|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.cert.CertStore
A class for retrieving Certificate
s and CRL
s
from a repository.
This class uses a provider-based architecture, as described in the
Java Cryptography Architecture.
To create a CertStore
, call one of the static
getInstance
methods, passing in the type of
CertStore
desired and optionally the name of the
provider desired. Then call the init
method to initialize the CertStore
.
Once the CertStore
has been initialized, it
can be used to retrieve Certificate
s and CRL
s
by calling its
getCertificates
and
getCRLs
methods.
Unlike a KeyStore
, which provides access
to a cache of private keys and trusted certificates, a
CertStore
is designed to provide access to a potentially
vast repository of untrusted certificates and CRLs. For example, an LDAP
implementation of CertStore
provides access to certificates
and CRLs stored in one or more directories using the LDAP protocol and the
schema as defined in the RFC service attribute. See Appendix A in the
Java Certification Path API Specification for more information about
standard CertStore
types.
Concurrent Access
The getCertificates
and getCRLs
methods of all
CertStore
objects must be thread-safe. That is, multiple
threads may concurrently invoke these methods on a
single CertStore
object (or more than one) with no
ill effects. This allows a CertPathBuilder
to search for a
CRL while simultaneously searching for further certificates, for instance.
The static methods of this class are also guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.
The init
method should not be called concurrently with any
other method nor should multiple threads invoke the init
method
concurrently on a single CertStore
object. Otherwise, the
results are undefined.
Constructor Summary | |
protected |
CertStore(CertStoreSpi storeSpi,
Provider provider,
String type)
Creates a CertStore object of the given type, and
encapsulates the given provider implementation (SPI object) in it. |
Method Summary | |
Collection |
getCertificates(CertSelector selector)
Returns a Collection of Certificate s that
match the specified selector. |
Collection |
getCRLs(CRLSelector selector)
Returns a Collection of CRL s that
match the specified selector. |
static String |
getDefaultType()
Returns the default CertStore type as specified in the
Java security properties file, or the string "LDAP" if no
such property exists. |
static CertStore |
getInstance(String type)
Returns a CertStore object that implements the specified
CertStore type. |
static CertStore |
getInstance(String type,
String provider)
Creates a CertStore object that implements the specified
CertStore type, as supplied by the specified provider. |
Provider |
getProvider()
Returns the provider of this CertStore . |
String |
getType()
Returns the type of this CertStore . |
void |
init(CertStoreParameters params)
Initializes this CertStore with the specified parameters. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
protected CertStore(CertStoreSpi storeSpi, Provider provider, String type)
CertStore
object of the given type, and
encapsulates the given provider implementation (SPI object) in it.storeSpi
- the provider implementationprovider
- the providertype
- the typeMethod Detail |
public final Collection getCertificates(CertSelector selector) throws CertStoreException
Collection
of Certificate
s that
match the specified selector. If no Certificate
s
match the selector, an empty Collection
will be returned.
For some CertStore
types, the resulting
Collection
may not contain all of the
Certificate
s that match the selector. For instance,
an LDAP CertStore
may not search all entries in the
directory. Instead, it may just search entries that are likely to
contain the Certificate
s it is looking for.
Some CertStore
implementations (especially LDAP
CertStore
s) may throw a CertStoreException
unless a non-null CertSelector
is provided that
includes specific criteria that can be used to find the certificates.
Issuer and/or subject names are especially useful criteria.
selector
- A CertSelector
used to select which
Certificate
s should be returned. Specify null
to return all Certificate
s (if supported).Collection
of Certificate
s that
match the specified selector (never null
)CertStoreException
- if an exception occurspublic final Collection getCRLs(CRLSelector selector) throws CertStoreException
Collection
of CRL
s that
match the specified selector. If no CRL
s
match the selector, an empty Collection
will be returned.
For some CertStore
types, the resulting
Collection
may not contain all of the
CRL
s that match the selector. For instance,
an LDAP CertStore
may not search all entries in the
directory. Instead, it may just search entries that are likely to
contain the CRL
s it is looking for.
Some CertStore
implementations (especially LDAP
CertStore
s) may throw a CertStoreException
unless a non-null CRLSelector
is provided that
includes specific criteria that can be used to find the CRLs.
Issuer names and/or the certificate to be checked are especially useful.
selector
- A CRLSelector
used to select which
CRL
s should be returned. Specify null
to return all CRL
s (if supported).Collection
of CRL
s that
match the specified selector (never null
)CertStoreException
- if an exception occurspublic static CertStore getInstance(String type) throws NoSuchAlgorithmException
CertStore
object that implements the specified
CertStore
type.
If the default provider package provides an implementation
of the specified CertStore
type, an instance of
CertStore
containing that implementation is returned.
If the requested type is not available in the default package, other
packages are searched.
type
- the name of the requested CertStore
typeCertStore
object that implements the specified
CertStore
typeNoSuchAlgorithmException
- if the requested type is not
available in the default provider package or any of the other provider
packages that were searchedpublic static CertStore getInstance(String type, String provider) throws NoSuchAlgorithmException, NoSuchProviderException
CertStore
object that implements the specified
CertStore
type, as supplied by the specified provider.type
- the requested CertStore typeprovider
- the name of the providerCertStore
object that implements the
specified type, as supplied by the specified providerNoSuchAlgorithmException
- if the requested type is not
available from the specified providerNoSuchProviderException
- if the provider has not been configuredpublic final void init(CertStoreParameters params) throws InvalidAlgorithmParameterException
CertStore
with the specified parameters.
The type of parameters needed may vary between different
types of CertStores
.
If this method is called while another thread is concurrently calling
the getCertificates
or getCRLs
method on the
same CertStore
object, the results are undefined.
params
- the algorithm parametersInvalidAlgorithmParameterException
- if the given
algorithm parameters are inappropriate for this CertStore
public final String getType()
CertStore
.CertStore
public final Provider getProvider()
CertStore
.CertStore
public static final String getDefaultType()
CertStore
type as specified in the
Java security properties file, or the string "LDAP" if no
such property exists. The Java security properties file is located in
the file named <JAVA_HOME>/lib/security/java.security, where
<JAVA_HOME> refers to the directory where the SDK was installed.
The default CertStore
type can be used by applications
that do not want to use a hard-coded type when calling one of the
getInstance
methods, and want to provide a default
CertStore
type in case a user does not specify its own.
The default CertStore
type can be changed by setting
the value of the "certstore.type" security property (in the Java
security properties file) to the desired type.
CertStore
type as specified in the
Java security properties file, or the string "LDAP"
if no such property exists.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |