CertStorepublic class CertStore extends Object A class for retrieving Certificate s and CRL s
from a repository.
This class uses a provider-based architecture, as described in the
Java Cryptography Architecture.
To create a CertStore , call one of the static
getInstance methods, passing in the type of
CertStore desired, any applicable initialization parameters
and optionally the name of the provider desired.
Once the CertStore has been created, it can be used to
retrieve Certificate s and CRL s by calling its
{@link #getCertificates(CertSelector selector) getCertificates} and
{@link #getCRLs(CRLSelector selector) getCRLs} methods.
Unlike a {@link java.security.KeyStore KeyStore}, which provides access
to a cache of private keys and trusted certificates, a
CertStore is designed to provide access to a potentially
vast repository of untrusted certificates and CRLs. For example, an LDAP
implementation of CertStore provides access to certificates
and CRLs stored in one or more directories using the LDAP protocol and the
schema as defined in the RFC service attribute. See Appendix A in the
Java Certification Path API Programmer's Guide for more information about
standard CertStore types.
Concurrent Access
All public methods of CertStore objects must be thread-safe.
That is, multiple threads may concurrently invoke these methods on a
single CertStore object (or more than one) with no
ill effects. This allows a CertPathBuilder to search for a
CRL while simultaneously searching for further certificates, for instance.
The static methods of this class are also guaranteed to be thread-safe.
Multiple threads may concurrently invoke the static methods defined in
this class with no ill effects. |
Fields Summary |
---|
private static final String | CERTSTORE_TYPE | private CertStoreSpi | storeSpi | private Provider | provider | private String | type | private CertStoreParameters | params |
Constructors Summary |
---|
protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params)Creates a CertStore object of the given type, and
encapsulates the given provider implementation (SPI object) in it.
this.storeSpi = storeSpi;
this.provider = provider;
this.type = type;
if (params != null)
this.params = (CertStoreParameters) params.clone();
|
Methods Summary |
---|
public final java.util.Collection | getCRLs(java.security.cert.CRLSelector selector)Returns a Collection of CRL s that
match the specified selector. If no CRL s
match the selector, an empty Collection will be returned.
For some CertStore types, the resulting
Collection may not contain all of the
CRL s that match the selector. For instance,
an LDAP CertStore may not search all entries in the
directory. Instead, it may just search entries that are likely to
contain the CRL s it is looking for.
Some CertStore implementations (especially LDAP
CertStore s) may throw a CertStoreException
unless a non-null CRLSelector is provided that
includes specific criteria that can be used to find the CRLs.
Issuer names and/or the certificate to be checked are especially useful.
return storeSpi.engineGetCRLs(selector);
| public final java.security.cert.CertStoreParameters | getCertStoreParameters()Returns the parameters used to initialize this CertStore .
Note that the CertStoreParameters object is cloned before
it is returned.
return (params == null ? null : (CertStoreParameters) params.clone());
| public final java.util.Collection | getCertificates(java.security.cert.CertSelector selector)Returns a Collection of Certificate s that
match the specified selector. If no Certificate s
match the selector, an empty Collection will be returned.
For some CertStore types, the resulting
Collection may not contain all of the
Certificate s that match the selector. For instance,
an LDAP CertStore may not search all entries in the
directory. Instead, it may just search entries that are likely to
contain the Certificate s it is looking for.
Some CertStore implementations (especially LDAP
CertStore s) may throw a CertStoreException
unless a non-null CertSelector is provided that
includes specific criteria that can be used to find the certificates.
Issuer and/or subject names are especially useful criteria.
return storeSpi.engineGetCertificates(selector);
| public static final java.lang.String | getDefaultType()Returns the default CertStore type as specified in the
Java security properties file, or the string "LDAP" if no
such property exists. The Java security properties file is located in
the file named <JAVA_HOME>/lib/security/java.security, where
<JAVA_HOME> refers to the directory where the JDK was installed.
The default CertStore type can be used by applications
that do not want to use a hard-coded type when calling one of the
getInstance methods, and want to provide a default
CertStore type in case a user does not specify its own.
The default CertStore type can be changed by setting
the value of the "certstore.type" security property (in the Java
security properties file) to the desired type.
String cstype;
cstype = (String)AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
return Security.getProperty(CERTSTORE_TYPE);
}
});
if (cstype == null) {
cstype = "LDAP";
}
return cstype;
| public static java.security.cert.CertStore | getInstance(java.lang.String type, java.security.cert.CertStoreParameters params)Returns a CertStore object that implements the specified
CertStore type and is initialized with the specified
parameters.
If the default provider package provides an implementation
of the specified CertStore type, an instance of
CertStore containing that implementation is returned.
If the requested type is not available in the default package, other
packages are searched.
The CertStore that is returned is initialized with the
specified CertStoreParameters . The type of parameters
needed may vary between different types of CertStore s.
Note that the specified CertStoreParameters object is
cloned.
try {
Instance instance = GetInstance.getInstance("CertStore",
CertStoreSpi.class, type, params);
return new CertStore((CertStoreSpi)instance.impl,
instance.provider, type, params);
} catch (NoSuchAlgorithmException e) {
return handleException(e);
}
| public static java.security.cert.CertStore | getInstance(java.lang.String type, java.security.cert.CertStoreParameters params, java.lang.String provider)Returns a CertStore object that implements the specified
CertStore type, as supplied by the specified provider
and initialized with the specified parameters.
The CertStore that is returned is initialized with the
specified CertStoreParameters . The type of parameters
needed may vary between different types of CertStore s.
Note that the specified CertStoreParameters object is
cloned.
try {
Instance instance = GetInstance.getInstance("CertStore",
CertStoreSpi.class, type, params, provider);
return new CertStore((CertStoreSpi)instance.impl,
instance.provider, type, params);
} catch (NoSuchAlgorithmException e) {
return handleException(e);
}
| public static java.security.cert.CertStore | getInstance(java.lang.String type, java.security.cert.CertStoreParameters params, java.security.Provider provider)Returns a CertStore object that implements the specified
CertStore type, as supplied by the specified provider and
initialized with the specified parameters.
Note: the provider doesn't have to be registered.
The CertStore that is returned is initialized with the
specified CertStoreParameters . The type of parameters
needed may vary between different types of CertStore s.
Note that the specified CertStoreParameters object is
cloned.
try {
Instance instance = GetInstance.getInstance("CertStore",
CertStoreSpi.class, type, params, provider);
return new CertStore((CertStoreSpi)instance.impl,
instance.provider, type, params);
} catch (NoSuchAlgorithmException e) {
return handleException(e);
}
| public final java.security.Provider | getProvider()Returns the provider of this CertStore .
return this.provider;
| public final java.lang.String | getType()Returns the type of this CertStore .
return this.type;
| private static java.security.cert.CertStore | handleException(java.security.NoSuchAlgorithmException e)
Throwable cause = e.getCause();
if (cause instanceof InvalidAlgorithmParameterException) {
throw (InvalidAlgorithmParameterException)cause;
}
throw e;
|
|