CertSelector that selects
match all specified criteria. This class is particularly useful when
selecting certificates from a
CertStore to build a
PKIX-compliant certification path.
When first constructed, an
X509CertSelector has no criteria
enabled and each of the
get methods return a default value
-1 for the
getBasicConstraints method). Therefore, the
method would return
true for any
Typically, several criteria are enabled (by calling
setKeyUsage, for instance) and then the
X509CertSelector is passed to
CertStore.getCertificates or some similar
Several criteria can be enabled (by calling
for example) such that the
usually uniquely matches a single
X509Certificate. We say
usually, since it is possible for two issuing CAs to have the same
distinguished name and each issue a certificate with the same serial
number. Other unique combinations include the issuer, subject,
subjectKeyIdentifier and/or the subjectPublicKey criteria.
Please refer to RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile for definitions of the X.509 certificate extensions mentioned below.
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
Public Constructor Summary
Public Method Summary
addPathToName(int type, byte name)
Adds a name to the pathToNames criterion.
addSubjectAlternativeName(int type, byte name)
Adds a name to the subjectAlternativeNames criterion.<