public class CertStore extends Object
Certificate
s and CRL
s
from a repository.
This class uses a provider-based architecture.
To create a CertStore
, call one of the static
getInstance
methods, passing in the type of
CertStore
desired, any applicable initialization parameters
and optionally the name of the provider desired.
Once the CertStore
has been created, it can be used to
retrieve Certificate
s and CRL
s by calling its
getCertificates
and
getCRLs
methods.
Unlike a KeyStore
, which provides access
to a cache of private keys and trusted certificates, a
CertStore
is designed to provide access to a potentially
vast repository of untrusted certificates and CRLs. For example, an LDAP
implementation of CertStore
provides access to certificates
and CRLs stored in one or more directories using the LDAP protocol and the
schema as defined in the RFC service attribute.
Every implementation of the Java platform is required to support the
following standard CertStore
type:
Collection
Concurrent Access
All public methods of CertStore
objects must be thread-safe.
That is, multiple threads may concurrently invoke these methods on a
single CertStore
object (or more than one) with no
ill effects. This allows a CertPathBuilder
to search for a
CRL while simultaneously searching for further certificates, for instance.
The static methods of this class are also guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.
Modifier | Constructor and Description |
---|---|
protected |
CertStore(CertStoreSpi storeSpi,
Provider provider,
String type,
CertStoreParameters params)
Creates a
CertStore object of the given type, and
encapsulates the given provider implementation (SPI object) in it. |
Modifier and Type | Method and Description |
---|---|
Collection<? extends Certificate> |
getCertificates(CertSelector selector)
Returns a
Collection of Certificate s that
match the specified selector. |
CertStoreParameters |
getCertStoreParameters()
Returns the parameters used to initialize this
CertStore . |
Collection<? extends CRL> |
getCRLs(CRLSelector selector)
Returns a
Collection of CRL s that
match the specified selector. |
static String |
getDefaultType()
Returns the default
CertStore type as specified by the
certstore.type security property, or the string
"LDAP" if no such property exists. |
static CertStore |
getInstance(String type,
CertStoreParameters params)
Returns a
CertStore object that implements the specified
CertStore type and is initialized with the specified
parameters. |
static CertStore |
getInstance(String type,
CertStoreParameters params,
Provider provider)
Returns a
CertStore object that implements the specified
CertStore type. |
static CertStore |
getInstance(String type,
CertStoreParameters params,
String provider)
Returns a
CertStore object that implements the specified
CertStore type. |
Provider |
getProvider()
Returns the provider of this
CertStore . |
String |
getType()
Returns the type of this
CertStore . |
protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params)
CertStore
object of the given type, and
encapsulates the given provider implementation (SPI object) in it.storeSpi
- the provider implementationprovider
- the providertype
- the typeparams
- the initialization parameters (may be null
)public final Collection<? extends Certificate> getCertificates(CertSelector selector) throws CertStoreException
Collection
of Certificate
s that
match the specified selector. If no Certificate
s
match the selector, an empty Collection
will be returned.
For some CertStore
types, the resulting
Collection
may not contain all of the
Certificate
s that match the selector. For instance,
an LDAP CertStore
may not search all entries in the
directory. Instead, it may just search entries that are likely to
contain the Certificate
s it is looking for.
Some CertStore
implementations (especially LDAP
CertStore
s) may throw a CertStoreException
unless a non-null CertSelector
is provided that
includes specific criteria that can be used to find the certificates.
Issuer and/or subject names are especially useful criteria.
selector
- A CertSelector
used to select which
Certificate
s should be returned. Specify null
to return all Certificate
s (if supported).Collection
of Certificate
s that
match the specified selector (never null
)CertStoreException
- if an exception occurspublic final Collection<? extends CRL> getCRLs(CRLSelector selector) throws CertStoreException
Collection
of CRL
s that
match the specified selector. If no CRL
s
match the selector, an empty Collection
will be returned.
For some CertStore
types, the resulting
Collection
may not contain all of the
CRL
s that match the selector. For instance,
an LDAP CertStore
may not search all entries in the
directory. Instead, it may just search entries that are likely to
contain the CRL
s it is looking for.
