package org.bouncycastle.jce.cert; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Provider; import java.security.Security; import java.util.Collection; /** * A class for retrieving Certificates and CRLs * from a repository.
*
* This class uses a provider-based architecture, as described in the * Java Cryptography Architecture. * To create a CertStore, call one of the static * getInstance methods, passing in the type of * CertStore desired, any applicable initialization parameters * and optionally the name of the provider desired.
*
* Once the CertStore has been created, it can be used to * retrieve Certificates and CRLs by calling its * {@link #getCertificates(CertSelector selector) getCertificates} and * {@link #getCRLs(CRLSelector selector) getCRLs} methods.
*
* Unlike a {@link java.security.KeyStore KeyStore}, which provides access * to a cache of private keys and trusted certificates, a * CertStore is designed to provide access to a potentially * vast repository of untrusted certificates and CRLs. For example, an LDAP * implementation of CertStore provides access to certificates * and CRLs stored in one or more directories using the LDAP protocol and the * schema as defined in the RFC service attribute. See Appendix A in the * Java Certification Path API Programmer's Guide for more information about * standard CertStore types.
*
* Concurrent Access
*
* All public methods of CertStore objects must be thread-safe. * That is, multiple threads may concurrently invoke these methods on a * single CertStore object (or more than one) with no * ill effects. This allows a CertPathBuilder to search for a * CRL while simultaneously searching for further certificates, for instance.
*
* The static methods of this class are also guaranteed to be thread-safe. * Multiple threads may concurrently invoke the static methods defined in * this class with no ill effects.
*
**/ public class CertStore extends Object { private CertStoreSpi storeSpi; private Provider provider; private String type; private CertStoreParameters params; /** * Creates a CertStore object of the given type, and * encapsulates the given provider implementation (SPI object) in it. * * @param storeSpi * the provider implementation * @param provider * the provider * @param type * the type * @param params * the initialization parameters (may be null) */ protected CertStore( CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params) { this.storeSpi = storeSpi; this.provider = provider; this.type = type; this.params = params; } /** * Returns a Collection of Certificates that * match the specified selector. If no Certificates match * the selector, an empty Collection will be returned.
*
* For some CertStore types, the resulting * Collection may not contain all of the * Certificates that match the selector. For instance, an * LDAP CertStore may not search all entries in the * directory. Instead, it may just search entries that are likely to contain * the Certificates it is looking for.
*
* Some CertStore implementations (especially LDAP * CertStores) may throw a CertStoreException * unless a non-null CertSelector is provided that includes * specific criteria that can be used to find the certificates. Issuer * and/or subject names are especially useful criteria. * * @param selector * A CertSelector used to select which * Certificates should be returned. Specify * null to return all Certificates * (if supported). * * @return A Collection of Certificates that * match the specified selector (never null) * @exception CertStoreException * if an exception occurs */ public final Collection getCertificates(CertSelector selector) throws CertStoreException { return storeSpi.engineGetCertificates(selector); } /** * Returns a Collection of CRLs that match * the specified selector. If no CRLs match the selector, an * empty Collection will be returned.
*
* For some CertStore types, the resulting * Collection may not contain all of the * CRLs that match the selector. For instance, an LDAP * CertStore may not search all entries in the directory. * Instead, it may just search entries that are likely to contain the * CRLs it is looking for.
*
* Some CertStore implementations (especially LDAP * CertStores) may throw a CertStoreException * unless a non-null CRLSelector is provided that includes * specific criteria that can be used to find the CRLs. Issuer names and/or * the certificate to be checked are especially useful. * * @param selector * A CRLSelector used to select which * CRLs should be returned. Specify * null to return all CRLs (if * supported). * * @return A Collection of CRLs that match * the specified selector (never null) * * @exception CertStoreException * if an exception occurs */ public final Collection getCRLs(CRLSelector selector) throws CertStoreException { return storeSpi.engineGetCRLs(selector); } /** * Returns a CertStore object that implements the specified * CertStore type and is initialized with the specified * parameters.
*
* If the default provider package provides an implementation of the * specified CertStore type, an instance of * CertStore containing that implementation is returned. If * the requested type is not available in the default package, other * packages are searched.
