HP UX Security Products and Features Software manual Certificate Library Services CL API

Page 39

Common Data Security Architecture (CDSA) White Paper

Certificate Library Services (CL) API

Returns the first field in the certificate matching the input OID. If the certificate contains more than one instance of the requested OID, the CL returns a handle used for obtaining and tallying the additional instances of the OID in the certificate. The application obtains the additional matching instances by repeated calls to CL_CertGetNextFieldValue.

CL_CertGetNextFieldValue ( )

Returns the next field that matched the OID given in the CL_CertGetFirstFieldValue function.

CL_CertAbortQuery ( )

Releases the handle assigned by the CL_CertGetFirstFieldValue function to identify the results of a certificate query. It is only supported by certificate library modules that allow multiple instances of an OID in a single certificate.

CL_CertGetKeyInfo ( )

Retrieves the public key information stored in the certificate, based on which portions of the CSSM_KEY data structure the CL has specified for the CSSM to reveal.

CL_CertGetAllFields ( )

Returns a list of all the fields in the input certificate, as described by their OID/value pairs.

CL_CertDescribeFormat ( )

Returns a list of the kinds of data objects comprising the CL module’s own certificate format.

Certificate Revocation List Operations This section summarizes the functions that comprise the CRL operations in the certificate library interface, as to operation and parameter definitions.

CL_CrlCreateTemplate ( )

Creates a CRL in the default CRL format based on the OID/value pairs provided by the application. The CL makes its supported OIDs available to the application by two means: via the CrlTemplate registered with CSSM and the CL_CrlDescribeFormat function. The CL defines which fields are required to create a CRL, or conversely, which fields cannot be set using this function. The returned CRL template is not valid until it has been signed.

CL_CrlSetFields ( )

Sets the fields of an existing CRL to new values, based on the OID/value pairs provided by the application. The CL defines the fields that must or cannot be set using this function, and for specifying module-specific behavior, such as overwriting existing fields, adding new fields, or modifying CRL records. This operation is valid only if the CRL has not been signed. Once the CRL has been signed, fields cannot be changed.

CL_CrlAddCert ( )

Chapter 1

39

Page 38 Page 40
Image 39
Page 38 Page 40
Contents Contents Migrating to Cdsa ZIP format Private Key File Sample Install Program Generating the Credential FileChapter Common Data Security Architecture Cdsa White PaperGlossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and AcronymsGlossary of Cdsa Terms and Acronyms RC2 Glossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and Acronyms Glossary of Cdsa Terms and Acronyms HP-UX Cdsa Product Overview What Is CDSA?What Is CDSA? HP’s Implementation of CdsaWhat Is CDSA? Cdsa Components on HP-UX Cdsa Components in HP-UXWhat Is CDSA? Cdsa in the Context of Other Security Applications Example of Cdsa APIs Used for Applications vs. SharedLibraries Applications CDSA, shown relative to higher-level protocols and userHP’s Paradigm Shift Common Security Services Manager Cssm API Common Security Services Manager CssmCssm Module Information Files Cssmnotlongfilenamesys Dual Asymmetric Key Algorithm Cryptography Service Provider CSP APICryptography Service Provider CSP API Public/Private Key AlgorithmsSymmetric Key Algorithm RC2 or RC4 Authenticating a Digital SignatureCryptography Service Provider CSP API Hash Interaction between CSP and Applications CSP Operations Cryptography Service Provider CSP API Cryptography Service Provider CSP API Supported Functions and Algorithms Extensibility FunctionsCssmalgidcdmf Cssmalgiddsa Cssmalgiddh Purpose Pass-Through ID Outline of a Generic Certificate Certificate Library Services CL APIWhat is a Certificate? Certificate Library Services CL APICertificate Revocation List CRL and Operations Interaction between Certificate Library and Application Operations on Certificates Interaction between Cssm and Certificate Library InterfaceCertificate Library Interface Certificate Library Services CL API Certificate Library Services CL API Certificate Library Services CL API INTELX509V3PASSTHROUGHCREATEENCODEDNAME INTELX509V3PASSTHROUGHENCODENAME INTELX509V3PASSTHROUGHENCODEALGID INTELX509V3PASSTHROUGHREADCERTFROMFILE INTELX509V3PASSTHROUGHENCODEREVOKEDCERTLIST INTELX509V3PASSTHROUGHFINDSUPPORTINGCSP INTELX509V3PASSTHROUGHCSSMKEYTOSPKI Introduction to Add-in Modules Role of Add-In Modules in the Cdsa FrameworkIntroduction to Add-in Modules Global Unique Identifier Guid Design Criteria for Add-In ModulesInitializer Add-In Module Install Program Code to Register Services with CssmTo Install an Add-In Library How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module forLd -b -o libmylib.1 +I MyAddInInit Implementing Integrity Checking in Add-In Modules Programming Self-Check Functions into the Initializer How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module for HP-UX How to Create a Cdsa Add-In Module for HP-UX Typeprocedure How to Create a Cdsa Add-In Module for HP-UX Or specify the following for CL/TP/DL add-ins With a Cssm capable of integrity checking Validating the CSP Credentials Validating the CSP CredentialsCredential File Certificate ChainVerifying a Certificate Chain Validation SequenceVerifying the signature on the .SF file Integrity Check prior to LoadingSHA-1 11 Verifying the validity of the CSP library Self CheckIn-Memory vs. Static Checking Bilateral AuthenticationConcluding Remarks Further ReferencesConcluding Remarks Concluding Remarks Appendix a Sample Install ProgramAppendix a Appendix a Cssmapimemoryfuncs Appendix a Else if argc != Destpath Sample Install Program Appendix a Sample Install Program Appendix B Generating the Credential FileHP Signing Policy for CSP Add-In Vendors for Cdsa Version HP Signing Policy for CSP Add-In Vendors for Cdsa VersionAppendix C Sample Add-in Module CodeAppendix C Appendix C Sample Add-in Module Code Appendix C Cssmreturn = Null Sample Add-in Module Code == Cssmfail Cssmmodulefuncs Appendix C Sample Add-in Module Code Appendix C Sample Add-in Module Code Data 100 Appendix C 101 102 Appendix C 103 104 Appendix D 105 Functions Needed for Add-in Module Integrity106 Appendix E 107 Trouble Shooting HP CdsaCdsa API Errors Cdsa API Errors108 Appendix E 109 110 Appendix E 111 112 Appendix E 113 114 Appendix E 115 116 Appendix E 117 Cdsa Start Up Errors when calling CSSMModuleAttach Cdsa Start Up Errors when calling CSSMModuleAttach118 Appendix E 119 Using DDE to Debug Cdsa Applications Debugging Core Dumps120 Appendix F 121 Migrating to Cdsa122 Appendix F 123 124 DL data structuresAppendix G 125 ZIP format126 Appendix G 127 128 Appendix H 129 Private Key File130 Private Key File Contention
Related manuals
Manual 62 pages 27.73 Kb
Top Page Image Contents