java.security.cert
Class X509CertSelector

java.lang.Object sample code for java.lang.Object definition code for java.lang.Object 
  extended by java.security.cert.X509CertSelector
All Implemented Interfaces:
Cloneable sample code for java.lang.Cloneable definition code for java.lang.Cloneable , CertSelector sample code for java.security.cert.CertSelector definition code for java.security.cert.CertSelector

public class X509CertSelector
extends Object sample code for java.lang.Object definition code for java.lang.Object
implements CertSelector sample code for java.security.cert.CertSelector definition code for java.security.cert.CertSelector

A CertSelector that selects X509Certificates that match all specified criteria. This class is particularly useful when selecting certificates from a CertStore to build a PKIX-compliant certification path.

When first constructed, an X509CertSelector has no criteria enabled and each of the get methods return a default value (null, or -1 for the getBasicConstraints sample code for java.security.cert.X509CertSelector.getBasicConstraints() definition code for java.security.cert.X509CertSelector.getBasicConstraints() method). Therefore, the match sample code for java.security.cert.X509CertSelector.match(java.security.cert.Certificate) definition code for java.security.cert.X509CertSelector.match(java.security.cert.Certificate) method would return true for any X509Certificate. Typically, several criteria are enabled (by calling setIssuer sample code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) or setKeyUsage sample code for java.security.cert.X509CertSelector.setKeyUsage(boolean[]) definition code for java.security.cert.X509CertSelector.setKeyUsage(boolean[]) , for instance) and then the X509CertSelector is passed to CertStore.getCertificates sample code for java.security.cert.CertStore.getCertificates(java.security.cert.CertSelector) definition code for java.security.cert.CertStore.getCertificates(java.security.cert.CertSelector) or some similar method.

Several criteria can be enabled (by calling setIssuer sample code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) and setSerialNumber sample code for java.security.cert.X509CertSelector.setSerialNumber(java.math.BigInteger) definition code for java.security.cert.X509CertSelector.setSerialNumber(java.math.BigInteger) , for example) such that the match method usually uniquely matches a single X509Certificate. We say usually, since it is possible for two issuing CAs to have the same distinguished name and each issue a certificate with the same serial number. Other unique combinations include the issuer, subject, subjectKeyIdentifier and/or the subjectPublicKey criteria.

Please refer to RFC 2459 for definitions of the X.509 certificate extensions mentioned below.

Concurrent Access

Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.

Since:
1.4
See Also:
CertSelector sample code for java.security.cert.CertSelector definition code for java.security.cert.CertSelector , X509Certificate sample code for java.security.cert.X509Certificate definition code for java.security.cert.X509Certificate

Constructor Summary
X509CertSelector sample code for java.security.cert.X509CertSelector.X509CertSelector() definition code for java.security.cert.X509CertSelector.X509CertSelector() ()
          Creates an X509CertSelector.
 
