Copyright Digital Equipment Corp. All rights reserved.

TP_CertGroupToTupleGroup

NAME
  TP_CertGroupToTupleGroup,
  CSSM_TP_CertGroupToTupleGroup - Create a set of authorization
                                  tuples (CDSA)

SYNOPSIS
  # include <cssm.h>

   API:
       CSSM_RETURN CSSMAPI CSSM_TP_CertGroupToTupleGroup
       (CSSM_TP_HANDLE TPHandle,
       CSSM_CL_HANDLE  CLHandle,
       const CSSM_CERTGROUP *CertGroup,
       CSSM_TUPLEGROUP_PTR *TupleGroup)
   SPI:
       CSSM_RETURN CSSMTPI TP_CertGroupToTupleGroup
       (CSSM_TP_HANDLE TPHandle,
       CSSM_CL_HANDLE  CLHandle,
       const CSSM_CERTGROUP *CertGroup,
       CSSM_TUPLEGROUP_PTR *TupleGroup)

LIBRARY
  Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

PARAMETERS
  TPHandle (input)
          The handle that describes the trust policy service module
          used to perform this function.

  CLHandle (input/optional)
          The handle that describes the certificate library module that
          can be used to scan the certificate fields for values. If no
          certificate library module is specified, the TP module uses
          an assumed CL module.

  CertGroup (input)
          A group of certificates in the native certificate format
          supported by the Trust Policy module. The certificates
          carry authorizations for one or more certificate subjects.

  TupleGroup (output)
          A pointer to a structure containing references to one or
          more tuples resulting from the translation process. Storage
          for structure and the tuples is allocated by the service
          provider and must be deallocated by the application.

DESCRIPTION
  This function creates a set of authorization tuples based on a set of
  input certificates. The certificates must be of the type managed by
  the Trust Policy module. The trust policy module may require that the
  input certificates be successfully verified before being translated to
  tuples.  It is assumed that the certificates carry authorizations. The
  trust policy service provider interprets the certificate authorization
  fields and generates one or more tuples corresponding to those
  authorizations.  The certificates of the type managed by the Trust
  Policy module. The resulting tuples can be input to an authorization
  evaluation function, such as CSSM_AC_AuthCompute() (CSSM API), or
  AC_AuthCompute() (AC SPI), which determines whether a particular
  action is authorized under a basic set of authorization assumptions.

RETURN VALUE
  A CSSM_RETURN value indicating success or specifying a particular
  error condition. The value CSSM_OK indicates success. All other
  values represent an error condition.

ERRORS
  Errors are described in the CDSA technical standard.  See CDSA.

       CSSMERR_TP_INVALID_CL_HANDLE
       CSSMERR_TP_INVALID_CERTGROUP_POINTER
       CSSMERR_TP_INVALID_CERTGROUP

SEE ALSO
  Books

  Intel CDSA Application Developer's Guide (see CDSA)

  Other Help Topics

  Functions for the CSSM API:

      CSSM_TP_TupleGroupToCertGroup
      CSSM_AC_AuthCompute

  Functions for the TP SPI:

      TP_TupleGroupToCertGroup
      AC_AuthCompute