- java.lang.Object
- 
- java.security.cert.CertStore
 
- 
 public class CertStore extends Object A class for retrievingCertificates andCRLs from a repository.This class uses a provider-based architecture. To create a CertStore, call one of the staticgetInstancemethods, passing in the type ofCertStoredesired, any applicable initialization parameters and optionally the name of the provider desired.Once the CertStorehas been created, it can be used to retrieveCertificates andCRLs by calling itsgetCertificatesandgetCRLsmethods.Unlike a KeyStore, which provides access to a cache of private keys and trusted certificates, aCertStoreis designed to provide access to a potentially vast repository of untrusted certificates and CRLs. For example, an LDAP implementation ofCertStoreprovides access to certificates and CRLs stored in one or more directories using the LDAP protocol and the schema as defined in the RFC service attribute.Every implementation of the Java platform is required to support the following standard CertStoretype:- Collection
 Concurrent Access All public methods of CertStoreobjects must be thread-safe. That is, multiple threads may concurrently invoke these methods on a singleCertStoreobject (or more than one) with no ill effects. This allows aCertPathBuilderto search for a CRL while simultaneously searching for further certificates, for instance.The static methods of this class are also guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects. - Since:
- 1.4
 
- 
- 
Constructor SummaryConstructors Modifier Constructor Description protectedCertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params)Creates aCertStoreobject of the given type, and encapsulates the given provider implementation (SPI object) in it.
 - 
Method SummaryAll Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description Collection<? extends Certificate>getCertificates(CertSelector selector)Returns aCollectionofCertificates that match the specified selector.CertStoreParametersgetCertStoreParameters()Returns the parameters used to initialize thisCertStore.Collection<? extends CRL>getCRLs(CRLSelector selector)Returns aCollectionofCRLs that match the specified selector.static StringgetDefaultType()Returns the defaultCertStoretype as specified by thecertstore.typesecurity property, or the string "LDAP" if no such property exists.static CertStoregetInstance(String type, CertStoreParameters params)Returns aCertStoreobject that implements the specifiedCertStoretype and is initialized with the specified parameters.static CertStoregetInstance(String type, CertStoreParameters params, String provider)Returns aCertStoreobject that implements the specifiedCertStoretype.static CertStoregetInstance(String type, CertStoreParameters params, Provider provider)Returns aCertStoreobject that implements the specifiedCertStoretype.ProvidergetProvider()Returns the provider of thisCertStore.StringgetType()Returns the type of thisCertStore.
 
- 
- 
- 
Constructor Detail- 
CertStoreprotected CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params) Creates aCertStoreobject of the given type, and encapsulates the given provider implementation (SPI object) in it.- Parameters:
- storeSpi- the provider implementation
- provider- the provider
- type- the type
- params- the initialization parameters (may be- null)
 
 
- 
 - 
Method Detail- 
getCertificatespublic final Collection<? extends Certificate> getCertificates(CertSelector selector) throws CertStoreException Returns aCollectionofCertificates that match the specified selector. If noCertificates match the selector, an emptyCollectionwill be returned.For some CertStoretypes, the resultingCollectionmay not contain all of theCertificates that match the selector. For instance, an LDAPCertStoremay not search all entries in the directory. Instead, it may just search entries that are likely to contain theCertificates it is looking for.Some CertStoreimplementations (especially LDAPCertStores) may throw aCertStoreExceptionunless a non-nullCertSelectoris provided that includes specific criteria that can be used to find the certificates. Issuer and/or subject names are especially useful criteria.- Parameters:
- selector- A- CertSelectorused to select which- Certificates should be returned. Specify- nullto return all- Certificates (if supported).
- Returns:
- A CollectionofCertificates that match the specified selector (nevernull)
- Throws:
- CertStoreException- if an exception occurs
 
 - 
getCRLspublic final Collection<? extends CRL> getCRLs(CRLSelector selector) throws CertStoreException Returns aCollectionofCRLs that match the specified selector. If noCRLs match the selector, an emptyCollectionwill be returned.For some CertStoretypes, the resultingCollectionmay not contain all of theCRLs that match the selector. For instance, an LDAPCertStoremay not search all entries in the directory. Instead, it may just search entries that are likely to contain theCRLs it is looking for.Some CertStoreimplementations (especially LDAPCertStores) may throw aCertStoreExceptionunless a non-nullCRLSelectoris provided that includes specific criteria that can be used to find the CRLs. Issuer names and/or the certificate to be checked are especially useful.- Parameters:
- selector- A- CRLSelectorused to select which- CRLs should be returned. Specify- nullto return all- CRLs (if supported).
- Returns:
- A CollectionofCRLs that match the specified selector (nevernull)
- Throws:
- CertStoreException- if an exception occurs
 
