package org.bouncycastle.jce.cert;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.util.Collection;
/**
* A class for retrieving Certificate
s and CRL
s
* from a repository.
*
* This class uses a provider-based architecture, as described in the
* Java Cryptography Architecture.
* To create a CertStore
, call one of the static
* getInstance
methods, passing in the type of
* CertStore
desired, any applicable initialization parameters
* and optionally the name of the provider desired.
*
* Once the CertStore
has been created, it can be used to
* retrieve Certificate
s and CRL
s by calling its
* {@link #getCertificates(CertSelector selector) getCertificates} and
* {@link #getCRLs(CRLSelector selector) getCRLs} methods.
*
* Unlike a {@link java.security.KeyStore KeyStore}, which provides access
* to a cache of private keys and trusted certificates, a
* CertStore
is designed to provide access to a potentially
* vast repository of untrusted certificates and CRLs. For example, an LDAP
* implementation of CertStore
provides access to certificates
* and CRLs stored in one or more directories using the LDAP protocol and the
* schema as defined in the RFC service attribute. See Appendix A in the
* Java Certification Path API Programmer's Guide for more information about
* standard CertStore
types.
*
* Concurrent Access
*
* All public methods of CertStore
objects must be thread-safe.
* That is, multiple threads may concurrently invoke these methods on a
* single CertStore
object (or more than one) with no
* ill effects. This allows a CertPathBuilder
to search for a
* CRL while simultaneously searching for further certificates, for instance.
*
* The static methods of this class are also guaranteed to be thread-safe.
* Multiple threads may concurrently invoke the static methods defined in
* this class with no ill effects.
*
**/
public class CertStore extends Object
{
private CertStoreSpi storeSpi;
private Provider provider;
private String type;
private CertStoreParameters params;
/**
* Creates a CertStore
object of the given type, and
* encapsulates the given provider implementation (SPI object) in it.
*
* @param storeSpi
* the provider implementation
* @param provider
* the provider
* @param type
* the type
* @param params
* the initialization parameters (may be null
)
*/
protected CertStore(
CertStoreSpi storeSpi,
Provider provider,
String type,
CertStoreParameters params)
{
this.storeSpi = storeSpi;
this.provider = provider;
this.type = type;
this.params = params;
}
/**
* Returns a Collection
of Certificate
s that
* match the specified selector. If no Certificate
s match
* the selector, an empty Collection
will be returned.
*
* For some CertStore
types, the resulting
* Collection
may not contain all of the
* Certificate
s that match the selector. For instance, an
* LDAP CertStore
may not search all entries in the
* directory. Instead, it may just search entries that are likely to contain
* the Certificate
s it is looking for.
*
* Some CertStore
implementations (especially LDAP
* CertStore
s) may throw a CertStoreException
* unless a non-null CertSelector
is provided that includes
* specific criteria that can be used to find the certificates. Issuer
* and/or subject names are especially useful criteria.
*
* @param selector
* A CertSelector
used to select which
* Certificate
s should be returned. Specify
* null
to return all Certificate
s
* (if supported).
*
* @return A Collection
of Certificate
s that
* match the specified selector (never null
)
* @exception CertStoreException
* if an exception occurs
*/
public final Collection getCertificates(CertSelector selector)
throws CertStoreException
{
return storeSpi.engineGetCertificates(selector);
}
/**
* Returns a Collection
of CRL
s that match
* the specified selector. If no CRL
s match the selector, an
* empty Collection
will be returned.
*
* For some CertStore
types, the resulting
* Collection
may not contain all of the
* CRL
s that match the selector. For instance, an LDAP
* CertStore
may not search all entries in the directory.
* Instead, it may just search entries that are likely to contain the
* CRL
s it is looking for.
*
* Some CertStore
implementations (especially LDAP
* CertStore
s) may throw a CertStoreException
* unless a non-null CRLSelector
is provided that includes
* specific criteria that can be used to find the CRLs. Issuer names and/or
* the certificate to be checked are especially useful.
*
* @param selector
* A CRLSelector
used to select which
* CRL
s should be returned. Specify
* null
to return all CRL
s (if
* supported).
*
* @return A Collection
of CRL
s that match
* the specified selector (never null
)
*
* @exception CertStoreException
* if an exception occurs
*/
public final Collection getCRLs(CRLSelector selector)
throws CertStoreException
{
return storeSpi.engineGetCRLs(selector);
}
/**
* Returns a CertStore
object that implements the specified
* CertStore
type and is initialized with the specified
* parameters.
*
* If the default provider package provides an implementation of the
* specified CertStore
type, an instance of
* CertStore
containing that implementation is returned. If
* the requested type is not available in the default package, other
* packages are searched.
*
* The CertStore
that is returned is initialized with the
* specified CertStoreParameters
. The type of parameters
* needed may vary between different types of CertStore
s.
* Note that the specified CertStoreParameters
object is
* cloned.
