package org.bouncycastle.jce.cert;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.util.Collection;
/**
* A class for retrieving <code>Certificate</code>s and <code>CRL</code>s
* from a repository.<br />
* <br />
* This class uses a provider-based architecture, as described in the
* Java Cryptography Architecture.
* To create a <code>CertStore</code>, call one of the static
* <code>getInstance</code> methods, passing in the type of
* <code>CertStore</code> desired, any applicable initialization parameters
* and optionally the name of the provider desired. <br />
* <br />
* Once the <code>CertStore</code> has been created, it can be used to
* retrieve <code>Certificate</code>s and <code>CRL</code>s by calling its
* {@link #getCertificates(CertSelector selector) getCertificates} and
* {@link #getCRLs(CRLSelector selector) getCRLs} methods.<br />
* <br />
* Unlike a {@link java.security.KeyStore KeyStore}, which provides access
* to a cache of private keys and trusted certificates, a
* <code>CertStore</code> is designed to provide access to a potentially
* vast repository of untrusted certificates and CRLs. For example, an LDAP
* implementation of <code>CertStore</code> provides access to certificates
* and CRLs stored in one or more directories using the LDAP protocol and the
* schema as defined in the RFC service attribute. See Appendix A in the
* Java Certification Path API Programmer's Guide for more information about
* standard <code>CertStore</code> types.<br />
* <br />
* <b>Concurrent Access</b><br />
* <br />
* All public methods of <code>CertStore</code> objects must be thread-safe.
* That is, multiple threads may concurrently invoke these methods on a
* single <code>CertStore</code> object (or more than one) with no
* ill effects. This allows a <code>CertPathBuilder</code> to search for a
* CRL while simultaneously searching for further certificates, for instance.<br />
* <br />
* The static methods of this class are also guaranteed to be thread-safe.
* Multiple threads may concurrently invoke the static methods defined in
* this class with no ill effects.<br />
* <br />
**/
public class CertStore extends Object
{
private CertStoreSpi storeSpi;
private Provider provider;
private String type;
private CertStoreParameters params;
/**
* Creates a <code>CertStore</code> object of the given type, and
* encapsulates the given provider implementation (SPI object) in it.
*
* @param storeSpi
* the provider implementation
* @param provider
* the provider
* @param type
* the type
* @param params
* the initialization parameters (may be <code>null</code>)
*/
protected CertStore(
CertStoreSpi storeSpi,
Provider provider,
String type,
CertStoreParameters params)
{
this.storeSpi = storeSpi;
this.provider = provider;
this.type = type;
this.params = params;
}
/**
* Returns a <code>Collection</code> of <code>Certificate</code>s that
* match the specified selector. If no <code>Certificate</code>s match
* the selector, an empty <code>Collection</code> will be returned.<br />
* <br />
* For some <code>CertStore</code> types, the resulting
* <code>Collection</code> may not contain <b>all</b> of the
* <code>Certificate</code>s that match the selector. For instance, an
* LDAP <code>CertStore</code> may not search all entries in the
* directory. Instead, it may just search entries that are likely to contain
* the <code>Certificate</code>s it is looking for.<br />
* <br />
* Some <code>CertStore</code> implementations (especially LDAP
* <code>CertStore</code>s) may throw a <code>CertStoreException</code>
* unless a non-null <code>CertSelector</code> is provided that includes
* specific criteria that can be used to find the certificates. Issuer
* and/or subject names are especially useful criteria.
*
* @param selector
* A <code>CertSelector</code> used to select which
* <code>Certificate</code>s should be returned. Specify
* <code>null</code> to return all <code>Certificate</code>s
* (if supported).
*
* @return A <code>Collection</code> of <code>Certificate</code>s that
* match the specified selector (never <code>null</code>)
* @exception CertStoreException
* if an exception occurs
*/
public final Collection getCertificates(CertSelector selector)
throws CertStoreException
{
return storeSpi.engineGetCertificates(selector);
}
/**
* Returns a <code>Collection</code> of <code>CRL</code>s that match
* the specified selector. If no <code>CRL</code>s match the selector, an
* empty <code>Collection</code> will be returned.<br />
* <br />
* For some <code>CertStore</code> types, the resulting
* <code>Collection</code> may not contain <b>all</b> of the
* <code>CRL</code>s that match the selector. For instance, an LDAP
* <code>CertStore</code> may not search all entries in the directory.
* Instead, it may just search entries that are likely to contain the
* <code>CRL</code>s it is looking for.<br />
* <br />
* Some <code>CertStore</code> implementations (especially LDAP
* <code>CertStore</code>s) may throw a <code>CertStoreException</code>
* unless a non-null <code>CRLSelector</code> is provided that includes
* specific criteria that can be used to find the CRLs. Issuer names and/or
* the certificate to be checked are especially useful.
*
* @param selector
* A <code>CRLSelector</code> used to select which
* <code>CRL</code>s should be returned. Specify
* <code>null</code> to return all <code>CRL</code>s (if
* supported).
*
* @return A <code>Collection</code> of <code>CRL</code>s that match
* the specified selector (never <code>null</code>)
*
* @exception CertStoreException
* if an exception occurs
*/
public final Collection getCRLs(CRLSelector selector)
throws CertStoreException
{
return storeSpi.engineGetCRLs(selector);
}
/**
* Returns a <code>CertStore</code> object that implements the specified
* <code>CertStore</code> type and is initialized with the specified
* parameters.<br />
* <br />
* If the default provider package provides an implementation of the
* specified <code>CertStore</code> type, an instance of
* <code>CertStore</code> containing that implementation is returned. If
* the requested type is not available in the default package, other
* packages are searched.<br />
* <br />
* The <code>CertStore</code> that is returned is initialized with the
* specified <code>CertStoreParameters</code>. The type of parameters
* needed may vary between different types of <code>CertStore</code>s.
* Note that the specified <code>CertStoreParameters</code> object is
* cloned.
*
* @param type
* the name of the requested <code>CertStore</code> type
* @param params
* the initialization parameters (may be <code>null</code>)
*
* @return a <code>CertStore</code> object that implements the specified
* <code>CertStore</code> type
*
* @exception NoSuchAlgorithmException
* if the requested type is not available in the default
* provider package or any of the other provider packages
* that were searched
* @exception InvalidAlgorithmParameterException
* if the specified initialization parameters are
* inappropriate for this <code>CertStore</code>
*/
public static CertStore getInstance(String type, CertStoreParameters params)
throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
{
try
{
CertUtil.Implementation imp = CertUtil.getImplementation(
"CertStore", type, (String)null,
new Class[] { CertStoreParameters.class },
new Object[] { params });
if (imp != null)
{
return new CertStore((CertStoreSpi)imp.getEngine(), imp
.getProvider(), type, params);
}
}
catch (NoSuchProviderException ex)
{
}
throw new NoSuchAlgorithmException("can't find type " + type);
}
/**
* Returns a <code>CertStore</code> object that implements the specified
* <code>CertStore</code> type, as supplied by the specified provider and
* initialized with the specified parameters.<br />
* <br />
* The <code>CertStore</code> that is returned is initialized with the
* specified <code>CertStoreParameters</code>. The type of parameters
* needed may vary between different types of <code>CertStore</code>s.
* Note that the specified <code>CertStoreParameters</code> object is
* cloned.
