TP_CertGroupToTupleGroup(3)TP_CertGroupToTupleGroup(3)NAME
TP_CertGroupToTupleGroup, CSSM_TP_CertGroupToTupleGroup - Create a set
of authorization tuples (CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_TP_CertGroupToTupleGroup (CSSM_TP_HANDLE
TPHandle, CSSM_CL_HANDLE CLHandle, const CSSM_CERTGROUP *CertGroup,
CSSM_TUPLEGROUP_PTR *TupleGroup) SPI: CSSM_RETURN CSSMTPI TP_CertGroup‐
ToTupleGroup (CSSM_TP_HANDLE TPHandle, CSSM_CL_HANDLE CLHandle, const
CSSM_CERTGROUP *CertGroup, CSSM_TUPLEGROUP_PTR *TupleGroup)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
The handle that describes the trust policy service module used to per‐
form this function. The handle that describes the certificate library
module that can be used to scan the certificate fields for values. If
no certificate library module is specified, the TP module uses an
assumed CL module. A group of certificates in the native certificate
format supported by the Trust Policy module. The certificates carry
authorizations for one or more certificate subjects. A pointer to a
structure containing references to one or more tuples resulting from
the translation process. Storage for structure and the tuples is allo‐
cated by the service provider and must be deallocated by the applica‐
tion.
DESCRIPTION
This function creates a set of authorization tuples based on a set of
input certificates. The certificates must be of the type managed by the
Trust Policy module. The trust policy module may require that the input
certificates be successfully verified before being translated to
tuples. It is assumed that the certificates carry authorizations. The
trust policy service provider interprets the certificate authorization
fields and generates one or more tuples corresponding to those autho‐
rizations. The certificates of the type managed by the Trust Policy
module. The resulting tuples can be input to an authorization evalua‐
tion function, such as CSSM_AC_AuthCompute() (CSSM API), or AC_AuthCom‐
pute() (AC SPI), which determines whether a particular action is autho‐
rized under a basic set of authorization assumptions.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_TP_INVALID_CL_HANDLE CSSMERR_TP_INVALID_CERT‐
GROUP_POINTER CSSMERR_TP_INVALID_CERTGROUP
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_TP_TupleGroupToCertGroup(3), CSSM_AC_AuthCompute(3)
Functions for the TP SPI:
TP_TupleGroupToCertGroup(3), AC_AuthCompute(3)TP_CertGroupToTupleGroup(3)