RSA BSAFE Cert-C

00042 typedef struct db_funcs {
00043 
00066   void (*Finalize) (
00067     CERTC_CTX       ctx,                /* Cert-C context */
00068     POINTER         handle);            /* provider handle */
00069 
00084   int (*InsertCert) (
00085     CERTC_CTX       ctx,                /* Cert-C context */
00086     POINTER         handle,             /* database handle */
00087     CERT_OBJ        cert);              /* certificate object */
00088 
00103   int (*InsertCRL) (
00104     CERTC_CTX       ctx,                /* Cert-C context */
00105     POINTER         handle,             /* database handle */
00106     CRL_OBJ         crl);               /* CRL object */
00107 
00199   int (*InsertPrivateKey) (
00200     CERTC_CTX       ctx,                /* Cert-C context */
00201     POINTER         handle,             /* database handle */
00202     CERT_OBJ        cert,               /* cert that matches private key */
00203     B_KEY_OBJ       privateKey);        /* private key object */
00204 
00220   int (*InsertPrivateKeyBySPKI) (
00221     CERTC_CTX       ctx,                /* Cert-C context */
00222     POINTER         handle,             /* database handle */
00223     ITEM            *spki,              /* subject public key info */
00224     B_KEY_OBJ       privateKey);        /* private key object */
00225 
00243   int (*SelectCertByIssuerSerial) (
00244     CERTC_CTX       ctx,                /* Cert-C context */
00245     POINTER         handle,             /* database handle */
00246     NAME_OBJ        issuerName,         /* issuer name */
00247     ITEM            *serialNumber,      /* serial number */
00248     LIST_OBJ        certList);          /* list where cert is added */
00249 
00371   int (*SelectCertBySubject) (
00372     CERTC_CTX       ctx,                /* Cert-C context */
00373     POINTER         handle,             /* database handle */
00374     NAME_OBJ        subjectName,        /* subject name */
00375     LIST_OBJ        certList);          /* list where certs are added */
00376 
00464   int (*SelectCertByExtensions) (
00465     CERTC_CTX       ctx,                /* Cert-C context */
00466     POINTER         handle,             /* database handle */
00467     NAME_OBJ        baseName,           /* starting point for search */
00468     EXTENSIONS_OBJ  extensions,         /* extensions object */
00469     LIST_OBJ        certList);          /* list where certs are added */
00470 
00471 
00488   int (*SelectFirstCert) (
00489     CERTC_CTX       ctx,                /* Cert-C context */
00490     POINTER         handle,             /* database handle */
00491     POINTER         *iterator,          /* iteration handle */
00492     LIST_OBJ        certList);          /* list where certs are added */
00493 
00510   int (*SelectNextCert) (
00511     CERTC_CTX       ctx,                /* Cert-C context */
00512     POINTER         handle,             /* database handle */
00513     POINTER         *iterator,          /* iteration handle */
00514     LIST_OBJ        certList);          /* list where certs are added */
00515 
00530   void (*FreeCertIterator) (
00531     CERTC_CTX       ctx,                /* Cert-C context */
00532     POINTER         handle,             /* database handle */
00533     POINTER         *iterator);         /* iteration handle */
00534 
00549   int (*SelectCRLByIssuerTime) (
00550     CERTC_CTX       ctx,                /* Cert-C context */
00551     POINTER         handle,             /* database handle */
00552     NAME_OBJ        issuerName,         /* CRL issuer name */
00553     UINT4           time,               /* selection time */
00554     LIST_OBJ        crlList);           /* list where CRLs are added */
00555 
00569   int (*SelectFirstCRL) (
00570     CERTC_CTX       ctx,                /* Cert-C context */
