README 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
  1. The STORE type
  2. ==============
  3. A STORE, as defined in this code section, is really a rather simple
  4. thing which stores objects and per-object associations to a number
  5. of attributes. What attributes are supported entirely depends on
  6. the particular implementation of a STORE. It has some support for
  7. generation of certain objects (for example, keys and CRLs).
  8. Supported object types
  9. ----------------------
  10. For now, the objects that are supported are the following:
  11. X.509 certificate
  12. X.509 CRL
  13. private key
  14. public key
  15. number
  16. arbitrary (application) data
  17. The intention is that a STORE should be able to store everything
  18. needed by an application that wants a cert/key store, as well as
  19. the data a CA might need to store (this includes the serial number
  20. counter, which explains the support for numbers).
  21. Supported attribute types
  22. -------------------------
  23. For now, the following attributes are supported:
  24. Friendly Name - the value is a normal C string
  25. Key ID - the value is a 160 bit SHA1 hash
  26. Issuer Key ID - the value is a 160 bit SHA1 hash
  27. Subject Key ID - the value is a 160 bit SHA1 hash
  28. Issuer/Serial Hash - the value is a 160 bit SHA1 hash
  29. Issuer - the value is a X509_NAME
  30. Serial - the value is a BIGNUM
  31. Subject - the value is a X509_NAME
  32. Certificate Hash - the value is a 160 bit SHA1 hash
  33. Email - the value is a normal C string
  34. Filename - the value is a normal C string
  35. It is expected that these attributes should be enough to support
  36. the need from most, if not all, current applications. Applications
  37. that need to do certificate verification would typically use Subject
  38. Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.
  39. S/MIME applications would typically use Email to look up recipient
  40. and signer certificates.
  41. There's added support for combined sets of attributes to search for,
  42. with the special OR attribute.
  43. Supported basic functionality
  44. -----------------------------
  45. The functions that are supported through the STORE type are these:
  46. generate_object - for example to generate keys and CRLs
  47. get_object - to look up one object
  48. NOTE: this function is really rather
  49. redundant and probably of lesser usage
  50. than the list functions
  51. store_object - store an object and the attributes
  52. associated with it
  53. modify_object - modify the attributes associated with
  54. a specific object
  55. revoke_object - revoke an object
  56. NOTE: this only marks an object as
  57. invalid, it doesn't remove the object
  58. from the database
  59. delete_object - remove an object from the database
  60. list_object - list objects associated with a given
  61. set of attributes
  62. NOTE: this is really four functions:
  63. list_start, list_next, list_end and
  64. list_endp
  65. update_store - update the internal data of the store
  66. lock_store - lock the store
  67. unlock_store - unlock the store
  68. The list functions need some extra explanation: list_start is
  69. used to set up a lookup. That's where the attributes to use in
  70. the search are set up. It returns a search context. list_next
  71. returns the next object searched for. list_end closes the search.
  72. list_endp is used to check if we have reached the end.
  73. A few words on the store functions as well: update_store is
  74. typically used by a CA application to update the internal
  75. structure of a database. This may for example involve automatic
  76. removal of expired certificates. lock_store and unlock_store
  77. are used for locking a store to allow exclusive writes.