X509CertSelector | Java In A Nutshell, 5th Edition

X509CertSelector

java.security.cert

Java 1.4

cloneable

This class is a CertSelector for X.509 certificates. Its various set methods allow you to specify values for various certificate fields and extensions. The match( ) method will only return true for certificates that have the specified values for those fields and extensions. A full understanding of this class requires detailed knowledge of the X.509 standard which is beyond the scope of this reference. Some of the more important methods are described here, however.

When you want to match exactly one specific certificate, simply pass the desired X509Certificate to setCertificate( ) . Constrain the subject of the certificate with setSubject( ) , setSubjectAlternativeNames( ) , of addSubjectAlternativeName( ) . Constrain the issuer of the certificate with setIssuer( ) . Constrain the public key of the certificate with setPublicKey( ) . Constrain the certificate to be valid on a given date with setCertificateValid( ) . And specify a specific issuer's serial number for the certificate with setSerialNumber( ) .

Java 5.0 adds methods for identifying certificate subjects and issuers with javax.security.auth.x500.X500Principal objects instead of with strings.

Figure 14-72. java.security.cert.X509CertSelector

 public class  X509CertSelector  implements CertSelector {  // Public Constructors  public  X509CertSelector  ( );  // Public Instance Methods  public void  addPathToName  (int  type  , String  name  )          throws java.io.IOException;        public void  addPathToName  (int  type  , byte[ ]  name  )          throws java.io.IOException;        public void  addSubjectAlternativeName  (int  type  , byte[ ]  name  )          throws java.io.IOException;        public void  addSubjectAlternativeName  (int  type  , String  name  )          throws java.io.IOException;        public byte[ ]  getAuthorityKeyIdentifier  ( );  default:null  public int  getBasicConstraints  ( );  default:-1  public X509Certificate  getCertificate  ( );  default:null  public java.util.Date  getCertificateValid  ( );  default:null  public java.util.Set<String>  getExtendedKeyUsage  ( );  default:null   5.0  public javax.security.auth.x500.X500Principal  getIssuer  ( );  default:null  public byte[ ]  getIssuerAsBytes  ( )          throws java.io.IOException;  default:null  public String  getIssuerAsString  ( );  default:null  public boolean[ ]  getKeyUsage  ( );  default:null  public boolean  getMatchAllSubjectAltNames  ( );  default:true  public byte[ ]  getNameConstraints  ( );  default:null  public java.util.Collection<java.util.List<?>>  getPathToNames  ( );  default:null  public java.util.Set<String>  getPolicy  ( );  default:null  public java.util.Date  getPrivateKeyValid  ( );  default:null  public java.math.BigInteger  getSerialNumber  ( );  default:null   5.0  public javax.security.auth.x500.X500Principal  getSubject  ( );  default:null  public java.util.Collection<java.util.List<?>>  getSubjectAlternativeNames  ( );  default:null  public byte[ ]  getSubjectAsBytes  ( )          throws java.io.IOException;  default:null  public String  getSubjectAsString  ( );  default:null  public byte[ ]  getSubjectKeyIdentifier  ( );  default:null  public java.security.PublicKey  getSubjectPublicKey  ( );  default:null  public String  getSubjectPublicKeyAlgID  ( );  default:null  public void  setAuthorityKeyIdentifier  (byte[ ]  authorityKeyID  );        public void  setBasicConstraints  (int  minMaxPathLen  );        public void  setCertificate  (X509Certificate  cert  );        public void  setCertificateValid  (java.util.Date  certValid  );        public void  setExtendedKeyUsage  (java.util.Set<String>  keyPurposeSet  )          throws java.io.IOException;  5.0  public void  setIssuer  (javax.security.auth.x500.X500Principal  issuer  );        public void  setIssuer  (byte[ ]  issuerDN  ) throws java.io.IOException;        public void  setIssuer  (String  issuerDN  ) throws java.io.IOException;        public void  setKeyUsage  (boolean[ ]  keyUsage  );        public void  setMatchAllSubjectAltNames  (boolean  matchAllNames  );        public void  setNameConstraints  (byte[ ]  bytes  ) throws java.io.IOException;        public void  setPathToNames  (java.util.Collection<java.util.List<?>>  names  )          throws java.io.IOException;        public void  setPolicy  (java.util.Set<String>  certPolicySet  ) throws java.io.IOException;        public void  setPrivateKeyValid  (java.util.Date  privateKeyValid  );        public void  setSerialNumber  (java.math.BigInteger  serial  );        public void  setSubject  (String  subjectDN  ) throws java.io.IOException;  5.0  public void  setSubject  (javax.security.auth.x500.X500Principal  subject  );        public void  setSubject  (byte[ ]  subjectDN  ) throws java.io.IOException;        public void  setSubjectAlternativeNames  (java.util.Collection<         java.util.List<?>>  names  ) throws java.io.IOException;        public void  setSubjectKeyIdentifier  (byte[ ]  subjectKeyID  );        public void  setSubjectPublicKey  (byte[ ]  key  ) throws java.io.IOException;        public void  setSubjectPublicKey  (java.security.PublicKey  key  );        public void  setSubjectPublicKeyAlgID  (String  oid  ) throws java.io.IOException;  // Methods Implementing CertSelector  public Object  clone  ( );        public boolean  match  (java.security.cert.Certificate  cert  );  // Public Methods Overriding Object  public String  toString  ( );   }