290 lines
8.6 KiB
HTML
290 lines
8.6 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
|
<title>Add Verifier (QYDOADDV) API</title>
|
|
<!-- Begin Header Records -->
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<!-- Change History: -->
|
|
<!-- YYMMDD USERID Change description -->
|
|
<!-- Created for V5R2-->
|
|
<!-- End Header Records -->
|
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
|
</head>
|
|
<body>
|
|
<a name="Top_Of_Page"></a>
|
|
<!-- Java sync-link -->
|
|
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
|
|
</script>
|
|
|
|
<h2>Add Verifier (QYDOADDV, QydoAddVerifier) API</h2>
|
|
|
|
<div class="box" style="width: 80%;">
|
|
<br>
|
|
Required Parameter Group:<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
<table width="100%">
|
|
|
|
<tr>
|
|
<td align="center" valign="top" width="10%">1</td>
|
|
<td align="left" valign="top" width="50%">Certificate path name</td>
|
|
<td align="left" valign="top" width="20%">Input</td>
|
|
<td align="left" valign="top" width="20%">Char(*)</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="center" valign="top">2</td>
|
|
<td align="left" valign="top">Length of certificate path name</td>
|
|
<td align="left" valign="top">Input</td>
|
|
<td align="left" valign="top">Binary(4)</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="center" valign="top">3</td>
|
|
<td align="left" valign="top">Format of certificate path name</td>
|
|
<td align="left" valign="top">Input</td>
|
|
<td align="left" valign="top">Char(8)</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="center" valign="top">4</td>
|
|
<td align="left" valign="top">Certificate label</td>
|
|
<td align="left" valign="top">Input</td>
|
|
<td align="left" valign="top">Char(*)</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="center" valign="top">5</td>
|
|
<td align="left" valign="top">Length of certificate label</td>
|
|
<td align="left" valign="top">Input</td>
|
|
<td align="left" valign="top">Binary(4)</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="center" valign="top">6</td>
|
|
<td align="left" valign="top">Error code</td>
|
|
<td align="left" valign="top">I/O</td>
|
|
<td align="left" valign="top">Char(*)</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
Service Program Name: QYDOADD1<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
Default Public Authority: *USE<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
Threadsafe: No<br>
|
|
<!-- iddvc RMBR -->
|
|
<br>
|
|
</div>
|
|
|
|
<p>The Add Verifier (OPM, QYDOADDV; ILE, QydoAddVerifier) API adds a
|
|
certificate to the local system's *SIGNATUREVERIFICATION certificate store that
|
|
the local system can use later to verify the integrity of objects on the
|
|
system. This certificate represents the system or company that has signed
|
|
objects that the local system will want to use. Object signatures are used to
|
|
detect changes to an object that affect the integrity of that object. Object
|
|
signatures also identify the origin of the object; that is, which system or
|
|
company the object came from.</p>
|
|
|
|
<p><strong>Note:</strong> If the certificate store does not exist, it will be
|
|
created with a certificate store password of "VERIFYSIGNATURE". This password
|
|
should be changed as soon as possible to a non-trivial password using the
|
|
Digital Certificate Manager.</p>
|
|
|
|
<br>
|
|
<h3>Authorities and Locks</h3>
|
|
|
|
<dl>
|
|
<dt><em>Authority Required</em></dt>
|
|
|
|
<dd>*ALLOBJ and *SECADM special authorities. Also the "allow certificate
|
|
updates" must be set on the service tools menu.</dd>
|
|
|
|
<dt><em>Locks</em></dt>
|
|
|
|
<dd>Object containing certificate will be locked exclusive no read</dd>
|
|
</dl>
|
|
|
|
<br>
|
|
<h3>Required Parameter Group</h3>
|
|
|
|
<dl>
|
|
<dt><strong>Certificate path name</strong></dt>
|
|
|
|
<dd>INPUT; CHAR(*)
|
|
|
|
<p>The path name of the stream file that has the certificate you wish to add to
|
|
the *SIGNATUREVERIFICATION certificate store on the local system. This
|
|
certificate store is a list of certificates the local system uses to verify the
|
|
integrity of signed objects. If you are using format OBJN0100, this parameter
|
|
is assumed to be represented in the coded character set identifier (CCSID)
|
|
currently in effect for the job. If the CCSID of the job is 65535, this
|
|
parameter is assumed to be represented in the default CCSID of the job.</p>
|
|
</dd>
|
|
|
|
<dt><strong>Length of certificate path name</strong></dt>
|
|
|
|
<dd>INPUT; BINARY(4)
|
|
|
|
<p>The length of the contents of the certificate path name parameter. If the
|
|
