java.security.cert: public class: CertStore

java.security.cert
public class: CertStore [javadoc | source]

java.lang.Object
   java.security.cert.CertStore

A class for retrieving Certificates and CRLs from a repository.

This class uses a provider-based architecture. To create a CertStore, call one of the static getInstance methods, passing in the type of CertStore desired, any applicable initialization parameters and optionally the name of the provider desired.

Once the CertStore has been created, it can be used to retrieve Certificates and CRLs by calling its getCertificates and getCRLs methods.

Unlike a KeyStore , which provides access to a cache of private keys and trusted certificates, a CertStore is designed to provide access to a potentially vast repository of untrusted certificates and CRLs. For example, an LDAP implementation of CertStore provides access to certificates and CRLs stored in one or more directories using the LDAP protocol and the schema as defined in the RFC service attribute. See Appendix A in the Java Certification Path API Programmer's Guide for more information about standard CertStore types.

Concurrent Access

All public methods of CertStore objects must be thread-safe. That is, multiple threads may concurrently invoke these methods on a single CertStore object (or more than one) with no ill effects. This allows a CertPathBuilder to search for a CRL while simultaneously searching for further certificates, for instance.

The static methods of this class are also guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.

since: 1.4 -

author: Sean - Mullan, Steve Hanna

Constructor:

Constructor:
protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params) { this.storeSpi = storeSpi; this.provider = provider; this.type = type; if (params != null) this.params = (CertStoreParameters) params.clone(); } Creates a `CertStore` object of the given type, and encapsulates the given provider implementation (SPI object) in it. Parameters: `storeSpi` - the provider implementation `provider` - the provider `type` - the type `params` - the initialization parameters (may be `null`)

 protected CertStore(CertStoreSpi storeSpi,
    Provider provider,
    String type,
    CertStoreParameters params) {
                                                
        this.storeSpi = storeSpi;
        this.provider = provider;
        this.type = type;
        if (params != null)
            this.params = (CertStoreParameters) params.clone();
}

CertStore

Parameters:

storeSpi - the provider implementation

provider - the provider

type - the type

params - the initialization parameters (may be null)

Method from java.security.cert.CertStore Summary:
getCRLs, getCertStoreParameters, getCertificates, getDefaultType, getInstance, getInstance, getInstance, getProvider, getType

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from java.security.cert.CertStore Detail:
public final Collection getCRLs(CRLSelector selector) throws CertStoreException { return storeSpi.engineGetCRLs(selector); } Returns a `Collection` of `CRL`s that match the specified selector. If no `CRL`s match the selector, an empty `Collection` will be returned. For some `CertStore` types, the resulting `Collection` may not contain all of the `CRL`s that match the selector. For instance, an LDAP `CertStore` may not search all entries in the directory. Instead, it may just search entries that are likely to contain the `CRL`s it is looking for. Some `CertStore` implementations (especially LDAP `CertStore`s) may throw a `CertStoreException` unless a non-null `CRLSelector` is provided that includes specific criteria that can be used to find the CRLs. Issuer names and/or the certificate to be checked are especially useful.
public final CertStoreParameters getCertStoreParameters() { return (params == null ? null : (CertStoreParameters) params.clone()); } Returns the parameters used to initialize this `CertStore`. Note that the `CertStoreParameters` object is cloned before it is returned.
public final Collection getCertificates(CertSelector selector) throws CertStoreException { return storeSpi.engineGetCertificates(selector); } Returns a `Collection` of `Certificate`s that match the specified selector. If no `Certificate`s match the selector, an empty `Collection` will be returned. For some `CertStore` types, the resulting `Collection` may not contain all of the `Certificate`s that match the selector. For instance, an LDAP `CertStore` may not search all entries in the directory. Instead, it may just search entries that are likely to contain the `Certificate`s it is looking for. Some `CertStore` implementations (especially LDAP `CertStore`s) may throw a `CertStoreException` unless a non-null `CertSelector` is provided that includes specific criteria that can be used to find the certificates. Issuer and/or subject names are especially useful criteria.
public static final String getDefaultType() { String cstype; cstype = AccessController.doPrivileged(new PrivilegedAction< String >() { public String run() { return Security.getProperty(CERTSTORE_TYPE); } }); if (cstype == null) { cstype = "LDAP"; } return cstype; } Returns the default `CertStore` type as specified in the Java security properties file, or the string "LDAP" if no such property exists. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security. <JAVA_HOME> refers to the value of the java.home system property, and specifies the directory where the JRE is installed. The default `CertStore` type can be used by applications that do not want to use a hard-coded type when calling one of the `getInstance` methods, and want to provide a default `CertStore` type in case a user does not specify its own. The default `CertStore` type can be changed by setting the value of the "certstore.type" security property (in the Java security properties file) to the desired type.
public static CertStore getInstance(String type, CertStoreParameters params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { try { Instance instance = GetInstance.getInstance("CertStore", CertStoreSpi.class, type, params); return new CertStore((CertStoreSpi)instance.impl, instance.provider, type, params); } catch (NoSuchAlgorithmException e) { return handleException(e); } } Returns a `CertStore` object that implements the specified `CertStore` type and is initialized with the specified parameters. This method traverses the list of registered security Providers, starting with the most preferred Provider. A new CertStore object encapsulating the CertStoreSpi implementation from the first Provider that supports the specified type is returned. Note that the list of registered providers may be retrieved via the Security.getProviders() method. The `CertStore` that is returned is initialized with the specified `CertStoreParameters`. The type of parameters needed may vary between different types of `CertStore`s. Note that the specified `CertStoreParameters` object is cloned.
public static CertStore getInstance(String type, CertStoreParameters params, String provider) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { try { Instance instance = GetInstance.getInstance("CertStore", CertStoreSpi.class, type, params, provider); return new CertStore((CertStoreSpi)instance.impl, instance.provider, type, params); } catch (NoSuchAlgorithmException e) { return handleException(e); } } Returns a `CertStore` object that implements the specified `CertStore` type. A new CertStore object encapsulating the CertStoreSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list. Note that the list of registered providers may be retrieved via the Security.getProviders() method. The `CertStore` that is returned is initialized with the specified `CertStoreParameters`. The type of parameters needed may vary between different types of `CertStore`s. Note that the specified `CertStoreParameters` object is cloned.
public static CertStore getInstance(String type, CertStoreParameters params, Provider provider) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { try { Instance instance = GetInstance.getInstance("CertStore", CertStoreSpi.class, type, params, provider); return new CertStore((CertStoreSpi)instance.impl, instance.provider, type, params); } catch (NoSuchAlgorithmException e) { return handleException(e); } } Returns a `CertStore` object that implements the specified `CertStore` type. A new CertStore object encapsulating the CertStoreSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list. The `CertStore` that is returned is initialized with the specified `CertStoreParameters`. The type of parameters needed may vary between different types of `CertStore`s. Note that the specified `CertStoreParameters` object is cloned.
public final Provider getProvider() { return this.provider; } Returns the provider of this `CertStore`.
public final String getType() { return this.type; } Returns the type of this `CertStore`.

