| |
|
| java.lang.Object
 java.security.cert.CertStore
| CertStore | | public class CertStore (Code) | | A class for retrieving Certificates and CRLs
from a repository.
This class uses a provider-based architecture.
To create a CertStore, call one of the static
getInstance methods, passing in the type of
CertStore desired, any applicable initialization parameters
and optionally the name of the provider desired.
Once the CertStore has been created, it can be used to
retrieve Certificates and CRLs by calling its
CertStore.getCertificates(CertSelector selector) getCertificates and
CertStore.getCRLs(CRLSelector selector) getCRLs methods.
Unlike a
java.security.KeyStore KeyStore , which provides access
to a cache of private keys and trusted certificates, a
CertStore is designed to provide access to a potentially
vast repository of untrusted certificates and CRLs. For example, an LDAP
implementation of CertStore provides access to certificates
and CRLs stored in one or more directories using the LDAP protocol and the
schema as defined in the RFC service attribute. See Appendix A in the
Java Certification Path API Programmer's Guide for more information about
standard CertStore types.
Concurrent Access
All public methods of CertStore objects must be thread-safe.
That is, multiple threads may concurrently invoke these methods on a
single CertStore object (or more than one) with no
ill effects. This allows a CertPathBuilder to search for a
CRL while simultaneously searching for further certificates, for instance.
The static methods of this class are also guaranteed to be thread-safe.
Multiple threads may concurrently invoke the static methods defined in
this class with no ill effects.
version:
1.24 05/05/07
since:
1.4
author:
Sean Mullan, Steve Hanna |
| Method Summary | |
| final public Collection<? extends CRL> | getCRLs(CRLSelector selector)
Returns a Collection of CRLs that
match the specified selector. | | final public CertStoreParameters | getCertStoreParameters()
Returns the parameters used to initialize this CertStore. | | final public Collection<? extends Certificate> | getCertificates(CertSelector selector)
Returns a Collection of Certificates that
match the specified selector. | | final public static String | getDefaultType()
Returns the default CertStore type as specified in the
Java security properties file, or the string "LDAP" if no
such property exists. | | public static CertStore | getInstance(String type, CertStoreParameters params)
Returns a CertStore object that implements the specified
CertStore type and is initialized with the specified
parameters.
This method traverses the list of registered security Providers,
starting with the most preferred Provider.
A new CertStore object encapsulating the
CertStoreSpi implementation from the first
Provider that supports the specified type is returned.
Note that the list of registered providers may be retrieved via
the
Security.getProviders Security.getProviders() method.
The CertStore that is returned is initialized with the
specified CertStoreParameters. | | public static CertStore | getInstance(String type, CertStoreParameters params, String provider)
Returns a CertStore object that implements the specified
CertStore type.
A new CertStore object encapsulating the
CertStoreSpi implementation from the specified provider
is returned. | | public static CertStore | getInstance(String type, CertStoreParameters params, Provider provider)
Returns a CertStore object that implements the specified
CertStore type.
A new CertStore object encapsulating the
CertStoreSpi implementation from the specified Provider
object is returned. | | final public Provider | getProvider()
Returns the provider of this CertStore. | | final public String | getType()
Returns the type of this CertStore. |
| CertStore | | protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params)(Code) | | Creates a CertStore object of the given type, and
encapsulates the given provider implementation (SPI object) in it.
Parameters:
storeSpi - the provider implementation
Parameters:
provider - the provider
Parameters:
type - the type
Parameters:
params - the initialization parameters (may be null) |
| getCRLs | | final public Collection<? extends CRL> getCRLs(CRLSelector selector) throws CertStoreException(Code) | | Returns a Collection of CRLs that
match the specified selector. If no CRLs
match the selector, an empty Collection will be returned.
For some CertStore types, the resulting
Collection may not contain all of the
CRLs that match the selector. For instance,
an LDAP CertStore may not search all entries in the
directory. Instead, it may just search entries that are likely to
contain the CRLs it is looking for.
Some CertStore implementations (especially LDAP
CertStores) may throw a CertStoreException
unless a non-null CRLSelector is provided that
includes specific criteria that can be used to find the CRLs.
Issuer names and/or the certificate to be checked are especially useful.
Parameters:
selector - A CRLSelector used to select whichCRLs should be returned. Specify nullto return all CRLs (if supported). A Collection of CRLs thatmatch the specified selector (never null)
throws:
CertStoreException - if an exception occurs |
| getCertStoreParameters | | final public CertStoreParameters getCertStoreParameters()(Code) | | Returns the parameters used to initialize this CertStore.
