public class X509CertSelector extends Object implements CertSelector
CertSelector that selects X509Certificates that
match all specified criteria. This class is particularly useful when
selecting certificates from a CertStore to build a
PKIX-compliant certification path.
When first constructed, an X509CertSelector has no criteria
enabled and each of the get methods return a default value
(null, or -1 for the getBasicConstraints method). Therefore, the match
method would return true for any X509Certificate.
Typically, several criteria are enabled (by calling
setIssuer or
setKeyUsage, for instance) and then the
X509CertSelector is passed to
CertStore.getCertificates or some similar
method.
Several criteria can be enabled (by calling setIssuer
and setSerialNumber,
for example) such that the match method
usually uniquely matches a single X509Certificate. We say
usually, since it is possible for two issuing CAs to have the same
distinguished name and each issue a certificate with the same serial
number. Other unique combinations include the issuer, subject,
subjectKeyIdentifier and/or the subjectPublicKey criteria.
Please refer to RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile for definitions of the X.509 certificate extensions mentioned below.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
CertSelector,
X509Certificate| Constructor | Description |
|---|---|
X509CertSelector() |
Creates an
X509CertSelector. |
| Modifier and Type | Method | Description |
|---|---|---|
void |
addPathToName(int type,
byte[] name) |
Adds a name to the pathToNames criterion.
|
void |
addPathToName(int type,
String name) |
Adds a name to the pathToNames criterion.
|
void |
addSubjectAlternativeName(int type,
byte[] name) |
Adds a name to the subjectAlternativeNames criterion.
|
void |
addSubjectAlternativeName(int type,
String name) |
Adds a name to the subjectAlternativeNames criterion.
|
Object |
clone() |
Returns a copy of this object.
|
byte[] |
getAuthorityKeyIdentifier() |
Returns the authorityKeyIdentifier criterion.
|
int |
getBasicConstraints() |
Returns the basic constraints constraint.
|
X509Certificate |
getCertificate() |
Returns the certificateEquals criterion.
|
Date |
getCertificateValid() |
Returns the certificateValid criterion.
|
Set< |