NAME
TP_CertRevoke,
CSSM_TP_CertRevoke - Determine if the revoking certificate
group can revoke the subject certificate
group (CDSA)
SYNOPSIS
# include <cssm.h>
API:
CSSM_RETURN CSSMAPI CSSM_TP_CertRevoke
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CSP_HANDLE CSPHandle,
const CSSM_DATA *OldCrlTemplate,
const CSSM_CERTGROUP *CertGroupToBeRevoked,
const CSSM_CERTGROUP *RevokerCertGroup,
const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,
CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,
CSSM_TP_CERTCHANGE_REASON Reason,
CSSM_DATA_PTR NewCrlTemplate)
SPI:
CSSM_RETURN CSSMTPI TP_CertRevoke
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CSP_HANDLE CSPHandle,
const CSSM_DATA *OldCrlTemplate,
const CSSM_CERTGROUP *CertGroupToBeRevoked,
const CSSM_CERTGROUP *RevokerCertGroup,
const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,
CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,
CSSM_TP_CERTCHANGE_REASON Reason,
CSSM_DATA_PTR NewCrlTemplate)
LIBRARY
Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)
PARAMETERS
TPHandle (input)
The handle that describes the add-in trust policy module
used to perform this function.
CLHandle (input/optional)
The handle that describes the add-in certificate library
module used to perform this function.
CSPHandle (input/optional)
The handle that describes the add-in cryptographic service
provider module used to perform this function.
OldCrlTemplate (input/optional)
A pointer to the CSSM_DATA structure containing an existing
certificate revocation list. If this input is NULL, a new
list is created or the operation fails.
CertGroupToBeRevoked (input)
A group of one or more certificates that partially or fully
represent the certificate to be revoked by this operation.
The first certificate in the group is the target certificate.
The use of subsequent certificates is specific to the trust
domain. For example, in a hierarchical trust model subsequent
members are intermediate certificates of a certificate chain.
RevokerCertGroup (input)
A group of one or more certificates that partially or fully
represent the revoking entity for this operation. The first
certificate in the group is the target certificate representing
the revoker. The use of subsequent certificates is specific to
the trust domain.
RevokerVerifyContext (input)
A structure containing policy elements useful in verifying
certificates and their use with respect to a security policy.
Optional elements in the verify context left unspecified will
cause the internal default values to be used. Default values
are specified in the TP module vendor release documents. This
context is used to verify the revoker certificate group.
RevokerVerifyResult (output/optional)
A pointer to a structure containing information generated
during the verification process. The information can include:
Evidence (output/optional)
NumberOfEvidences (output/optional)
Reason (input/optional)
The reason for revoking the subject certificate.
NewCrlTemplate (output/optional)
A pointer to the CSSM_DATA structure containing the updated
certificate revocation list. If the pointer is NULL, an
error has occurred.
DESCRIPTION
The TP module determines whether the revoking certificate group can
revoke the subject certificate group. The revoker certificate group
is first authenticated and its applicability to perform this operation
is determined. Once the trust is established, the TP revokes the
subject certificate by adding it to the certificate revocation list.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular
error condition. The value CSSM_OK indicates success. All other
values represent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See CDSA.
CSSMERR_TP_INVALID_CL_HANDLE
CSSMERR_TP_INVALID_CSP_HANDLE
CSSMERR_TP_INVALID_CRL_POINTER
CSSMERR_TP_INVALID_CRL
CSSMERR_TP_UNKNOWN_FORMAT
CSSMERR_TP_CRL_ALREADY_SIGNED
CSSMERR_TP_INVALID_CERTGROUP_POINTER
CSSMERR_TP_INVALID_CERTGROUP
CSSMERR_TP_INVALID_CERTIFICATE
CSSMERR_TP_INVALID_ACTION
CSSMERR_TP_INVALID_ACTION_DATA
CSSMERR_TP_VERIFY_ACTION_FAILED
CSSMERR_TP_INVALID_CRLGROUP_POINTER
CSSMERR_TP_INVALID_CRLGROUP
CSSMERR_TP_INVALID_CRL_AUTHORITY
CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
CSSMERR_TP_INVALID_TIMESTRING
CSSMERR_TP_INVALID_STOP_ON_POLICY
CSSMERR_TP_INVALID_CALLBACK
CSSMERR_TP_INVALID_ANCHOR_CERT
CSSMERR_TP_CERTGROUP_INCOMPLETE
CSSMERR_TP_INVALID_DL_HANDLE
CSSMERR_TP_INVALID_DB_HANDLE
CSSMERR_TP_INVALID_DB_LIST_POINTER
CSSMERR_TP_INVALID_DB_LIST
CSSMERR_TP_AUTHENTICATION_FAILED
CSSMERR_TP_INSUFFICIENT_CREDENTIALS
CSSMERR_TP_NOT_TRUSTED
CSSMERR_TP_CERT_REVOKED
CSSMERR_TP_CERT_SUSPENDED
CSSMERR_TP_CERT_EXPIRED
CSSMERR_TP_CERT_NOT_VALID_YET
CSSMERR_TP_INVALID_CERT_AUTHORITY
CSSMERR_TP_INVALID_SIGNATURE
CSSMERR_TP_INVALID_NAME
CSSMERR_TP_CERTIFICATE_CANT_OPERATE
CSSMERR_TP_INVALID_REASON
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA)
Other Help Topics
Functions for the CSSM API:
CSSM_CL_CrlAddCert
Functions for the TP SPI:
CL_CrlAddCert