📄 certstore.java
字号:
/* * @(#)CertStore.java 1.9 03/01/23 * * Copyright 2003 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */package java.security.cert;import java.security.AccessController;import java.security.InvalidAlgorithmParameterException;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;import java.security.PrivilegedAction;import java.security.Provider;import java.security.Security;import java.util.Collection;import java.lang.reflect.Method;import java.lang.reflect.InvocationTargetException;/** * A class for retrieving <code>Certificate</code>s and <code>CRL</code>s * from a repository. * <p> * This class uses a provider-based architecture, as described in the * Java Cryptography Architecture. * To create a <code>CertStore</code>, call one of the static * <code>getInstance</code> methods, passing in the type of * <code>CertStore</code> desired, any applicable initialization parameters * and optionally the name of the provider desired. * <p> * Once the <code>CertStore</code> has been created, it can be used to * retrieve <code>Certificate</code>s and <code>CRL</code>s by calling its * {@link #getCertificates(CertSelector selector) getCertificates} and * {@link #getCRLs(CRLSelector selector) getCRLs} methods. * <p> * Unlike a {@link java.security.KeyStore KeyStore}, which provides access * to a cache of private keys and trusted certificates, a * <code>CertStore</code> is designed to provide access to a potentially * vast repository of untrusted certificates and CRLs. For example, an LDAP * implementation of <code>CertStore</code> provides access to certificates * and CRLs stored in one or more directories using the LDAP protocol and the * schema as defined in the RFC service attribute. See Appendix A in the * <a href= "../../../../guide/security/certpath/CertPathProgGuide.html#AppA"> * Java Certification Path API Programmer's Guide</a> for more information about * standard <code>CertStore</code> types. * <p> * <b>Concurrent Access</b> * <p> * All public methods of <code>CertStore</code> objects must be thread-safe. * That is, multiple threads may concurrently invoke these methods on a * single <code>CertStore</code> object (or more than one) with no * ill effects. This allows a <code>CertPathBuilder</code> to search for a * CRL while simultaneously searching for further certificates, for instance. * <p> * The static methods of this class are also guaranteed to be thread-safe. * Multiple threads may concurrently invoke the static methods defined in * this class with no ill effects. * * @version 1.9 01/23/03 * @since 1.4 * @author Sean Mullan, Steve Hanna */public class CertStore { /* * Constant to lookup in the Security properties file to determine * the default certstore type. In the Security properties file, the * default certstore type is given as: * <pre> * certstore.type=LDAP * </pre> */ private static final String CERTSTORE_TYPE = "certstore.type"; private CertStoreSpi storeSpi; private Provider provider; private String type; private CertStoreParameters params; // for use with the reflection API private static final Class cl = java.security.Security.class; private static final Class[] GET_IMPL_PARAMS = { String.class, String.class, String.class, Object.class }; private static final Class[] GET_IMPL_PARAMS2 = { String.class, String.class, Provider.class, Object.class }; // Get the implMethod via the name of a provider. Note: the name could // be null. private static Method implMethod; // Get the implMethod2 via a Provider object. private static Method implMethod2; private static Boolean implMethod2Set = new Boolean(false); static { implMethod = (Method) AccessController.doPrivileged(new PrivilegedAction() { public Object run() { Method m = null; try { m = cl.getDeclaredMethod("getImpl", GET_IMPL_PARAMS); if (m != null) m.setAccessible(true); } catch (NoSuchMethodException nsme) { } return m; } }); } /** * Creates a <code>CertStore</code> object of the given type, and * encapsulates the given provider implementation (SPI object) in it. * * @param storeSpi the provider implementation * @param provider the provider * @param type the type * @param params the initialization parameters (may be <code>null</code>) */ protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, CertStoreParameters params) { this.storeSpi = storeSpi; this.provider = provider; this.type = type; if (params != null) this.params = (CertStoreParameters) params.clone(); } /** * Returns a <code>Collection</code> of <code>Certificate</code>s that * match the specified selector. If no <code>Certificate</code>s * match the selector, an empty <code>Collection</code> will