Note that the CertStoreParameters object is cloned before
it is returned.
the parameters used to initialize this CertStore(may be null) |
| getCertificates | | final public Collection<? extends Certificate> getCertificates(CertSelector selector) throws CertStoreException(Code) | | Returns a Collection of Certificates that
match the specified selector. If no Certificates
match the selector, an empty Collection will be returned.
For some CertStore types, the resulting
Collection may not contain all of the
Certificates that match the selector. For instance,
an LDAP CertStore may not search all entries in the
directory. Instead, it may just search entries that are likely to
contain the Certificates it is looking for.
Some CertStore implementations (especially LDAP
CertStores) may throw a CertStoreException
unless a non-null CertSelector is provided that
includes specific criteria that can be used to find the certificates.
Issuer and/or subject names are especially useful criteria.
Parameters:
selector - A CertSelector used to select whichCertificates should be returned. Specify nullto return all Certificates (if supported). A Collection of Certificates thatmatch the specified selector (never null)
throws:
CertStoreException - if an exception occurs |
| getDefaultType | | final public static String getDefaultType()(Code) | | Returns the default CertStore type as specified in the
Java security properties file, or the string "LDAP" if no
such property exists. The Java security properties file is located in
the file named <JAVA_HOME>/lib/security/java.security.
<JAVA_HOME> refers to the value of the java.home system property,
and specifies the directory where the JRE is installed.
The default CertStore type can be used by applications
that do not want to use a hard-coded type when calling one of the
getInstance methods, and want to provide a default
CertStore type in case a user does not specify its own.
The default CertStore type can be changed by setting
the value of the "certstore.type" security property (in the Java
security properties file) to the desired type.
the default CertStore type as specified in theJava security properties file, or the string "LDAP"if no such property exists. |
| getInstance | | public static CertStore getInstance(String type, CertStoreParameters params) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException(Code) | | Returns a CertStore object that implements the specified
CertStore type and is initialized with the specified
parameters.
This method traverses the list of registered security Providers,
starting with the most preferred Provider.
A new CertStore object encapsulating the
CertStoreSpi implementation from the first
Provider that supports the specified type is returned.
Note that the list of registered providers may be retrieved via
the
Security.getProviders Security.getProviders() method.
The CertStore that is returned is initialized with the
specified CertStoreParameters. The type of parameters
needed may vary between different types of CertStores.
Note that the specified CertStoreParameters object is
cloned.
Parameters:
type - the name of the requested CertStore type.See Appendix A in the Java Certification Path API Programmer's Guide for information about standard types.
Parameters:
params - the initialization parameters (may be null). a CertStore object that implements the specifiedCertStore type.
throws:
NoSuchAlgorithmException - if no Provider supports aCertStoreSpi implementation for the specified type.
throws:
InvalidAlgorithmParameterException - if the specifiedinitialization parameters are inappropriate for thisCertStore.
See Also: java.security.Provider |
| getInstance | | public static CertStore getInstance(String type, CertStoreParameters params, Provider provider) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException(Code) | | Returns a CertStore object that implements the specified
CertStore type.
A new CertStore object encapsulating the
CertStoreSpi implementation from the specified Provider
object is returned. Note that the specified Provider object
does not have to be registered in the provider list.
The CertStore that is returned is initialized with the
specified CertStoreParameters. The type of parameters
needed may vary between different types of CertStores.
Note that the specified CertStoreParameters object is
cloned.
Parameters:
type - the requested CertStore type.See Appendix A in the Java Certification Path API Programmer's Guide for information about standard types.
Parameters:
params - the initialization parameters (may be null).
Parameters:
provider - the provider. a CertStore object that implements thespecified type.
exception:
NoSuchAlgorithmException - if a CertStoreSpiimplementation for the specified type is not availablefrom the specified Provider object.
throws:
InvalidAlgorithmParameterException - if the specifiedinitialization parameters are inappropriate for this CertStore
exception:
IllegalArgumentException - if the provider isnull.
See Also: java.security.Provider |
| getProvider | | final public Provider getProvider()(Code) | | Returns the provider of this CertStore.
the provider of this CertStore |
| getType | | final public String getType()(Code) | | Returns the type of this CertStore.
the type of this CertStore |
|
|
|