1160814SsimonThe STORE type 2160814Ssimon============== 3160814Ssimon 4160814SsimonA STORE, as defined in this code section, is really a rather simple 5160814Ssimonthing which stores objects and per-object associations to a number 6160814Ssimonof attributes. What attributes are supported entirely depends on 7160814Ssimonthe particular implementation of a STORE. It has some support for 8160814Ssimongeneration of certain objects (for example, keys and CRLs). 9160814Ssimon 10160814Ssimon 11160814SsimonSupported object types 12160814Ssimon---------------------- 13160814Ssimon 14160814SsimonFor now, the objects that are supported are the following: 15160814Ssimon 16160814SsimonX.509 certificate 17160814SsimonX.509 CRL 18160814Ssimonprivate key 19160814Ssimonpublic key 20160814Ssimonnumber 21160814Ssimonarbitrary (application) data 22160814Ssimon 23160814SsimonThe intention is that a STORE should be able to store everything 24160814Ssimonneeded by an application that wants a cert/key store, as well as 25160814Ssimonthe data a CA might need to store (this includes the serial number 26160814Ssimoncounter, which explains the support for numbers). 27160814Ssimon 28160814Ssimon 29160814SsimonSupported attribute types 30160814Ssimon------------------------- 31160814Ssimon 32160814SsimonFor now, the following attributes are supported: 33160814Ssimon 34160814SsimonFriendly Name - the value is a normal C string 35160814SsimonKey ID - the value is a 160 bit SHA1 hash 36160814SsimonIssuer Key ID - the value is a 160 bit SHA1 hash 37160814SsimonSubject Key ID - the value is a 160 bit SHA1 hash 38160814SsimonIssuer/Serial Hash - the value is a 160 bit SHA1 hash 39160814SsimonIssuer - the value is a X509_NAME 40160814SsimonSerial - the value is a BIGNUM 41160814SsimonSubject - the value is a X509_NAME 42160814SsimonCertificate Hash - the value is a 160 bit SHA1 hash 43160814SsimonEmail - the value is a normal C string 44160814SsimonFilename - the value is a normal C string 45160814Ssimon 46160814SsimonIt is expected that these attributes should be enough to support 47160814Ssimonthe need from most, if not all, current applications. Applications 48160814Ssimonthat need to do certificate verification would typically use Subject 49160814SsimonKey ID, Issuer/Serial Hash or Subject to look up issuer certificates. 50160814SsimonS/MIME applications would typically use Email to look up recipient 51160814Ssimonand signer certificates. 52160814Ssimon 53160814SsimonThere's added support for combined sets of attributes to search for, 54160814Ssimonwith the special OR attribute. 55160814Ssimon 56160814Ssimon 57160814SsimonSupported basic functionality 58160814Ssimon----------------------------- 59160814Ssimon 60160814SsimonThe functions that are supported through the STORE type are these: 61160814Ssimon 62160814Ssimongenerate_object - for example to generate keys and CRLs 63160814Ssimonget_object - to look up one object 64160814Ssimon NOTE: this function is really rather 65160814Ssimon redundant and probably of lesser usage 66160814Ssimon than the list functions 67160814Ssimonstore_object - store an object and the attributes 68160814Ssimon associated with it 69160814Ssimonmodify_object - modify the attributes associated with 70160814Ssimon a specific object 71160814Ssimonrevoke_object - revoke an object 72160814Ssimon NOTE: this only marks an object as 73160814Ssimon invalid, it doesn't remove the object 74160814Ssimon from the database 75160814Ssimondelete_object - remove an object from the database 76160814Ssimonlist_object - list objects associated with a given 77160814Ssimon set of attributes 78160814Ssimon NOTE: this is really four functions: 79160814Ssimon list_start, list_next, list_end and 80160814Ssimon list_endp 81160814Ssimonupdate_store - update the internal data of the store 82160814Ssimonlock_store - lock the store 83160814Ssimonunlock_store - unlock the store 84160814Ssimon 85160814SsimonThe list functions need some extra explanation: list_start is 86160814Ssimonused to set up a lookup. That's where the attributes to use in 87160814Ssimonthe search are set up. It returns a search context. list_next 88160814Ssimonreturns the next object searched for. list_end closes the search. 89160814Ssimonlist_endp is used to check if we have reached the end. 90160814Ssimon 91160814SsimonA few words on the store functions as well: update_store is 92160814Ssimontypically used by a CA application to update the internal 93160814Ssimonstructure of a database. This may for example involve automatic 94160814Ssimonremoval of expired certificates. lock_store and unlock_store 95160814Ssimonare used for locking a store to allow exclusive writes. 96