CL_CertGroupToSignedBundle(3)CL_CertGroupToSignedBundle(3)NAME
CL_CertGroupToSignedBundle, CSSM_CL_CertGroupToSignedBundle - Convert a
certificate group to a certificate bundle (CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_CL_CertGroupToSignedBundle (CSSM_CL_HAN‐
DLE CLHandle, CSSM_CC_HANDLE CCHandle, const CSSM_CERTGROUP *CertGroup‐
ToBundle, const CSSM_CERT_BUNDLE_HEADER *BundleInfo, CSSM_DATA_PTR
SignedBundle) SPI: CSSM_RETURN CSSMCLI CL_CertGroupToSignedBundle
(CSSM_CL_HANDLE CLHandle, CSSM_CC_HANDLE CCHandle, const CSSM_CERTGROUP
*CertGroupToBundle, const CSSM_CERT_BUNDLE_HEADER *BundleInfo,
CSSM_DATA_PTR SignedBundle)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
The handle that describes the add-in certificate library module used to
perform this function. The handle of the cryptographic context to con‐
trol the signing operation. The operation will fail if a signature is
required for this type of bundle and the cryptographic context is not
valid. An array of individual, encoded certificates. All certificates
in this list will be included in the resulting certificate bundle. A
structure containing the type and encoding of the bundle to be created.
If the type and the encoding are not specified, then the module will
use a default bundle type and bundle encoding. The function returns a
pointer to a signed certificate bundle containing all certificates in
the certificate group. The bundle is of the type and encoding requested
by the caller or is the default type defined by the library module if
the BundleInfo was not specified by the caller. The SignedBundle->Data
is allocated by the service provider and must be deallocated by the
application.
DESCRIPTION
This function accepts as input a certificate group (as an array of
individual certificates) and returns a certificate bundle (a codified
and signed aggregation of the certificates in the group). The certifi‐
cate group will first be encoded according to the BundleInfo input by
the user. If BundleInfo is NULL, the library will perform a default
encoding for its default bundle type. If possible, the certificate
group ordering will be maintained in this certificate aggregate encod‐
ing. After encoding, the certificate aggregate will be signed using the
input context. The CL module embeds knowledge of the signing scope for
the bundle types it supports. The signature is then associated with the
certificate aggregate according to the bundle type and encoding rules
and is returned as a bundle to the calling application.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_CL_INVALID_CONTEXT_HANDLE CSS‐
MERR_CL_INVALID_CERTGROUP_POINTER CSSMERR_CL_INVALID_CERT_POINTER CSS‐
MERR_CL_UNKNOWN_FORMAT CSSMERR_CL_INVALID_BUNDLE_POINTER CSS‐
MERR_CL_INVALID_BUNDLE_INFO
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_CL_CertGroupFromVerifiedBundle(3)
Functions for the CLI SPI:
CL_CertGroupFromVerifiedBundle(3)CL_CertGroupToSignedBundle(3)