Week 23 contribution of PDK documentation content. See release notes for details. Fixes bugs Bug 2714, Bug 462.
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License
"Eclipse Public License v1.0" which accompanies this distribution,
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
Nokia Corporation - initial contribution.
Contributors:
-->
<!DOCTYPE concept
PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept xml:lang="en" id="GUID-037225BC-AC45-540E-A899-1B8AB9112D6E"><title>Unified Certificate Store Overview</title><prolog><metadata><keywords/></metadata></prolog><conbody><p>Certificate storage uses the interface defined by the crypto token framework. The unified certificate store (unified certstore) unifies all the available implementations of the certstore interface. If a product manufacturer implements one of the certstore interfaces using, for example, a WIM, then it will automatically be picked up by the unified certstore. </p> <p>The unified certstore offers: </p> <ul><li id="GUID-0C8C3223-4BB6-504A-8308-4D0C95C5DEF6"><p>The <xref href="GUID-AD63C29A-17C3-375C-840F-42A92422300D.dita"><apiname>CUnifiedCertStore</apiname></xref> API to access the certificates stored on the device </p> </li> <li id="GUID-0560028C-D7BA-52A1-8C44-080FB72E4FCC"><p>Assignment of trust status to a certificate on an application by application basis </p> </li> <li id="GUID-622CC0E3-63FD-50A9-82D4-4E2C47A542F3"><p>Certificate chain construction and validation. </p> </li> </ul> <section id="GUID-3E780226-644B-5978-8886-B2601411F355"><title>Supported certificate types</title> <p>The certstore APIs support X.509, WTLS, and X.968 certificates. Certificates can be physically present in the store (as is normally the case), or they can be referenced by a URL. When clients retrieve or add certificates they have to indicate which kind of certificate they are interested in retrieving or which kind of certificate they are adding. They do this using <codeph>TCertificateFormat</codeph>, an enumeration which currently has one of the following (self-descriptive) values: </p> <table id="GUID-B506F035-4253-5430-B2C1-4D68F4F0FA1F"><tgroup cols="1"><colspec colname="col0"/><thead><row><entry>Value</entry> </row> </thead> <tbody><row><entry><p> <codeph>EX509Certificate</codeph> </p> </entry> </row> <row><entry><p> <codeph>EWTLSCertificate</codeph> </p> </entry> </row> <row><entry><p> <codeph>EX968Certificate</codeph> </p> </entry> </row> <row><entry><p> <codeph>EX509CertificateUrl</codeph> </p> </entry> </row> <row><entry><p> <codeph>EWTLSCertificateUrl</codeph> </p> </entry> </row> <row><entry><p> <codeph>EX968CertificateUrl</codeph> </p> </entry> </row> <row><entry><p> <codeph>EUnknownCertificate</codeph> </p> </entry> </row> </tbody> </tgroup> </table> <p>This enables the certstore to commit only to the interface offered by <xref href="GUID-116AB921-B063-5CC2-962F-A74562F20EAE.dita">crypto.dll</xref>, so that new certificate specifications can be kept in the store without changing it. </p> <p>Also, there are three supported owner types defined by the <codeph>TCertificateOwnerType</codeph> enumeration: </p> <table id="GUID-DD4B474A-EEE4-500A-9A17-1B1DAFE1D2A7"><tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/><thead><row><entry>Owner type</entry> <entry>Description</entry> </row> </thead> <tbody><row><entry><p> <codeph>ECACertificate</codeph> </p> </entry> <entry><p>CA certificates are used as trust roots when validating certificate chains </p> </entry> </row> <row><entry><p> <codeph>EUserCertificate</codeph> </p> </entry> <entry><p>User certificates are used to establish the user's identity with a remote server </p> </entry> </row> <row><entry><p> <codeph>EPeerCertificate</codeph> </p> </entry> <entry><p>Peer certificates are a third party's user certificates </p> </entry> </row> </tbody> </tgroup> </table> </section> </conbody><related-links><link href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita"><linktext>Unified Certificate Store Tutorial</linktext> </link> </related-links></concept>