Method Summary
 void addPathToName sample code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) definition code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) (int type, byte[] name)
          Adds a name to the pathToNames criterion.
 void addPathToName sample code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String) (int type, String sample code for java.lang.String definition code for java.lang.String  name)
          Adds a name to the pathToNames criterion.
 void addSubjectAlternativeName sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) (int type, byte[] name)
          Adds a name to the subjectAlternativeNames criterion.
 void addSubjectAlternativeName sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) (int type, String sample code for java.lang.String definition code for java.lang.String  name)
          Adds a name to the subjectAlternativeNames criterion.
 Object sample code for java.lang.Object definition code for java.lang.Object clone sample code for java.security.cert.X509CertSelector.clone() definition code for java.security.cert.X509CertSelector.clone() ()
          Returns a copy of this object.
 byte[] getAuthorityKeyIdentifier sample code for java.security.cert.X509CertSelector.getAuthorityKeyIdentifier() definition code for java.security.cert.X509CertSelector.getAuthorityKeyIdentifier() ()
          Returns the authorityKeyIdentifier criterion.
 int getBasicConstraints sample code for java.security.cert.X509CertSelector.getBasicConstraints() definition code for java.security.cert.X509CertSelector.getBasicConstraints() ()
          Returns the basic constraints constraint.
 X509Certificate sample code for java.security.cert.X509Certificate definition code for java.security.cert.X509Certificate getCertificate sample code for java.security.cert.X509CertSelector.getCertificate() definition code for java.security.cert.X509CertSelector.getCertificate() ()
          Returns the certificateEquals criterion.
 Date sample code for java.util.Date definition code for java.util.Date getCertificateValid sample code for java.security.cert.X509CertSelector.getCertificateValid() definition code for java.security.cert.X509CertSelector.getCertificateValid() ()
          Returns the certificateValid criterion.
 Set sample code for java.util.Set definition code for java.util.Set <String sample code for java.lang.String definition code for java.lang.String > getExtendedKeyUsage sample code for java.security.cert.X509CertSelector.getExtendedKeyUsage() definition code for java.security.cert.X509CertSelector.getExtendedKeyUsage() ()
          Returns the extendedKeyUsage criterion.
 X500Principal sample code for javax.security.auth.x500.X500Principal definition code for javax.security.auth.x500.X500Principal getIssuer sample code for java.security.cert.X509CertSelector.getIssuer() definition code for java.security.cert.X509CertSelector.getIssuer() ()
          Returns the issuer criterion as an X500Principal.
 byte[] getIssuerAsBytes sample code for java.security.cert.X509CertSelector.getIssuerAsBytes() definition code for java.security.cert.X509CertSelector.getIssuerAsBytes() ()
          Returns the issuer criterion as a byte array.
 String sample code for java.lang.String definition code for java.lang.String getIssuerAsString sample code for java.security.cert.X509CertSelector.getIssuerAsString() definition code for java.security.cert.X509CertSelector.getIssuerAsString() ()
          Denigrated, use getIssuer() sample code for java.security.cert.X509CertSelector.getIssuer() definition code for java.security.cert.X509CertSelector.getIssuer() or getIssuerAsBytes() sample code for java.security.cert.X509CertSelector.getIssuerAsBytes() definition code for java.security.cert.X509CertSelector.getIssuerAsBytes() instead.
 boolean[] getKeyUsage sample code for java.security.cert.X509CertSelector.getKeyUsage() definition code for java.security.cert.X509CertSelector.getKeyUsage() ()
          Returns the keyUsage criterion.
 boolean getMatchAllSubjectAltNames sample code for java.security.cert.X509CertSelector.getMatchAllSubjectAltNames() definition code for java.security.cert.X509CertSelector.getMatchAllSubjectAltNames() ()
          Indicates if the X509Certificate must contain all or at least one of the subjectAlternativeNames specified in the setSubjectAlternativeNames sample code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) definition code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) or addSubjectAlternativeName sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) methods.
 byte[] getNameConstraints sample code for java.security.cert.X509CertSelector.getNameConstraints() definition code for java.security.cert.X509CertSelector.getNameConstraints() ()
          Returns the name constraints criterion.
 Collection sample code for java.util.Collection definition code for java.util.Collection <List sample code for java.util.List definition code for java.util.List <?>> getPathToNames sample code for java.security.cert.X509CertSelector.getPathToNames() definition code for java.security.cert.X509CertSelector.getPathToNames() ()
          Returns a copy of the pathToNames criterion.
 Set sample code for java.util.Set definition code for java.util.Set <String sample code for java.lang.String definition code for java.lang.String > getPolicy sample code for java.security.cert.X509CertSelector.getPolicy() definition code for java.security.cert.X509CertSelector.getPolicy() ()
          Returns the policy criterion.
 Date sample code for java.util.Date definition code for java.util.Date getPrivateKeyValid sample code for java.security.cert.X509CertSelector.getPrivateKeyValid() definition code for java.security.cert.X509CertSelector.getPrivateKeyValid() ()