 - 
getInstancepublic static CertStore getInstance(String type, CertStoreParameters params) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException Returns aCertStoreobject that implements the specifiedCertStoretype and is initialized with the specified parameters.This method traverses the list of registered security Providers, starting with the most preferred Provider. A new CertStore object encapsulating the CertStoreSpi implementation from the first Provider that supports the specified type is returned. Note that the list of registered providers may be retrieved via the Security.getProviders()method.The CertStorethat is returned is initialized with the specifiedCertStoreParameters. The type of parameters needed may vary between different types ofCertStores. Note that the specifiedCertStoreParametersobject is cloned.- Implementation Note:
- The JDK Reference Implementation additionally uses the
 jdk.security.provider.preferredSecurityproperty to determine the preferred provider order for the specified algorithm. This may be different than the order of providers returned bySecurity.getProviders().
- Parameters:
- type- the name of the requested- CertStoretype. See the CertStore section in the Java Security Standard Algorithm Names Specification for information about standard types.
- params- the initialization parameters (may be- null).
- Returns:
- a CertStoreobject that implements the specifiedCertStoretype
- Throws:
- InvalidAlgorithmParameterException- if the specified initialization parameters are inappropriate for this- CertStore
- NoSuchAlgorithmException- if no- Providersupports a- CertStoreSpiimplementation for the specified type
- NullPointerException- if- typeis- null
- See Also:
- Provider
 
 - 
getInstancepublic static CertStore getInstance(String type, CertStoreParameters params, String provider) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException Returns aCertStoreobject that implements the specifiedCertStoretype.A new CertStore object encapsulating the CertStoreSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list. Note that the list of registered providers may be retrieved via the Security.getProviders()method.The CertStorethat is returned is initialized with the specifiedCertStoreParameters. The type of parameters needed may vary between different types ofCertStores. Note that the specifiedCertStoreParametersobject is cloned.- Parameters:
- type- the requested- CertStoretype. See the CertStore section in the Java Security Standard Algorithm Names Specification for information about standard types.
- params- the initialization parameters (may be- null).
- provider- the name of the provider.
- Returns:
- a CertStoreobject that implements the specified type
- Throws:
- IllegalArgumentException- if the- provideris- nullor empty
- InvalidAlgorithmParameterException- if the specified initialization parameters are inappropriate for this- CertStore
- NoSuchAlgorithmException- if a- CertStoreSpiimplementation for the specified type is not available from the specified provider
- NoSuchProviderException- if the specified provider is not registered in the security provider list
- NullPointerException- if- typeis- null
- See Also:
- Provider
 
 - 
getInstancepublic static CertStore getInstance(String type, CertStoreParameters params, Provider provider) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException Returns aCertStoreobject that implements the specifiedCertStoretype.A new CertStore object encapsulating the CertStoreSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list. The CertStorethat is returned is initialized with the specifiedCertStoreParameters. The type of parameters needed may vary between different types ofCertStores. Note that the specifiedCertStoreParametersobject is cloned.- Parameters:
- type- the requested- CertStoretype. See the CertStore section in the Java Security Standard Algorithm Names Specification for information about standard types.
- params- the initialization parameters (may be- null).
- provider- the provider.
- Returns:
- a CertStoreobject that implements the specified type
- Throws:
- IllegalArgumentException- if the- provideris null
- InvalidAlgorithmParameterException- if the specified initialization parameters are inappropriate for this- CertStore
- NoSuchAlgorithmException- if a- CertStoreSpiimplementation for the specified type is not available from the specified Provider object
- NullPointerException- if- typeis- null
- See Also:
- Provider
 
 - 
getCertStoreParameterspublic final CertStoreParameters getCertStoreParameters() Returns the parameters used to initialize thisCertStore. Note that theCertStoreParametersobject is cloned before it is returned.- Returns:
- the parameters used to initialize this CertStore(may benull)
 
 - 
getTypepublic final String getType() Returns the type of thisCertStore.- Returns:
- the type of this CertStore
 
 - 
getProviderpublic final Provider getProvider() Returns the provider of thisCertStore.- Returns:
- the provider of this CertStore
 
 - 
getDefaultTypepublic static final String getDefaultType() Returns the defaultCertStoretype as specified by thecertstore.typesecurity property, or the string "LDAP" if no such property exists.The default CertStoretype can be used by applications that do not want to use a hard-coded type when calling one of thegetInstancemethods, and want to provide a defaultCertStoretype in case a user does not specify its own.The default CertStoretype can be changed by setting the value of thecertstore.typesecurity property to the desired type.- Returns:
- the default CertStoretype as specified by thecertstore.typesecurity property, or the string "LDAP" if no such property exists.
- See Also:
- security properties
 
 
- 
 
-