FileDocCategorySizeDatePackage
CertStore.javaAPI DocJava SE 5 API15274Fri Aug 26 14:57:16 BST 2005java.security.cert

CertStore

public class CertStore extends Object
A class for retrieving Certificates and CRLs from a repository.

This class uses a provider-based architecture, as described in the Java Cryptography Architecture. To create a CertStore, call one of the static getInstance methods, passing in the type of CertStore desired, any applicable initialization parameters and optionally the name of the provider desired.

Once the CertStore has been created, it can be used to retrieve Certificates and CRLs by calling its {@link #getCertificates(CertSelector selector) getCertificates} and {@link #getCRLs(CRLSelector selector) getCRLs} methods.

Unlike a {@link java.security.KeyStore KeyStore}, which provides access to a cache of private keys and trusted certificates, a CertStore is designed to provide access to a potentially vast repository of untrusted certificates and CRLs. For example, an LDAP implementation of CertStore provides access to certificates and CRLs stored in one or more directories using the LDAP protocol and the schema as defined in the RFC service attribute. See Appendix A in the Java Certification Path API Programmer's Guide for more information about standard CertStore types.

Concurrent Access

All public methods of CertStore objects must be thread-safe. That is, multiple threads may concurrently invoke these methods on a single CertStore object (or more than one) with no ill effects. This allows a CertPathBuilder to search for a CRL while simultaneously searching for further certificates, for instance.

The static methods of this class are also guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.

version
1.13 06/28/04
since
1.4
author
Sean Mullan, Steve Hanna

Fields Summary
private static final String
CERTSTORE_TYPE
private CertStoreSpi
storeSpi
private Provider
provider
private String
type
private CertStoreParameters
params
Constructors Summary
protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params)
Creates a CertStore object of the given type, and encapsulates the given provider implementation (SPI object) in it.

param
storeSpi the provider implementation
param
provider the provider
param
type the type
param
params the initialization parameters (may be null)


                                                
         
			    
        this.storeSpi = storeSpi;
        this.provider = provider;
        this.type = type;
	if (params != null)
	    this.params = (CertStoreParameters) params.clone();
    
Methods Summary
public final java.util.CollectiongetCRLs(java.security.cert.CRLSelector selector)
Returns a Collection of CRLs that match the specified selector. If no CRLs match the selector, an empty Collection will be returned.

For some CertStore types, the resulting Collection may not contain all of the CRLs that match the selector. For instance, an LDAP CertStore may not search all entries in the directory. Instead, it may just search entries that are likely to contain the CRLs it is looking for.

Some CertStore implementations (especially LDAP CertStores) may throw a CertStoreException unless a non-null CRLSelector is provided that includes specific criteria that can be used to find the CRLs. Issuer names and/or the certificate to be checked are especially useful.

param
selector A CRLSelector used to select which CRLs should be returned. Specify null to return all CRLs (if supported).
return
A Collection of CRLs that match the specified selector (never null)
throws
CertStoreException if an exception occurs

        return storeSpi.engineGetCRLs(selector);
    
public final java.security.cert.CertStoreParametersgetCertStoreParameters()
Returns the parameters used to initialize this CertStore. Note that the CertStoreParameters object is cloned before it is returned.

return
the parameters used to initialize this CertStore (may be null)

        return (params == null ? null : (CertStoreParameters) params.clone());
    
public final java.util.CollectiongetCertificates(java.security.cert.CertSelector selector)
Returns a Collection of Certificates that match the specified selector. If no Certificates match the selector, an empty Collection will be returned.

For some CertStore types, the resulting Collection may not contain all of the Certificates that match the selector. For instance, an LDAP CertStore may not search all entries in the directory. Instead, it may just search entries that are likely to contain the Certificates it is looking for.

Some CertStore implementations (especially LDAP CertStores) may throw a CertStoreException unless a non-null CertSelector is provided that includes specific criteria that can be used to find the certificates. Issuer and/or subject names are especially useful criteria.

param
selector A CertSelector used to select which Certificates should be returned. Specify null to return all Certificates (if supported).
return
A Collection of Certificates that match the specified selector (never null)
throws
CertStoreException if an exception occurs

        return storeSpi.engineGetCertificates(selector);
    
public static final java.lang.StringgetDefaultType()
Returns the default CertStore type as specified in the Java security properties file, or the string "LDAP" if no such property exists. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed.

The default CertStore type can be used by applications that do not want to use a hard-coded type when calling one of the getInstance methods, and want to provide a default CertStore type in case a user does not specify its own.

The default CertStore type can be changed by setting the value of the "certstore.type" security property (in the Java security properties file) to the desired type.

return
the default CertStore type as specified in the Java security properties file, or the string "LDAP" if no such property exists.

        String cstype;
        cstype = (String)AccessController.doPrivileged(new PrivilegedAction() {
            public Object run() {
                return Security.getProperty(CERTSTORE_TYPE);
            }
        });
        if (cstype == null) {
            cstype = "LDAP";
        }
        return cstype;
    
public static java.security.cert.CertStoregetInstance(java.lang.String type, java.security.cert.CertStoreParameters params)
Returns a CertStore object that implements the specified CertStore type and is initialized with the specified parameters.

If the default provider package provides an implementation of the specified CertStore type, an instance of CertStore containing that implementation is returned. If the requested type is not available in the default package, other packages are searched.

The CertStore that is returned is initialized with the specified CertStoreParameters. The type of parameters needed may vary between different types of CertStores. Note that the specified CertStoreParameters object is cloned.

param
type the name of the requested CertStore type
param
params the initialization parameters (may be null)
return
a CertStore object that implements the specified CertStore type
throws
NoSuchAlgorithmException if the requested type is not available in the default provider package or any of the other provider packages that were searched
throws
InvalidAlgorithmParameterException if the specified initialization parameters are inappropriate for this CertStore

	try {
	    Instance instance = GetInstance.getInstance("CertStore",
	    	CertStoreSpi.class, type, params);
	    return new CertStore((CertStoreSpi)instance.impl, 
	    	instance.provider, type, params);
	} catch (NoSuchAlgorithmException e) {
	    return handleException(e);
	}
    
public static java.security.cert.CertStoregetInstance(java.lang.String type, java.security.cert.CertStoreParameters params, java.lang.String provider)
Returns a CertStore object that implements the specified CertStore type, as supplied by the specified provider and initialized with the specified parameters.

The CertStore that is returned is initialized with the specified CertStoreParameters. The type of parameters needed may vary between different types of CertStores. Note that the specified CertStoreParameters object is cloned.

param
type the requested CertStore type
param
params the initialization parameters (may be null)
param
provider the name of the provider
return
a CertStore object that implements the specified type, as supplied by the specified provider
throws
NoSuchAlgorithmException if the requested type is not available from the specified provider
throws
InvalidAlgorithmParameterException if the specified initialization parameters are inappropriate for this CertStore
throws
NoSuchProviderException if the provider has not been configured
exception
IllegalArgumentException if the provider is null

	try {
	    Instance instance = GetInstance.getInstance("CertStore",
	    	CertStoreSpi.class, type, params, provider);
	    return new CertStore((CertStoreSpi)instance.impl, 
	    	instance.provider, type, params);
	} catch (NoSuchAlgorithmException e) {
	    return handleException(e);
	}
    
public static java.security.cert.CertStoregetInstance(java.lang.String type, java.security.cert.CertStoreParameters params, java.security.Provider provider)
Returns a CertStore object that implements the specified CertStore type, as supplied by the specified provider and initialized with the specified parameters. Note: the provider doesn't have to be registered.

The CertStore that is returned is initialized with the specified CertStoreParameters. The type of parameters needed may vary between different types of CertStores. Note that the specified CertStoreParameters object is cloned.

param
type the requested CertStore type
param
params the initialization parameters (may be null)
param
provider the provider
return
a CertStore object that implements the specified type, as supplied by the specified provider
exception
NoSuchAlgorithmException if the requested type is not available from the specified provider
throws
InvalidAlgorithmParameterException if the specified initialization parameters are inappropriate for this CertStore
exception
IllegalArgumentException if the provider is null

	try {
	    Instance instance = GetInstance.getInstance("CertStore",
	    	CertStoreSpi.class, type, params, provider);
	    return new CertStore((CertStoreSpi)instance.impl,
	    	instance.provider, type, params);
	} catch (NoSuchAlgorithmException e) {
	    return handleException(e);
	}
    
public final java.security.ProvidergetProvider()
Returns the provider of this CertStore.

return
the provider of this CertStore

        return this.provider;
    
public final java.lang.StringgetType()
Returns the type of this CertStore.

return
the type of this CertStore

        return this.type;
    
private static java.security.cert.CertStorehandleException(java.security.NoSuchAlgorithmException e)

	Throwable cause = e.getCause();
	if (cause instanceof InvalidAlgorithmParameterException) {
	    throw (InvalidAlgorithmParameterException)cause;
	}
	throw e;