java.lang.Object | |
↳ | java.security.cert.X509CertSelector |
A certificate selector (CertSelector
for selecting X509Certificate
s that match the specified criteria.
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Creates a new
X509CertSelector . |
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Adds a "pathToName" to the respective criterion.
| |||||||||||
Adds a "pathToName" to the respective criterion.
| |||||||||||
Adds a subject alternative name to the respective criterion.
| |||||||||||
Adds a subject alternative name to the respective criterion.
| |||||||||||
Clones this
X509CertSelector instance. | |||||||||||
Returns the criterion for the AuthorityKeyIdentifier
extension.
| |||||||||||
Returns the criterion for the basic constraints extension.
| |||||||||||
Returns the certificate that a matching certificate must be equal to.
| |||||||||||
Returns the criterion for the validity date of the certificate.
| |||||||||||
Returns the criterion for the ExtendedKeyUsage extension.
| |||||||||||
Returns the issuer that a certificate must match.
| |||||||||||
Returns the issuer that a certificate must match.
| |||||||||||
Do not use, use
getIssuer() or
getIssuerAsBytes() instead. | |||||||||||
Returns the criterion for the KeyUsage extension.
| |||||||||||
Returns the flag for the matching behavior for subject alternative names.
| |||||||||||
Returns the criterion for the name constraints.
| |||||||||||
Returns the criterion for the pathToNames constraint.
| |||||||||||
Returns the criterion for the policy constraint.
| |||||||||||
Returns the criterion for the validity date of the private key.
| |||||||||||
Returns the serial number that a certificate must match.
| |||||||||||
Returns the subject that a certificate must match.
| |||||||||||
Returns the criterion for subject alternative names.
| |||||||||||
Returns the subject that a certificate must match.
| |||||||||||
Do not use, use
getSubject() or
getSubjectAsBytes() instead. | |||||||||||
Returns the criterion for the SubjectKeyIdentifier extension.
| |||||||||||
Returns the criterion for the subject public key.
| |||||||||||
Returns the criterion for the subject public key signature algorithm.
| |||||||||||
Returns whether the specified certificate matches all the criteria
collected in this instance.
| |||||||||||
Sets the criterion for the AuthorityKeyIdentifier extension.
| |||||||||||
Sets the criterion for the basic constraints extension.
| |||||||||||
Sets the certificate that a matching certificate must be equal to.
| |||||||||||
Sets the criterion for the validity date of the certificate.
| |||||||||||
Sets the criterion for the ExtendedKeyUsage extension.
| |||||||||||
Do not use, use
getIssuer() or
getIssuerAsBytes() instead. | |||||||||||
Sets the issuer that a certificate must match.
| |||||||||||
Sets the issuer that a certificate must match.
| |||||||||||
Sets the criterion for the KeyUsage extension.
| |||||||||||
Sets the flag for the matching behavior for subject alternative names.
| |||||||||||
Sets the criterion for the name constraints.
| |||||||||||
Sets the criterion for the pathToNames constraint.
| |||||||||||
Sets the criterion for the policy constraint.
| |||||||||||
Sets the criterion for the validity date of the private key.
| |||||||||||
Sets the serial number that a certificate must match.
| |||||||||||
Set the subject that a certificate must match.
| |||||||||||
Do not use, use
setSubject(byte[]) or
setSubject(X500Principal) instead. | |||||||||||
Sets the subject that a certificate must match.
| |||||||||||
Sets the criterion for subject alternative names.
| |||||||||||
Sets the criterion for the SubjectKeyIdentifier extension.
| |||||||||||
Sets the criterion for the subject public key.
| |||||||||||
Sets the criterion for the subject public key.
| |||||||||||
Sets the criterion for the subject public key signature algorithm.
| |||||||||||
Returns a string representation of this
X509CertSelector
instance. |
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
java.security.cert.CertSelector
|
Adds a "pathToName" to the respective criterion.
type | the type of the name |
---|---|
name | the name in ASN.1 DER encoded form. |
IOException | if decoding fails. |
---|
Adds a "pathToName" to the respective criterion.
type | the type of the name. |
---|---|
name | the name in string format. |
IOException | if parsing fails. |
---|
Adds a subject alternative name to the respective criterion.
tag | the type of the name |
---|---|
name | the name in string format. |
IOException | if parsing the name fails. |
---|
Adds a subject alternative name to the respective criterion.
tag | the type of the name. |
---|---|
name | the name in ASN.1 DER encoded form. |
IOException | if the decoding of the name fails. |
---|
Clones this X509CertSelector
instance.