          Returns the privateKeyValid criterion.
 BigInteger sample code for java.math.BigInteger definition code for java.math.BigInteger getSerialNumber sample code for java.security.cert.X509CertSelector.getSerialNumber() definition code for java.security.cert.X509CertSelector.getSerialNumber() ()
          Returns the serialNumber criterion.
 X500Principal sample code for javax.security.auth.x500.X500Principal definition code for javax.security.auth.x500.X500Principal getSubject sample code for java.security.cert.X509CertSelector.getSubject() definition code for java.security.cert.X509CertSelector.getSubject() ()
          Returns the subject criterion as an X500Principal.
 Collection sample code for java.util.Collection definition code for java.util.Collection <List sample code for java.util.List definition code for java.util.List <?>> getSubjectAlternativeNames sample code for java.security.cert.X509CertSelector.getSubjectAlternativeNames() definition code for java.security.cert.X509CertSelector.getSubjectAlternativeNames() ()
          Returns a copy of the subjectAlternativeNames criterion.
 byte[] getSubjectAsBytes sample code for java.security.cert.X509CertSelector.getSubjectAsBytes() definition code for java.security.cert.X509CertSelector.getSubjectAsBytes() ()
          Returns the subject criterion as a byte array.
 String sample code for java.lang.String definition code for java.lang.String getSubjectAsString sample code for java.security.cert.X509CertSelector.getSubjectAsString() definition code for java.security.cert.X509CertSelector.getSubjectAsString() ()
          Denigrated, use getSubject() sample code for java.security.cert.X509CertSelector.getSubject() definition code for java.security.cert.X509CertSelector.getSubject() or getSubjectAsBytes() sample code for java.security.cert.X509CertSelector.getSubjectAsBytes() definition code for java.security.cert.X509CertSelector.getSubjectAsBytes() instead.
 byte[] getSubjectKeyIdentifier sample code for java.security.cert.X509CertSelector.getSubjectKeyIdentifier() definition code for java.security.cert.X509CertSelector.getSubjectKeyIdentifier() ()
          Returns the subjectKeyIdentifier criterion.
 PublicKey sample code for java.security.PublicKey definition code for java.security.PublicKey getSubjectPublicKey sample code for java.security.cert.X509CertSelector.getSubjectPublicKey() definition code for java.security.cert.X509CertSelector.getSubjectPublicKey() ()
          Returns the subjectPublicKey criterion.
 String sample code for java.lang.String definition code for java.lang.String getSubjectPublicKeyAlgID sample code for java.security.cert.X509CertSelector.getSubjectPublicKeyAlgID() definition code for java.security.cert.X509CertSelector.getSubjectPublicKeyAlgID() ()
          Returns the subjectPublicKeyAlgID criterion.
 boolean match sample code for java.security.cert.X509CertSelector.match(java.security.cert.Certificate) definition code for java.security.cert.X509CertSelector.match(java.security.cert.Certificate) (Certificate sample code for java.security.cert.Certificate definition code for java.security.cert.Certificate  cert)
          Decides whether a Certificate should be selected.
 void setAuthorityKeyIdentifier sample code for java.security.cert.X509CertSelector.setAuthorityKeyIdentifier(byte[]) definition code for java.security.cert.X509CertSelector.setAuthorityKeyIdentifier(byte[]) (byte[] authorityKeyID)
          Sets the authorityKeyIdentifier criterion.
 void setBasicConstraints sample code for java.security.cert.X509CertSelector.setBasicConstraints(int) definition code for java.security.cert.X509CertSelector.setBasicConstraints(int) (int minMaxPathLen)
          Sets the basic constraints constraint.
 void setCertificate sample code for java.security.cert.X509CertSelector.setCertificate(java.security.cert.X509Certificate) definition code for java.security.cert.X509CertSelector.setCertificate(java.security.cert.X509Certificate) (X509Certificate sample code for java.security.cert.X509Certificate definition code for java.security.cert.X509Certificate  cert)
          Sets the certificateEquals criterion.
 void setCertificateValid sample code for java.security.cert.X509CertSelector.setCertificateValid(java.util.Date) definition code for java.security.cert.X509CertSelector.setCertificateValid(java.util.Date) (Date sample code for java.util.Date definition code for java.util.Date  certValid)
          Sets the certificateValid criterion.
 void setExtendedKeyUsage sample code for java.security.cert.X509CertSelector.setExtendedKeyUsage(java.util.Set) definition code for java.security.cert.X509CertSelector.setExtendedKeyUsage(java.util.Set) (Set sample code for java.util.Set definition code for java.util.Set <String sample code for java.lang.String definition code for java.lang.String > keyPurposeSet)
          Sets the extendedKeyUsage criterion.
 void setIssuer sample code for java.security.cert.X509CertSelector.setIssuer(byte[]) definition code for java.security.cert.X509CertSelector.setIssuer(byte[]) (byte[] issuerDN)
          Sets the issuer criterion.
 void setIssuer sample code for java.security.cert.X509CertSelector.setIssuer(java.lang.String) definition code for java.security.cert.X509CertSelector.setIssuer(java.lang.String) (String sample code for java.lang.String definition code for java.lang.String  issuerDN)
          Denigrated, use setIssuer(X500Principal) sample code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) or setIssuer(byte[]) sample code for java.security.cert.X509CertSelector.setIssuer(byte[]) definition code for java.security.cert.X509CertSelector.setIssuer(byte[]) instead.
 void setIssuer sample code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) (X500Principal sample code for javax.security.auth.x500.X500Principal definition code for javax.security.auth.x500.X500Principal  issuer)
