This class is a CertSelector for X.509 certificates. Its various set methods allow you to specify values for various certificate fields and extensions. The match( ) method will only return true for certificates that have the specified values for those fields and extensions. A full understanding of this class requires detailed knowledge of the X.509 standard which is beyond the scope of this reference. Some of the more important methods are described here, however. When you want to match exactly one specific certificate, simply pass the desired X509Certificate to setCertificate( ) . Constrain the subject of the certificate with setSubject( ) , setSubjectAlternativeNames( ) , of addSubjectAlternativeName( ) . Constrain the issuer of the certificate with setIssuer( ) . Constrain the public key of the certificate with setPublicKey( ) . Constrain the certificate to be valid on a given date with setCertificateValid( ) . And specify a specific issuer's serial number for the certificate with setSerialNumber( ) . Java 5.0 adds methods for identifying certificate subjects and issuers with javax.security.auth.x500.X500Principal objects instead of with strings. Figure 14-72. java.security.cert.X509CertSelectorpublic class X509CertSelector implements CertSelector { // Public Constructors public X509CertSelector ( ); // Public Instance Methods public void addPathToName (int type , String name ) throws java.io.IOException; public void addPathToName (int type , byte[ ] name ) throws java.io.IOException; public void addSubjectAlternativeName (int type , byte[ ] name ) throws java.io.IOException; public void addSubjectAlternativeName (int type , String name ) throws java.io.IOException; public byte[ ] getAuthorityKeyIdentifier ( ); default:null public int getBasicConstraints ( ); default:-1 public X509Certificate getCertificate ( ); default:null public java.util.Date getCertificateValid ( ); default:null public java.util.Set<String> getExtendedKeyUsage ( ); default:null 5.0 public javax.security.auth.x500.X500Principal getIssuer ( ); default:null public byte[ ] getIssuerAsBytes ( ) throws java.io.IOException; default:null public String getIssuerAsString ( ); default:null public boolean[ ] getKeyUsage ( ); default:null public boolean getMatchAllSubjectAltNames ( ); default:true public byte[ ] getNameConstraints ( ); default:null public java.util.Collection<java.util.List<?>> getPathToNames ( ); default:null public java.util.Set<String> getPolicy ( ); default:null public java.util.Date getPrivateKeyValid ( ); default:null public java.math.BigInteger getSerialNumber ( ); default:null 5.0 public javax.security.auth.x500.X500Principal getSubject ( ); default:null public java.util.Collection<java.util.List<?>> getSubjectAlternativeNames ( ); default:null public byte[ ] getSubjectAsBytes ( ) throws java.io.IOException; default:null public String getSubjectAsString ( ); default:null public byte[ ] getSubjectKeyIdentifier ( ); default:null public java.security.PublicKey getSubjectPublicKey ( ); default:null public String getSubjectPublicKeyAlgID ( ); default:null public void setAuthorityKeyIdentifier (byte[ ] authorityKeyID ); public void setBasicConstraints (int minMaxPathLen ); public void setCertificate (X509Certificate cert ); public void setCertificateValid (java.util.Date certValid ); public void setExtendedKeyUsage (java.util.Set<String> keyPurposeSet ) throws java.io.IOException; 5.0 public void setIssuer (javax.security.auth.x500.X500Principal issuer ); public void setIssuer (byte[ ] issuerDN ) throws java.io.IOException; public void setIssuer (String issuerDN ) throws java.io.IOException; public void setKeyUsage (boolean[ ] keyUsage ); public void setMatchAllSubjectAltNames (boolean matchAllNames ); public void setNameConstraints (byte[ ] bytes ) throws java.io.IOException; public void setPathToNames (java.util.Collection<java.util.List<?>> names ) throws java.io.IOException; public void setPolicy (java.util.Set<String> certPolicySet ) throws java.io.IOException; public void setPrivateKeyValid (java.util.Date privateKeyValid ); public void setSerialNumber (java.math.BigInteger serial ); public void setSubject (String subjectDN ) throws java.io.IOException; 5.0 public void setSubject (javax.security.auth.x500.X500Principal subject ); public void setSubject (byte[ ] subjectDN ) throws java.io.IOException; public void setSubjectAlternativeNames (java.util.Collection< java.util.List<?>> names ) throws java.io.IOException; public void setSubjectKeyIdentifier (byte[ ] subjectKeyID ); public void setSubjectPublicKey (byte[ ] key ) throws java.io.IOException; public void setSubjectPublicKey (java.security.PublicKey key ); public void setSubjectPublicKeyAlgID (String oid ) throws java.io.IOException; // Methods Implementing CertSelector public Object clone ( ); public boolean match (java.security.cert.Certificate cert ); // Public Methods Overriding Object public String toString ( ); } |