Certificate Manager API

1.0 References

2.0 Overview

• Certificate Processing (parsing, verification etc).
• Certificate Storage.
• Certificate Meta data administration.
• Certificate Revocation discovery.
• Limited cryptographic services.
• Digital signature processing.

2.1 Certificate Manager Architecture

• Cryptography Plug-in
• Certificate Processing Plug-in
• Digital Signature Plug-in
• Certificate Revocation Status Plug-in
• Certificate Store Plug-in

Certificate Manager Architecture Diagram

Each plug-in is a separate Linux shared object. The actual shared object that implements a plug-in is specified in the Certificate Manager configuration file. When the Certificate Manager requires access to a particular plug-in, it will search the configuration file for the appropriate entry. Once found, the Certificate Manager will load the shared object and call the required API functions. For the Certificate Processing and Certificate Store plug-ins, multiple instances can be defined for use at the same time. This allows extra functionality to be added easily. For example, there may be an existing Certificate Processing plug-in that understands X.509 certificates. If WTLS certificates are also required, a new shared object (conforming to the Certificate Processing Framework API) can be written. This shared object can be added to the platform installation and the Certificate Manager configuration updated. There will now be two Certificate Processing plug-ins listed in the configuration file: one for X.509 and one for WTLS. The Certificate Manager can use either plug-in when attempting to process a certificate.

2.2 Certificate Verification Diagram

Example Sequence Diagram for Certificate Verification

3.0 Industry Standard

4.0 External API Documents

5.0 Plug-in Extension Point Interface

6.0 Other Interfaces

7.0 Other Notes

Generated on Mon Mar 31 01:01:00 2008 by  1.5.4