*
* @param type
* the requested <code>CertStore</code> type
* @param params
* the initialization parameters (may be <code>null</code>)
* @param provider
* the name of the provider
*
* @return a <code>CertStore</code> object that implements the specified
* type, as supplied by the specified provider
*
* @exception NoSuchAlgorithmException
* if the requested type is not available from the specified
* provider
* @exception InvalidAlgorithmParameterException
* if the specified initialization parameters are
* inappropriate for this <code>CertStore</code>
* @exception NoSuchProviderException
* if the provider has not been configured
* @exception IllegalArgumentException
* if the <code>provider</code> is null
*/
public static CertStore getInstance(String type,
CertStoreParameters params, String provider)
throws InvalidAlgorithmParameterException,
NoSuchAlgorithmException, NoSuchProviderException,
IllegalArgumentException
{
if (provider == null)
{
throw new IllegalArgumentException("provider must be non-null");
}
CertUtil.Implementation imp = CertUtil.getImplementation("CertStore",
type, provider, new Class[] { CertStoreParameters.class },
new Object[] { params });
if (imp != null)
{
return new CertStore((CertStoreSpi)imp.getEngine(), imp
.getProvider(), type, params);
}
throw new NoSuchAlgorithmException("can't find type " + type);
}
/**
* Returns a <code>CertStore</code> object that implements the specified
* <code>CertStore</code> type, as supplied by the specified provider and
* initialized with the specified parameters. Note: the
* <code>provider</code> doesn't have to be registered.<br />
* <br />
* The <code>CertStore</code> that is returned is initialized with the
* specified <code>CertStoreParameters</code>. The type of parameters
* needed may vary between different types of <code>CertStore</code>s.
* Note that the specified <code>CertStoreParameters</code> object is
* cloned.
*
* @param type
* the requested <code>CertStore</code> type
* @param params
* the initialization parameters (may be <code>null</code>)
* @param provider
* the provider
*
* @return a <code>CertStore</code> object that implements the specified
* type, as supplied by the specified provider
*
* @exception NoSuchAlgorithmException
* if the requested type is not available from the specified
* provider
* @exception InvalidAlgorithmParameterException
* if the specified initialization parameters are
* inappropriate for this <code>CertStore</code>
* @exception IllegalArgumentException
* if the <code>provider</code> is null
*/
public static CertStore getInstance(String type,
CertStoreParameters params, Provider provider)
throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException, IllegalArgumentException
{
if (provider == null)
{
throw new IllegalArgumentException("provider must be non-null");
}
CertUtil.Implementation imp = CertUtil.getImplementation("CertStore",
type, provider, new Class[] { CertStoreParameters.class },
new Object[] { params });
if (imp != null)
{
return new CertStore((CertStoreSpi)imp.getEngine(), provider, type,
params);
}
throw new NoSuchAlgorithmException("can't find type " + type);
}
/**
* Returns the parameters used to initialize this <code>CertStore</code>.
* Note that the <code>CertStoreParameters</code> object is cloned before
* it is returned.
*
* @return the parameters used to initialize this <code>CertStore</code>
* (may be <code>null</code>)
*/
public final CertStoreParameters getCertStoreParameters()
{
return params;
}
/**
* Returns the type of this <code>CertStore</code>.
*
* @return the type of this <code>CertStore</code>
*/
public final String getType()
{
return type;
}
/**
* Returns the provider of this <code>CertStore</code>.
*
* @return the provider of this <code>CertStore</code>
*/
public final Provider getProvider()
{
return provider;
}
/**
* Returns the default <code>CertStore</code> type as specified in the
* Java security properties file, or the string "LDAP" if no such
* property exists. The Java security properties file is located in the file
* named <JAVA_HOME>/lib/security/java.security, where
* <JAVA_HOME> refers to the directory where the SDK was installed.<br />
* <br />
* The default <code>CertStore</code> type can be used by applications
* that do not want to use a hard-coded type when calling one of the
* <code>getInstance</code> methods, and want to provide a default
* <code>CertStore</code> type in case a user does not specify its own.<br />
* <br />
* The default <code>CertStore</code> type can be changed by setting the
* value of the "certstore.type" security property (in the Java security
* properties file) to the desired type.
*
* @return the default <code>CertStore</code> type as specified in the
* Java security properties file, or the string "LDAP" if
* no such property exists.
*/
public static final String getDefaultType()
{
String defaulttype = null;
defaulttype = Security.getProperty("certstore.type");
if (defaulttype == null || defaulttype.length() <= 0)
{
return "LDAP";
}
else
{
return defaulttype;
}
}
}