Processing some of the key data objects require additional
information which is global across the application (or in the
particular area of the application). For example, X509 certificates
processing require a common list of trusted certificates to be
available. XML Security Library keeps all the common information
for key data processing in a a collection of key data stores called
Figure 7. The keys manager structure.
Keys manager has a special "keys store" which lists the keys
known to the application. This "keys store" is used by XML Security
Library to lookup keys by name, type and crypto algorithm (for example,
processing). The XML Security Library
provides default simple "flat list" based implementation of a default keys
store. The application can replace it with any other keys store
(for example, based on an SQL database).
Keys manager is the only object in XML Security Library which
is supposed to be shared by many different operations. Usually keys
manager is initialized once at the application startup and later is
used by XML Security library routines in "read-only" mode. If
application or crypto function need to modify any of the key data
stores inside keys manager then proper synchronization must be
implemented. In the same time, application can create a new keys
manager each time it needs to perform XML signature, verification,
encryption or decryption.