00571     POINTER         handle,             /* database handle */
00572     POINTER         *iterator,          /* iteration handle */
00573     LIST_OBJ        crlList);           /* list where CRLs are added */
00574 
00588   int (*SelectNextCRL) (
00589     CERTC_CTX       ctx,                /* Cert-C context */
00590     POINTER         handle,             /* database handle */
00591     POINTER         *iterator,          /* iteration handle */
00592     LIST_OBJ        crlList);           /* list where CRLs are added */
00593 
00608   void (*FreeCRLIterator) (
00609     CERTC_CTX       ctx,                /* Cert-C context */
00610     POINTER         handle,             /* database handle */
00611     POINTER         *iterator);         /* iteration handle */
00612 
00693   int (*SelectPrivateKeyByCert) (
00694     CERTC_CTX       ctx,                /* Cert-C context */
00695     POINTER         handle,             /* database handle */
00696     CERT_OBJ        cert,               /* cert that matches private key */
00697     B_KEY_OBJ       privateKey);        /* (out) private key */
00698 
00714   int (*SelectPrivateKeyBySPKI) (
00715     CERTC_CTX       ctx,                /* Cert-C context */
00716     POINTER         handle,             /* database handle */
00717     ITEM            *spki,              /* subject public key info */
00718     B_KEY_OBJ       privateKey);        /* (out) private key */
00719 
00759   int (*SelectFirstPrivateKey) (
00760     CERTC_CTX       ctx,                /* Cert-C context */
00761     POINTER         handle,             /* database handle */
00762     POINTER         *iterator,          /* iteration handle */
00763     B_KEY_OBJ       privateKey);        /* (out) private key */
00764 
00807   int (*SelectNextPrivateKey) (
00808     CERTC_CTX       ctx,                /* Cert-C context */
00809     POINTER         handle,             /* database handle */
00810     POINTER         *iterator,          /* iteration handle */
00811     B_KEY_OBJ       privateKey);        /* (out) private key */
00812 
00827   void (*FreePrivateKeyIterator) (
00828     CERTC_CTX       ctx,                /* Cert-C context */
00829     POINTER         handle,             /* database handle */
00830     POINTER         *iterator);         /* iteration handle */
00831 
00847   int (*DeleteCert) (
00848     CERTC_CTX       ctx,                /* Cert-C context */
00849     POINTER         handle,             /* database handle */
00850     NAME_OBJ        issuerName,         /* issuer name */
00851     ITEM            *serialNumber);     /* serial number */
00852 
00866   int (*DeleteCRL) (
00867     CERTC_CTX       ctx,                /* Cert-C context */
00868     POINTER         handle,             /* database handle */
00869     NAME_OBJ        issuerName,         /* issuer name */
00870     UINT4           lastUpdate);        /* last update time */
00871 
00929   int (*DeletePrivateKey) (
00930     CERTC_CTX       ctx,                /* Cert-C context */
00931     POINTER         handle,             /* database handle */
00932     CERT_OBJ        cert);              /* cert that matches private key */
00933 
00949   int (*DeletePrivateKeyBySPKI) (
00950     CERTC_CTX       ctx,                /* Cert-C context */
00951     POINTER         handle,             /* database handle */
00952     ITEM            *spki);             /* subject public key info */
00953 
01017   int (*SelectCertByAttributes) (
01018     CERTC_CTX       ctx,                /* Cert-C context */
01019     POINTER         handle,             /* database handle */
01020     NAME_OBJ        baseName,           /* starting point for search */
01021     ATTRIBUTES_OBJ  attributes,         /* attributes object */
01022     LIST_OBJ        certList);          /* list where certs are added */
01023 
01024 } DB_FUNCS;

