Certificate storage uses the interface defined by the crypto token framework. The unified certificate store (unified certstore) unifies all the available implementations of the certstore interface. If a product manufacturer implements one of the certstore interfaces using, for example, a WIM, then it will automatically be picked up by the unified certstore.
The unified certstore offers:
The CUnifiedCertStore API to access the certificates stored on the device
Assignment of trust status to a certificate on an application by application basis
Certificate chain construction and validation.
The certstore APIs support X.509, WTLS, and X.968 certificates. Certificates can be physically present in the store (as is normally the case), or they can be referenced by a URL. When clients retrieve or add certificates they have to indicate which kind of certificate they are interested in retrieving or which kind of certificate they are adding. They do this using TCertificateFormat, an enumeration which currently has one of the following (self-descriptive) values:
Value |
---|
EX509Certificate |
EWTLSCertificate |
EX968Certificate |
EX509CertificateUrl |
EWTLSCertificateUrl |
EX968CertificateUrl |
EUnknownCertificate |
This enables the certstore to commit only to the interface offered by crypto.dll, so that new certificate specifications can be kept in the store without changing it.
Also, there are three supported owner types defined by the TCertificateOwnerType enumeration: