This class uses a provider-based architecture. To create a CertStore, call one of the static getInstance methods, passing in the type of CertStore desired, any applicable initialization parameters and optionally the name of the provider desired.

Once the CertStore has been created, it can be used to retrieve Certificates and CRLs by calling its getCertificates and getCRLs methods.

Unlike a KeyStore , which provides access to a cache of private keys and trusted certificates, a CertStore is designed to provide access to a potentially vast repository of untrusted certificates and CRLs. For example, an LDAP implementation of CertStore provides access to certificates and CRLs stored in one or more directories using the LDAP protocol and the schema as defined in the RFC service attribute. See Appendix A in the Java Certification Path API Programmer's Guide for more information about standard CertStore types.

Concurrent Access

All public methods of CertStore objects must be thread-safe. That is, multiple threads may concurrently invoke these methods on a single CertStore object (or more than one) with no ill effects. This allows a CertPathBuilder to search for a CRL while simultaneously searching for further certificates, for instance.

The static methods of this class are also guaranteed to be thread-safe. Multiple threads may concurrently invoke the static methods defined in this class with no ill effects.