To modify shared secrets in applications or credentials, you must be able to add and remove the keys used to secure secrets stored in a user's SecretStore as explained in the following sections.
For each user-defined application thread involved in secrets sharing, call NSSSCreateSHSHandle to obtain a void pointer as a handle to parse subsequent calls.
Call NSSSReadSharedSecret to pass in the handle created in Step 1 and a user-populated SS_SH_SECRET_ID_T structure that contains the shared secret type, name, and length.
NOTE:You also pass in the populated SSS_CONTEXT_T and SS_OBJECT_DN_T structures; ssFlags; and the SS_PWORD_T, SSS_READEXT_T, and SS_EXT_T structures that are typically provided when calling NSSSReadSecret. Consequently, NSSRReadSharedSecret enables you to make calls to trees and user DNs outside of the primary connection.
Internally, NSSSReadSharedSecret calls NSSSReadSecret to retrieve secret data stored on SecretStore. This function contains the handle and pointers to internally allocated key and value buffers.
The secret data is parsed according to the shared secret format using the parsing library.
Sequential internal calls are made to enter key and value data into a linked list.
Call NSSSAddSHSEntry sequentially to enter key or value data into the linked list.
NOTE:This function contains pointers to user-allocated key and value buffers and the unsigned long context flag member of the SSS_CONTEXT_T structure populated from calling NSSSGetServiceInformation.
Call NSSSWriteSharedSecret to pass a handle to write a shared secret, as well as a user-populated SS_SH_SECRET_ID_T structure containing the share secret type, name, and length. This creates a secret ID according to the secret ID format using either the prefix SS_App or SS_CredSet.
NOTE:You also pass in the populated SSS_CONTEXT_T and SS_OBJECT_DN_T structures, ssFlags, and the SS_PWORD_T and SS_EXT_T structures that are typically passed when calling NSSSWriteSecret. Consequently, NSSRWriteSharedSecret enables you to make calls to trees and user DNs outside of the primary connection.
NSSSWriteSharedSecret makes sequential internal calls to retrieve data from the link list and populate an internal buffer.
The internal buffer is parsed according to the shared secret format using the parsing library. The resultant data is passed into the Secret buffer for passage to NSSSWriteSecret in the SecretStore client.
The function makes an internal call to store the Secret buffer as a shared secret in SecretStore using NSSSWriteSecret.
Before exiting the application, call NSSSDestroySHSHandle to free memory associated with the handle of each shared secret thread.
For each user-defined application thread involved in secrets sharing, call NSSSCreateSHSHandle to obtain a void pointer as a handle to parse subsequent calls.
Call NSSSReadSharedSecret to pass in the handle created in Step 1 and a user-populated SS_SH_SECRET_ID_T structure that contains the shared secret type, name, and length.
NOTE:You also pass in the populated SSS_CONTEXT_T and SS_OBJECT_DN_T structures; ssFlags; and the SS_PWORD_T, SSS_READEXT_T, and SS_EXT_T structures that are typically provided when calling NSSSReadSecret. Consequently, NSSRReadSharedSecret enables you to make calls to trees and user DNs outside of the primary connection.
Internally, NSSSReadSharedSecret calls NSSSReadSecret to retrieve secret data stored on SecretStore. This function contains the handle and pointers to internally allocated key and value buffers.
The secret data is parsed according to the shared secret format using the parsing library.
Sequential internal calls are made to obtain key and value data passed into a linked list.
For each key you want to remove, call NSSSRemoveSHSEntry to remove the key-value pair. This call contains the handle, pointers to user-allocated key and value buffers, and the unsigned long context flag member of the SSS_CONTEXT_T structure populated from calling NSSSGetServiceInformation.
Call NSSSWriteSharedSecret to pass a handle to write a shared secret, as well as a user-populated SS_SH_SECRET_ID_T structure containing the share secret type, name, and length. This creates a secret ID according to the secret ID format using either the prefix SS_App or SS_CredSet.
NOTE:You also pass in the populated SSS_CONTEXT_T and SS_OBJECT_DN_T structures, ssFlags, and the SS_PWORD_T and SS_EXT_T structures that are typically passed when calling NSSSWriteSecret. Consequently, NSSRWriteSharedSecret enables you to make calls to trees and user DNs outside of the primary connection.
NSSSWriteSharedSecret makes sequential internal calls to retrieve data from the linked list and populate an internal buffer.
The internal buffer is parsed according to the shared secret format using the parsing library. The resultant data is passed into the Secret buffer for passage to NSSSWriteSecret in the SecretStore client.
The function makes an internal call to store the Secret buffer as a shared secret in SecretStore using NSSSWriteSecret.
Before exiting the application, call NSSSDestroySHSHandle to free memory associated with the handle of each shared secret thread.