NAME
CSSM_TP_ConfirmCredResult — Confirm credentials (CDSA)
SYNOPSIS
# include <cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_TP_ConfirmCredResult (CSSM_TP_HANDLE TPHandle, const CSSM_DATA *ReferenceIdentifier, const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, const CSSM_TP_CONFIRM_RESPONSE *Responses, const CSSM_TP_AUTHORITY_ID *PreferredAuthority) SPI: CSSM_RETURN CSSMTPI TP_ConfirmCredResult (CSSM_TP_HANDLE TPHandle, const CSSM_DATA *ReferenceIdentifier, const CSSM_TP_CALLERAUTH_CONTEXT *CallerAuthCredentials, const CSSM_TP_CONFIRM_RESPONSE *Responses, const CSSM_TP_AUTHORITY_ID *PreferredAuthority)
|
LIBRARY
Common Security Services Manager library (cdsa$incssm300_shr.exe)
PARAMETERS
TPHandle (input) | | The handle that describes the certification authority
module used to perform this function. |
ReferenceIdentifier (input) |
| | A reference identifier that uniquely identifies
execution of the call sequence CSSM_TP_SubmitCredRequest() and CSSM_TP_RetrieveCredResult() (or the equivalent TP SPI call pair) to submit a set
of requests and to retrieve the results of those requests. |
CallerAuthCredentials (input/optional) |
| | This structure contains a set of caller authentication
credentials. The authentication information can be a passphrase,
a PIN, a completed registration form, a certificate, or a template
of user-specific data. The required set of credentials is defined
by the service provider module and recorded in a record in the MDS
Primary relation. Multiple credentials can be required. If the local
service provider module does not require credentials from a caller,
then the Credentials field of this verification
context structure can be NULL. The structure optionally contains
additional credentials that can be used to support the authentication
process. Authentication credentials required by the authority should
be included in the RequestInput. The local TP
module can forward information from the CallerAuthCredentials to
the authority, as appropriate, but is not required to do so. |
Responses (input) |
| | An ordered vector of acknowledges indicating the
caller's acceptance or rejection of results. The vector contains
one acknowledgement per result returned by CSSM_TP_RetrieveCredResult() (CSSM API), or TP_RetrieveCredResult() (TP SPI). |
PreferredAuthority (input/optional) |
| | The identifier which uniquely describes the Authority
to receive the acknowledgements. The structure can include: An identity certificate for the authority The location of the authority
|
DESCRIPTION
This function submits a vector of acknowledgements to a Certificate
Authority for a set of requests and corresponding results identified
by ReferenceIdentifier. The caller must execute
the call sequence CSSM_TP_SubmitCredRequest() and CSSM_TP_RetrieveCredResult()(or the equivalent TP SPI calls) to submit a set of requests
and to retrieve the results of those requests. Some Certificate
Authority services accessed through the request and retrieve functions
require confirmation. The function CSSM_TP_RetrieveCredResult() (CSSM API), or TP_RetrieveCredResult() (TP SPI), returns a value indicating whether the caller
must invoke CSSM_TP_ConfirmCredResult(), (CSSM API), or TP_ConfirmCredResult() (TP SPI), to successfully complete the service.
The Responses vector accepts or rejects
each result independently. If the caller rejects a returned result,
the action taken by the authority depends on the requested type
of service.
The ReferenceIdentifier also identifies
the authority process state associated with the function pair CSSM_TP_SubmitCredRequest() and CSSM_TP_RetrieveCredResult() (or the equivalent TP SPI calls). The PreferredAuthority information
can be used to further identify the authority to receive the acknowledgement.
After successful execution of this function, the value of the ReferenceIdentifier is undefined
and should not be used in subsequent operations in the current module
attach session.
This function fails if ReferenceIdentifier is
invalid or the Authority process can not be located.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular
error condition. The value CSSM_OK indicates success. All other
values represent an error condition.
ERRORS
Errors are described in the CDSA Technical Standard.
CSSMERR_TP_INVALID_IDENTIFIER_POINTER CSSMERR_TP_INVALID_IDENTIFIER CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER CSSMERR_TP_INVALID_POLICY_IDENTIFIERS CSSMERR_TP_INVALID_TIMESTRING CSSMERR_TP_INVALID_STOP_ON_POLICY CSSMERR_TP_INVALID_CALLBACK CSSMERR_TP_INVALID_ANCHOR_CERT CSSMERR_TP_CERTGROUP_INCOMPLETE CSSMERR_TP_INVALID_DL_HANDLE CSSMERR_TP_INVALID_DB_HANDLE CSSMERR_TP_INVALID_DB_LIST_POINTER CSSMERR_TP_INVALID_DB_LIST CSSMERR_TP_AUTHENTICATION_FAILED CSSMERR_TP_INSUFFICIENT_CREDENTIALS CSSMERR_TP_NOT_TRUSTED CSSMERR_TP_CERT_REVOKED CSSMERR_TP_CERT_SUSPENDED CSSMERR_TP_CERT_EXPIRED CSSMERR_TP_CERT_NOT_VALID_YET CSSMERR_TP_INVALID_CERT_AUTHORITY CSSMERR_TP_INVALID_SIGNATURE CSSMERR_TP_INVALID_NAME CSSMERR_TP_INVALID_RESPONSE_VECTOR CSSMERR_TP_INVALID_AUTHORITY CSSMERR_TP_NO_DEFAULT_AUTHORITY CSSMERR_TP_UNSUPPORTED_ADDR_TYPE CSSMERR_TP_INVALID_NETWORK_ADDR
|
SEE ALSO
Books
Intel CDSA Application Developer's Guide
Online Help
Functions for the CSSM API:
CSSM_TP_SubmitCredRequest, CSSM_TP_RetrieveCredResult, CSSM_TP_ReceiveConfirmation
Functions for the TP SPI:
TP_SubmitCredRequest, TP_RetrieveCredResult, TP_ReceiveConfirmation