Added in API level 1

Summary: Protected Ctors | Methods | Inherited Methods

CertStore

public class CertStore
extends Object

java.lang.Object
↳	java.security.cert.CertStore

A class for retrieving Certificates and CRLs from a repository.

This class uses a provider-based architecture. To create a CertStore, call one of the static getInstance methods, passing in the type of CertStore desired, any applicable initialization parameters and optionally the name of the provider desired.

Once the CertStore has been created, it can be used to retrieve Certificates and CRLs by calling its getCertificates and getCRLs methods.

Unlike a KeyStore, which provides access to a cache of private keys and trusted certificates, a CertStore is designed to provide access to a potentially vast repository of untrusted certificates and CRLs. For example, an LDAP implementation of CertStore provides access to certificates and CRLs stored in one or more directories using the LDAP protocol and the schema as defined in the RFC service attribute.

Every implementation of the Java platform is required to support the following standard CertStore type:

Collection

This type is described in the CertStore section of the Java Security Standard Algorithm Names Specification. Consult the release documentation for your implementation to see if any other types are supported.

Concurrent Access

All public methods of CertStore objects must be thread-safe. That is, multiple threads may concurrently invoke these methods on a single CertStore object (or more than one) with no ill effects. This allows a CertPathBuilder to search for a CRL while simultaneously searching for further certificates, for instance.

The static methods of this class are also guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.

Summary

Protected constructors
`CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params)` Creates a `CertStore` object of the given type, and encapsulates the given provider implementation (SPI object) in it.

Public methods
`final Collection<? extends CRL>`	`getCRLs(CRLSelector selector)` Returns a `Collection` of `CRL`s that match the specified selector.
`final CertStoreParameters`	`getCertStoreParameters()` Returns the parameters used to initialize this `CertStore`.
`final Collection<? extends Certificate>`	`getCertificates(CertSelector selector)` Returns a `Collection` of `Certificate`s that match the specified selector.
`static final String`	`getDefaultType()` Returns the default `CertStore` type as specified by the `certstore.type` security property, or the string "LDAP" if no such property exists.
`static CertStore`	`getInstance(String type, CertStoreParameters params)` Returns a `CertStore` object that implements the specified `CertStore` type and is initialized with the specified parameters.
`static CertStore`	`getInstance(String type, CertStoreParameters params, Provider provider)` Returns a `CertStore` object that implements the specified `CertStore` type.
`static CertStore`	`getInstance(String type, CertStoreParameters params, String provider)` Returns a `CertStore` object that implements the specified `CertStore` type.
`final Provider`	`getProvider()` Returns the provider of this `CertStore`.
`final String`	`getType()` Returns the type of this `CertStore`.

Inherited methods

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Protected constructors

CertStore

Added in API level 1

protected CertStore (CertStoreSpi storeSpi, 
                Provider provider, 
                String type, 
                CertStoreParameters params)

Creates a CertStore object of the given type, and encapsulates the given provider implementation (SPI object) in it.

Parameters
`storeSpi`	`CertStoreSpi`: the provider implementation
`provider`	`Provider`: the provider
`type`	`String`: the type
`params`	`CertStoreParameters`: the initialization parameters (may be `null`)

Public methods

getCRLs

Added in API level 1

public final Collection<? extends CRL> getCRLs (CRLSelector selector)

Returns a Collection of CRLs that match the specified selector. If no CRLs match the selector, an empty Collection will be returned.

For some CertStore types, the resulting Collection may not contain all of the CRLs that match the selector. For instance, an LDAP CertStore may not search all entries in the directory. Instead, it may just search entries that are likely to contain the CRLs it is looking for.

Some CertStore implementations (especially LDAP CertStores) may throw a CertStoreException unless a non-null CRLSelector is provided that includes specific criteria that can be used to find the CRLs. Issuer names and/or the certificate to be checked are especially useful.

Parameters
`selector`	`CRLSelector`: A `CRLSelector` used to select which `CRL`s should be returned. Specify `null` to return all `CRL`s (if supported).

Returns
`Collection<? extends CRL>`	A `Collection` of `CRL`s that match the specified selector (never `null`)

Throws
`CertStoreException`	if an exception occurs

getCertStoreParameters

Added in API level 1

public final CertStoreParameters getCertStoreParameters ()

Returns the parameters used to initialize this CertStore. Note that the CertStoreParameters object is cloned before it is returned.

Returns
`CertStoreParameters`	the parameters used to initialize this `CertStore` (may be `null`)

getCertificates

Added in API level 1

public final Collection<? extends Certificate> getCertificates (CertSelector selector)

Returns a Collection of Certificates that match the specified selector. If no Certificates match the selector, an empty Collection will be returned.

For some CertStore types, the resulting Collection may not contain all of the Certificates that match the selector. For instance, an LDAP CertStore may not search all entries in the directory. Instead, it may just search entries that are likely to contain the Certificates it is looking for.