          Sets the issuer criterion.
 void setKeyUsage sample code for java.security.cert.X509CertSelector.setKeyUsage(boolean[]) definition code for java.security.cert.X509CertSelector.setKeyUsage(boolean[]) (boolean[] keyUsage)
          Sets the keyUsage criterion.
 void setMatchAllSubjectAltNames sample code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) definition code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) (boolean matchAllNames)
          Enables/disables matching all of the subjectAlternativeNames specified in the setSubjectAlternativeNames sample code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) definition code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) or addSubjectAlternativeName sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) methods.
 void setNameConstraints sample code for java.security.cert.X509CertSelector.setNameConstraints(byte[]) definition code for java.security.cert.X509CertSelector.setNameConstraints(byte[]) (byte[] bytes)
          Sets the name constraints criterion.
 void setPathToNames sample code for java.security.cert.X509CertSelector.setPathToNames(java.util.Collection) definition code for java.security.cert.X509CertSelector.setPathToNames(java.util.Collection) (Collection sample code for java.util.Collection definition code for java.util.Collection <List sample code for java.util.List definition code for java.util.List <?>> names)
          Sets the pathToNames criterion.
 void setPolicy sample code for java.security.cert.X509CertSelector.setPolicy(java.util.Set) definition code for java.security.cert.X509CertSelector.setPolicy(java.util.Set) (Set sample code for java.util.Set definition code for java.util.Set <String sample code for java.lang.String definition code for java.lang.String > certPolicySet)
          Sets the policy constraint.
 void setPrivateKeyValid sample code for java.security.cert.X509CertSelector.setPrivateKeyValid(java.util.Date) definition code for java.security.cert.X509CertSelector.setPrivateKeyValid(java.util.Date) (Date sample code for java.util.Date definition code for java.util.Date  privateKeyValid)
          Sets the privateKeyValid criterion.
 void setSerialNumber sample code for java.security.cert.X509CertSelector.setSerialNumber(java.math.BigInteger) definition code for java.security.cert.X509CertSelector.setSerialNumber(java.math.BigInteger) (BigInteger sample code for java.math.BigInteger definition code for java.math.BigInteger  serial)
          Sets the serialNumber criterion.
 void setSubject sample code for java.security.cert.X509CertSelector.setSubject(byte[]) definition code for java.security.cert.X509CertSelector.setSubject(byte[]) (byte[] subjectDN)
          Sets the subject criterion.
 void setSubject sample code for java.security.cert.X509CertSelector.setSubject(java.lang.String) definition code for java.security.cert.X509CertSelector.setSubject(java.lang.String) (String sample code for java.lang.String definition code for java.lang.String  subjectDN)
          Denigrated, use setSubject(X500Principal) sample code for java.security.cert.X509CertSelector.setSubject(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setSubject(javax.security.auth.x500.X500Principal) or setSubject(byte[]) sample code for java.security.cert.X509CertSelector.setSubject(byte[]) definition code for java.security.cert.X509CertSelector.setSubject(byte[]) instead.
 void setSubject sample code for java.security.cert.X509CertSelector.setSubject(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setSubject(javax.security.auth.x500.X500Principal) (X500Principal sample code for javax.security.auth.x500.X500Principal definition code for javax.security.auth.x500.X500Principal  subject)
          Sets the subject criterion.
 void setSubjectAlternativeNames sample code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) definition code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) (Collection sample code for java.util.Collection definition code for java.util.Collection <List sample code for java.util.List definition code for java.util.List <?>> names)
          Sets the subjectAlternativeNames criterion.
 void setSubjectKeyIdentifier sample code for java.security.cert.X509CertSelector.setSubjectKeyIdentifier(byte[]) definition code for java.security.cert.X509CertSelector.setSubjectKeyIdentifier(byte[]) (byte[] subjectKeyID)
          Sets the subjectKeyIdentifier criterion.
 void setSubjectPublicKey sample code for java.security.cert.X509CertSelector.setSubjectPublicKey(byte[]) definition code for java.security.cert.X509CertSelector.setSubjectPublicKey(byte[]) (byte[] key)
          Sets the subjectPublicKey criterion.
 void setSubjectPublicKey sample code for java.security.cert.X509CertSelector.setSubjectPublicKey(java.security.PublicKey) definition code for java.security.cert.X509CertSelector.setSubjectPublicKey(java.security.PublicKey) (PublicKey sample code for java.security.PublicKey definition code for java.security.PublicKey  key)
          Sets the subjectPublicKey criterion.
 void setSubjectPublicKeyAlgID sample code for java.security.cert.X509CertSelector.setSubjectPublicKeyAlgID(java.lang.String) definition code for java.security.cert.X509CertSelector.setSubjectPublicKeyAlgID(java.lang.String) (String sample code for java.lang.String definition code for java.lang.String  oid)
          Sets the subjectPublicKeyAlgID criterion.
 String sample code for java.lang.String definition code for java.lang.String toString sample code for java.security.cert.X509CertSelector.toString() definition code for java.security.cert.X509CertSelector.toString() ()
          Return a printable representation of the CertSelector.
 