Returns the criterion for the AuthorityKeyIdentifier extension.
null
if it is not to be
checked.
Returns the criterion for the basic constraints extension.
A value greater than or equal to zero indicates that a certificate must
include a basic constraints extension with a path length of a least that
value. A value of -2
indicates that only end-entity certificates
are accepted. A value of -1
indicates that no check is done.
Returns the certificate that a matching certificate must be equal to.
Returns the criterion for the validity date of the certificate.
null
if the date is not to be
checked.
Returns the criterion for the ExtendedKeyUsage extension.
null
if it's not to be
checked.
Returns the issuer that a certificate must match.
null
if the
issuer is not to be checked.
Returns the issuer that a certificate must match.
null
if the issuer is not to be checked.IOException | if encoding the issuer fails. |
---|
Do not use, use getIssuer()
or
getIssuerAsBytes()
instead. Returns the issuer that a
certificate must match in a RFC 2253 format string.
null
if the
issuer is not to be checked.
Returns the criterion for the KeyUsage extension.
getKeyUsage()
, or null
if the key
usage is not to be checked.
Returns the flag for the matching behavior for subject alternative names.
The flag indicates whether a certificate must contain all or at least one
of the subject alternative names specified by setSubjectAlternativeNames(Collection
or >)
addSubjectAlternativeName(int, byte[])
.
true
if a certificate must contain all of the specified
subject alternative names, otherwise false
.
Returns the criterion for the name constraints.
null
if none specified.Returns the criterion for the pathToNames constraint.
The constraint is a collection with an entry for each name to be included
in the criterion. The name is specified as a List
, the first
entry is an Integer
specifying the name type (0-8), the second
entry is a byte array specifying the name in ASN.1 DER encoded form.
null
if none specified.
Returns the criterion for the policy constraint.
The certificate must have at least one of the certificate policy extensions. For an empty set the certificate must have at least some policies in its policy extension.
null
if not
to be checked.
Returns the criterion for the validity date of the private key.
The private key must be valid at the specified date.
null
if the date is not to be
checked.
Returns the serial number that a certificate must match.
null
if the serial number
is not to be checked.
Returns the subject that a certificate must match.
Returns the criterion for subject alternative names.
the certificate must contain all or at least one of the specified subject
alternative names. The behavior is specified by
getMatchAllSubjectAltNames()
.
The subject alternative names is a collection with an entry for each name
included in the criterion. The name is specified as a List
, the
first entry is an Integer
specifying the name type (0-8), the
second entry is byte array specifying the name in ASN.1 DER encoded form)
null
if none specified.
Returns the subject that a certificate must match.
null
if the subject is not to be checked.IOException | if encoding the subject fails. |
---|
Do not use, use getSubject()
or
getSubjectAsBytes()
instead. Returns the subject that a
certificate must match.
null
if the subject is not to be checked.
Returns the criterion for the SubjectKeyIdentifier extension.
null
if it is not to be
checked.
Returns the criterion for the subject public key.
null
if the key is not to be
checked.
Returns the criterion for the subject public key signature algorithm.
null
if it's not to be checked.
Returns whether the specified certificate matches all the criteria collected in this instance.
certificate | the certificate to check. |
---|
true
if the certificate matches all the criteria,
otherwise false
.
Sets the criterion for the AuthorityKeyIdentifier extension.
authorityKeyIdentifier | the authority key identifier, or null to disable this
check.
|
---|
Sets the criterion for the basic constraints extension.
A value greater than or equal to zero indicates that a certificate must
include a basic constraints extension with a path length of a least that
value. A value of -2
indicates that only end-entity certificates
are accepted. A value of -1
indicates that no check is done.
pathLen | the value specifying the criterion. |
---|
IllegalArgumentException | if pathLen is less than -2 .
|
---|
Sets the certificate that a matching certificate must be equal to.
certificate | the certificate to match, or null to not check this criteria. |
---|
Sets the criterion for the validity date of the certificate.