Some CertStore
implementations (especially LDAP
CertStore
s) may throw a CertStoreException
unless a non-null CRLSelector
is provided that
includes specific criteria that can be used to find the CRLs.
Issuer names and/or the certificate to be checked are especially useful.
selector
- A CRLSelector
used to select which
CRL
s should be returned. Specify null
to return all CRL
s (if supported).Collection
of CRL
s that
match the specified selector (never null
)CertStoreException
- if an exception occurspublic static CertStore getInstance(String type, CertStoreParameters params) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
CertStore
object that implements the specified
CertStore
type and is initialized with the specified
parameters.
This method traverses the list of registered security Providers, starting with the most preferred Provider. A new CertStore object encapsulating the CertStoreSpi implementation from the first Provider that supports the specified type is returned.
Note that the list of registered providers may be retrieved via
the Security.getProviders()
method.
The CertStore
that is returned is initialized with the
specified CertStoreParameters
. The type of parameters
needed may vary between different types of CertStore
s.
Note that the specified CertStoreParameters
object is
cloned.
type
- the name of the requested CertStore
type.
See the CertStore section in the
Java Cryptography Architecture Standard Algorithm Name Documentation
for information about standard types.params
- the initialization parameters (may be null
).CertStore
object that implements the specified
CertStore
type.NoSuchAlgorithmException
- if no Provider supports a
CertStoreSpi implementation for the specified type.InvalidAlgorithmParameterException
- if the specified
initialization parameters are inappropriate for this
CertStore
.Provider
public static CertStore getInstance(String type, CertStoreParameters params, String provider) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException
CertStore
object that implements the specified
CertStore
type.
A new CertStore object encapsulating the CertStoreSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.
Note that the list of registered providers may be retrieved via
the Security.getProviders()
method.
The CertStore
that is returned is initialized with the
specified CertStoreParameters
. The type of parameters
needed may vary between different types of CertStore
s.
Note that the specified CertStoreParameters
object is
cloned.
type
- the requested CertStore
type.
See the CertStore section in the
Java Cryptography Architecture Standard Algorithm Name Documentation
for information about standard types.params
- the initialization parameters (may be null
).provider
- the name of the provider.CertStore
object that implements the
specified type.NoSuchAlgorithmException
- if a CertStoreSpi
implementation for the specified type is not
available from the specified provider.InvalidAlgorithmParameterException
- if the specified
initialization parameters are inappropriate for this
CertStore
.NoSuchProviderException
- if the specified provider is not
registered in the security provider list.IllegalArgumentException
- if the provider
is
null or empty.Provider
public static CertStore getInstance(String type, CertStoreParameters params, Provider provider) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
CertStore
object that implements the specified
CertStore
type.
A new CertStore object encapsulating the CertStoreSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
The CertStore
that is returned is initialized with the
specified CertStoreParameters
. The type of parameters
needed may vary between different types of CertStore
s.
Note that the specified CertStoreParameters
object is
cloned.
type
- the requested CertStore
type.
See the CertStore section in the
Java Cryptography Architecture Standard Algorithm Name Documentation
for information about standard types.params
- the initialization parameters (may be null
).provider
- the provider.CertStore
object that implements the
specified type.NoSuchAlgorithmException
- if a CertStoreSpi
implementation for the specified type is not available
from the specified Provider object.InvalidAlgorithmParameterException
- if the specified
initialization parameters are inappropriate for this
CertStore
IllegalArgumentException
- if the provider
is
null.Provider
public final CertStoreParameters getCertStoreParameters()
CertStore
.
Note that the CertStoreParameters
object is cloned before
it is returned.CertStore
(may be null
)public final String getType()
CertStore
.CertStore
public final Provider getProvider()
CertStore
.CertStore
public static final String getDefaultType()
CertStore
type as specified by the
certstore.type
security property, or the string
"LDAP" if no such property exists.
The default CertStore
type can be used by applications
that do not want to use a hard-coded type when calling one of the
getInstance
methods, and want to provide a default
CertStore
type in case a user does not specify its own.
The default CertStore
type can be changed by setting
the value of the certstore.type
security property to the
desired type.
CertStore
type as specified by the
certstore.type
security property, or the string
"LDAP" if no such property exists.security properties
Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2019, Oracle and/or its affiliates. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.