Add Verifier (QYDOADDV, QydoAddVerifier) API


  Required Parameter Group:

1 Certificate path name Input Char(*)
2 Length of certificate path name Input Binary(4)
3 Format of certificate path name Input Char(8)
4 Certificate label Input Char(*)
5 Length of certificate label Input Binary(4)
6 Error code I/O Char(*)

  Service Program Name: QYDOADD1

  Default Public Authority: *USE

  Threadsafe: No

The Add Verifier (OPM, QYDOADDV; ILE, QydoAddVerifier) API adds a certificate to the local system's *SIGNATUREVERIFICATION certificate store that the local system can use later to verify the integrity of objects on the system. This certificate represents the system or company that has signed objects that the local system will want to use. Object signatures are used to detect changes to an object that affect the integrity of that object. Object signatures also identify the origin of the object; that is, which system or company the object came from.

Note: If the certificate store does not exist, it will be created with a certificate store password of "VERIFYSIGNATURE". This password should be changed as soon as possible to a non-trivial password using the Digital Certificate Manager.


Authorities and Locks

Authority Required
*ALLOBJ and *SECADM special authorities. Also the "allow certificate updates" must be set on the service tools menu.
Locks
Object containing certificate will be locked exclusive no read

Required Parameter Group

Certificate path name
INPUT; CHAR(*)

The path name of the stream file that has the certificate you wish to add to the *SIGNATUREVERIFICATION certificate store on the local system. This certificate store is a list of certificates the local system uses to verify the integrity of signed objects. If you are using format OBJN0100, this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.

Length of certificate path name
INPUT; BINARY(4)

The length of the contents of the certificate path name parameter. If the format of certificate path name is OBJN0200, this field must include the QLG path name structure in addition to the path name itself. If the format of the certificate path name is OBJN0100, only the path name itself is included.

Format of certificate path name
INPUT; CHAR(8)

The format of the certificate path name parameter.

OBJN0100 The certificate path name is a simple path name.
OBJN0200 The certificate path name is an LG-type path name.

Certificate label
INPUT; CHAR(*)

Names the certificate that will be stored in the database. This label must be unique in the database; you cannot have another certificate with the same name in the database.

This certificate should have been created by exporting a verification certificate from the *OBJECTSIGNING certificate store on the system that signed the objects or buffers to be verified. Exporting any other way will not be useable by this API. Digital Certificate Manager (DCM) can be used for several file formats including this format. DCM will need to be used if other file formats are used.

This certificate should not have been signed by a local Certificate Authority (CA). This API does not support adding CA certificates. DCM will need to be used to import CA certificates prior to using this API to add certificates from those CAs. The certificate stores come with several Internet CA certificates already installed.

Length of certificate label
INPUT; BINARY(4)

The length of the contents of the certificate label parameter.

Error code
I/O; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error Code Parameter.


Error Messages

Message ID Error Message Text
CPF222E E User profile does not have *SECADM (or *ALLOBJ) special authority.
CPFA0A9 E Object not found. Object is &1.
CPFB724 E Option &2 of the operating system is required to work with object signatures.
CPFB73A E The password for the certificate key database needs to be set.
CPF9EA2 E Certificate is not in a supported format. This certificate may have been exported from the *SIGNATUREVERIFICATION certificate store instead of the *OBJECTSIGNING certificate store.
CPF9EA6 E Function &1 cannot be used. The function specified is one that is currently prevented from being used.
CPF9EB0 E Certificate with label &2 is already in the certificate store.
CPF9EB2 E A Certificate Authority (CA) certificate cannot be added using this API.
CPF9EB3 E The issuer of the certificate may not be in the certificate store. Certificate was not added.



API introduced: V5R2
Top | Security APIs | APIs by category