Team LiB
Previous Section Next Section

X509CertSelectorjava.security.cert
Java 1.4cloneable

This class is a CertSelector for X.509 certificates. Its various set methods allow you to specify values for various certificate fields and extensions. The match( ) method will only return true for certificates that have the specified values for those fields and extensions. A full understanding of this class requires detailed knowledge of the X.509 standard which is beyond the scope of this reference. Some of the more important methods are described here, however.

When you want to match exactly one specific certificate, simply pass the desired X509Certificate to setCertificate( ). Constrain the subject of the certificate with setSubject( ), setSubjectAlternativeNames( ), of addSubjectAlternativeName( ). Constrain the issuer of the certificate with setIssuer( ). Constrain the public key of the certificate with setPublicKey( ). Constrain the certificate to be valid on a given date with setCertificateValid( ). And specify a specific issuer's serial number for the certificate with setSerialNumber( ).

Java 5.0 adds methods for identifying certificate subjects and issuers with javax.security.auth.x500.X500Principal objects instead of with strings.

Figure 14-72. java.security.cert.X509CertSelector


public class X509CertSelector implements CertSelector {
// Public Constructors
     public X509CertSelector( );  
// Public Instance Methods
     public void addPathToName(int type, String name) 
        throws java.io.IOException;  
     public void addPathToName(int type, byte[ ] name) 
        throws java.io.IOException;  
     public void addSubjectAlternativeName(int type, byte[ ] name) 
        throws java.io.IOException;  
     public void addSubjectAlternativeName(int type, String name) 
        throws java.io.IOException;  
     public byte[ ] getAuthorityKeyIdentifier( );               default:null
     public int getBasicConstraints( );                         default:-1
     public X509Certificate getCertificate( );                  default:null
     public java.util.Date getCertificateValid( );              default:null
     public java.util.Set<String> getExtendedKeyUsage( );    default:null
5.0  public javax.security.auth.x500.X500Principal getIssuer( );  default:null
     public byte[ ] getIssuerAsBytes( ) 
        throws java.io.IOException;     default:null
     public String getIssuerAsString( );                        default:null
     public boolean[ ] getKeyUsage( );                          default:null
     public boolean getMatchAllSubjectAltNames( );         default:true
     public byte[ ] getNameConstraints( );                         default:null
     public java.util.Collection<java.util.List<?>> 
        getPathToNames( );     default:null
     public java.util.Set<String> getPolicy( );      default:null
     public java.util.Date getPrivateKeyValid( );          default:null
     public java.math.BigInteger getSerialNumber( );       default:null
5.0  public javax.security.auth.x500.X500Principal 
        getSubject( );     default:null
     public java.util.Collection<java.util.List<?>> 
        getSubjectAlternativeNames( );     default:null
     public byte[ ] getSubjectAsBytes( ) 
        throws java.io.IOException;     default:null
     public String getSubjectAsString( );                default:null
     public byte[ ] getSubjectKeyIdentifier( );          default:null
     public java.security.PublicKey getSubjectPublicKey( );  default:null
     public String getSubjectPublicKeyAlgID( );          default:null
     public void setAuthorityKeyIdentifier(byte[ ] authorityKeyID);  
     public void setBasicConstraints(int minMaxPathLen);  
     public void setCertificate(X509Certificate cert);  
     public void setCertificateValid(java.util.Date certValid);  
     public void setExtendedKeyUsage(java.util.Set<String> keyPurposeSet) 
        throws java.io.IOException;  
5.0  public void setIssuer(javax.security.auth.x500.X500Principal issuer);  
     public void setIssuer(byte[ ] issuerDN) throws java.io.IOException;  
     public void setIssuer(String issuerDN) throws java.io.IOException;  
     public void setKeyUsage(boolean[ ] keyUsage);  
     public void setMatchAllSubjectAltNames(boolean matchAllNames);  
     public void setNameConstraints(byte[ ] bytes) throws java.io.IOException;  
     public void setPathToNames(java.util.Collection<java.util.List<?>> names) 
        throws java.io.IOException;  
     public void setPolicy(java.util.Set<String> certPolicySet) throws java.io.IOException;  
     public void setPrivateKeyValid(java.util.Date privateKeyValid);  
     public void setSerialNumber(java.math.BigInteger serial);  
     public void setSubject(String subjectDN) throws java.io.IOException;  
5.0  public void setSubject(javax.security.auth.x500.X500Principal subject);  
     public void setSubject(byte[ ] subjectDN) throws java.io.IOException;  
     public void setSubjectAlternativeNames(java.util.Collection<
        java.util.List<?>> names) throws java.io.IOException;  
     public void setSubjectKeyIdentifier(byte[ ] subjectKeyID);  
     public void setSubjectPublicKey(byte[ ] key) throws java.io.IOException;  
     public void setSubjectPublicKey(java.security.PublicKey key);  
     public void setSubjectPublicKeyAlgID(String oid) throws java.io.IOException;  
// Methods Implementing CertSelector
     public Object clone( );  
     public boolean match(java.security.cert.Certificate cert);  
// Public Methods Overriding Object
     public String toString( );  
}

    Team LiB
    Previous Section Next Section