Field Documentation (alphabetical)

int(* db_funcs::DeletePrivateKey)( CERTC_CTX ctx, POINTER handle, CERT_OBJ cert)

Deletes the private key identified by the specified certificate from the database. This function is implemented by the Cert-C Default Database service provider, the Cert-C In-Memory Database service provider, the Cert-C CryptoAPI Database service provider, and the Cert-C PKCS #11 Database service provider. There are provider-specific implementations for databases managed by either the Cert-C Default Database service provider or the Cert-C CryptoAPI Database service provider.

Cert-C Default Database Service Provider Implementation

In this implementation, if the private key identified by the certificate cannot be decrypted with the supplied password, this function returns E_NOT_FOUND.

Cert-C CryptoAPI Database Service Provider Implementation

In this implementation, the DeletePrivateKey function finds a matching private key only if the private key is either the default CryptoAPI CSP's user signature key or user key-exchange key. The key usage extension for the specified certificate is used to determine the key type. If no key usage extension is contained in the specified certificate, the key type is assumed to be the user's signature key. The Cert-C CryptoAPI Database service provider verifies the correspondence of the certificate and private key before returning the private key.

Both implementations have the same parameter definitions.

Parameters:

ctx	This input parameter points to an initialized Cert-C context handle.
handle	This input parameter points to a copy of the service provider's handle.
cert	This input parameter is an initialized certificate object. Information contained in the certificate (usually the subject public-key identifier) is used to locate the corresponding private key.

Returns:: If successful, returns 0. If not, returns a Cert-C error code.

int(* db_funcs::InsertPrivateKey)( CERTC_CTX ctx, POINTER handle, CERT_OBJ cert, B_KEY_OBJ privateKey)

Inserts a private key into the local database. This function is implemented by the Cert-C Default Database service provider, the Cert-C In-Memory Database service provider, the Cert-C CryptoAPI Database service provider, and the Cert-C PKCS #11 Database service provider. There are service-provider specific implementations for databases managed by the Cert-C Default Database service provider, the Cert-C CryptoAPI Database service provider, or the Cert-C In-Memory Database service provider.

Cert-C Default Database Service Provider Implementation

The Cert-C Default Database service provider implementation uses a hash of the corresponding certificate's subject public-key identifier to uniquely identify the private key. This means that when attempting to insert the same private key twice, each time identified by a different certificate, the private key is stored only once.

The stored copy of the private key is encrypted using the PKCS #5 v 2.0 password-based encryption (PBE) algorithm. The PBE algorithm parameters are: key length = 24 bytes, iterations = 100, and salt size = 8 bytes. The password used to encrypt the private key is provided by the DEFAULT_DB_PARAMS structure, which is initialized by S_InitializeDefaultDB().

Cert-C CryptoAPI Database Service Provider Implementation

In this implementation, InsertPrivateKey may fail if the corresponding default CryptoAPI CSP's user signature key or user key-exchange key is already assigned.

The Cert-C CryptoAPI Database service provider's key container, pKeyContainerName, can contain only one signature key and only one key- exchange key. If more than one key of each type is inserted, then the new key will replace the old key, and the function will return 0 (zero).

Currently the Cert-C CryptoAPI Database service provider inserts private keys into a CSP with the CRYPT_EXPORTABLE flag set.

Cert-C In-Memory Database Service Provider Implementation

The Cert-C In-Memory Database service provider implementation uses the spki of the corresponding certificate to identify the private key. This means that attempting to insert the same private key twice, each time identified by a different certificate, the private key is stored once. The stored copy of the private key is not encrypted.

All implementations have the same parameter definitions.

Parameters:

ctx	This input parameter points to an initialized Cert-C context handle.
handle	This input parameter points to a copy of the service provider's handle.
cert	This input parameter is an initialized certificate object. Information contained in the certificate (usually the subject public-key identifier) is used to identify the corresponding private key.
privateKey	This input parameter is an initialized private key object. A copy of the private key is added to the database.

Returns:: If successful, returns 0. If not, returns a Cert-C error code.

int(* db_funcs::SelectCertByAttributes)( CERTC_CTX ctx, POINTER handle, NAME_OBJ baseName, ATTRIBUTES_OBJ attributes, LIST_OBJ certList)

Retrieves one or more root certificates identified by the client-specified attributes and base subject name from the CA or RA. This function also adds a copy of each matching certificate to the certificate list. If a copy of a given certificate is already in the certificate list (as determined by matching issuer names and serial numbers), it is not added again.

This function is implemented by the Cert-C SCEP Database service provider.