Methods inherited from class java.lang.Object sample code for java.lang.Object definition code for java.lang.Object
equals sample code for java.lang.Object.equals(java.lang.Object) definition code for java.lang.Object.equals(java.lang.Object) , finalize sample code for java.lang.Object.finalize() definition code for java.lang.Object.finalize() , getClass sample code for java.lang.Object.getClass() definition code for java.lang.Object.getClass() , hashCode sample code for java.lang.Object.hashCode() definition code for java.lang.Object.hashCode() , notify sample code for java.lang.Object.notify() definition code for java.lang.Object.notify() , notifyAll sample code for java.lang.Object.notifyAll() definition code for java.lang.Object.notifyAll() , wait sample code for java.lang.Object.wait() definition code for java.lang.Object.wait() , wait sample code for java.lang.Object.wait(long) definition code for java.lang.Object.wait(long) , wait sample code for java.lang.Object.wait(long, int) definition code for java.lang.Object.wait(long, int)
 

Constructor Detail

X509CertSelector sample code for java.security.cert.X509CertSelector() definition code for java.security.cert.X509CertSelector()

public X509CertSelector()
Creates an X509CertSelector. Initially, no criteria are set so any X509Certificate will match.

Method Detail

setCertificate sample code for java.security.cert.X509CertSelector.setCertificate(java.security.cert.X509Certificate) definition code for java.security.cert.X509CertSelector.setCertificate(java.security.cert.X509Certificate)

public void setCertificate(X509Certificate sample code for java.security.cert.X509Certificate definition code for java.security.cert.X509Certificate  cert)
Sets the certificateEquals criterion. The specified X509Certificate must be equal to the X509Certificate passed to the match method. If null, then this check is not applied.

