CSSM_TP_CertSign

Purpose

This function signs a certificate and enforces a specific signing policy, such as X.509, or another standard that the TP module supports.

Format

CSSM_DATA_PTR CSSMAPI CSSM_TP_CertSign 
                 (CSSM_TP_HANDLE TPHandle,
                 CSSM_CL_HANDLE CLHandle,
                 CSSM_CC_HANDLE CCHandle,
                 const CSSM_DL_DB_LIST_PTR DBList,
                 const CSSM_DATA_PTR CertToBeSigned,
                 const CSSM_CERTGROUP_PTR SignerCertGroup,
                 const CSSM_FIELD_PTR SignScope,
                 uint32 ScopeSize)

Parameters

Input

TPHandle: The handle that describes the TP module used to perform this function.
CCHandle: The handle that describes the context for a cryptographic operation. The cryptographic context specifies the handle of the CSP that must be used to perform the operation.
CertToBeSigned: A pointer to the CSSM_DATA structure containing a certificate to be signed.
SignerCertGroup: A pointer to the CSSM_CERTGROUP structure containing one or more related certificates used to sign the certificate.
ScopeSize: The number of entries in the sign scope list. If the signing scope is not specified, the input parameter value for scope size must be zero.

Input/optional

CLHandle: The handle that describes the CL module that can be used to manipulate the certificate to be signed. If no CL module is specified, the TP module uses an assumed CL module, if required.
DBList: A list of handle pairs specifying a DL module and a data store managed by that module. These data stores can be used to store, retrieve objects (such as certificate and CRLs) related to the signer's certificate, or a data store for storing a resulting signed CRL. If no DL and DB handle pairs are specified, the TP module can use an assumed DL module and an assumed data store, if required.
SignScope: A pointer to the CSSM_FIELD array containing the tags of the certificate fields to be included in the signing process. If the signing scope is null, the TP Module must assume a default scope (portions of the certificate to be hashed) when performing the signing process.

Return Value

A pointer to a CSSM_DATA structure containing the signed certificate. If the pointer is NULL, an error has occurred. Use CSSM_GetError to obtain the error code.