Method from java.security.cert.CertStore Detail:

 public final Collection getCRLs(CRLSelector selector) throws CertStoreException {
        return storeSpi.engineGetCRLs(selector);
}

Collection

CRL

Collection

For some CertStore types, the resulting Collection may not contain all of the CRLs that match the selector. For instance, an LDAP CertStore may not search all entries in the directory. Instead, it may just search entries that are likely to contain the CRLs it is looking for.

Some CertStore implementations (especially LDAP CertStores) may throw a CertStoreException unless a non-null CRLSelector is provided that includes specific criteria that can be used to find the CRLs. Issuer names and/or the certificate to be checked are especially useful.

 public final CertStoreParameters getCertStoreParameters() {
        return (params == null ? null : (CertStoreParameters) params.clone());
}

CertStore

CertStoreParameters

 public final Collection getCertificates(CertSelector selector) throws CertStoreException {
        return storeSpi.engineGetCertificates(selector);
}

Collection

Certificate

Collection

For some CertStore types, the resulting Collection may not contain all of the Certificates that match the selector. For instance, an LDAP CertStore may not search all entries in the directory. Instead, it may just search entries that are likely to contain the Certificates it is looking for.

Some CertStore implementations (especially LDAP CertStores) may throw a CertStoreException unless a non-null CertSelector is provided that includes specific criteria that can be used to find the certificates. Issuer and/or subject names are especially useful criteria.

 public static final String getDefaultType() {
        String cstype;
        cstype = AccessController.doPrivileged(new PrivilegedAction< String >() {
            public String run() {
                return Security.getProperty(CERTSTORE_TYPE);
            }
        });
        if (cstype == null) {
            cstype = "LDAP";
        }
        return cstype;
}

CertStore

The default CertStore type can be used by applications that do not want to use a hard-coded type when calling one of the getInstance methods, and want to provide a default CertStore type in case a user does not specify its own.

The default CertStore type can be changed by setting the value of the "certstore.type" security property (in the Java security properties file) to the desired type.

 public static CertStore getInstance(String type,
    CertStoreParameters params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        try {
            Instance instance = GetInstance.getInstance("CertStore",
                CertStoreSpi.class, type, params);
            return new CertStore((CertStoreSpi)instance.impl,
                instance.provider, type, params);
        } catch (NoSuchAlgorithmException e) {
            return handleException(e);
        }
}

CertStore

This method traverses the list of registered security Providers, starting with the most preferred Provider. A new CertStore object encapsulating the CertStoreSpi implementation from the first Provider that supports the specified type is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

The CertStore that is returned is initialized with the specified CertStoreParameters. The type of parameters needed may vary between different types of CertStores. Note that the specified CertStoreParameters object is cloned.

 public static CertStore getInstance(String type,
    CertStoreParameters params,
    String provider) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        try {
            Instance instance = GetInstance.getInstance("CertStore",
                CertStoreSpi.class, type, params, provider);
            return new CertStore((CertStoreSpi)instance.impl,
                instance.provider, type, params);
        } catch (NoSuchAlgorithmException e) {
            return handleException(e);
        }
}

CertStore

A new CertStore object encapsulating the CertStoreSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

 public static CertStore getInstance(String type,
    CertStoreParameters params,
    Provider provider) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        try {
            Instance instance = GetInstance.getInstance("CertStore",
                CertStoreSpi.class, type, params, provider);
            return new CertStore((CertStoreSpi)instance.impl,
                instance.provider, type, params);
        } catch (NoSuchAlgorithmException e) {
            return handleException(e);
        }
}

CertStore

A new CertStore object encapsulating the CertStoreSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

 public final Provider getProvider() {
        return this.provider;
}

CertStore

 public final String getType() {
        return this.type;
}

CertStore