TP_ConfirmCredResult(3)TP_ConfirmCredResult(3)NAME
TP_ConfirmCredResult, CSSM_TP_ConfirmCredResult - Confirm credentials
(CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_TP_ConfirmCredResult (CSSM_TP_HANDLE
TPHandle, const CSSM_DATA *ReferenceIdentifier, const CSSM_TP_CALLER‐
AUTH_CONTEXT *CallerAuthCredentials, const CSSM_TP_CONFIRM_RESPONSE
*Responses, const CSSM_TP_AUTHORITY_ID *PreferredAuthority) SPI:
CSSM_RETURN CSSMTPI TP_ConfirmCredResult (CSSM_TP_HANDLE TPHandle,
const CSSM_DATA *ReferenceIdentifier, const CSSM_TP_CALLERAUTH_CONTEXT
*CallerAuthCredentials, const CSSM_TP_CONFIRM_RESPONSE *Responses,
const CSSM_TP_AUTHORITY_ID *PreferredAuthority)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
The handle that describes the certification authority module used to
perform this function. A reference identifier that uniquely identifies
execution of the call sequence CSSM_TP_SubmitCredRequest() and
CSSM_TP_RetrieveCredResult() (or the equivalent TP SPI call pair) to
submit a set of requests and to retrieve the results of those requests.
This structure contains a set of caller authentication credentials.
The authentication information can be a passphrase, a PIN, a completed
registration form, a certificate, or a template of user-specific data.
The required set of credentials is defined by the service provider mod‐
ule and recorded in a record in the MDS Primary relation. Multiple cre‐
dentials can be required. If the local service provider module does
not require credentials from a caller, then the Credentials field of
this verification context structure can be NULL. The structure option‐
ally contains additional credentials that can be used to support the
authentication process. Authentication credentials required by the
authority should be included in the RequestInput. The local TP module
can forward information from the CallerAuthCredentials to the author‐
ity, as appropriate, but is not required to do so. An ordered vector
of acknowledges indicating the caller's acceptance or rejection of
results. The vector contains one acknowledgement per result returned by
CSSM_TP_RetrieveCredResult() (CSSM API), or TP_RetrieveCredResult() (TP
SPI). The identifier which uniquely describes the Authority to receive
the acknowledgements. The structure can include: An identity certifi‐
cate for the authority The location of the authority
DESCRIPTION
This function submits a vector of acknowledgements to a Certificate
Authority for a set of requests and corresponding results identified by
ReferenceIdentifier. The caller must execute the call sequence
CSSM_TP_SubmitCredRequest() and CSSM_TP_RetrieveCredResult()(or the
equivalent TP SPI calls) to submit a set of requests and to retrieve
the results of those requests. Some Certificate Authority services
accessed through the request and retrieve functions require confirma‐
tion. The function CSSM_TP_RetrieveCredResult() (CSSM API), or
TP_RetrieveCredResult() (TP SPI), returns a value indicating whether
the caller must invoke CSSM_TP_ConfirmCredResult(), (CSSM API), or
TP_ConfirmCredResult() (TP SPI), to successfully complete the service.
The Responses vector accepts or rejects each result independently. If
the caller rejects a returned result, the action taken by the authority
depends on the requested type of service.
The ReferenceIdentifier also identifies the authority process state
associated with the function pair CSSM_TP_SubmitCredRequest() and
CSSM_TP_RetrieveCredResult() (or the equivalent TP SPI calls). The Pre‐
ferredAuthority information can be used to further identify the author‐
ity to receive the acknowledgement. After successful execution of this
function, the value of the ReferenceIdentifier is undefined and should
not be used in subsequent operations in the current module attach ses‐
sion.
This function fails if ReferenceIdentifier is invalid or the Authority
process can not be located.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_TP_INVALID_IDENTIFIER_POINTER CSS‐
MERR_TP_INVALID_IDENTIFIER CSSMERR_TP_INVALID_CALLERAUTH_CON‐
TEXT_POINTER CSSMERR_TP_INVALID_POLICY_IDENTIFIERS CSS‐
MERR_TP_INVALID_TIMESTRING CSSMERR_TP_INVALID_STOP_ON_POLICY CSS‐
MERR_TP_INVALID_CALLBACK CSSMERR_TP_INVALID_ANCHOR_CERT CSS‐
MERR_TP_CERTGROUP_INCOMPLETE CSSMERR_TP_INVALID_DL_HANDLE CSS‐
MERR_TP_INVALID_DB_HANDLE CSSMERR_TP_INVALID_DB_LIST_POINTER CSS‐
MERR_TP_INVALID_DB_LIST CSSMERR_TP_AUTHENTICATION_FAILED CSS‐
MERR_TP_INSUFFICIENT_CREDENTIALS CSSMERR_TP_NOT_TRUSTED CSS‐
MERR_TP_CERT_REVOKED CSSMERR_TP_CERT_SUSPENDED CSSMERR_TP_CERT_EXPIRED
CSSMERR_TP_CERT_NOT_VALID_YET CSSMERR_TP_INVALID_CERT_AUTHORITY CSS‐
MERR_TP_INVALID_SIGNATURE CSSMERR_TP_INVALID_NAME CSS‐
MERR_TP_INVALID_RESPONSE_VECTOR CSSMERR_TP_INVALID_AUTHORITY CSS‐
MERR_TP_NO_DEFAULT_AUTHORITY CSSMERR_TP_UNSUPPORTED_ADDR_TYPE CSS‐
MERR_TP_INVALID_NETWORK_ADDR
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_TP_SubmitCredRequest(3), CSSM_TP_RetrieveCredResult(3),
CSSM_TP_ReceiveConfirmation(3)
Functions for the TP SPI:
TP_SubmitCredRequest(3), TP_RetrieveCredResult(3), TP_ReceiveConfirma‐
tion(3)TP_ConfirmCredResult(3)