--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/CertStoreHelper.java	Sun Aug 17 15:54:13 2014 +0100
@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.provider.certpath;
+
+import java.net.URI;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.security.AccessController;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.security.cert.CertStore;
+import java.security.cert.CertStoreException;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509CRLSelector;
+import javax.security.auth.x500.X500Principal;
+import java.io.IOException;
+
+import sun.security.util.Cache;
+
+/**
+ * Helper used by URICertStore and others when delegating to another CertStore
+ * to fetch certs and CRLs.
+ */
+
+public abstract class CertStoreHelper {
+
+    private static final int NUM_TYPES = 2;
+    private final static Map<String,String> classMap = new HashMap<>(NUM_TYPES);
+    static {
+        classMap.put(
+            "LDAP",
+            "sun.security.provider.certpath.ldap.LDAPCertStoreHelper");
+        classMap.put(
+            "SSLServer",
+            "sun.security.provider.certpath.ssl.SSLServerCertStoreHelper");
+    };
+    private static Cache<String, CertStoreHelper> cache
+        = Cache.newSoftMemoryCache(NUM_TYPES);
+
+    public static CertStoreHelper getInstance(final String type)
+        throws NoSuchAlgorithmException
+    {
+        CertStoreHelper helper = cache.get(type);
+        if (helper != null) {
+            return helper;
+        }
+        final String cl = classMap.get(type);
+        if (cl == null) {
+            throw new NoSuchAlgorithmException(type + " not available");
+        }
+        try {
+            helper = AccessController.doPrivileged(
+                new PrivilegedExceptionAction<CertStoreHelper>() {
+                    public CertStoreHelper run() throws ClassNotFoundException {
+                        try {
+                            Class<?> c = Class.forName(cl, true, null);
+                            CertStoreHelper csh
+                                = (CertStoreHelper)c.newInstance();
+                            cache.put(type, csh);
+                            return csh;
+                        } catch (InstantiationException |
+                                 IllegalAccessException e) {
+                            throw new AssertionError(e);
+                        }
+                    }
+            });
+            return helper;
+        } catch (PrivilegedActionException e) {
+            throw new NoSuchAlgorithmException(type + " not available",
+                                               e.getException());
+        }
+    }
+
+    static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
+        switch (type) {
+            case "LDAP":
+            case "SSLServer":
+                try {
+                    CertStoreHelper csh = CertStoreHelper.getInstance(type);
+                    return csh.isCausedByNetworkIssue(cse);
+                } catch (NoSuchAlgorithmException nsae) {
+                    return false;
+                }
+            case "URI":
+                Throwable t = cse.getCause();
+                return (t != null && t instanceof IOException);
+            default:
+                // we don't know about any other remote CertStore types
+                return false;
+        }
+    }
+
+    /**
+     * Returns a CertStore using the given URI as parameters.
+     */
+    public abstract CertStore getCertStore(URI uri)
+        throws NoSuchAlgorithmException, InvalidAlgorithmParameterException;
+
+    /**
+     * Wraps an existing X509CertSelector when needing to avoid DN matching
+     * issues.
+     */
+    public abstract X509CertSelector wrap(X509CertSelector selector,
+                          X500Principal certSubject,
+                          String dn)
+        throws IOException;
+
+    /**
+     * Wraps an existing X509CRLSelector when needing to avoid DN matching
+     * issues.
+     */
+    public abstract X509CRLSelector wrap(X509CRLSelector selector,
+                         Collection<X500Principal> certIssuers,
+                         String dn)
+        throws IOException;
+
+    /**
+     * Returns true if the cause of the CertStoreException is a network
+     * related issue.
+     */
+    public abstract boolean isCausedByNetworkIssue(CertStoreException e);
+}