z/OS Open Cryptographic Services Facility Application Programming
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


CSSM_TP_CertGoupConstruct

z/OS Open Cryptographic Services Facility Application Programming
SC24-5899-01

Purpose

This function constructs an ordered certificate group using the certificates in CertGroupFrag as a starting point. There is no implied ordering for the certificates in CertGroupFrag except that the certificate in position 0 of the certificate group is assumed to the starting point for constructing the remaining certificate group. An ordering relationship may be defined and recorded in the certificates themselves or assumed by the TP model.

The certificate group is augmented by adding semantically related certificates obtained by searching the certificate data stores specified in DBList. For example, if the certificate model is a hierarchical model of certificate chains, the leaf certificate in the chain is a CertGroup fragment and the complete certificate chain, including the root certificate, is the anticipated result of the construction operation.

Format

CSSM_CERTGROUP_PTR CSSMAPI CSSM_TP_CertGroupConstruct
                     (CSSM_TP_HANDLE TPHandle, 
                     CSSM_CL_HANDLE CLHandle,
                     CSSM_CSP_HANDLE CSPHandle,
                     CSSM_CERTGROUP_PTR CertGroupFrag,
                     CSSM_DL_DB_LIST_PTR DBList)

Parameters

Input

TPHandle
The handle to the TP module to perform this operation.
CSPHandle
The handle to the CSP that can be used for verification of certificate chains while constructing the certificate group.
CertGroupFrag
A list of certificates that form a possibly incomplete set of certificates. This set is used as the base set for constructing a complete certificate group.
DBList
A list of handle pairs specifying a DL module and a data store managed by that module. These data stores should contain certificates (and possibly other security objects). The data stores should be searched to complete construction of a semantically related certificate group.

Input/optional

CLHandle
The handle to the CL module that can be used to manipulate and parse values stored in the certgroup certificates. If no CL module is specified, the TP module uses an assumed CL module.

Return Value

A list of certificates that form a complete certificate group based on the original subset of certificates and the certificate data stores. A NULL list indicates an error.

Related Information

CSSM_TP_CertGroupPrune
CSSM_TP_CertGroupVerify

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014