| 1 | Object path name | Input | Char(*) |
| 2 | Length of object path name | Input | Binary(4) |
| 3 | Format of object path name | Input | Char(8) |
| 4 | Multiple objects characteristics | Input | Char(*) |
| 5 | Length of multiple objects characteristics | Input | Binary(4) |
| 6 | Error code | I/O | Char(*) |
The Verify Object (OPM, QYDOVFYO; ILE, QydoVerifyObject) API checks to see
if an object has changed since it was signed. Only certificates in the local
system's Verify Object certificate database that have signed this object will
be checked. Any other signatures will be ignored. If none of the signatures of
this object are by certificates the local system recognizes, the object is
considered unsigned. If the object is unsigned, this is reported as an error.
If any trusted signatures are valid, the object is considered successfully
verified.
For objects in a library:
For objects in a directory:
See the open()--Open File API for the authority needed to the results path name. The file is open for append and is created if it does not already exist.
The name of the object you want to verify. If the object is not in a library, the name may be relative to the current directory or may specify the entire path name. If the object is in a library the name must be in the form '/QSYS.LIB/libname.LIB/objname.objtype' if you are using format OBJN0100 object path naming. For example to sign a program named NEWEMPL in library PAYROLL, the qualified object name would be '/QSYS.LIB/PAYROLL.LIB/NEWEMPL.PGM' if you are using format OBJN0100 object path naming. Also if you are using format OBJN0100 object path naming, this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.
The path name may contain wildcard characters. '*' will represent any number of unknown characters. '?' will represent any single unknown character. For example, to specify all the program objects in library MYLIB, using format OBJN0100, you could specify '/QSYS.LIB/MYLIB.LIB/*.PGM'. If you want to verify all signable objects in a library or directory, specify the last part of the path name as simply '*'. For example to verify all signable objects in MYLIB, assuming you are using format OBJN0100, you could specify '/QSYS.LIB/MYLIB.LIB/*'.
If the object is in the QSYS file system, it must an object type *PGM, *SRVPGM, *MODULE, *SQLPKG, *FILE (save file),
or *CMD.The length of the object path name. If the format of object path name is OBJN0200, this field must include the QLG path name structure in addition to the path name itself. If the format of object path name is OBJN0100, only the path name itself is included.
The format of the object path name parameter.
| OBJN0100 | The object path name is a simple path name. |
| OBJN0200 | The object path name is an LG-type path name. |
How multiple objects specified on the object path name parameter are handled. See Multiple objects characteristics format for details on the format of this parameter. This field may be NULL if the length of multiple objects characteristics is 0.
The length of the specified multiple objects characteristics. This length may be 0 if you want to use the default values for all these characteristics, or 1 or greater to indicate how many bytes of the characteristics should be used.
The structure in which to return error information. For the format of the structure, see Error code parameter.
The format of the multiple objects characteristics is shown in the following table. For detailed descriptions of the fields in the tables, see Field Descriptions.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(1) | Subdirectories |
| 1 | 1 | CHAR(1) | Stop of first error |
| 2 | 2 | CHAR(6) | Reserved |
| 8 | 8 | BINARY(4) | Offset to results file path name |
| 12 | 0C | BINARY(4) | Length of results file path name |
| 16 | 10 | CHAR(8) | Format of results file path name |
| 24 | 18 | CHAR(8) | Format of contents of the results file |
| CHAR(*) | Results file path name | ||
Format of content of the results file. The format of the contents of the file containing the results of this call.
| RSLT0100 | The basic information is returned for each object specified by the object path name parameter. |
Format of results path name. The format of the results path name parameter.
| OBJN0100 | The results path name is a simple path name. |
| OBJN0200 | The results path name is an LG-type path name. |
Length of results path name. The length of the results path name. 0 length means no results files are used, and the results path name and format of results path name parameter values are not used. If the format of results path name is OBJN0200, this field must include the QLG path name structure in addition to the path name itself. If the format of results path name is OBJN0100, only the path name itself is included.
Offset to results path name. Offset from the beginning of this structure to the results path name.
Reserved. This field currently is not used. It is filled with binary zeroes.
Results path name. The path name of the object you want to contain the results on this call. This object may not be in a library (that is, may not be under the /QSYS.LIB directory). The name may be relative to the current directory or may specify the entire path name. For example to store results in a file called SIGNED.LST in the MYDIR directory, the results path name would be '/MYDIR/SIGNED.LST'. If you are using format OBJN0100, this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.