This method is particularly useful when it is necessary to match a single certificate. Although other criteria can be specified in conjunction with the certificateEquals criterion, it is usually not practical or necessary.

Parameters:
cert - the X509Certificate to match (or null)
See Also:
getCertificate() sample code for java.security.cert.X509CertSelector.getCertificate() definition code for java.security.cert.X509CertSelector.getCertificate()

setSerialNumber sample code for java.security.cert.X509CertSelector.setSerialNumber(java.math.BigInteger) definition code for java.security.cert.X509CertSelector.setSerialNumber(java.math.BigInteger)

public void setSerialNumber(BigInteger sample code for java.math.BigInteger definition code for java.math.BigInteger  serial)
Sets the serialNumber criterion. The specified serial number must match the certificate serial number in the X509Certificate. If null, any certificate serial number will do.

Parameters:
serial - the certificate serial number to match (or null)
See Also:
getSerialNumber() sample code for java.security.cert.X509CertSelector.getSerialNumber() definition code for java.security.cert.X509CertSelector.getSerialNumber()

setIssuer sample code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal)

public void setIssuer(X500Principal sample code for javax.security.auth.x500.X500Principal definition code for javax.security.auth.x500.X500Principal  issuer)
Sets the issuer criterion. The specified distinguished name must match the issuer distinguished name in the X509Certificate. If null, any issuer distinguished name will do.

Parameters:
issuer - a distinguished name as X500Principal (or null)
Since:
1.5

setIssuer sample code for java.security.cert.X509CertSelector.setIssuer(java.lang.String) definition code for java.security.cert.X509CertSelector.setIssuer(java.lang.String)

public void setIssuer(String sample code for java.lang.String definition code for java.lang.String  issuerDN)
               throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Denigrated, use setIssuer(X500Principal) sample code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setIssuer(javax.security.auth.x500.X500Principal) or setIssuer(byte[]) sample code for java.security.cert.X509CertSelector.setIssuer(byte[]) definition code for java.security.cert.X509CertSelector.setIssuer(byte[]) instead. This method should not be relied on as it can fail to match some certificates because of a loss of encoding information in the RFC 2253 String form of some distinguished names.

Sets the issuer criterion. The specified distinguished name must match the issuer distinguished name in the X509Certificate. If null, any issuer distinguished name will do.

If issuerDN is not null, it should contain a distinguished name, in RFC 2253 format.

Parameters:
issuerDN - a distinguished name in RFC 2253 format (or null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs (incorrect form for DN)

setIssuer sample code for java.security.cert.X509CertSelector.setIssuer(byte[]) definition code for java.security.cert.X509CertSelector.setIssuer(byte[])

public void setIssuer(byte[] issuerDN)
               throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Sets the issuer criterion. The specified distinguished name must match the issuer distinguished name in the X509Certificate. If null is specified, the issuer criterion is disabled and any issuer distinguished name will do.

If issuerDN is not null, it should contain a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure is as follows.


 Name ::= CHOICE {
   RDNSequence }

 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

 RelativeDistinguishedName ::=
   SET SIZE (1 .. MAX) OF AttributeTypeAndValue

 AttributeTypeAndValue ::= SEQUENCE {
   type     AttributeType,
   value    AttributeValue }

 AttributeType ::= OBJECT IDENTIFIER

 AttributeValue ::= ANY DEFINED BY AttributeType
 ....
 DirectoryString ::= CHOICE {
       teletexString           TeletexString (SIZE (1..MAX)),
       printableString         PrintableString (SIZE (1..MAX)),
       universalString         UniversalString (SIZE (1..MAX)),
       utf8String              UTF8String (SIZE (1.. MAX)),
       bmpString               BMPString (SIZE (1..MAX)) }
 

Note that the byte array specified here is cloned to protect against subsequent modifications.

Parameters:
issuerDN - a byte array containing the distinguished name in ASN.1 DER encoded form (or null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if an encoding error occurs (incorrect form for DN)

setSubject sample code for java.security.cert.X509CertSelector.setSubject(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setSubject(javax.security.auth.x500.X500Principal)

public void setSubject(X500Principal sample code for javax.security.auth.x500.X500Principal definition code for javax.security.auth.x500.X500Principal  subject)
Sets the subject criterion. The specified distinguished name must match the subject distinguished name in the X509Certificate. If null, any subject distinguished name will do.

