X509CertSelector

public class X509CertSelector extends Object
implements CertSelector

A CertSelector that selects X509Certificates that match all specified criteria. This class is particularly useful when selecting certificates from a CertStore to build a PKIX-compliant certification path.

When first constructed, an X509CertSelector has no criteria enabled and each of the get methods return a default value (null, or -1 for the getBasicConstraints method). Therefore, the match method would return true for any X509Certificate. Typically, several criteria are enabled (by calling setIssuer or setKeyUsage, for instance) and then the X509CertSelector is passed to CertStore.getCertificates or some similar method.

Several criteria can be enabled (by calling setIssuer and setSerialNumber, for example) such that the match method usually uniquely matches a single X509Certificate. We say usually, since it is possible for two issuing CAs to have the same distinguished name and each issue a certificate with the same serial number. Other unique combinations include the issuer, subject, subjectKeyIdentifier and/or the subjectPublicKey criteria.

Please refer to RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile for definitions of the X.509 certificate extensions mentioned below.

Concurrent Access

Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.

Public Constructor Summary

X509CertSelector()
Creates an X509CertSelector.

Public Method Summary

void
addPathToName(int type, String name)
Adds a name to the pathToNames criterion.
void
addPathToName(int type, byte[] name)
Adds a name to the pathToNames criterion.
void
addSubjectAlternativeName(int type, String name)
Adds a name to the subjectAlternativeNames criterion.
void
addSubjectAlternativeName(int type, byte[] name)
Adds a name to the subjectAlternativeNames criterion.
Object
clone()
Returns a copy of this object.
byte[]
getAuthorityKeyIdentifier()
Returns the authorityKeyIdentifier criterion.
int
getBasicConstraints()
Returns the basic constraints constraint.
X509Certificate
getCertificate()
Returns the certificateEquals criterion.
Date
getCertificateValid()
Returns the certificateValid criterion.
Set<String>
getExtendedKeyUsage()
Returns the extendedKeyUsage criterion.
X500Principal
getIssuer()
Returns the issuer criterion as an X500Principal.
byte[]
getIssuerAsBytes()
Returns the issuer criterion as a byte array.
String
getIssuerAsString()
Denigrated, use {@linkplain #getIssuer()} or {@linkplain #getIssuerAsBytes()} instead.
boolean[]
getKeyUsage()
Returns the keyUsage criterion.
boolean
getMatchAllSubjectAltNames()
Indicates if the X509Certificate must contain all or at least one of the subjectAlternativeNames specified in the setSubjectAlternativeNames or addSubjectAlternativeName methods.
byte[]
getNameConstraints()
Returns the name constraints criterion.
Collection<List<?>>
getPathToNames()
Returns a copy of the pathToNames criterion.
Set<String>
getPolicy()
Returns the policy criterion.
Date
getPrivateKeyValid()
Returns the privateKeyValid criterion.
BigInteger
getSerialNumber()
Returns the serialNumber criterion.
X500Principal
getSubject()
Returns the subject criterion as an X500Principal.
Collection<List<?>>
getSubjectAlternativeNames()
Returns a copy of the subjectAlternativeNames criterion.
byte[]
getSubjectAsBytes()
Returns the subject criterion as a byte array.
String
getSubjectAsString()
Denigrated, use {@linkplain #getSubject()} or {@linkplain #getSubjectAsBytes()} instead.
byte[]
getSubjectKeyIdentifier()
Returns the subjectKeyIdentifier criterion.
PublicKey
getSubjectPublicKey()
Returns the subjectPublicKey criterion.
String
getSubjectPublicKeyAlgID()
Returns the subjectPublicKeyAlgID criterion.
boolean
match(Certificate cert)
Decides whether a Certificate should be selected.
void
setAuthorityKeyIdentifier(byte[] authorityKeyID)
Sets the authorityKeyIdentifier criterion.
void
setBasicConstraints(int minMaxPathLen)
Sets the basic constraints constraint.
void
setCertificate(X509Certificate cert)
Sets the certificateEquals criterion.
void
setCertificateValid(Date certValid)
Sets the certificateValid criterion.
void
setExtendedKeyUsage(Set<String> keyPurposeSet)
Sets the extendedKeyUsage criterion.
void
setIssuer(byte[] issuerDN)
Sets the issuer criterion.
void
setIssuer(X500Principal issuer)
Sets the issuer criterion.