- java.lang.Object
-
- java.security.cert.CertStore
-
public class CertStore extends Object
A class for retrievingCertificate
s andCRL
s from a repository.This class uses a provider-based architecture. To create a
CertStore
, call one of the staticgetInstance
methods, passing in the type ofCertStore
desired, any applicable initialization parameters and optionally the name of the provider desired.Once the
CertStore
has been created, it can be used to retrieveCertificate
s andCRL
s by calling itsgetCertificates
andgetCRLs
methods.Unlike a
KeyStore
, which provides access to a cache of private keys and trusted certificates, aCertStore
is designed to provide access to a potentially vast repository of untrusted certificates and CRLs. For example, an LDAP implementation ofCertStore
provides access to certificates and CRLs stored in one or more directories using the LDAP protocol and the schema as defined in the RFC service attribute.Every implementation of the Java platform is required to support the following standard
CertStore
type:- Collection
Concurrent Access
All public methods of
CertStore
objects must be thread-safe. That is, multiple threads may concurrently invoke these methods on a singleCertStore
object (or more than one) with no ill effects. This allows aCertPathBuilder
to search for a CRL while simultaneously searching for further certificates, for instance.The static methods of this class are also guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.
- Since:
- 1.4
-
-
Constructor Summary
Constructors Modifier Constructor and Description protected
CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params)
Creates aCertStore
object of the given type, and encapsulates the given provider implementation (SPI object) in it.
-
Method Summary
Methods Modifier and Type Method and Description Collection<? extends Certificate>
getCertificates(CertSelector selector)
Returns aCollection
ofCertificate
s that match the specified selector.CertStoreParameters
getCertStoreParameters()
Returns the parameters used to initialize thisCertStore
.Collection<? extends CRL>
getCRLs(CRLSelector selector)
Returns aCollection
ofCRL
s that match the specified selector.static String
getDefaultType()
Returns the defaultCertStore
type as specified in the Java security properties file, or the string "LDAP" if no such property exists.static CertStore
getInstance(String type, CertStoreParameters params)
Returns aCertStore
object that implements the specifiedCertStore
type and is initialized with the specified parameters.static CertStore
getInstance(String type, CertStoreParameters params, Provider provider)
Returns aCertStore
object that implements the specifiedCertStore
type.static CertStore
getInstance(String type, CertStoreParameters params, String provider)
Returns aCertStore
object that implements the specifiedCertStore
type.Provider
getProvider()
Returns the provider of thisCertStore
.String
getType()
Returns the type of thisCertStore
.
-
-
-
Constructor Detail
-
CertStore
protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params)
Creates aCertStore
object of the given type, and encapsulates the given provider implementation (SPI object) in it.- Parameters:
storeSpi
- the provider implementationprovider
- the providertype
- the typeparams
- the initialization parameters (may benull
)
-
-
Method Detail
-
getCertificates
public final Collection<? extends Certificate> getCertificates(CertSelector selector) throws CertStoreException
Returns aCollection
ofCertificate
s that match the specified selector. If noCertificate
s match the selector, an emptyCollection
will be returned.For some
CertStore
types, the resultingCollection
may not contain all of theCertificate
s that match the selector. For instance, an LDAPCertStore
may not search all entries in the directory. Instead, it may just search entries that are likely to contain theCertificate
s it is looking for.Some
CertStore
implementations (especially LDAPCertStore
s) may throw aCertStoreException
unless a non-nullCertSelector
is provided that includes specific criteria that can be used to find the certificates. Issuer and/or subject names are especially useful criteria.- Parameters:
selector
- ACertSelector
used to select whichCertificate
s should be returned. Specifynull
to return allCertificate
s (if supported).- Returns:
- A
Collection
ofCertificate
s that match the specified selector (nevernull
) - Throws:
CertStoreException
- if an exception occurs
-
getCRLs
public final Collection<? extends CRL> getCRLs(CRLSelector selector) throws CertStoreException
Returns aCollection
ofCRL
s that match the specified selector. If noCRL
s match the selector, an emptyCollection
will be returned.For some
CertStore
types, the resultingCollection
may not contain all of theCRL
s that match the selector. For instance, an LDAPCertStore
may not search all entries in the directory. Instead, it may just search entries that are likely to contain theCRL
s it is looking for.Some
CertStore
implementations (especially LDAPCertStore
s) may throw aCertStoreException
unless a non-nullCRLSelector
is provided that includes specific criteria that can be used to find the CRLs. Issuer names and/or the certificate to be checked are especially useful.- Parameters:
selector
- ACRLSelector
used to select whichCRL
s should be returned. Specifynull
to return allCRL
s (if supported).- Returns:
- A
Collection
ofCRL
s that match the specified selector (nevernull
) - Throws:
CertStoreException
- if an exception occurs
-
getInstance
public static CertStore getInstance(String type, CertStoreParameters params) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
Returns aCertStore
object that implements the specifiedCertStore
type and is initialized with the specified parameters.This method traverses the list of registered security Providers, starting with the most preferred Provider. A new CertStore object encapsulating the CertStoreSpi implementation from the first Provider that supports the specified type is returned.