If this is an existing file, results will be appended to the end of the file. Otherwise, a new file will be created.
The default is not to have a results file.
Stop on first error. Whether control should be returned on the first error found.
| 0 | Continue processing objects even if some errors are found. |
| 1 | "Start of change">Stop on the first object that detects an error. This is the default value. |
Subdirectories. Whether objects in directories under the directory specified in the object path name parameter should be processed also.
| 0 | Process objects in the directory specified in the object path name parameter only. This is the default value. |
| 1 | Process objects in the directory specified in the object name path parameter and in all directories under that directory. |
The following table describes the order and format of the data returned in the RSLT0100 format. This data is repeated for each object that was attempted to be verified. For detailed descriptions of the fields in the tables, see Field Descriptions.
Note:All data in this file will be in CCSID 13488. New files will be created in this CCSID. If an existing file is named that has a different CCSID, an error will be reported.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(7) | Message identifier |
| 7 | 7 | CHAR(9) | Reserved |
| 16 | 10 | CHAR(8) | Date |
| 24 | 18 | CHAR(8) | Reserved |
| 32 | 20 | CHAR(1) | Operation type |
| 33 | 21 | CHAR(15) | Operation type description |
| 48 | 30 | CHAR(8) | Reserved |
| 56 | 38 | CHAR(*) | Fully qualified object name |
Date. The date the operation took place. The format will be YYYYMMDD. For example, June 30, 2002 will be 20020630.
Fully qualified object name. The simple path name from the root to the object whose signature is being verified. The field will be terminated with a new line character.
Message identifier. The error message used to report failure. This field is blank if no error was detected for this object.
Operation type. The operation that was attempted.
| 0 | Signing operation |
| 1 | Verifying operation |
Operation type description. Short word description of the operation that was attempted.
Reserved. This field currently is not used. It is filled with blanks.
| Message ID | Error Message Text |
|---|---|
| CPFA085 E | Home directory not found for user &1. |
| CPFA086 E | Matching quote not found in path name. |
| CPFA087 E | Path name contains null character. |
| CPFA088 E | Path name pattern not valid. |
| CPFA089 E | Pattern not allowed in path name. |
| CPFA08B E | Path name cannot begin with *. |
| CPFA08C E | Pattern not allowed in path name directory. |
| CPFA08D E | Request information value is not valid. |
| CPFA08E E | More than one name matches pattern. |
| CPFA091 E | Pattern not allowed in user name. |
| CPFA092 E | Path name not converted. |
| CPFA094 E | Path name not specified. |
| CPFA0A4 E | Too many open files for process. |
| CPFA0AA E | Error occurred while attempting to obtain space. |
| CPFA0D4 E | File system error occurred. |
| CPFB720 E | No signable object was found. |
| CPFB722 E | Object not signed. |
| CPFB723 E | Object signed, but signature is not valid. |
| CPFB724 E | Option &2 of the operating system is required to work with object signatures. |
| CPFB72A E | The object had no trusted signatures on the object. |
| CPFB72B E | Object not found. |
| CPFB72C E | The object cannot currently be signed or verified. |
| CPFB735 E | The digital signing API parameter &1 is not large enough. |
| CPFB736 E | The digital signing API parameter &1 is not small enough. |
| CPFB737 E | The digital signing API parameter &1 is a null pointer. |
| CPFB738 E | The digital signing API parameter &1 is not a valid format type. |
| CPFB739 E | The digital signing API parameter &1 is out of range. |
| CPFB73A E | The password for the certificate key database needs to be set. |
| CPFB740 E | The format name for the pathname is not valid. |
| CPFB741 E | The length of the path name parameter is not valid. |
| CPFB742 E | The subdirectory option is an invalid value. |
| CPFB743 E | The value for stopping on the first error is not valid. |
| CPFB744 E | The format of the results file for the digital signing API is an incorrect v. |
| CPFB745 E | The format name for the results file path name is not valid. |
| CPFB746 E | The results file path name length is not large enough. |
| CPFB749 E | Object signature operation ended abnormally. &1 objects attempted, &2 objects successfully processed. |
| CPFB74D E | Results file could not be used. |
| CPFBC50 E | No path names match input path names. |
[ Back to top | Security APIs | APIs by category ]