*
* @param type
* the name of the requested CertStore
type
* @param params
* the initialization parameters (may be null
)
*
* @return a CertStore
object that implements the specified
* CertStore
type
*
* @exception NoSuchAlgorithmException
* if the requested type is not available in the default
* provider package or any of the other provider packages
* that were searched
* @exception InvalidAlgorithmParameterException
* if the specified initialization parameters are
* inappropriate for this CertStore
*/
public static CertStore getInstance(String type, CertStoreParameters params)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
{
try
{
CertUtil.Implementation imp = CertUtil.getImplementation(
"CertStore", type, (String)null,
new Class[] { CertStoreParameters.class },
new Object[] { params });
if (imp != null)
{
return new CertStore((CertStoreSpi)imp.getEngine(), imp
.getProvider(), type, params);
}
}
catch (NoSuchProviderException ex)
{
}
throw new NoSuchAlgorithmException("can't find type " + type);
}
/**
* Returns a CertStore
object that implements the specified
* CertStore
type, as supplied by the specified provider and
* initialized with the specified parameters.
*
* The CertStore
that is returned is initialized with the
* specified CertStoreParameters
. The type of parameters
* needed may vary between different types of CertStore
s.
* Note that the specified CertStoreParameters
object is
* cloned.
*
* @param type
* the requested CertStore
type
* @param params
* the initialization parameters (may be null
)
* @param provider
* the name of the provider
*
* @return a CertStore
object that implements the specified
* type, as supplied by the specified provider
*
* @exception NoSuchAlgorithmException
* if the requested type is not available from the specified
* provider
* @exception InvalidAlgorithmParameterException
* if the specified initialization parameters are
* inappropriate for this CertStore
* @exception NoSuchProviderException
* if the provider has not been configured
* @exception IllegalArgumentException
* if the provider
is null
*/
public static CertStore getInstance(String type,
CertStoreParameters params, String provider)
throws InvalidAlgorithmParameterException,
NoSuchAlgorithmException, NoSuchProviderException,
IllegalArgumentException
{
if (provider == null)
{
throw new IllegalArgumentException("provider must be non-null");
}
CertUtil.Implementation imp = CertUtil.getImplementation("CertStore",
type, provider, new Class[] { CertStoreParameters.class },
new Object[] { params });
if (imp != null)
{
return new CertStore((CertStoreSpi)imp.getEngine(), imp
.getProvider(), type, params);
}
throw new NoSuchAlgorithmException("can't find type " + type);
}
/**
* Returns a CertStore
object that implements the specified
* CertStore
type, as supplied by the specified provider and
* initialized with the specified parameters. Note: the
* provider
doesn't have to be registered.
*
* The CertStore
that is returned is initialized with the
* specified CertStoreParameters
. The type of parameters
* needed may vary between different types of CertStore
s.
* Note that the specified CertStoreParameters
object is
* cloned.
*
* @param type
* the requested CertStore
type
* @param params
* the initialization parameters (may be null
)
* @param provider
* the provider
*
* @return a CertStore
object that implements the specified
* type, as supplied by the specified provider
*
* @exception NoSuchAlgorithmException
* if the requested type is not available from the specified
* provider
* @exception InvalidAlgorithmParameterException
* if the specified initialization parameters are
* inappropriate for this CertStore
* @exception IllegalArgumentException
* if the provider
is null
*/
public static CertStore getInstance(String type,
CertStoreParameters params, Provider provider)
throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException, IllegalArgumentException
{
if (provider == null)
{
throw new IllegalArgumentException("provider must be non-null");
}
CertUtil.Implementation imp = CertUtil.getImplementation("CertStore",
type, provider, new Class[] { CertStoreParameters.class },
new Object[] { params });
if (imp != null)
{
return new CertStore((CertStoreSpi)imp.getEngine(), provider, type,
params);
}
throw new NoSuchAlgorithmException("can't find type " + type);
}
/**
* Returns the parameters used to initialize this CertStore
.
* Note that the CertStoreParameters
object is cloned before
* it is returned.
*
* @return the parameters used to initialize this CertStore
* (may be null
)
*/
public final CertStoreParameters getCertStoreParameters()
{
return params;
}
/**
* Returns the type of this CertStore
.
*
* @return the type of this CertStore
*/
public final String getType()
{
return type;
}
/**
* Returns the provider of this CertStore
.
*
* @return the provider of this CertStore
*/
public final Provider getProvider()
{
return provider;
}
/**
* Returns the default CertStore
type as specified in the
* Java security properties file, or the string "LDAP" if no such
* property exists. The Java security properties file is located in the file
* named <JAVA_HOME>/lib/security/java.security, where
* <JAVA_HOME> refers to the directory where the SDK was installed.
*
* The default CertStore
type can be used by applications
* that do not want to use a hard-coded type when calling one of the
* getInstance
methods, and want to provide a default
* CertStore
type in case a user does not specify its own.
*
* The default CertStore
type can be changed by setting the
* value of the "certstore.type" security property (in the Java security
* properties file) to the desired type.
*
* @return the default CertStore
type as specified in the
* Java security properties file, or the string "LDAP" if
* no such property exists.
*/
public static final String getDefaultType()
{
String defaulttype = null;
defaulttype = Security.getProperty("certstore.type");
if (defaulttype == null || defaulttype.length() <= 0)
{
return "LDAP";
}
else
{
return defaulttype;
}
}
}