Note that the list of registered providers may be retrieved via the
Security.getProviders()
method.The
CertStore
that is returned is initialized with the specifiedCertStoreParameters
. The type of parameters needed may vary between different types ofCertStore
s. Note that the specifiedCertStoreParameters
object is cloned.- Parameters:
type
- the name of the requestedCertStore
type. See the CertStore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard types.params
- the initialization parameters (may benull
).- Returns:
- a
CertStore
object that implements the specifiedCertStore
type. - Throws:
NoSuchAlgorithmException
- if no Provider supports a CertStoreSpi implementation for the specified type.InvalidAlgorithmParameterException
- if the specified initialization parameters are inappropriate for thisCertStore
.- See Also:
Provider
-
getInstance
public static CertStore getInstance(String type, CertStoreParameters params, String provider) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException
Returns aCertStore
object that implements the specifiedCertStore
type.A new CertStore object encapsulating the CertStoreSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.
Note that the list of registered providers may be retrieved via the
Security.getProviders()
method.The
CertStore
that is returned is initialized with the specifiedCertStoreParameters
. The type of parameters needed may vary between different types ofCertStore
s. Note that the specifiedCertStoreParameters
object is cloned.- Parameters:
type
- the requestedCertStore
type. See the CertStore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard types.params
- the initialization parameters (may benull
).provider
- the name of the provider.- Returns:
- a
CertStore
object that implements the specified type. - Throws:
NoSuchAlgorithmException
- if a CertStoreSpi implementation for the specified type is not available from the specified provider.InvalidAlgorithmParameterException
- if the specified initialization parameters are inappropriate for thisCertStore
.NoSuchProviderException
- if the specified provider is not registered in the security provider list.IllegalArgumentException
- if theprovider
is null or empty.- See Also:
Provider
-
getInstance
public static CertStore getInstance(String type, CertStoreParameters params, Provider provider) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
Returns aCertStore
object that implements the specifiedCertStore
type.A new CertStore object encapsulating the CertStoreSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.
The
CertStore
that is returned is initialized with the specifiedCertStoreParameters
. The type of parameters needed may vary between different types ofCertStore
s. Note that the specifiedCertStoreParameters
object is cloned.- Parameters:
type
- the requestedCertStore
type. See the CertStore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard types.params
- the initialization parameters (may benull
).provider
- the provider.- Returns:
- a
CertStore
object that implements the specified type. - Throws:
NoSuchAlgorithmException
- if a CertStoreSpi implementation for the specified type is not available from the specified Provider object.InvalidAlgorithmParameterException
- if the specified initialization parameters are inappropriate for thisCertStore
IllegalArgumentException
- if theprovider
is null.- See Also:
Provider
-
getCertStoreParameters
public final CertStoreParameters getCertStoreParameters()
Returns the parameters used to initialize thisCertStore
. Note that theCertStoreParameters
object is cloned before it is returned.- Returns:
- the parameters used to initialize this
CertStore
(may benull
)
-
getType
public final String getType()
Returns the type of thisCertStore
.- Returns:
- the type of this
CertStore
-
getProvider
public final Provider getProvider()
Returns the provider of thisCertStore
.- Returns:
- the provider of this
CertStore
-
getDefaultType
public static final String getDefaultType()
Returns the defaultCertStore
type as specified in the Java security properties file, or the string "LDAP" if no such property exists. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security. <JAVA_HOME> refers to the value of the java.home system property, and specifies the directory where the JRE is installed.The default
CertStore
type can be used by applications that do not want to use a hard-coded type when calling one of thegetInstance
methods, and want to provide a defaultCertStore
type in case a user does not specify its own.The default
CertStore
type can be changed by setting the value of the "certstore.type" security property (in the Java security properties file) to the desired type.- Returns:
- the default
CertStore
type as specified in the Java security properties file, or the string "LDAP" if no such property exists.
-
-
Document created the 11/06/2005, last modified the 04/03/2020
Source of the printed document:https://www.gaudry.be/en/java-api-rf-java/security/cert/certstore.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.