/* * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package java.security.cert; import java.security.InvalidAlgorithmParameterException; import java.util.Collection; /** * The Service Provider Interface (SPI) * for the {@link CertStore CertStore} class. All {@code CertStore} * implementations must include a class (the SPI class) that extends * this class ({@code CertStoreSpi}), provides a constructor with * a single argument of type {@code CertStoreParameters}, and implements * all of its methods. In general, instances of this class should only be * accessed through the {@code CertStore} class. * For details, see the Java Cryptography Architecture. *
* Concurrent Access *
* The public methods of all {@code CertStoreSpi} objects must be * thread-safe. That is, multiple threads may concurrently invoke these * methods on a single {@code CertStoreSpi} object (or more than one) * with no ill effects. This allows a {@code CertPathBuilder} to search * for a CRL while simultaneously searching for further certificates, for * instance. *
* Simple {@code CertStoreSpi} implementations will probably ensure * thread safety by adding a {@code synchronized} keyword to their * {@code engineGetCertificates} and {@code engineGetCRLs} methods. * More sophisticated ones may allow truly concurrent access. * * @since 1.4 * @author Steve Hanna */ public abstract class CertStoreSpi { /** * The sole constructor. * * @param params the initialization parameters (may be {@code null}) * @throws InvalidAlgorithmParameterException if the initialization * parameters are inappropriate for this {@code CertStoreSpi} */ public CertStoreSpi(CertStoreParameters params) throws InvalidAlgorithmParameterException { } /** * Returns a {@code Collection} of {@code Certificate}s that * match the specified selector. If no {@code Certificate}s * match the selector, an empty {@code Collection} will be returned. *
* For some {@code CertStore} types, the resulting * {@code Collection} may not contain all of the * {@code Certificate}s that match the selector. For instance, * an LDAP {@code CertStore} may not search all entries in the * directory. Instead, it may just search entries that are likely to * contain the {@code Certificate}s it is looking for. *
* Some {@code CertStore} implementations (especially LDAP * {@code CertStore}s) may throw a {@code CertStoreException} * unless a non-null {@code CertSelector} is provided that includes * specific criteria that can be used to find the certificates. Issuer * and/or subject names are especially useful criteria. * * @param selector A {@code CertSelector} used to select which * {@code Certificate}s should be returned. Specify {@code null} * to return all {@code Certificate}s (if supported). * @return A {@code Collection} of {@code Certificate}s that * match the specified selector (never {@code null}) * @throws CertStoreException if an exception occurs */ public abstract Collection extends Certificate> engineGetCertificates (CertSelector selector) throws CertStoreException; /** * Returns a {@code Collection} of {@code CRL}s that * match the specified selector. If no {@code CRL}s * match the selector, an empty {@code Collection} will be returned. *
* For some {@code CertStore} types, the resulting * {@code Collection} may not contain all of the * {@code CRL}s that match the selector. For instance, * an LDAP {@code CertStore} may not search all entries in the * directory. Instead, it may just search entries that are likely to * contain the {@code CRL}s it is looking for. *
* Some {@code CertStore} implementations (especially LDAP * {@code CertStore}s) may throw a {@code CertStoreException} * unless a non-null {@code CRLSelector} is provided that includes * specific criteria that can be used to find the CRLs. Issuer names * and/or the certificate to be checked are especially useful. * * @param selector A {@code CRLSelector} used to select which * {@code CRL}s should be returned. Specify {@code null} * to return all {@code CRL}s (if supported). * @return A {@code Collection} of {@code CRL}s that * match the specified selector (never {@code null}) * @throws CertStoreException if an exception occurs */ public abstract Collection extends CRL> engineGetCRLs (CRLSelector selector) throws CertStoreException; }