Parameters:

ctx This input parameter points to an initialized Cert-C context handle.

handle This input parameter points to the handle returned by the service provider's initialization function.

baseName This input parameter is a name object that is compared against the subject name of a candidate certificate. All of the components of the base name must match the corresponding components of the candidate certificate subject name. This parameter may be (NAME_OBJ)NULL_PTR for some service providers.

attributes

This input parameter is an initialized certificate attributes object that contains a set of attribute types and values. The names and values specified in the ATTRIBUTES_OBJ govern the certificate (chain) search; the values are as follows:

Name	Value
`operation`	Required. It must be either `GetCACert` or `GetCACertChain`.
`cert-id`	Required. For KCS, this value should contain the name of the jurisdiction that corresponds to the certificate to retrieve. For VeriSign, this value should contain the DNS domain name for which the OnSite account was created. For example, `mycompany.com`.
`ca-ident`	Required. For a Cisco Systems router, the value specified here is defined as the 'crypto ca identity' field in the router configuration. This value becomes the method CGI parameter in the HTTP request.

certList This output parameter is the initialized certificate list object where the selected certificates are added.

int(* db_funcs::SelectCertByExtensions)( CERTC_CTX ctx, POINTER handle, NAME_OBJ baseName, EXTENSIONS_OBJ extensions, LIST_OBJ certList)

Retrieves one or more certificates identified by the specified extensions and base subject name from the database managed by the service provider. This function also adds a copy of each matching certificate to the certificate list. If a copy of a given certificate is already in the list (as determined by matching issuer names and serial numbers), it is not added again.

This function is implemented by the Cert-C Default Database service provider, the Cert-C In-Memory Database service provider, the Cert-C CryptoAPI Database service provider, and the Cert-C PKCS #11 Database service provider. It is implemented by the Cert-C LDAP Database service provider as SelectLDAPCertByExtensions.

Cert-C LDAP Database Service Provider Implementation

This implementation, named SelectLDAPCertByExtensions, has the same functionality as the default implementation. It retrieves one or more certificates identified by the specified extensions and base subject name from the database managed by the service provider.

For this type of search, define a list of certificate extensions to search. The following three steps are used to accomplish this with an LDAP source.

Perform the three-step search described in the LDAP implementation of SelectCertBySubject that is named SelectLDAPCertBySubject. The baseName in SelectLDAPCertByExtensions is used the same way that subjectName is used in SelectLDAPCertBySubject.
Collect all certificates, as determined by the certificateAttrs configuration values.
Return only those certificates that have the given extensions.

Note: Start the base DN as low as possible in the directory tree. If this is not done, a large set of entries can be returned, and the collection of all the certificates in all the entries can be quite large. A good way to avoid this is to include the common name as one of the attributes in the filter.

All implementations have the same parameter definitions.

Parameters:

ctx	This input parameter is an initialized Cert-C context handle.
handle	This input parameter points to a copy of the handle returned by the service provider's initialization function.
baseName	This input parameter is a name object that is compared against the subject name of a candidate certificate. All of the components of the base name must match the corresponding components of the candidate certificate subject name. However, the certificate subject name may contain more AVAs than are present in baseName and still match. If baseName has a value of `NULL_PTR`, it is considered to match a candidate certificate. However, some database service providers, such as the Cert-C LDAP Databaase service provider, may refuse to perform this operation unless a base name is specified.
extensions	This input parameter is an initialized extensions object that contains a set of extension types and values. If this parameter's value is `NULL_PTR`, all certificates in the bound databases that match the base name are returned.
certList	This input/output parameter points to an allocated, but uninitialized, `LIST_OBJ` as input. As output, it points to an initialized list object. This function adds a copy of matching certificates to this list.

Returns:: If successful, returns 0. If not, returns a Cert-C Error Code.

int(* db_funcs::SelectCertBySubject)( CERTC_CTX ctx, POINTER handle, NAME_OBJ subjectName, LIST_OBJ certList)

Retrieves one or more certificated identified by the specified subject name from the database managed by the service provider. This function also adds a copy of each matching certificate to the certificate list.

Cert-C LDAP Database Service Provider Implementation

This implementation, named SelectLDAPCertByExtensions, has the same functionality as the default implementation. It retrieves one or more certificated identified by the specified subject name from the database managed by the service provider. This function also adds a copy of each matching certificate to the certificate list.

The certificates returned in the LDAP queries performed by the service provider do not necessarily have matching subject names. This is because the Distinguished Names (DN) used in the LDAP queries correspond to LDAP entry attributes and not to the certificate subject name (depending on the configuration of the server). The Cert-C service provider examines the certificates associated with the LDAP entries. It first retrieves them and collects them in an in-memory database instance. It then calls C_SelectBySubjectName with the desired subject name and the in-memory database instance to retrieve the certificates with the matching subject name.

