Copyright Digital Equipment Corp. All rights reserved.

TP_CertRemoveFromCrlTemplate

NAME
  TP_CertRemoveFromCrlTemplate,
  CSSM_TP_CertRemoveFromCrlTemplate - Determine if the revoking
                                      certificate group can remove
                                      the subject certificate group
                                      from the CRL template (CDSA)

SYNOPSIS
  # include <cssm.h>

   API:
       CSSM_RETURN CSSMAPI CSSM_TP_CertRemoveFromCrlTemplate
       (CSSM_TP_HANDLE TPHandle,
       CSSM_CL_HANDLE CLHandle,
       CSSM_CSP_HANDLE CSPHandle,
       const CSSM_DATA *OldCrlTemplate,
       const CSSM_CERTGROUP *CertGroupToBeRemoved,
       const CSSM_CERTGROUP *RevokerCertGroup,
       const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,
       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,
       CSSM_DATA_PTR NewCrlTemplate)
   SPI:
       CSSM_RETURN CSSMTPI TP_CertRemoveFromCrlTemplate
       (CSSM_TP_HANDLE TPHandle,
       CSSM_CL_HANDLE CLHandle,
       CSSM_CSP_HANDLE CSPHandle,
       const CSSM_DATA *OldCrlTemplate,
       const CSSM_CERTGROUP *CertGroupToBeRemoved,
       const CSSM_CERTGROUP *RevokerCertGroup,
       const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,
       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,
       CSSM_DATA_PTR NewCrlTemplate)

LIBRARY
  Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

PARAMETERS
  TPHandle (input)
          The handle that describes the add-in trust policy module
          used to perform this function.

  CLHandle (input/optional)
          The handle that describes the add-in certificate library
          module used to perform this function.

  CSPHandle (input/optional)
          The handle that describes the add-in cryptographic service
          provider module used to perform this function.

  OldCrlTemplate (input/optional)
          A pointer to the CSSM_DATA structure containing an existing
          certificate revocation list. If this input is NULL, a new
          list is created or the operation fails.

  CertGroupToBeRemoved (input)
          A group of one or more certificates to be removed from the
          the CRL template.

  RevokerCertGroup (input)
          A group of one or more certificates that partially or fully
          represent the revoking entity for this operation. The first
          certificate in the group is the target certificate representing
          the revoker. The use of subsequent certificates is specific to
          the trust domain.

  RevokerVerifyContext (input)
          A structure containing policy elements useful in verifying
          certificates and their use with respect to a security policy.
          Optional elements in the verify context left unspecified will
          cause the internal default values to be used. Default values
          are specified in the TP module vendor release documents.
          This context is used to verify the revoker certificate group.

  RevokerVerifyResult (output/optional)
          A pointer to a structure containing information generated
          during the verification process. The information can include:

          Evidence            (output/optional)
          NumberOfEvidences   (output/optional)

  NewCrlTemplate (output)
          A pointer to the CSSM_DATA structure containing the updated
          certificate revocation list. If the pointer is NULL, an error
          has occurred.

DESCRIPTION
  The TP module determines whether the revoking certificate group can
  remove the subject certificate group from the CRL template. The
  revoker certificate group is first authenticated and its applicability
  to perform this operation is determined. Once the trust is established,
  the TP removes the certificates from the CRL template.

RETURN VALUE
  A CSSM_RETURN value indicating success or specifying a particular
  error condition. The value CSSM_OK indicates success. All other
  values represent an error condition.

ERRORS
  Errors are described in the CDSA technical standard.  See CDSA.

       CSSMERR_TP_INVALID_CL_HANDLE
       CSSMERR_TP_INVALID_CSP_HANDLE
       CSSMERR_TP_INVALID_CRL_POINTER
       CSSMERR_TP_INVALID_CRL
       CSSMERR_TP_UNKNOWN_FORMAT
       CSSMERR_TP_CRL_ALREADY_SIGNED
       CSSMERR_TP_INVALID_CERTGROUP_POINTER
       CSSMERR_TP_INVALID_CERTGROUP
       CSSMERR_TP_INVALID_CERTIFICATE
       CSSMERR_TP_INVALID_ACTION
       CSSMERR_TP_INVALID_ACTION_DATA
       CSSMERR_TP_VERIFY_ACTION_FAILED
       CSSMERR_TP_INVALID_CRLGROUP_POINTER
       CSSMERR_TP_INVALID_CRLGROUP
       CSSMERR_TP_INVALID_CRL_AUTHORITY
       CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
       CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
       CSSMERR_TP_INVALID_TIMESTRING
       CSSMERR_TP_INVALID_STOP_ON_POLICY
       CSSMERR_TP_INVALID_CALLBACK
       CSSMERR_TP_INVALID_ANCHOR_CERT
       CSSMERR_TP_CERTGROUP_INCOMPLETE
       CSSMERR_TP_INVALID_DL_HANDLE
       CSSMERR_TP_INVALID_DB_HANDLE
       CSSMERR_TP_INVALID_DB_LIST_POINTER
       CSSMERR_TP_INVALID_DB_LIST
       CSSMERR_TP_AUTHENTICATION_FAILED
       CSSMERR_TP_INSUFFICIENT_CREDENTIALS
       CSSMERR_TP_NOT_TRUSTED
       CSSMERR_TP_CERT_REVOKED
       CSSMERR_TP_CERT_SUSPENDED
       CSSMERR_TP_CERT_EXPIRED
       CSSMERR_TP_CERT_NOT_VALID_YET
       CSSMERR_TP_INVALID_CERT_AUTHORITY
       CSSMERR_TP_INVALID_SIGNATURE
       CSSMERR_TP_INVALID_NAME
       CSSMERR_TP_CERTIFICATE_CANT_OPERATE

SEE ALSO
  Books

  Intel CDSA Application Developer's Guide (see CDSA)

  Other Help Topics

  Functions for the CSSM API:

      CSSM_CL_CrlAddCert

  Functions for the TP SPI:

      CL_CrlAddCert