The certificate must be valid at the specified date.
certificateValid | the validity date or null to not check the date.
|
---|
Sets the criterion for the ExtendedKeyUsage extension.
keyUsage | the set of key usage OIDs, or null to not check it. |
---|
IOException | if one of the OIDs is invalid. |
---|
Do not use, use getIssuer()
or
getIssuerAsBytes()
instead. Sets the issuer that a certificate
must match.
issuerName | the issuer in a RFC 2253 format string, or null to not
check the issuer. |
---|
IOException | if parsing the issuer fails. |
---|
Sets the issuer that a certificate must match.
issuer | the issuer to match, or null if the issuer is not to
be checked.
|
---|
Sets the issuer that a certificate must match.
issuerDN | the distinguished issuer name in ASN.1 DER encoded format, or
null to not check the issuer. |
---|
IOException | if decoding the issuer fail. |
---|
Sets the criterion for the KeyUsage extension.
keyUsage | the boolean array in the format as returned by
getKeyUsage() , or null to not
check the key usage.
|
---|
Sets the flag for the matching behavior for subject alternative names.
The flag indicates whether a certificate must contain all or at least one
of the subject alternative names specified by setSubjectAlternativeNames(Collection
or >)
addSubjectAlternativeName(int, byte[])
.
matchAllNames | true if a certificate must contain all of the
specified subject alternative names, otherwise false .
|
---|
Sets the criterion for the name constraints.
The certificate must constraint subject and subject alternative names that match the specified name constraints.
The name constraints in ASN.1:
NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree GeneralSubtree ::= SEQUENCE { base GeneralName, minimum [0] BaseDistance DEFAULT 0, maximum [1] BaseDistance OPTIONAL } BaseDistance ::= INTEGER (0..MAX) GeneralName ::= CHOICE { otherName [0] OtherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER}
bytes | the name constraints in ASN.1 DER encoded format, or null to not check any constraints. |
---|
IOException | if decoding the name constraints fail. |
---|
Sets the criterion for the pathToNames constraint.
This allows to specify the complete set of names, a certificate's name constraints must permit.
The specified parameter names
is a collection with an entry for
each name to be included in the criterion. The name is specified as a
List
, the first entry must be an Integer
specifying the
name type (0-8), the second entry must be a String
or a byte
array specifying the name (in string or ASN.1 DER encoded form)
names | the names collection or null to not perform this
check. |
---|
IOException | if decoding fails. |
---|
Sets the criterion for the policy constraint.
The certificate must have at least one of the specified certificate policy extensions. For an empty set the certificate must have at least some policies in its policy extension.
policies | the certificate policy OIDs, an empty set, or null to
not perform this check. |
---|
IOException | if parsing the specified OIDs fails. |
---|
Sets the criterion for the validity date of the private key.
The private key must be valid at the specified date.
privateKeyValid | the validity date or null to not check the date.
|
---|
Sets the serial number that a certificate must match.
serialNumber | the serial number to match, or null to not check the
serial number.
|
---|
Set the subject that a certificate must match.
subject | the subject distinguished name or null to not check
the subject.
|
---|
Do not use, use setSubject(byte[])
or
setSubject(X500Principal)
instead. Returns the subject that a
certificate must match.
subjectDN | the subject distinguished name in RFC 2253 format or null to not check the subject. |
---|
IOException | if decoding the subject fails. |
---|
Sets the subject that a certificate must match.
subjectDN | the subject distinguished name in ASN.1 DER format, or null to not check the subject. |
---|
IOException | if decoding the subject fails. |
---|
Sets the criterion for subject alternative names.
the certificate must contain all or at least one of the specified subject
alternative names. The behavior is specified by
getMatchAllSubjectAltNames()
.
The specified parameter names
is a collection with an entry for
each name to be included in the criterion. The name is specified as a
List
, the first entry must be an Integer
specifying the
name type (0-8), the second entry must be a String
or a byte
array specifying the name (in string or ASN.1 DER encoded form)
names | the names collection or null to not perform this check. |
---|
IOException | if the decoding of a name fails. |
---|
Sets the criterion for the SubjectKeyIdentifier extension.
The subjectKeyIdentifier
should be a single DER encoded value.
subjectKeyIdentifier | the subject key identifier or null to disable this
check.
|
---|
Sets the criterion for the subject public key.
key | the subject public key in ASN.1 DER encoded format or null to
not check the key. |
---|
IOException | if decoding the the public key fails. |
---|
Sets the criterion for the subject public key.
key | the subject public key or null to not check the key.
|
---|
Sets the criterion for the subject public key signature algorithm.
The certificate must contain a subject public key with the algorithm specified.
oid | the OID (object identifier) of the signature algorithm or
null to not check the OID. |
---|
IOException | if the specified object identifier is invalid. |
---|
Returns a string representation of this X509CertSelector
instance.
X509CertSelector
instance.