1 The STORE type 2 ============== 3 4 A STORE, as defined in this code section, is really a rather simple 5 thing which stores objects and per-object associations to a number 6 of attributes. What attributes are supported entirely depends on 7 the particular implementation of a STORE. It has some support for 8 generation of certain objects (for example, keys and CRLs). 9 10 11 Supported object types 12 ---------------------- 13 14 For now, the objects that are supported are the following: 15 16 X.509 certificate 17 X.509 CRL 18 private key 19 public key 20 number 21 arbitrary (application) data 22 23 The intention is that a STORE should be able to store everything 24 needed by an application that wants a cert/key store, as well as 25 the data a CA might need to store (this includes the serial number 26 counter, which explains the support for numbers). 27 28 29 Supported attribute types 30 ------------------------- 31 32 For now, the following attributes are supported: 33 34 Friendly Name - the value is a normal C string 35 Key ID - the value is a 160 bit SHA1 hash 36 Issuer Key ID - the value is a 160 bit SHA1 hash 37 Subject Key ID - the value is a 160 bit SHA1 hash 38 Issuer/Serial Hash - the value is a 160 bit SHA1 hash 39 Issuer - the value is a X509_NAME 40 Serial - the value is a BIGNUM 41 Subject - the value is a X509_NAME 42 Certificate Hash - the value is a 160 bit SHA1 hash 43 Email - the value is a normal C string 44 Filename - the value is a normal C string 45 46 It is expected that these attributes should be enough to support 47 the need from most, if not all, current applications. Applications 48 that need to do certificate verification would typically use Subject 49 Key ID, Issuer/Serial Hash or Subject to look up issuer certificates. 50 S/MIME applications would typically use Email to look up recipient 51 and signer certificates. 52 53 There's added support for combined sets of attributes to search for, 54 with the special OR attribute. 55 56 57 Supported basic functionality 58 ----------------------------- 59 60 The functions that are supported through the STORE type are these: 61 62 generate_object - for example to generate keys and CRLs 63 get_object - to look up one object 64 NOTE: this function is really rather 65 redundant and probably of lesser usage 66 than the list functions 67 store_object - store an object and the attributes 68 associated with it 69 modify_object - modify the attributes associated with 70 a specific object 71 revoke_object - revoke an object 72 NOTE: this only marks an object as 73 invalid, it doesn't remove the object 74 from the database 75 delete_object - remove an object from the database 76 list_object - list objects associated with a given 77 set of attributes 78 NOTE: this is really four functions: 79 list_start, list_next, list_end and 80 list_endp 81 update_store - update the internal data of the store 82 lock_store - lock the store 83 unlock_store - unlock the store 84 85 The list functions need some extra explanation: list_start is 86 used to set up a lookup. That's where the attributes to use in 87 the search are set up. It returns a search context. list_next 88 returns the next object searched for. list_end closes the search. 89 list_endp is used to check if we have reached the end. 90 91 A few words on the store functions as well: update_store is 92 typically used by a CA application to update the internal 93 structure of a database. This may for example involve automatic 94 removal of expired certificates. lock_store and unlock_store 95 are used for locking a store to allow exclusive writes. 96
