java.security.cert
Class CertStore

java.lang.Object
  |
  +--java.security.cert.CertStore

public class CertStore
extends Object

A class for retrieving Certificates and CRLs from a repository.

This class uses a provider-based architecture, as described in the Java Cryptography Architecture. To create a CertStore, call one of the static getInstance methods, passing in the type of CertStore desired and optionally the name of the provider desired. Then call the init method to initialize the CertStore.

Once the CertStore has been initialized, it can be used to retrieve Certificates and CRLs by calling its getCertificates and getCRLs methods.

Unlike a KeyStore, which provides access to a cache of private keys and trusted certificates, a CertStore is designed to provide access to a potentially vast repository of untrusted certificates and CRLs. For example, an LDAP implementation of CertStore provides access to certificates and CRLs stored in one or more directories using the LDAP protocol and the schema as defined in the RFC service attribute. See Appendix A in the Java Certification Path API Specification for more information about standard CertStore types.

Concurrent Access

The getCertificates and getCRLs methods of all CertStore objects must be thread-safe. That is, multiple threads may concurrently invoke these methods on a single CertStore object (or more than one) with no ill effects. This allows a CertPathBuilder to search for a CRL while simultaneously searching for further certificates, for instance.

The static methods of this class are also guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.

The init method should not be called concurrently with any other method nor should multiple threads invoke the init method concurrently on a single CertStore object. Otherwise, the results are undefined.

Since:
1.4

Constructor Summary
protected CertStore(CertStoreSpi storeSpi, Provider provider, String type)
          Creates a CertStore object of the given type, and encapsulates the given provider implementation (SPI object) in it.
 
Method Summary
 Collection getCertificates(CertSelector selector)
          Returns a Collection of Certificates that match the specified selector.
 Collection getCRLs(CRLSelector selector)
          Returns a Collection of CRLs that match the specified selector.
static String getDefaultType()
          Returns the default CertStore type as specified in the Java security properties file, or the string "LDAP" if no such property exists.
static CertStore getInstance(String type)
          Returns a CertStore object that implements the specified CertStore type.
static CertStore getInstance(String type, String provider)
          Creates a CertStore object that implements the specified CertStore type, as supplied by the specified provider.
 Provider getProvider()
          Returns the provider of this CertStore.
 String getType()
          Returns the type of this CertStore.
 void init(CertStoreParameters params)
          Initializes this CertStore with the specified parameters.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertStore

protected CertStore(CertStoreSpi storeSpi,
                    Provider provider,
                    String type)
Creates a CertStore object of the given type, and encapsulates the given provider implementation (SPI object) in it.
Parameters:
storeSpi - the provider implementation
provider - the provider
type - the type
Method Detail

getCertificates

public final Collection getCertificates(CertSelector selector)
                                 throws CertStoreException
Returns a Collection of Certificates that match the specified selector. If no Certificates match the selector, an empty Collection will be returned.

For some CertStore types, the resulting Collection may not contain all of the Certificates that match the selector. For instance, an LDAP CertStore may not search all entries in the directory. Instead, it may just search entries that are likely to contain the Certificates it is looking for.

Some CertStore implementations (especially LDAP CertStores) may throw a CertStoreException unless a non-null CertSelector is provided that includes specific criteria that can be used to find the certificates. Issuer and/or subject names are especially useful criteria.

Parameters:
selector - A CertSelector used to select which Certificates should be returned. Specify null to return all Certificates (if supported).
Returns:
A Collection of Certificates that match the specified selector (never null)
Throws:
CertStoreException - if an exception occurs

getCRLs

public final Collection getCRLs(CRLSelector selector)
                         throws CertStoreException
Returns a Collection of CRLs that match the specified selector. If no CRLs match the selector, an empty Collection will be returned.

For some CertStore types, the resulting Collection may not contain all of the CRLs that match the selector. For instance, an LDAP CertStore may not search all entries in the directory. Instead, it may just search entries that are likely to contain the CRLs it is looking for.

Some CertStore implementations (especially LDAP CertStores) may throw a CertStoreException unless a non-null CRLSelector is provided that includes specific criteria that can be used to find the CRLs. Issuer names and/or the certificate to be checked are especially useful.

Parameters:
selector - A CRLSelector used to select which CRLs should be returned. Specify null to return all CRLs (if supported).
Returns:
A Collection of CRLs that match the specified selector (never null)
Throws:
CertStoreException - if an exception occurs

getInstance

public static CertStore getInstance(String type)
                             throws NoSuchAlgorithmException
Returns a CertStore object that implements the specified CertStore type.

If the default provider package provides an implementation of the specified CertStore type, an instance of CertStore containing that implementation is returned. If the requested type is not available in the default package, other packages are searched.

Parameters:
type - the name of the requested CertStore type
Returns:
a CertStore object that implements the specified CertStore type
Throws:
NoSuchAlgorithmException - if the requested type is not available in the default provider package or any of the other provider packages that were searched

getInstance

public static CertStore getInstance(String type,
                                    String provider)
                             throws NoSuchAlgorithmException,
                                    NoSuchProviderException
Creates a CertStore object that implements the specified CertStore type, as supplied by the specified provider.
Parameters:
type - the requested CertStore type
provider - the name of the provider
Returns:
a CertStore object that implements the specified type, as supplied by the specified provider
Throws:
NoSuchAlgorithmException - if the requested type is not available from the specified provider
NoSuchProviderException - if the provider has not been configured

init

public final void init(CertStoreParameters params)
                throws InvalidAlgorithmParameterException
Initializes this CertStore with the specified parameters. The type of parameters needed may vary between different types of CertStores.

If this method is called while another thread is concurrently calling the getCertificates or getCRLs method on the same CertStore object, the results are undefined.

Parameters:
params - the algorithm parameters
Throws:
InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this CertStore

getType

public final String getType()
Returns the type of this CertStore.
Returns:
the type of this CertStore

getProvider

public final Provider getProvider()
Returns the provider of this CertStore.
Returns:
the provider of this CertStore

getDefaultType

public static final String getDefaultType()
Returns the default CertStore type as specified in the Java security properties file, or the string "LDAP" if no such property exists. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the SDK was installed.

The default CertStore type can be used by applications that do not want to use a hard-coded type when calling one of the getInstance methods, and want to provide a default CertStore type in case a user does not specify its own.

The default CertStore type can be changed by setting the value of the "certstore.type" security property (in the Java security properties file) to the desired type.

Returns:
the default CertStore type as specified in the Java security properties file, or the string "LDAP" if no such property exists.


Submit comments/suggestions about this API.
Copyright 1998-2000 Sun Microsystems, Inc. 901 San Antonio Road,
Palo Alto, California, 94303, U.S.A. All Rights Reserved.