/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.cert;
import java.security.InvalidAlgorithmParameterException;
import java.util.Collection;
The Service Provider Interface (SPI) for the CertStore
class. All CertStore
implementations must include a class (the SPI class) that extends this class (CertStoreSpi
), provides a constructor with a single argument of type CertStoreParameters
, and implements all of its methods. In general, instances of this class should only be accessed through the CertStore
class. For details, see the Java Cryptography Architecture.
Concurrent Access
The public methods of all CertStoreSpi
objects must be thread-safe. That is, multiple threads may concurrently invoke these methods on a single CertStoreSpi
object (or more than one) with no ill effects. This allows a CertPathBuilder
to search for a CRL while simultaneously searching for further certificates, for instance.
Simple CertStoreSpi
implementations will probably ensure thread safety by adding a synchronized
keyword to their engineGetCertificates
and engineGetCRLs
methods. More sophisticated ones may allow truly concurrent access.
Author: Steve Hanna Since: 1.4
/**
* The <i>Service Provider Interface</i> (<b>SPI</b>)
* for the {@link CertStore CertStore} class. All {@code CertStore}
* implementations must include a class (the SPI class) that extends
* this class ({@code CertStoreSpi}), provides a constructor with
* a single argument of type {@code CertStoreParameters}, and implements
* all of its methods. In general, instances of this class should only be
* accessed through the {@code CertStore} class.
* For details, see the Java Cryptography Architecture.
* <p>
* <b>Concurrent Access</b>
* <p>
* The public methods of all {@code CertStoreSpi} objects must be
* thread-safe. That is, multiple threads may concurrently invoke these
* methods on a single {@code CertStoreSpi} object (or more than one)
* with no ill effects. This allows a {@code CertPathBuilder} to search
* for a CRL while simultaneously searching for further certificates, for
* instance.
* <p>
* Simple {@code CertStoreSpi} implementations will probably ensure
* thread safety by adding a {@code synchronized} keyword to their
* {@code engineGetCertificates} and {@code engineGetCRLs} methods.
* More sophisticated ones may allow truly concurrent access.
*
* @since 1.4
* @author Steve Hanna
*/
public abstract class CertStoreSpi {
The sole constructor.
Params: - params – the initialization parameters (may be
null
)
Throws: - InvalidAlgorithmParameterException – if the initialization parameters are inappropriate for this
CertStoreSpi
/**
* The sole constructor.
*
* @param params the initialization parameters (may be {@code null})
* @throws InvalidAlgorithmParameterException if the initialization
* parameters are inappropriate for this {@code CertStoreSpi}
*/
public CertStoreSpi(CertStoreParameters params)
throws InvalidAlgorithmParameterException { }
Returns a Collection
of Certificate
s that match the specified selector. If no Certificate
s match the selector, an empty Collection
will be returned. For some CertStore
types, the resulting Collection
may not contain all of the Certificate
s that match the selector. For instance, an LDAP CertStore
may not search all entries in the directory. Instead, it may just search entries that are likely to contain the Certificate
s it is looking for.
Some CertStore
implementations (especially LDAP CertStore
s) may throw a CertStoreException
unless a non-null CertSelector
is provided that includes specific criteria that can be used to find the certificates. Issuer and/or subject names are especially useful criteria.
Params: - selector – A
CertSelector
used to select which Certificate
s should be returned. Specify null
to return all Certificate
s (if supported).
Throws: - CertStoreException – if an exception occurs
Returns: A Collection
of Certificate
s that match the specified selector (never null
)
/**
* Returns a {@code Collection} of {@code Certificate}s that
* match the specified selector. If no {@code Certificate}s
* match the selector, an empty {@code Collection} will be returned.
* <p>
* For some {@code CertStore} types, the resulting
* {@code Collection} may not contain <b>all</b> of the
* {@code Certificate}s that match the selector. For instance,
* an LDAP {@code CertStore} may not search all entries in the
* directory. Instead, it may just search entries that are likely to
* contain the {@code Certificate}s it is looking for.
* <p>
* Some {@code CertStore} implementations (especially LDAP
* {@code CertStore}s) may throw a {@code CertStoreException}
* unless a non-null {@code CertSelector} is provided that includes
* specific criteria that can be used to find the certificates. Issuer
* and/or subject names are especially useful criteria.
*
* @param selector A {@code CertSelector} used to select which
* {@code Certificate}s should be returned. Specify {@code null}
* to return all {@code Certificate}s (if supported).
* @return A {@code Collection} of {@code Certificate}s that
* match the specified selector (never {@code null})
* @throws CertStoreException if an exception occurs
*/
public abstract Collection<? extends Certificate> engineGetCertificates
(CertSelector selector) throws CertStoreException;
Returns a Collection
of CRL
s that match the specified selector. If no CRL
s match the selector, an empty Collection
will be returned. For some CertStore
types, the resulting Collection
may not contain all of the CRL
s that match the selector. For instance, an LDAP CertStore
may not search all entries in the directory. Instead, it may just search entries that are likely to contain the CRL
s it is looking for.
Some CertStore
implementations (especially LDAP CertStore
s) may throw a CertStoreException
unless a non-null CRLSelector
is provided that includes specific criteria that can be used to find the CRLs. Issuer names and/or the certificate to be checked are especially useful.
Params: - selector – A
CRLSelector
used to select which CRL
s should be returned. Specify null
to return all CRL
s (if supported).
Throws: - CertStoreException – if an exception occurs
Returns: A Collection
of CRL
s that match the specified selector (never null
)
/**
* Returns a {@code Collection} of {@code CRL}s that
* match the specified selector. If no {@code CRL}s
* match the selector, an empty {@code Collection} will be returned.
* <p>
* For some {@code CertStore} types, the resulting
* {@code Collection} may not contain <b>all</b> of the
* {@code CRL}s that match the selector. For instance,
* an LDAP {@code CertStore} may not search all entries in the
* directory. Instead, it may just search entries that are likely to
* contain the {@code CRL}s it is looking for.
* <p>
* Some {@code CertStore} implementations (especially LDAP
* {@code CertStore}s) may throw a {@code CertStoreException}
* unless a non-null {@code CRLSelector} is provided that includes
* specific criteria that can be used to find the CRLs. Issuer names
* and/or the certificate to be checked are especially useful.
*
* @param selector A {@code CRLSelector} used to select which
* {@code CRL}s should be returned. Specify {@code null}
* to return all {@code CRL}s (if supported).
* @return A {@code Collection} of {@code CRL}s that
* match the specified selector (never {@code null})
* @throws CertStoreException if an exception occurs
*/
public abstract Collection<? extends CRL> engineGetCRLs
(CRLSelector selector) throws CertStoreException;
}