IOpcDigitalSignatureManager::Sign method (msopc.h)
Signs the package by generating a signature by using the specified certificate and IOpcSigningOptions interface pointer. The resultant signature is represented by an IOpcDigitalSignature interface pointer.
Syntax
HRESULT Sign(
[in] const CERT_CONTEXT *certificate,
[in] IOpcSigningOptions *signingOptions,
[out, retval] IOpcDigitalSignature **digitalSignature
);
Parameters
[in] certificate
A pointer to a CERT_CONTEXT structure that contains the certificate.
[in] signingOptions
An IOpcSigningOptions interface pointer that is used to generate the signature.
[out, retval] digitalSignature
A new IOpcDigitalSignature interface pointer that represents the signature.
Return value
The method returns an HRESULT. Possible values include, but are not limited to, those in the following table.
| Return code/value | Description |
|---|---|
|
The method succeeded. |
|
At least one of the certificate, signingOptions, and digitalSignature parameters is NULL. |
|
The default digest method has not been set; to set it, call IOpcSigningOptions::SetDefaultDigestMethod. |
|
Cannot get the digest value of a package component or an element in the signature markup that was referenced for signing. |
|
The signature's time format is not a valid OPC_SIGNATURE_TIME_FORMAT enumeration value. |
|
An indicated relationship signing option is not a valid OPC_RELATIONSHIPS_SIGNING_OPTION enumeration value. |
|
A signature in the package is not properly formed. Cannot get the signature value. |
|
The signature method has not been set. Call IOpcSigningOptions::SetSignatureMethod to set the signature method. |
|
The specified part does not exist. |
|
An HRESULT error code from a Cryptography API. |
|
An HRESULT error code from a Windows Web Services API. |
Remarks
This method uses Packaging objects to make changes to a package. The resultant changes are not saved until the package itself is saved.
Before this method is called to generate a signature, call the IOpcSigningOptions::SetDefaultDigestMethod and IOpcSigningOptions::SetSignatureMethod methods.
To create an IOpcSigningOptions interface pointer, which is required by this method, call the CreateSigningOptions method.
- The Digital Signature Origin part
- The package relationship of the digital signature origin relationship type
- One signature part that contains signature markup
- One or more part that contains a certificate
- One relationship that targets a signature part and that has the Digital Signature Origin part as its source
- One or more relationship that targets a signature part that contains a certificate and that has another signature part as its source
If Sign fails, any of the above parts and relationships may be represented, in the package, by Packaging objects. If the method returns the OPC_E_DS_SIGNATURE_METHOD_NOT_SET or OPC_E_DS_DEFAULT_DIGEST_METHOD_NOT_SET error code, the package has not been altered.
If Sign is successful, digest values are calculated for signed entities, and the generated signature is serialized as signature markup. Possible signed entities include the Signature element, references, parts, relationships, and package-specific and application-specific Object elements.
Errors that are introduced into a package signature when the caller is using the IOpcSigningOptions interface to set signature information may not be exposed until Sign is called.
Thread Safety
Packaging objects are not thread-safe.
For more information, see the Getting Started with the Packaging API.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 7 [desktop apps only] |
| Minimum supported server | Windows Server 2008 R2 [desktop apps only] |
| Target Platform | Windows |
| Header | msopc.h |
See also
Getting Started with the Packaging API
Overviews
Packaging API Programming Guide
Packaging Digital Signature Interfaces
Reference