Parameters:
subject - a distinguished name as X500Principal (or null)
Since:
1.5

setSubject sample code for java.security.cert.X509CertSelector.setSubject(java.lang.String) definition code for java.security.cert.X509CertSelector.setSubject(java.lang.String)

public void setSubject(String sample code for java.lang.String definition code for java.lang.String  subjectDN)
                throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Denigrated, use setSubject(X500Principal) sample code for java.security.cert.X509CertSelector.setSubject(javax.security.auth.x500.X500Principal) definition code for java.security.cert.X509CertSelector.setSubject(javax.security.auth.x500.X500Principal) or setSubject(byte[]) sample code for java.security.cert.X509CertSelector.setSubject(byte[]) definition code for java.security.cert.X509CertSelector.setSubject(byte[]) instead. This method should not be relied on as it can fail to match some certificates because of a loss of encoding information in the RFC 2253 String form of some distinguished names.

Sets the subject criterion. The specified distinguished name must match the subject distinguished name in the X509Certificate. If null, any subject distinguished name will do.

If subjectDN is not null, it should contain a distinguished name, in RFC 2253 format.

Parameters:
subjectDN - a distinguished name in RFC 2253 format (or null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs (incorrect form for DN)

setSubject sample code for java.security.cert.X509CertSelector.setSubject(byte[]) definition code for java.security.cert.X509CertSelector.setSubject(byte[])

public void setSubject(byte[] subjectDN)
                throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Sets the subject criterion. The specified distinguished name must match the subject distinguished name in the X509Certificate. If null, any subject distinguished name will do.

If subjectDN is not null, it should contain a single DER encoded distinguished name, as defined in X.501. For the ASN.1 notation for this structure, see setIssuer(byte [] issuerDN) sample code for java.security.cert.X509CertSelector.setIssuer(byte[]) definition code for java.security.cert.X509CertSelector.setIssuer(byte[]) .

Parameters:
subjectDN - a byte array containing the distinguished name in ASN.1 DER format (or null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if an encoding error occurs (incorrect form for DN)

setSubjectKeyIdentifier sample code for java.security.cert.X509CertSelector.setSubjectKeyIdentifier(byte[]) definition code for java.security.cert.X509CertSelector.setSubjectKeyIdentifier(byte[])

public void setSubjectKeyIdentifier(byte[] subjectKeyID)
Sets the subjectKeyIdentifier criterion. The X509Certificate must contain a SubjectKeyIdentifier extension for which the contents of the extension matches the specified criterion value. If the criterion value is null, no subjectKeyIdentifier check will be done.

If subjectKeyID is not null, it should contain a single DER encoded value corresponding to the contents of the extension value (not including the object identifier, criticality setting, and encapsulating OCTET STRING) for a SubjectKeyIdentifier extension. The ASN.1 notation for this structure follows.


 SubjectKeyIdentifier ::= KeyIdentifier

 KeyIdentifier ::= OCTET STRING
 

Since the format of subject key identifiers is not mandated by any standard, subject key identifiers are not parsed by the X509CertSelector. Instead, the values are compared using a byte-by-byte comparison.

Note that the byte array supplied here is cloned to protect against subsequent modifications.

Parameters:
subjectKeyID - the subject key identifier (or null)
See Also:
getSubjectKeyIdentifier() sample code for java.security.cert.X509CertSelector.getSubjectKeyIdentifier() definition code for java.security.cert.X509CertSelector.getSubjectKeyIdentifier()

setAuthorityKeyIdentifier sample code for java.security.cert.X509CertSelector.setAuthorityKeyIdentifier(byte[]) definition code for java.security.cert.X509CertSelector.setAuthorityKeyIdentifier(byte[])

public void setAuthorityKeyIdentifier(byte[] authorityKeyID)
Sets the authorityKeyIdentifier criterion. The X509Certificate must contain an AuthorityKeyIdentifier extension for which the contents of the extension value matches the specified criterion value. If the criterion value is null, no authorityKeyIdentifier check will be done.