be returned. * <p> * For some <code>CertStore</code> types, the resulting * <code>Collection</code> may not contain <b>all</b> of the * <code>Certificate</code>s that match the selector. For instance, * an LDAP <code>CertStore</code> may not search all entries in the * directory. Instead, it may just search entries that are likely to * contain the <code>Certificate</code>s it is looking for. * <p> * Some <code>CertStore</code> implementations (especially LDAP * <code>CertStore</code>s) may throw a <code>CertStoreException</code> * unless a non-null <code>CertSelector</code> is provided that * includes specific criteria that can be used to find the certificates. * Issuer and/or subject names are especially useful criteria. * * @param selector A <code>CertSelector</code> used to select which * <code>Certificate</code>s should be returned. Specify <code>null</code> * to return all <code>Certificate</code>s (if supported). * @return A <code>Collection</code> of <code>Certificate</code>s that * match the specified selector (never <code>null</code>) * @throws CertStoreException if an exception occurs */ public final Collection getCertificates(CertSelector selector) throws CertStoreException { return(storeSpi.engineGetCertificates(selector)); } /** * Returns a <code>Collection</code> of <code>CRL</code>s that * match the specified selector. If no <code>CRL</code>s * match the selector, an empty <code>Collection</code> will be returned. * <p> * For some <code>CertStore</code> types, the resulting * <code>Collection</code> may not contain <b>all</b> of the * <code>CRL</code>s that match the selector. For instance, * an LDAP <code>CertStore</code> may not search all entries in the * directory. Instead, it may just search entries that are likely to * contain the <code>CRL</code>s it is looking for. * <p> * Some <code>CertStore</code> implementations (especially LDAP * <code>CertStore</code>s) may throw a <code>CertStoreException</code> * unless a non-null <code>CRLSelector</code> is provided that * includes specific criteria that can be used to find the CRLs. * Issuer names and/or the certificate to be checked are especially useful. * * @param selector A <code>CRLSelector</code> used to select which * <code>CRL</code>s should be returned. Specify <code>null</code> * to return all <code>CRL</code>s (if supported). * @return A <code>Collection</code> of <code>CRL</code>s that * match the specified selector (never <code>null</code>) * @throws CertStoreException if an exception occurs */ public final Collection getCRLs(CRLSelector selector) throws CertStoreException { return(storeSpi.engineGetCRLs(selector)); } /** * Returns a <code>CertStore</code> object that implements the specified * <code>CertStore</code> type and is initialized with the specified * parameters. * * <p>If the default provider package provides an implementation * of the specified <code>CertStore</code> type, an instance of * <code>CertStore</code> containing that implementation is returned. * If the requested type is not available in the default package, other * packages are searched. * * <p>The <code>CertStore</code> that is returned is initialized with the * specified <code>CertStoreParameters</code>. The type of parameters * needed may vary between different types of <code>CertStore</code>s. * Note that the specified <code>CertStoreParameters</code> object is * cloned. * * @param type the name of the requested <code>CertStore</code> type * @param params the initialization parameters (may be <code>null</code>) * @return a <code>CertStore</code> object that implements the specified * <code>CertStore</code> type * @throws NoSuchAlgorithmException if the requested type is not * available in the default provider package or any of the other provider * packages that were searched * @throws InvalidAlgorithmParameterException if the specified * initialization parameters are inappropriate for this * <code>CertStore</code> */ public static CertStore getInstance(String type, CertStoreParameters params) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { try { if (implMethod == null) { throw new NoSuchAlgorithmException(type + " not found"); } // The underlying method is static, so we set the object // argument to null. Object[] objs = (Object[])implMethod.invoke(null, new Object[] { type, "CertStore", (String)null, params } ); return new CertStore((CertStoreSpi)objs[0], (Provider)objs[1], type, params); } catch (IllegalAccessException iae) { NoSuchAlgorithmException nsae = new NoSuchAlgorithmException(type + " not found"); nsae.initCause(iae);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -