- /*
- * @(#)CertStore.java 1.9 03/01/23
- *
- * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
- * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
- */
-
- package java.security.cert;
-
- import java.security.AccessController;
- import java.security.InvalidAlgorithmParameterException;
- import java.security.NoSuchAlgorithmException;
- import java.security.NoSuchProviderException;
- import java.security.PrivilegedAction;
- import java.security.Provider;
- import java.security.Security;
- import java.util.Collection;
- import java.lang.reflect.Method;
- import java.lang.reflect.InvocationTargetException;
-
- /**
- * A class for retrieving <code>Certificate</code>s and <code>CRL</code>s
- * from a repository.
- * <p>
- * This class uses a provider-based architecture, as described in the
- * Java Cryptography Architecture.
- * To create a <code>CertStore</code>, call one of the static
- * <code>getInstance</code> methods, passing in the type of
- * <code>CertStore</code> desired, any applicable initialization parameters
- * and optionally the name of the provider desired.
- * <p>
- * Once the <code>CertStore</code> has been created, it can be used to
- * retrieve <code>Certificate</code>s and <code>CRL</code>s by calling its
- * {@link #getCertificates(CertSelector selector) getCertificates} and
- * {@link #getCRLs(CRLSelector selector) getCRLs} methods.
- * <p>
- * Unlike a {@link java.security.KeyStore KeyStore}, which provides access
- * to a cache of private keys and trusted certificates, a
- * <code>CertStore</code> is designed to provide access to a potentially
- * vast repository of untrusted certificates and CRLs. For example, an LDAP
- * implementation of <code>CertStore</code> provides access to certificates
- * and CRLs stored in one or more directories using the LDAP protocol and the
- * schema as defined in the RFC service attribute. See Appendix A in the
- * <a href= "../../../../guide/security/certpath/CertPathProgGuide.html#AppA">
- * Java Certification Path API Programmer's Guide</a> for more information about
- * standard <code>CertStore</code> types.
- * <p>
- * <b>Concurrent Access</b>
- * <p>
- * All public methods of <code>CertStore</code> objects must be thread-safe.
- * That is, multiple threads may concurrently invoke these methods on a
- * single <code>CertStore</code> object (or more than one) with no
- * ill effects. This allows a <code>CertPathBuilder</code> to search for a
- * CRL while simultaneously searching for further certificates, for instance.
- * <p>
- * The static methods of this class are also guaranteed to be thread-safe.
- * Multiple threads may concurrently invoke the static methods defined in
- * this class with no ill effects.
- *
- * @version 1.9 01/23/03
- * @since 1.4
- * @author Sean Mullan, Steve Hanna
- */
- public class CertStore {
- /*
- * Constant to lookup in the Security properties file to determine
- * the default certstore type. In the Security properties file, the
- * default certstore type is given as:
- * <pre>
- * certstore.type=LDAP
- * </pre>
- */
- private static final String CERTSTORE_TYPE = "certstore.type";
- private CertStoreSpi storeSpi;
- private Provider provider;
- private String type;
- private CertStoreParameters params;
-
- // for use with the reflection API
- private static final Class cl = java.security.Security.class;
- private static final Class[] GET_IMPL_PARAMS = { String.class,
- String.class,
- String.class,
- Object.class };
- private static final Class[] GET_IMPL_PARAMS2 = { String.class,
- String.class,
- Provider.class,
- Object.class };
- // Get the implMethod via the name of a provider. Note: the name could
- // be null.
- private static Method implMethod;
- // Get the implMethod2 via a Provider object.
- private static Method implMethod2;
- private static Boolean implMethod2Set = new Boolean(false);
-
- static {
- implMethod = (Method)
- AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() {
- Method m = null;
- try {
- m = cl.getDeclaredMethod("getImpl", GET_IMPL_PARAMS);
- if (m != null)
- m.setAccessible(true);
- } catch (NoSuchMethodException nsme) {
- }
- return m;
- }
- });
- }
-
- /**
- * Creates a <code>CertStore</code> object of the given type, and
- * encapsulates the given provider implementation (SPI object) in it.
- *
- * @param storeSpi the provider implementation
- * @param provider the provider
- * @param type the type
- * @param params the initialization parameters (may be <code>null</code>)
- */
- protected CertStore(CertStoreSpi storeSpi, Provider provider,
- String type, CertStoreParameters params) {
- this.storeSpi = storeSpi;
- this.provider = provider;
- this.type = type;
- if (params != null)
- this.params = (CertStoreParameters) params.clone();
- }
-
- /**
- * Returns a <code>Collection</code> of <code>Certificate</code>s that
- * match the specified selector. If no <code>Certificate</code>s
- * match the selector, an empty <code>Collection</code> will be returned.
- * <p>
- * For some <code>CertStore</code> types, the resulting
- * <code>Collection</code> may not contain <b>all</b> of the
- * <code>Certificate</code>s that match the selector. For instance,
- * an LDAP <code>CertStore</code> may not search all entries in the
- * directory. Instead, it may just search entries that are likely to
- * contain the <code>Certificate</code>s it is looking for.
- * <p>
- * Some <code>CertStore</code> implementations (especially LDAP
- * <code>CertStore</code>s) may throw a <code>CertStoreException</code>
- * unless a non-null <code>CertSelector</code> is provided that
- * includes specific criteria that can be used to find the certificates.
- * Issuer and/or subject names are especially useful criteria.
- *
- * @param selector A <code>CertSelector</code> used to select which
- * <code>Certificate</code>s should be returned. Specify <code>null</code>
- * to return all <code>Certificate</code>s (if supported).
- * @return A <code>Collection</code> of <code>Certificate</code>s that
- * match the specified selector (never <code>null</code>)
- * @throws CertStoreException if an exception occurs
- */
- public final Collection getCertificates(CertSelector selector)
- throws CertStoreException
- {
- return(storeSpi.engineGetCertificates(selector));
- }
-
- /**
- * Returns a <code>Collection</code> of <code>CRL</code>s that
- * match the specified selector. If no <code>CRL</code>s
- * match the selector, an empty <code>Collection</code> will be returned.
- * <p>
- * For some <code>CertStore</code> types, the resulting
- * <code>Collection</code> may not contain <b>all</b> of the
- * <code>CRL</code>s that match the selector. For instance,
- * an LDAP <code>CertStore</code> may not search all entries in the
- * directory. Instead, it may just search entries that are likely to
- * contain the <code>CRL</code>s it is looking for.
- * <p>
- * Some <code>CertStore</code> implementations (especially LDAP
- * <code>CertStore</code>s) may throw a <code>CertStoreException</code>
- * unless a non-null <code>CRLSelector</code> is provided that
- * includes specific criteria that can be used to find the CRLs.
- * Issuer names and/or the certificate to be checked are especially useful.
- *
- * @param selector A <code>CRLSelector</code> used to select which
- * <code>CRL</code>s should be returned. Specify <code>null</code>
- * to return all <code>CRL</code>s (if supported).
- * @return A <code>Collection</code> of <code>CRL</code>s that
- * match the specified selector (never <code>null</code>)
- * @throws CertStoreException if an exception occurs
- */
- public final Collection getCRLs(CRLSelector selector)
- throws CertStoreException
- {
- return(storeSpi.engineGetCRLs(selector));
- }
-
- /**
- * Returns a <code>CertStore</code> object that implements the specified
- * <code>CertStore</code> type and is initialized with the specified
- * parameters.
- *
- * <p>If the default provider package provides an implementation
- * of the specified <code>CertStore</code> type, an instance of
- * <code>CertStore</code> containing that implementation is returned.
- * If the requested type is not available in the default package, other
- * packages are searched.
- *
- * <p>The <code>CertStore</code> that is returned is initialized with the
- * specified <code>CertStoreParameters</code>. The type of parameters
- * needed may vary between different types of <code>CertStore</code>s.
- * Note that the specified <code>CertStoreParameters</code> object is
- * cloned.
- *
- * @param type the name of the requested <code>CertStore</code> type
- * @param params the initialization parameters (may be <code>null</code>)
- * @return a <code>CertStore</code> object that implements the specified
- * <code>CertStore</code> type
- * @throws NoSuchAlgorithmException if the requested type is not
- * available in the default provider package or any of the other provider
- * packages that were searched
- * @throws InvalidAlgorithmParameterException if the specified
- * initialization parameters are inappropriate for this
- * <code>CertStore</code>
- */
- public static CertStore getInstance(String type, CertStoreParameters params)
- throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
- {
- try {
- if (implMethod == null) {
- throw new NoSuchAlgorithmException(type + " not found");
- }
-
- // The underlying method is static, so we set the object
- // argument to null.
