Certificate/CRL Storage Classes

The Java™ Certification Path API also includes the CertStore class for retrieving certificates and CRLs from a repository. This capability is useful because it allows a caller to specify the repository that a CertPathValidator or CertPathBuilder implementation should use to find certificates and CRLs (see the addCertStores method of PKIXParameters for an example).

A CertPathValidator implementation can use the CertStore object that the caller specifies as a callback mechanism to fetch CRLs for performing revocation checks. Similarly, a CertPathBuilder can use the CertStore as a callback mechanism to fetch certitificates and, if performing revocation checks, CRLs.