Some CertStore implementations (especially LDAP CertStores) may throw a CertStoreException unless a non-null CertSelector is provided that includes specific criteria that can be used to find the certificates. Issuer and/or subject names are especially useful criteria.

Parameters
`selector`	`CertSelector`: A `CertSelector` used to select which `Certificate`s should be returned. Specify `null` to return all `Certificate`s (if supported).

Returns
`Collection<? extends Certificate>`	A `Collection` of `Certificate`s that match the specified selector (never `null`)

Throws
`CertStoreException`	if an exception occurs

getDefaultType

Added in API level 1

public static final String getDefaultType ()

Returns the default CertStore type as specified by the certstore.type security property, or the string "LDAP" if no such property exists.

The default CertStore type can be used by applications that do not want to use a hard-coded type when calling one of the getInstance methods, and want to provide a default CertStore type in case a user does not specify its own.

The default CertStore type can be changed by setting the value of the certstore.type security property to the desired type.

Returns
`String`	the default `CertStore` type as specified by the `certstore.type` security property, or the string "LDAP" if no such property exists.

See also:

security properties

getInstance

Added in API level 1

public static CertStore getInstance (String type, 
                CertStoreParameters params)

Returns a CertStore object that implements the specified CertStore type and is initialized with the specified parameters.

This method traverses the list of registered security Providers, starting with the most preferred Provider. A new CertStore object encapsulating the CertStoreSpi implementation from the first Provider that supports the specified type is returned.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

The CertStore that is returned is initialized with the specified CertStoreParameters. The type of parameters needed may vary between different types of CertStores. Note that the specified CertStoreParameters object is cloned.

Implementation Note:

The JDK Reference Implementation additionally uses the jdk.security.provider.preferred Security property to determine the preferred provider order for the specified algorithm. This may be different than the order of providers returned by Security.getProviders().

Parameters
`type`	`String`: the name of the requested `CertStore` type. See the CertStore section in the Java Security Standard Algorithm Names Specification for information about standard types.
`params`	`CertStoreParameters`: the initialization parameters (may be `null`).

Returns
`CertStore`	a `CertStore` object that implements the specified `CertStore` type

Throws
`InvalidAlgorithmParameterException`	if the specified initialization parameters are inappropriate for this `CertStore`
`NoSuchAlgorithmException`	if no `Provider` supports a `CertStoreSpi` implementation for the specified type
`NullPointerException`	if `type` is `null`

See also:

Provider

getInstance

Added in API level 1

public static CertStore getInstance (String type, 
                CertStoreParameters params, 
                Provider provider)

Returns a CertStore object that implements the specified CertStore type.

A new CertStore object encapsulating the CertStoreSpi implementation from the specified Provider object is returned. Note that the specified Provider object does not have to be registered in the provider list.

Parameters
`type`	`String`: the requested `CertStore` type. See the CertStore section in the Java Security Standard Algorithm Names Specification for information about standard types.
`params`	`CertStoreParameters`: the initialization parameters (may be `null`).
`provider`	`Provider`: the provider.

Returns
`CertStore`	a `CertStore` object that implements the specified type

Throws
`IllegalArgumentException`	if the `provider` is null
`InvalidAlgorithmParameterException`	if the specified initialization parameters are inappropriate for this `CertStore`
`NoSuchAlgorithmException`	if a `CertStoreSpi` implementation for the specified type is not available from the specified Provider object
`NullPointerException`	if `type` is `null`

See also:

Provider

getInstance

Added in API level 1

public static CertStore getInstance (String type, 
                CertStoreParameters params, 
                String provider)

Returns a CertStore object that implements the specified CertStore type.

A new CertStore object encapsulating the CertStoreSpi implementation from the specified provider is returned. The specified provider must be registered in the security provider list.

Note that the list of registered providers may be retrieved via the Security.getProviders() method.

Parameters
`type`	`String`: the requested `CertStore` type. See the CertStore section in the Java Security Standard Algorithm Names Specification for information about standard types.
`params`	`CertStoreParameters`: the initialization parameters (may be `null`).
`provider`	`String`: the name of the provider.

Returns
`CertStore`	a `CertStore` object that implements the specified type

Throws
`IllegalArgumentException`	if the `provider` is `null` or empty
`InvalidAlgorithmParameterException`	if the specified initialization parameters are inappropriate for this `CertStore`
`NoSuchAlgorithmException`	if a `CertStoreSpi` implementation for the specified type is not available from the specified provider
`NoSuchProviderException`	if the specified provider is not registered in the security provider list
`NullPointerException`	if `type` is `null`

See also:

Provider

getProvider

Added in API level 1

public final Provider getProvider ()

Returns the provider of this CertStore.

Returns
`Provider`	the provider of this `CertStore`

getType

Added in API level 1

public final String getType ()

Returns the type of this CertStore.

Returns
`String`	the type of this `CertStore`