DNs used in certificates can differ from the DN used in a directory entry. LDAP_DATA’s baseDNAttrs helps to establish a mapping between these two, possibly dissimilar, DNs. baseDNAttrs is an ordered list of attribute types that should be used to build the base DN for the LDAP search. The DN will be built from attributes in the subject name as indicated by the baseDNAttrs. The resulting DN will correspond to the order indicated in the baseDNAttrs list. LDAP_DATA’s searchFilterAttrs will be used to further qualify the results. This algorithm is required because there may be an exact match to the given subject name. The following is an example that shows this kind of search.

If the desired subject name is

      mail=mailto:jane@rsasecurity.com, OU=Engineering, O=RSA Security, C=US

and the baseDNAttrs are

      O, C

and the searchFilterAttrs are

      mail

then the Base DN for the LDAP search will be

      O=RSA Security, C=US

and the search filter will be

      mail=mailto:jane@rsasecurity.com

Use the following three steps to perform the search:

First, the following search is done:

      base DN: subject name
      scope: base only
      search filter: wildcard (matches anything)

If there is an entry in the repository that exactly matches the subject name, the search is finished. If not, perform the following:

      search:
      base DN: DN formed using baseDNAttrs, in our example, O=RSA Security,
      C=US
      scope: subtree
      search filter: formed using searchFilterAttrs, in our example,
      mail=mailto:jane@rsasecurity.com

If there is more than one entry that satisfies the search, the collection of certificates from all entries is examined, and only those that have the given subject name are returned as the result of the search.

Certificates are collected from the attributes indicated in the certificateAttrs configuration values. If there is no entry found in the previous search, perform the following search:

      base DN: searchRoot in the configuration data of this LDAP provider.
      scope: subtree
      search filter: formed using searchFilterAttrs, in our example,
      mail=mailto:jane@rsasecurity.com

If there is more than one entry that satisfies the search, the collection of certificates from all entries is examined, and only those that have the given subject name are returned as the result of the search. Certificates are collected from the attributes indicated in the certificateAttrs configuration values.

All implementations have the same parameter definitions.

Parameters:

ctx	This input parameter is an initialized Cert-C context handle.
handle	This input parameter points to a copy of the handle returned by the service provider's initialization function.
subjectName	This input parameter contains an initialized name object giving the subject name of the certificates to select.
certList	This input/output parameter points to an allocated, but uninitialized, `LIST_OBJ` as input. As output, it points to an initialized list object. This function adds a copy of matching certificates to this list.

Returns:: If successful, returns 0. If not, returns a Cert-C Error Code.

int(* db_funcs::SelectFirstPrivateKey)( CERTC_CTX ctx, POINTER handle, POINTER *iterator, B_KEY_OBJ privateKey)

Retrieves the first private key from the local database. This function skips private key records that cannot be successfully decrypted with the supplied password.

Parameters:

ctx	This input parameter points to an initialized Cert-C context handle.
handle	This input parameter points to a copy of the service provider handle.
iterator	This is both an input and output parameter. As an input parameter, it points to an uninitialized POINTER variable. As an output parameter, it points to an allocated iterator. If the database contains no private keys, the iterator is set to NULL_PTR.
privateKey	This is both an input and output parameter. As an input parameter, it is an allocated but uninitialized key object. As an output parameter, it points to an initialized object which contains key information taken from the database entry.

Returns:: If successful, returns 0. If not, returns a Cert-C error code.

int(* db_funcs::SelectNextPrivateKey)( CERTC_CTX ctx, POINTER handle, POINTER *iterator, B_KEY_OBJ privateKey)

Retrieves the next private key from the database. This function skips private key records that cannot be decrypted with the supplied password.

