123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 |
- The STORE type
- ==============
- A STORE, as defined in this code section, is really a rather simple
- thing which stores objects and per-object associations to a number
- of attributes. What attributes are supported entirely depends on
- the particular implementation of a STORE. It has some support for
- generation of certain objects (for example, keys and CRLs).
- Supported object types
- ----------------------
- For now, the objects that are supported are the following:
- X.509 certificate
- X.509 CRL
- private key
- public key
- number
- arbitrary (application) data
- The intention is that a STORE should be able to store everything
- needed by an application that wants a cert/key store, as well as
- the data a CA might need to store (this includes the serial number
- counter, which explains the support for numbers).
- Supported attribute types
- -------------------------
- For now, the following attributes are supported:
- Friendly Name - the value is a normal C string
- Key ID - the value is a 160 bit SHA1 hash
- Issuer Key ID - the value is a 160 bit SHA1 hash
- Subject Key ID - the value is a 160 bit SHA1 hash
- Issuer/Serial Hash - the value is a 160 bit SHA1 hash
- Issuer - the value is a X509_NAME
- Serial - the value is a BIGNUM
- Subject - the value is a X509_NAME
- Certificate Hash - the value is a 160 bit SHA1 hash
- Email - the value is a normal C string
- Filename - the value is a normal C string
- It is expected that these attributes should be enough to support
- the need from most, if not all, current applications. Applications
- that need to do certificate verification would typically use Subject
- Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.
- S/MIME applications would typically use Email to look up recipient
- and signer certificates.
- There's added support for combined sets of attributes to search for,
- with the special OR attribute.
- Supported basic functionality
- -----------------------------
- The functions that are supported through the STORE type are these:
- generate_object - for example to generate keys and CRLs
- get_object - to look up one object
- NOTE: this function is really rather
- redundant and probably of lesser usage
- than the list functions
- store_object - store an object and the attributes
- associated with it
- modify_object - modify the attributes associated with
- a specific object
- revoke_object - revoke an object
- NOTE: this only marks an object as
- invalid, it doesn't remove the object
- from the database
- delete_object - remove an object from the database
- list_object - list objects associated with a given
- set of attributes
- NOTE: this is really four functions:
- list_start, list_next, list_end and
- list_endp
- update_store - update the internal data of the store
- lock_store - lock the store
- unlock_store - unlock the store
- The list functions need some extra explanation: list_start is
- used to set up a lookup. That's where the attributes to use in
- the search are set up. It returns a search context. list_next
- returns the next object searched for. list_end closes the search.
- list_endp is used to check if we have reached the end.
- A few words on the store functions as well: update_store is
- typically used by a CA application to update the internal
- structure of a database. This may for example involve automatic
- removal of expired certificates. lock_store and unlock_store
- are used for locking a store to allow exclusive writes.
|