format of certificate path name is OBJN0200, this field must include the QLG
|
|
path name structure in addition to the path name itself. If the format of the
|
|
certificate path name is OBJN0100, only the path name itself is included.</p>
|
|
</dd>
|
|
|
|
<dt><strong>Format of certificate path name</strong></dt>
|
|
|
|
<dd>INPUT; CHAR(8)
|
|
|
|
<p>The format of the certificate path name parameter.</p>
|
|
|
|
<table cellpadding="5">
|
|
<!-- cols="15 85" -->
|
|
<tr>
|
|
<td align="left" valign="top"><em>OBJN0100</em></td>
|
|
<td align="left" valign="top">The certificate path name is a simple path
|
|
name.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top"><em>OBJN0200</em></td>
|
|
<td align="left" valign="top">The certificate path name is an LG-type path
|
|
name.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
</dd>
|
|
|
|
<dt><strong>Certificate label</strong></dt>
|
|
|
|
<dd>INPUT; CHAR(*)
|
|
|
|
<p>Names the certificate that will be stored in the database. This label must
|
|
be unique in the database; you cannot have another certificate with the same
|
|
name in the database.</p>
|
|
|
|
<p>This certificate should have been created by exporting a verification
|
|
certificate from the *OBJECTSIGNING certificate store on the system that signed
|
|
the objects or buffers to be verified. Exporting any other way will not be
|
|
useable by this API. Digital Certificate Manager (DCM) can be used for several
|
|
file formats including this format. DCM will need to be used if other file
|
|
formats are used.</p>
|
|
|
|
<p>This certificate should not have been signed by a local Certificate
|
|
Authority (CA). This API does not support adding CA certificates. DCM will need
|
|
to be used to import CA certificates prior to using this API to add
|
|
certificates from those CAs. The certificate stores come with several Internet
|
|
CA certificates already installed.</p>
|
|
</dd>
|
|
|
|
<dt><strong>Length of certificate label</strong></dt>
|
|
|
|
<dd>INPUT; BINARY(4)
|
|
|
|
<p>The length of the contents of the certificate label parameter.</p>
|
|
</dd>
|
|
</dl>
|
|
|
|
<dl>
|
|
<dt><strong>Error code</strong></dt>
|
|
|
|
<dd>I/O; CHAR(*)
|
|
|
|
<p>The structure in which to return error information. For the format of the
|
|
structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>.</p>
|
|
</dd>
|
|
</dl>
|
|
|
|
<br>
|
|
|
|
|
|
<h3>Error Messages</h3>
|
|
|
|
<table width="100%" cellpadding="5">
|
|
<!-- cols="15 85" -->
|
|
<tr>
|
|
<th align="left" valign="top" nowrap>Message ID</th>
|
|
<th align="left" valign="top">Error Message Text</th>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPF222E E</td>
|
|
<td align="left" valign="top">User profile does not have *SECADM (or *ALLOBJ)
|
|
special authority.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPFA0A9 E</td>
|
|
<td align="left" valign="top">Object not found. Object is &1.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPFB724 E</td>
|
|
<td align="left" valign="top">Option &2 of the operating system is required
|
|
to work with object signatures.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPFB73A E</td>
|
|
<td align="left" valign="top">The password for the certificate key database
|
|
needs to be set.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPF9EA2 E</td>
|
|
<td align="left" valign="top">Certificate is not in a supported format. This
|
|
certificate may have been exported from the *SIGNATUREVERIFICATION certificate
|
|
store instead of the *OBJECTSIGNING certificate store.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPF9EA6 E</td>
|
|
<td align="left" valign="top">Function &1 cannot be used. The function specified is one that is currently prevented from being used.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPF9EB0 E</td>
|
|
<td align="left" valign="top">Certificate with label &2 is already in the
|
|
certificate store.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPF9EB2 E</td>
|
|
<td align="left" valign="top">A Certificate Authority (CA) certificate cannot
|
|
be added using this API.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td align="left" valign="top">CPF9EB3 E</td>
|
|
<td align="left" valign="top">The issuer of the certificate may not be in the
|
|
certificate store. Certificate was not added.</td>
|
|
</tr>
|
|
</table>
|
|
|
|
<br>
|
|
<br>
|
|
|
|
|
|
<hr>
|
|
API introduced: V5R2
|
|
|
|
<hr>
|
|
<table align="center" cellpadding="2" cellspacing="2">
|
|
<tr align="center">
|
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
|
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
|
|
</tr>
|
|
</table>
|
|
</body>
|
|
</html>
|
|
|