Parameters:

ctx	This input parameter points to an initialized Cert-C context handle.
handle	This input parameter points to a copy of the service provider handle.
iterator	This is both an input and output parameter. As an input parameter, it points to an allocated but uninitialized POINTER. As an output parameter, it points to an initialized POINTER variable. (The iterator is created by a previous call to SelectFirstPrivateKey.) If all of the keys in the database have been retrieved, or any other error occurs, the memory associated with the iterator is freed, and the variable is set to NULL_PTR.
privateKey	This is both an input and output parameter. As an input parameter, it is an allocated but uninitialized key object. As an output parameter, it points to an initialized key object containing key information taken from the database entry.

Returns:: If successful, returns 0. If not, returns a Cert-C error code.

int(* db_funcs::SelectPrivateKeyByCert)( CERTC_CTX ctx, POINTER handle, CERT_OBJ cert, B_KEY_OBJ privateKey)

Retrieves the private key identified by the specified certificate from the local database. This function is implemented by the Cert-C Default Database service provider, the Cert-C In-Memory Database service provider, the Cert-C CryptoAPI Database service provider, and the Cert-C PKCS #11 Database service provider. There are service-provider specific implementation for databases managed either by the Cert-C Default Database service provider or the Cert-C CryptoAPI Database service provider.

Cert-C Default Database Service Provider Implementation

If the private key identified by the certificate cannot be decrypted with the supplied password, this function returns E_NOT_FOUND.

Cert-C CryptoAPI Database Service Provider Implementation

In this implementation, SelectPrivateKeyByCert finds a matching private key only if the private key is either the default CryptoAPI CSP's user signature key or user key- exchange key.

The key usage extension for the specified certificate is used to determine the key type. If no key usage extension is contained in the specified certificate, the key type is assumed to be the user's signature key.

If the private key is retrievable from CryptoAPI in cleartext form, then a Crypto-C key object of type KI_RSA_CRT is created with the raw key bits. The Crypto-C software is used to perform any requested operation with this key. If the key is not exportable, then a Crypto-C key object of type KI_Token is returned. The Cert-C session chooser is set up so that any operations that use token keys are passed to a Crypto-C BHAPI module. This module then calls CryptoAPI functions to perform the requested task. Applications that use Cert-C do not need to be aware of the difference between these two key types. All the application calls and data types are the same.

Both implementations have the same parameter definitions.

Parameters:

ctx	This input parameter points to an initialized Cert-C context handle.
handle	This input parameter points to a copy of the service provider's handle.
cert	This input parameter is an initialized certificate object. Information contained in the certificate (usually the subject public-key identifier) is used to locate the corresponding private key.
privateKey	This is both an input and output parameter. As an input parameter, it is an allocated but uninitialized key object. As an output parameter, it points to an initialized key object, which contains key information taken from the database entry.

Returns:: If successful, returns 0. If not, returns a Cert-C error code.