- Object[] objs = (Object[])implMethod.invoke(null,
- new Object[]
- { type,
- "CertStore",
- (String)null,
- params
- } );
- return new CertStore((CertStoreSpi)objs[0],
- (Provider)objs[1], type, params);
- } catch (IllegalAccessException iae) {
- NoSuchAlgorithmException nsae = new
- NoSuchAlgorithmException(type + " not found");
- nsae.initCause(iae);
- throw nsae;
- } catch (InvocationTargetException ite) {
- Throwable t = ite.getCause();
- if (t != null) {
- if (t instanceof InvalidAlgorithmParameterException)
- throw (InvalidAlgorithmParameterException)t;
- if (t instanceof NoSuchAlgorithmException)
- throw (NoSuchAlgorithmException)t;
- }
- NoSuchAlgorithmException nsae = new
- NoSuchAlgorithmException(type + " not found");
- nsae.initCause(ite);
- throw nsae;
- }
- }
-
- /**
- * Returns a <code>CertStore</code> object that implements the specified
- * <code>CertStore</code> type, as supplied by the specified provider
- * and initialized with the specified parameters.
- *
- * <p>The <code>CertStore</code> that is returned is initialized with the
- * specified <code>CertStoreParameters</code>. The type of parameters
- * needed may vary between different types of <code>CertStore</code>s.
- * Note that the specified <code>CertStoreParameters</code> object is
- * cloned.
- *
- * @param type the requested <code>CertStore</code> type
- * @param params the initialization parameters (may be <code>null</code>)
- * @param provider the name of the provider
- * @return a <code>CertStore</code> object that implements the
- * specified type, as supplied by the specified provider
- * @throws NoSuchAlgorithmException if the requested type is not
- * available from the specified provider
- * @throws InvalidAlgorithmParameterException if the specified
- * initialization parameters are inappropriate for this
- * <code>CertStore</code>
- * @throws NoSuchProviderException if the provider has not been configured
- * @exception IllegalArgumentException if the <code>provider</code> is
- * null
- */
- public static CertStore getInstance(String type,
- CertStoreParameters params, String provider)
- throws InvalidAlgorithmParameterException, NoSuchAlgorithmException,
- NoSuchProviderException
- {
- if (provider == null || provider.length() == 0)
- throw new IllegalArgumentException("missing provider");
- try {
- if (implMethod == null) {
- throw new NoSuchAlgorithmException(type + " not found");
- }
-
- // The underlying method is static, so we set the object
- // argument to null.
- Object[] objs = (Object[])implMethod.invoke(null,
- new Object[]
- { type,
- "CertStore",
- provider,
- params
- } );
- return new CertStore((CertStoreSpi)objs[0],
- (Provider)objs[1], type, params);
- } catch (IllegalAccessException iae) {
- NoSuchAlgorithmException nsae = new
- NoSuchAlgorithmException(type + " not found");
- nsae.initCause(iae);
- throw nsae;
- } catch (InvocationTargetException ite) {
- Throwable t = ite.getCause();
- if (t != null) {
- if (t instanceof NoSuchProviderException)
- throw (NoSuchProviderException)t;
- if (t instanceof InvalidAlgorithmParameterException)
- throw (InvalidAlgorithmParameterException)t;
- if (t instanceof NoSuchAlgorithmException)
- throw (NoSuchAlgorithmException)t;
- }
- NoSuchAlgorithmException nsae = new
- NoSuchAlgorithmException(type + " not found");
- nsae.initCause(ite);
- throw nsae;
- }
- }
-
- /**
- * Returns a <code>CertStore</code> object that implements the specified
- * <code>CertStore</code> type, as supplied by the specified provider and
- * initialized with the specified parameters.
- * Note: the <code>provider</code> doesn't have to be registered.
- *
- * <p>The <code>CertStore</code> that is returned is initialized with the
- * specified <code>CertStoreParameters</code>. The type of parameters
- * needed may vary between different types of <code>CertStore</code>s.
- * Note that the specified <code>CertStoreParameters</code> object is
- * cloned.
