IndexedCollectionCertStore

Class Overview

A CertStore that retrieves Certificates and CRLs from a Collection.

This implementation is functionally equivalent to CollectionCertStore with two differences:

1. Upon construction, the elements in the specified Collection are partially indexed. X509Certificates are indexed by subject, X509CRLs by issuer, non-X509 Certificates and CRLs are copied without indexing, other objects are ignored. This increases CertStore construction time but allows significant speedups for searches which specify the indexed attributes, in particular for large Collections (reduction from linear time to effectively constant time). Searches for non-indexed queries are as fast (or marginally faster) than for the standard CollectionCertStore. Certificate subjects and CRL issuers were found to be specified in most searches used internally by the CertPath provider. Additional attributes could indexed if there are queries that justify the effort.
2. Changes to the specified Collection after construction time are not detected and ignored. This is because there is no way to efficiently detect if a Collection has been modified, a full traversal would be required. That would degrade lookup performance to linear time and eliminated the benefit of indexing. We may fix this via the introduction of new public APIs in the future.

Before calling the engineGetCertificates or engineGetCRLs methods, the #CollectionCertStore(CertStoreParameters) CollectionCertStore(CertStoreParameters) constructor is called to create the CertStore and establish the Collection from which Certificates and CRLs will be retrieved. If the specified Collection contains an object that is not a Certificate or CRL, that object will be ignored.

Concurrent Access

As described in the javadoc for CertStoreSpi, the engineGetCertificates and engineGetCRLs methods must be thread-safe. That is, multiple threads may concurrently invoke these methods on a single CollectionCertStore object (or more than one) with no ill effects.

This is achieved by requiring that the Collection passed to the #CollectionCertStore(CertStoreParameters) CollectionCertStore(CertStoreParameters) constructor (via the CollectionCertStoreParameters object) must have fail-fast iterators. Simultaneous modifications to the Collection can thus be detected and certificate or CRL retrieval can be retried. The fact that Certificates and CRLs must be thread-safe is also essential.

Summary

[Expand] Inherited Methods
From class java.security.cert.CertStoreSpi abstract Collection<? extends CRL> engineGetCRLs(CRLSelector selector) Returns a Collection of CRLs that match the specified selector. abstract Collection<? extends Certificate> engineGetCertificates(CertSelector selector) Returns a Collection of Certificates that match the specified selector.
From class java.lang.Object Object clone() Creates and returns a copy of this object. boolean equals(Object obj) Indicates whether some other object is "equal to" this one. void finalize() Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. final Class<?> getClass() Returns the runtime class of this Object. int hashCode() Returns a hash code value for the object. final void notify() Wakes up a single thread that is waiting on this object's monitor. final void notifyAll() Wakes up all threads that are waiting on this object's monitor. String toString() Returns a string representation of the object. final void wait() Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object. final void wait(long timeout, int nanos) Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object, or some other thread interrupts the current thread, or a certain amount of real time has elapsed. final void wait(long timeout) Causes the current thread to wait until either another thread invokes the notify() method or the notifyAll() method for this object, or a specified amount of time has elapsed.