Manualshelf

Common Data Security Architecture (CDSA) White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
31323334353637383940
Chapter 1 39
Common Data Security Architecture (CDSA) White Paper
Certificate Library Services (CL) API
Returns the first field in the certificate matching the input OID. If the certificate contains
more than one instance of the requested OID, the CL returns a handle used for obtaining and
tallying the additional instances of the OID in the certificate. The application obtains the
additional matching instances by repeated calls to CL_CertGetNextFieldValue.
CL_CertGetNextFieldValue ( )
Returns the next field that matched the OID given in the CL_CertGetFirstFieldValue
function.
CL_CertAbortQuery ( )
Releases the handle assigned by the CL_CertGetFirstFieldValue function to identify the
results of a certificate query. It is only supported by certificate library modules that allow
multiple instances of an OID in a single certificate.
CL_CertGetKeyInfo ( )
Retrieves the public key information stored in the certificate, based on which portions of the
CSSM_KEY data structure the CL has specified for the CSSM to reveal.
CL_CertGetAllFields ( )
Returns a list of all the fields in the input certificate, as described by their OID/value pairs.
CL_CertDescribeFormat ( )
Returns a list of the kinds of data objects comprising the CL module’s own certificate format.
Certificate Revocation List Operations This section summarizes the functions that
comprise the CRL operations in the certificate library interface, as to operation and
parameter definitions.
CL_CrlCreateTemplate ( )
Creates a CRL in the default CRL format based on the OID/value pairs provided by the
application. The CL makes its supported OIDs available to the application by two means: via
the CrlTemplate registered with CSSM and the CL_CrlDescribeFormat function. The CL
defines which fields are required to create a CRL, or conversely, which fields cannot be set
using this function. The returned CRL template is not valid until it has been signed.
CL_CrlSetFields ( )
Sets the fields of an existing CRL to new values, based on the OID/value pairs provided by the
application. The CL defines the fields that must or cannot be set using this function, and for
specifying module-specific behavior, such as overwriting existing fields, adding new fields, or
modifying CRL records. This operation is valid only if the CRL has not been signed. Once the
CRL has been signed, fields cannot be changed.
CL_CrlAddCert ( )