- *
- * @param type the requested <code>CertStore</code> type
- * @param params the initialization parameters (may be <code>null</code>)
- * @param provider the provider
- * @return a <code>CertStore</code> object that implements the
- * specified type, as supplied by the specified provider
- * @exception NoSuchAlgorithmException if the requested type is not
- * available from the specified provider
- * @throws InvalidAlgorithmParameterException if the specified
- * initialization parameters are inappropriate for this
- * <code>CertStore</code>
- * @exception IllegalArgumentException if the <code>provider</code> is
- * null
- */
- public static CertStore getInstance(String type, CertStoreParameters params,
- Provider provider)
- throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
- {
- if (provider == null)
- throw new IllegalArgumentException("missing provider");
-
- if (implMethod2Set.booleanValue() == false) {
- synchronized (implMethod2Set) {
- if (implMethod2Set.booleanValue() == false) {
- implMethod2 = (Method)
- AccessController.doPrivileged(
- new PrivilegedAction() {
- public Object run() {
- Method m = null;
- try {
- m = cl.getDeclaredMethod("getImpl",
- GET_IMPL_PARAMS2);
- if (m != null)
- m.setAccessible(true);
- } catch (NoSuchMethodException nsme) {
- }
- return m;
- }
- });
- implMethod2Set = new Boolean(true);
- }
- }
- }
-
- if (implMethod2 == null) {
- throw new NoSuchAlgorithmException(type + " not found");
- }
-
- try {
- // The underlying method is static, so we set the object
- // argument to null.
- Object[] objs = (Object[])implMethod2.invoke(null,
- new Object[]
- { type,
- "CertStore",
- provider,
- params
- } );
- return new CertStore((CertStoreSpi)objs[0],
- (Provider)objs[1], type, params);
- } catch (IllegalAccessException iae) {
- NoSuchAlgorithmException nsae = new
- NoSuchAlgorithmException(type + " not found");
- nsae.initCause(iae);
- throw nsae;
- } catch (InvocationTargetException ite) {
- Throwable t = ite.getCause();
- if (t != null) {
- if (t instanceof InvalidAlgorithmParameterException)
- throw (InvalidAlgorithmParameterException)t;
- if (t instanceof NoSuchAlgorithmException)
- throw (NoSuchAlgorithmException)t;
- }
- NoSuchAlgorithmException nsae = new
- NoSuchAlgorithmException(type + " not found");
- nsae.initCause(ite);
- throw nsae;
- }
- }
-
- /**
- * Returns the parameters used to initialize this <code>CertStore</code>.
- * Note that the <code>CertStoreParameters</code> object is cloned before
- * it is returned.
- *
- * @return the parameters used to initialize this <code>CertStore</code>
- * (may be <code>null</code>)
- */
- public final CertStoreParameters getCertStoreParameters() {
- return (params == null ? null : (CertStoreParameters) params.clone());
- }
-
- /**
- * Returns the type of this <code>CertStore</code>.
- *
- * @return the type of this <code>CertStore</code>
- */
- public final String getType() {
- return this.type;
- }
-
- /**
- * Returns the provider of this <code>CertStore</code>.
- *
- * @return the provider of this <code>CertStore</code>
- */
- public final Provider getProvider() {
- return this.provider;
- }
-
- /**
- * Returns the default <code>CertStore</code> type as specified in the
- * Java security properties file, or the string "LDAP" if no
- * such property exists. The Java security properties file is located in
- * the file named <JAVA_HOME>/lib/security/java.security, where
- * <JAVA_HOME> refers to the directory where the SDK was installed.
- *
- * <p>The default <code>CertStore</code> type can be used by applications
- * that do not want to use a hard-coded type when calling one of the
- * <code>getInstance</code> methods, and want to provide a default
- * <code>CertStore</code> type in case a user does not specify its own.
- *
- * <p>The default <code>CertStore</code> type can be changed by setting
- * the value of the "certstore.type" security property (in the Java
- * security properties file) to the desired type.
- *
- * @return the default <code>CertStore</code> type as specified in the
- * Java security properties file, or the string "LDAP"
- * if no such property exists.
- */
- public final static String getDefaultType() {
- String cstype;
- cstype = (String)AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() {
- return Security.getProperty(CERTSTORE_TYPE);
- }
- });
- if (cstype == null) {
- cstype = "LDAP";
- }
- return cstype;
- }
- }