Data Fields
void(*	Finalize )(CERTC_CTX ctx, POINTER handle)
	Frees resources associated with the specified service provider handle, including freeing memory allocated during service provider initialization. More...
int(*	InsertCert )(CERTC_CTX ctx, POINTER handle, CERT_OBJ cert)
	Inserts the certificate into the database managed by the database service provider. More...
int(*	InsertCRL )(CERTC_CTX ctx, POINTER handle, CRL_OBJ crl)
	Inserts the CRL into the database managed by the database service provider. More...
int(*	InsertPrivateKey )(CERTC_CTX ctx, POINTER handle, CERT_OBJ cert, B_KEY_OBJ privateKey)
	Inserts a private key into the local database. More...
int(*	InsertPrivateKeyBySPKI )(CERTC_CTX ctx, POINTER handle, ITEM *spki, B_KEY_OBJ privateKey)
	Inserts the private key into the database managed by the service provider. More...
int(*	SelectCertByIssuerSerial )(CERTC_CTX ctx, POINTER handle, NAME_OBJ issuerName, ITEM *serialNumber, LIST_OBJ certList)
	Retrieves the certificate identified by the specified issuer name and serial number from the database managed by the service provider. More...
int(*	SelectCertBySubject )(CERTC_CTX ctx, POINTER handle, NAME_OBJ subjectName, LIST_OBJ certList)
	Retrieves one or more certificated identified by the specified subject name from the database managed by the service provider. More...
int(*	SelectCertByExtensions )(CERTC_CTX ctx, POINTER handle, NAME_OBJ baseName, EXTENSIONS_OBJ extensions, LIST_OBJ certList)
	Retrieves one or more certificates identified by the specified extensions and base subject name from the database managed by the service provider. More...
int(*	SelectFirstCert )(CERTC_CTX ctx, POINTER handle, POINTER *iterator, LIST_OBJ certList)
	Retrieves the first certificate from the database managed by the service provider and adds a copy of the certificate to the certificate list. More...
int(*	SelectNextCert )(CERTC_CTX ctx, POINTER handle, POINTER *iterator, LIST_OBJ certList)
	Retrieves the next certificate from the database managed by the service provider and adds a copy of the certificate to the certificate list. More...
void(*	FreeCertIterator )(CERTC_CTX ctx, POINTER handle, POINTER *iterator)
	Frees the database iterator previously created by the `SelectFirstCert` function. More...
int(*	SelectCRLByIssuerTime )(CERTC_CTX ctx, POINTER handle, NAME_OBJ issuerName, UINT4 time, LIST_OBJ crlList)
	Retrieves the CRL identified by the specified issuer name and time from the database managed by the service provider and adds a copy of the matching CRL to the CRL list. More...
int(*	SelectFirstCRL )(CERTC_CTX ctx, POINTER handle, POINTER *iterator, LIST_OBJ crlList)
	Retrieves the first CRL from the database managed by the service provider and adds a copy of the CRL to the CRL list. More...
int(*	SelectNextCRL )(CERTC_CTX ctx, POINTER handle, POINTER *iterator, LIST_OBJ crlList)
	Retrieves the next CRL from the databases bound to the iterator and adds a copy of the CRL to the CRL list. More...
void(*	FreeCRLIterator )(CERTC_CTX ctx, POINTER handle, POINTER *iterator)
	Frees the database iterator previously created by the `SelectFirstCRL` function. More...
int(*	SelectPrivateKeyByCert )(CERTC_CTX ctx, POINTER handle, CERT_OBJ cert, B_KEY_OBJ privateKey)
	Retrieves the private key identified by the specified certificate from the local database. More...
int(*	SelectPrivateKeyBySPKI )(CERTC_CTX ctx, POINTER handle, ITEM *spki, B_KEY_OBJ privateKey)
	Retrieves the private key identified by the specified subject public-key identifier from the database managed by the service provider. More...
int(*	SelectFirstPrivateKey )(CERTC_CTX ctx, POINTER handle, POINTER *iterator, B_KEY_OBJ privateKey)
	Retrieves the first private key from the local database. More...
int(*	SelectNextPrivateKey )(CERTC_CTX ctx, POINTER handle, POINTER *iterator, B_KEY_OBJ privateKey)
	Retrieves the next private key from the database. More...
void(*	FreePrivateKeyIterator )(CERTC_CTX ctx, POINTER handle, POINTER *iterator)
	Frees the database iterator created previously by the `SelectFirstPrivateKey` function. More...
int(*	DeleteCert )(CERTC_CTX ctx, POINTER handle, NAME_OBJ issuerName, ITEM *serialNumber)
	Deletes the certificate identified by the specified issuer name and serial number from the database managed by the service provider. More...
int(*	DeleteCRL )(CERTC_CTX ctx, POINTER handle, NAME_OBJ issuerName, UINT4 lastUpdate)
	Deletes the CRL identified by the specified issuer name and last-update time from the database managed by the service provider. More...
int(*	DeletePrivateKey )(CERTC_CTX ctx, POINTER handle, CERT_OBJ cert)
	Deletes the private key identified by the specified certificate from the database. More...
int(*	DeletePrivateKeyBySPKI )(CERTC_CTX ctx, POINTER handle, ITEM *spki)
	Deletes the private key identified by the specified subject public-key identifier from the database managed by the service provider. More...
int(*	SelectCertByAttributes )(CERTC_CTX ctx, POINTER handle, NAME_OBJ baseName, ATTRIBUTES_OBJ attributes, LIST_OBJ certList)
	Retrieves one or more root certificates identified by the client-specified attributes and base subject name from the CA or RA. More...

DB_FUNCS Reference

Data Fields

Field Documentation (alphabetical)