COM-based Certificate Management System Development

With the development of Internet and information technology, the e-business has already been accepted by more and more people. How to guarantee the trade security has become a very important problem of e-business developing. Namely how to guarantee authentication, privacy,non-repudiation and integrality.PKI( Public Key Infrastructures) use certificate to managent public key. It bind user's public key and it's information through the third trusted parties( Certificate Authority, CA) in order to verify the user's identity in Internet. PKI guarantees the security transmission of the online data through managing the key and certificate automatically.PKI is being developed very fast in domestic and abroad. But applications based on PKI are apparently shortage, and it becomes a hindrance for the development of PKI. In this case, it becomes very nessisary for developing resusable PKI componets.We use COM to develop certificate administrative system and use software engineering based on component as our guaidance. The steps of software engineering based on component are as following: Firstly make system demand analysis using normal method, then devide components using the demand analysis result. And conform the interface of every component, design every component and system realization in detail, develop and test every component, at last combine components and carry on system test.Adopting the software engineering method based on components can bring us these advantages: the component can be developed independently. It can shorten developing period, component are independent of develop languages, Realize flexibility relatively, component can be reused, invest can be diminished. System can get more flexibility and extendability though changing component. Certificate management system have three levels. The top level is advanced application, the second level is component management center(CMC), the third level is the implementation of its functions. The level at the bottom is encryption library, directory service API and DBMS probably used by some implementation function outer of the system. COM library can provide component support service for all the system.The certificate administrative system is explained as follow:Upper interface : Interface that upper level application mutual with the system.Function interface: Interface of Component administrative center and function subsystem, define by the system. The implementation of system's submodule must abbey this interface can it mutual with the system.The interface of the lower lever: Mean the interface used by those function submodule which mutual with its lower level library it based. These interfaces are defined and implemented by lower level library, function submodule needs to know and use the correspongding interface. CMC: Manage, coordinate every submodule, offer the unified interface for the upper level. It receives requestion from upper level, anylys it and transmit to the corresponding submodul.Encrypting and decrypting module: providing encrypt and decrypt functions based on certificate. It including symmetrical and public key encrypting, decrypting, making data certificate, validating data encrypting, making data envelope, opening data envelope.Analytic module of certificate: It can offer ASN.1 decode operation for certificate,accept input of Base64 encode or binary ASN.1 certificate or CRL input, decode ASN.1 and output certificate or values of fields in CRL.Certificate verifying module: Verify the validity of the certificate, offer local certificate validity, certificate verifying based on LDAP, and validity verifying based on path builder.Certificate storage and retrieve module: Retrieving and storaging certificate from LDAP server through standard LDAP.Upper level application: Applications developed on top of certificate management system interface.COM library: COM library is the foundation of COM component and its customers. It helps to control the life period of system component, helps to create and destroy componen...