to verify the revoker certificate group.

   RevokerVerifyResult (output/optional)
           A pointer to a structure containing information generated
           during the verification process. The information can include:

           Evidence             (output/optional)
           NumberOfEvidences    (output/optional)

   Reason (input/optional)
           The reason for revoking the subject certificate.

   NewCrlTemplate (output/optional)
           A pointer to the CSSM_DATA structure containing the updated
           certificate revocation list. If the pointer is NULL, an
           error has occurred.

 DESCRIPTION
   The TP module determines whether the revoking certificate group can
   revoke the subject certificate group. The revoker certificate group
   is first authenticated and its applicability to perform this operation
   is determined.  Once the trust is established, the TP revokes the
   subject certificate by adding it to the certificate revocation list.

 RETURN VALUE
   A CSSM_RETURN value indicating success or specifying a particular
   error condition. The value CSSM_OK indicates success. All other
   values represent an error condition.

 ERRORS
   Errors are described in the CDSA technical standard.  See CDSA.

        CSSMERR_TP_INVALID_CL_HANDLE
        CSSMERR_TP_INVALID_CSP_HANDLE
        CSSMERR_TP_INVALID_CRL_POINTER
        CSSMERR_TP_INVALID_CRL
        CSSMERR_TP_UNKNOWN_FORMAT
        CSSMERR_TP_CRL_ALREADY_SIGNED
        CSSMERR_TP_INVALID_CERTGROUP_POINTER
        CSSMERR_TP_INVALID_CERTGROUP
        CSSMERR_TP_INVALID_CERTIFICATE
        CSSMERR_TP_INVALID_ACTION
        CSSMERR_TP_INVALID_ACTION_DATA
        CSSMERR_TP_VERIFY_ACTION_FAILED
        CSSMERR_TP_INVALID_CRLGROUP_POINTER
        CSSMERR_TP_INVALID_CRLGROUP
        CSSMERR_TP_INVALID_CRL_AUTHORITY
        CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
        CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
        CSSMERR_TP_INVALID_TIMESTRING
        CSSMERR_TP_INVALID_STOP_ON_POLICY
        CSSMERR_TP_INVALID_CALLBACK
        CSSMERR_TP_INVALID_ANCHOR_CERT
        CSSMERR_TP_CERTGROUP_INCOMPLETE
        CSSMERR_TP_INVALID_DL_HANDLE
        CSSMERR_TP_INVALID_DB_HANDLE
        CSSMERR_TP_INVALID_DB_LIST_POINTER
        CSSMERR_TP_INVALID_DB_LIST
        CSSMERR_TP_AUTHENTICATION_FAILED
        CSSMERR_TP_INSUFFICIENT_CREDENTIALS
        CSSMERR_TP_NOT_TRUSTED
        CSSMERR_TP_CERT_REVOKED
        CSSMERR_TP_CERT_SUSPENDED
        CSSMERR_TP_CERT_EXPIRED
        CSSMERR_TP_CERT_NOT_VALID_YET
        CSSMERR_TP_INVALID_CERT_AUTHORITY
        CSSMERR_TP_INVALID_SIGNATURE
        CSSMERR_TP_INVALID_NAME
        CSSMERR_TP_CERTIFICATE_CANT_OPERATE
        CSSMERR_TP_INVALID_REASON

 SEE ALSO
   Books

   Intel CDSA Application Developer's Guide (see CDSA)

   Other Help Topics

   Functions for the CSSM API:

       CSSM_CL_CrlAddCert

   Functions for the TP SPI:

       CL_CrlAddCert
Close Help