1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
/* * @(#)CertStoreSpi.java 1.8 05/11/17 * * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package java.security.cert; import java.security.InvalidAlgorithmParameterException; import java.util.Collection; /** * The <i>Service Provider Interface</i> (<b>SPI</b>) * for the {@link CertStore CertStore} class. All <code>CertStore</code> * implementations must include a class (the SPI class) that extends * this class (<code>CertStoreSpi</code>), provides a constructor with * a single argument of type <code>CertStoreParameters</code>, and implements * all of its methods. In general, instances of this class should only be * accessed through the <code>CertStore</code> class. * For details, see the Java Cryptography Architecture. * <p> * <b>Concurrent Access</b> * <p> * The public methods of all <code>CertStoreSpi</code> objects must be * thread-safe. That is, multiple threads may concurrently invoke these * methods on a single <code>CertStoreSpi</code> object (or more than one) * with no ill effects. This allows a <code>CertPathBuilder</code> to search * for a CRL while simultaneously searching for further certificates, for * instance. * <p> * Simple <code>CertStoreSpi</code> implementations will probably ensure * thread safety by adding a <code>synchronized</code> keyword to their * <code>engineGetCertificates</code> and <code>engineGetCRLs</code> methods. * More sophisticated ones may allow truly concurrent access. * * @version 1.8 11/17/05 * @since 1.4 * @author Steve Hanna */ public abstract class CertStoreSpi { /** * The sole constructor. * * @param params the initialization parameters (may be <code>null</code>) * @throws InvalidAlgorithmParameterException if the initialization * parameters are inappropriate for this <code>CertStoreSpi</code> */ public CertStoreSpi(CertStoreParameters params) throws InvalidAlgorithmParameterException { } /** * Returns a <code>Collection</code> of <code>Certificate</code>s that * match the specified selector. If no <code>Certificate</code>s * match the selector, an empty <code>Collection</code> will be returned. * <p> * For some <code>CertStore</code> types, the resulting * <code>Collection</code> may not contain <b>all</b> of the * <code>Certificate</code>s that match the selector. For instance, * an LDAP <code>CertStore</code> may not search all entries in the * directory. Instead, it may just search entries that are likely to * contain the <code>Certificate</code>s it is looking for. * <p> * Some <code>CertStore</code> implementations (especially LDAP * <code>CertStore</code>s) may throw a <code>CertStoreException</code> * unless a non-null <code>CertSelector</code> is provided that includes * specific criteria that can be used to find the certificates. Issuer * and/or subject names are especially useful criteria. * * @param selector A <code>CertSelector</code> used to select which * <code>Certificate</code>s should be returned. Specify <code>null</code> * to return all <code>Certificate</code>s (if supported). * @return A <code>Collection</code> of <code>Certificate</code>s that * match the specified selector (never <code>null</code>) * @throws CertStoreException if an exception occurs */ public abstract Collection<? extends Certificate> engineGetCertificates (CertSelector selector) throws CertStoreException; /** * Returns a <code>Collection</code> of <code>CRL</code>s that * match the specified selector. If no <code>CRL</code>s * match the selector, an empty <code>Collection</code> will be returned. * <p> * For some <code>CertStore</code> types, the resulting * <code>Collection</code> may not contain <b>all</b> of the * <code>CRL</code>s that match the selector. For instance, * an LDAP <code>CertStore</code> may not search all entries in the * directory. Instead, it may just search entries that are likely to * contain the <code>CRL</code>s it is looking for. * <p> * Some <code>CertStore</code> implementations (especially LDAP * <code>CertStore</code>s) may throw a <code>CertStoreException</code> * unless a non-null <code>CRLSelector</code> is provided that includes * specific criteria that can be used to find the CRLs. Issuer names * and/or the certificate to be checked are especially useful. * * @param selector A <code>CRLSelector</code> used to select which * <code>CRL</code>s should be returned. Specify <code>null</code> * to return all <code>CRL</code>s (if supported). * @return A <code>Collection</code> of <code>CRL</code>s that * match the specified selector (never <code>null</code>) * @throws CertStoreException if an exception occurs */ public abstract Collection<? extends CRL> engineGetCRLs (CRLSelector selector) throws CertStoreException; }