*
* The CertStore that is returned is initialized with the * specified CertStoreParameters. The type of parameters * needed may vary between different types of CertStores. * Note that the specified CertStoreParameters object is * cloned. * * @param type * the name of the requested CertStore type * @param params * the initialization parameters (may be null) * * @return a CertStore object that implements the specified * CertStore type * * @exception NoSuchAlgorithmException * if the requested type is not available in the default * provider package or any of the other provider packages * that were searched * @exception InvalidAlgorithmParameterException * if the specified initialization parameters are * inappropriate for this CertStore */ public static CertStore getInstance(String type, CertStoreParameters params) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { try { CertUtil.Implementation imp = CertUtil.getImplementation( "CertStore", type, (String)null, new Class[] { CertStoreParameters.class }, new Object[] { params }); if (imp != null) { return new CertStore((CertStoreSpi)imp.getEngine(), imp .getProvider(), type, params); } } catch (NoSuchProviderException ex) { } throw new NoSuchAlgorithmException("can't find type " + type); } /** * Returns a CertStore object that implements the specified * CertStore type, as supplied by the specified provider and * initialized with the specified parameters.
*
* The CertStore that is returned is initialized with the * specified CertStoreParameters. The type of parameters * needed may vary between different types of CertStores. * Note that the specified CertStoreParameters object is * cloned. * * @param type * the requested CertStore type * @param params * the initialization parameters (may be null) * @param provider * the name of the provider * * @return a CertStore object that implements the specified * type, as supplied by the specified provider * * @exception NoSuchAlgorithmException * if the requested type is not available from the specified * provider * @exception InvalidAlgorithmParameterException * if the specified initialization parameters are * inappropriate for this CertStore * @exception NoSuchProviderException * if the provider has not been configured * @exception IllegalArgumentException * if the provider is null */ public static CertStore getInstance(String type, CertStoreParameters params, String provider) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, IllegalArgumentException { if (provider == null) { throw new IllegalArgumentException("provider must be non-null"); } CertUtil.Implementation imp = CertUtil.getImplementation("CertStore", type, provider, new Class[] { CertStoreParameters.class }, new Object[] { params }); if (imp != null) { return new CertStore((CertStoreSpi)imp.getEngine(), imp .getProvider(), type, params); } throw new NoSuchAlgorithmException("can't find type " + type); } /** * Returns a CertStore object that implements the specified * CertStore type, as supplied by the specified provider and * initialized with the specified parameters. Note: the * provider doesn't have to be registered.
*
* The CertStore that is returned is initialized with the * specified CertStoreParameters. The type of parameters * needed may vary between different types of CertStores. * Note that the specified CertStoreParameters object is * cloned. * * @param type * the requested CertStore type * @param params * the initialization parameters (may be null) * @param provider * the provider * * @return a CertStore object that implements the specified * type, as supplied by the specified provider * * @exception NoSuchAlgorithmException * if the requested type is not available from the specified * provider * @exception InvalidAlgorithmParameterException * if the specified initialization parameters are * inappropriate for this CertStore * @exception IllegalArgumentException * if the provider is null */ public static CertStore getInstance(String type, CertStoreParameters params, Provider provider) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IllegalArgumentException { if (provider == null) { throw new IllegalArgumentException("provider must be non-null"); } CertUtil.Implementation imp = CertUtil.getImplementation("CertStore", type, provider, new Class[] { CertStoreParameters.class }, new Object[] { params }); if (imp != null) { return new CertStore((CertStoreSpi)imp.getEngine(), provider, type, params); } throw new NoSuchAlgorithmException("can't find type " + type); } /** * Returns the parameters used to initialize this CertStore. * Note that the CertStoreParameters object is cloned before * it is returned. * * @return the parameters used to initialize this CertStore * (may be null) */ public final CertStoreParameters getCertStoreParameters() { return params; } /** * Returns the type of this CertStore. * * @return the type of this CertStore */ public final String getType() { return type; } /** * Returns the provider of this CertStore. * * @return the provider of this CertStore */ public final Provider getProvider() { return provider; } /** * Returns the default CertStore type as specified in the * Java security properties file, or the string "LDAP" if no such * property exists. The Java security properties file is located in the file * named <JAVA_HOME>/lib/security/java.security, where * <JAVA_HOME> refers to the directory where the SDK was installed.
*
* The default CertStore type can be used by applications * that do not want to use a hard-coded type when calling one of the * getInstance methods, and want to provide a default * CertStore type in case a user does not specify its own.
*
* The default CertStore type can be changed by setting the * value of the "certstore.type" security property (in the Java security * properties file) to the desired type. * * @return the default CertStore type as specified in the * Java security properties file, or the string "LDAP" if * no such property exists. */ public static final String getDefaultType() { String defaulttype = null; defaulttype = Security.getProperty("certstore.type"); if (defaulttype == null || defaulttype.length() <= 0) { return "LDAP"; } else { return defaulttype; } } }