ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/qydoaddv.htm

290 lines
8.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>Add Verifier (QYDOADDV) API</title>
<!-- Begin Header Records -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- Created for V5R2-->
<!-- End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!-- Java sync-link -->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<h2>Add Verifier (QYDOADDV, QydoAddVerifier) API</h2>
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Required Parameter Group:<br>
<!-- iddvc RMBR -->
<br>
<table width="100%">
<tr>
<td align="center" valign="top" width="10%">1</td>
<td align="left" valign="top" width="50%">Certificate path name</td>
<td align="left" valign="top" width="20%">Input</td>
<td align="left" valign="top" width="20%">Char(*)</td>
</tr>
<tr>
<td align="center" valign="top">2</td>
<td align="left" valign="top">Length of certificate path name</td>
<td align="left" valign="top">Input</td>
<td align="left" valign="top">Binary(4)</td>
</tr>
<tr>
<td align="center" valign="top">3</td>
<td align="left" valign="top">Format of certificate path name</td>
<td align="left" valign="top">Input</td>
<td align="left" valign="top">Char(8)</td>
</tr>
<tr>
<td align="center" valign="top">4</td>
<td align="left" valign="top">Certificate label</td>
<td align="left" valign="top">Input</td>
<td align="left" valign="top">Char(*)</td>
</tr>
<tr>
<td align="center" valign="top">5</td>
<td align="left" valign="top">Length of certificate label</td>
<td align="left" valign="top">Input</td>
<td align="left" valign="top">Binary(4)</td>
</tr>
<tr>
<td align="center" valign="top">6</td>
<td align="left" valign="top">Error code</td>
<td align="left" valign="top">I/O</td>
<td align="left" valign="top">Char(*)</td>
</tr>
</table>
<br>
&nbsp;&nbsp;Service Program Name: QYDOADD1<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: No<br>
<!-- iddvc RMBR -->
<br>
</div>
<p>The Add Verifier (OPM, QYDOADDV; ILE, QydoAddVerifier) API adds a
certificate to the local system's *SIGNATUREVERIFICATION certificate store that
the local system can use later to verify the integrity of objects on the
system. This certificate represents the system or company that has signed
objects that the local system will want to use. Object signatures are used to
detect changes to an object that affect the integrity of that object. Object
signatures also identify the origin of the object; that is, which system or
company the object came from.</p>
<p><strong>Note:</strong> If the certificate store does not exist, it will be
created with a certificate store password of "VERIFYSIGNATURE". This password
should be changed as soon as possible to a non-trivial password using the
Digital Certificate Manager.</p>
<br>
<h3>Authorities and Locks</h3>
<dl>
<dt><em>Authority Required</em></dt>
<dd>*ALLOBJ and *SECADM special authorities. Also the "allow certificate
updates" must be set on the service tools menu.</dd>
<dt><em>Locks</em></dt>
<dd>Object containing certificate will be locked exclusive no read</dd>
</dl>
<br>
<h3>Required Parameter Group</h3>
<dl>
<dt><strong>Certificate path name</strong></dt>
<dd>INPUT; CHAR(*)
<p>The path name of the stream file that has the certificate you wish to add to
the *SIGNATUREVERIFICATION certificate store on the local system. This
certificate store is a list of certificates the local system uses to verify the
integrity of signed objects. If you are using format OBJN0100, this parameter
is assumed to be represented in the coded character set identifier (CCSID)
currently in effect for the job. If the CCSID of the job is 65535, this
parameter is assumed to be represented in the default CCSID of the job.</p>
</dd>
<dt><strong>Length of certificate path name</strong></dt>
<dd>INPUT; BINARY(4)
<p>The length of the contents of the certificate path name parameter. If the
format of certificate path name is OBJN0200, this field must include the QLG
path name structure in addition to the path name itself. If the format of the
certificate path name is OBJN0100, only the path name itself is included.</p>
</dd>
<dt><strong>Format of certificate path name</strong></dt>
<dd>INPUT; CHAR(8)
<p>The format of the certificate path name parameter.</p>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<td align="left" valign="top"><em>OBJN0100</em></td>
<td align="left" valign="top">The certificate path name is a simple path
name.</td>
</tr>
<tr>
<td align="left" valign="top"><em>OBJN0200</em></td>
<td align="left" valign="top">The certificate path name is an LG-type path
name.</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Certificate label</strong></dt>
<dd>INPUT; CHAR(*)
<p>Names the certificate that will be stored in the database. This label must
be unique in the database; you cannot have another certificate with the same
name in the database.</p>
<p>This certificate should have been created by exporting a verification
certificate from the *OBJECTSIGNING certificate store on the system that signed
the objects or buffers to be verified. Exporting any other way will not be
useable by this API. Digital Certificate Manager (DCM) can be used for several
file formats including this format. DCM will need to be used if other file
formats are used.</p>
<p>This certificate should not have been signed by a local Certificate
Authority (CA). This API does not support adding CA certificates. DCM will need
to be used to import CA certificates prior to using this API to add
certificates from those CAs. The certificate stores come with several Internet
CA certificates already installed.</p>
</dd>
<dt><strong>Length of certificate label</strong></dt>
<dd>INPUT; BINARY(4)
<p>The length of the contents of the certificate label parameter.</p>
</dd>
</dl>
<dl>
<dt><strong>Error code</strong></dt>
<dd>I/O; CHAR(*)
<p>The structure in which to return error information. For the format of the
structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>.</p>
</dd>
</dl>
<br>
<h3>Error Messages</h3>
<table width="100%" cellpadding="5">
<!-- cols="15 85" -->
<tr>
<th align="left" valign="top" nowrap>Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td align="left" valign="top">CPF222E E</td>
<td align="left" valign="top">User profile does not have *SECADM (or *ALLOBJ)
special authority.</td>
</tr>
<tr>
<td align="left" valign="top">CPFA0A9 E</td>
<td align="left" valign="top">Object not found. Object is &amp;1.</td>
</tr>
<tr>
<td align="left" valign="top">CPFB724 E</td>
<td align="left" valign="top">Option &amp;2 of the operating system is required
to work with object signatures.</td>
</tr>
<tr>
<td align="left" valign="top">CPFB73A E</td>
<td align="left" valign="top">The password for the certificate key database
needs to be set.</td>
</tr>
<tr>
<td align="left" valign="top">CPF9EA2 E</td>
<td align="left" valign="top">Certificate is not in a supported format. This
certificate may have been exported from the *SIGNATUREVERIFICATION certificate
store instead of the *OBJECTSIGNING certificate store.</td>
</tr>
<tr>
<td align="left" valign="top">CPF9EA6 E</td>
<td align="left" valign="top">Function &amp;1 cannot be used. The function specified is one that is currently prevented from being used.</td>
</tr>
<tr>
<td align="left" valign="top">CPF9EB0 E</td>
<td align="left" valign="top">Certificate with label &amp;2 is already in the
certificate store.</td>
</tr>
<tr>
<td align="left" valign="top">CPF9EB2 E</td>
<td align="left" valign="top">A Certificate Authority (CA) certificate cannot
be added using this API.</td>
</tr>
<tr>
<td align="left" valign="top">CPF9EB3 E</td>
<td align="left" valign="top">The issuer of the certificate may not be in the
certificate store. Certificate was not added.</td>
</tr>
</table>
<br>
<br>
<hr>
API introduced: V5R2
<hr>
<table align="center" cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</body>
</html>