If authorityKeyID is not null, it should contain a single DER encoded value corresponding to the contents of the extension value (not including the object identifier, criticality setting, and encapsulating OCTET STRING) for an AuthorityKeyIdentifier extension. The ASN.1 notation for this structure follows.


 AuthorityKeyIdentifier ::= SEQUENCE {
    keyIdentifier             [0] KeyIdentifier           OPTIONAL,
    authorityCertIssuer       [1] GeneralNames            OPTIONAL,
    authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL  }

 KeyIdentifier ::= OCTET STRING
 

Authority key identifiers are not parsed by the X509CertSelector. Instead, the values are compared using a byte-by-byte comparison.

When the keyIdentifier field of AuthorityKeyIdentifier is populated, the value is usually taken from the SubjectKeyIdentifier extension in the issuer's certificate. Note, however, that the result of X509Certificate.getExtensionValue(<SubjectKeyIdentifier Object Identifier>) on the issuer's certificate may NOT be used directly as the input to setAuthorityKeyIdentifier. This is because the SubjectKeyIdentifier contains only a KeyIdentifier OCTET STRING, and not a SEQUENCE of KeyIdentifier, GeneralNames, and CertificateSerialNumber. In order to use the extension value of the issuer certificate's SubjectKeyIdentifier extension, it will be necessary to extract the value of the embedded KeyIdentifier OCTET STRING, then DER encode this OCTET STRING inside a SEQUENCE. For more details on SubjectKeyIdentifier, see setSubjectKeyIdentifier(byte[] subjectKeyID) sample code for java.security.cert.X509CertSelector.setSubjectKeyIdentifier(byte[]) definition code for java.security.cert.X509CertSelector.setSubjectKeyIdentifier(byte[]) .

Note also that the byte array supplied here is cloned to protect against subsequent modifications.

Parameters:
authorityKeyID - the authority key identifier (or null)
See Also:
getAuthorityKeyIdentifier() sample code for java.security.cert.X509CertSelector.getAuthorityKeyIdentifier() definition code for java.security.cert.X509CertSelector.getAuthorityKeyIdentifier()

setCertificateValid sample code for java.security.cert.X509CertSelector.setCertificateValid(java.util.Date) definition code for java.security.cert.X509CertSelector.setCertificateValid(java.util.Date)

public void setCertificateValid(Date sample code for java.util.Date definition code for java.util.Date  certValid)
Sets the certificateValid criterion. The specified date must fall within the certificate validity period for the X509Certificate. If null, no certificateValid check will be done.

Note that the Date supplied here is cloned to protect against subsequent modifications.

Parameters:
certValid - the Date to check (or null)
See Also:
getCertificateValid() sample code for java.security.cert.X509CertSelector.getCertificateValid() definition code for java.security.cert.X509CertSelector.getCertificateValid()

setPrivateKeyValid sample code for java.security.cert.X509CertSelector.setPrivateKeyValid(java.util.Date) definition code for java.security.cert.X509CertSelector.setPrivateKeyValid(java.util.Date)

public void setPrivateKeyValid(Date sample code for java.util.Date definition code for java.util.Date  privateKeyValid)
Sets the privateKeyValid criterion. The specified date must fall within the private key validity period for the X509Certificate. If null, no privateKeyValid check will be done.

Note that the Date supplied here is cloned to protect against subsequent modifications.

Parameters:
privateKeyValid - the Date to check (or null)
See Also:
getPrivateKeyValid() sample code for java.security.cert.X509CertSelector.getPrivateKeyValid() definition code for java.security.cert.X509CertSelector.getPrivateKeyValid()

setSubjectPublicKeyAlgID sample code for java.security.cert.X509CertSelector.setSubjectPublicKeyAlgID(java.lang.String) definition code for java.security.cert.X509CertSelector.setSubjectPublicKeyAlgID(java.lang.String)

public void setSubjectPublicKeyAlgID(String sample code for java.lang.String definition code for java.lang.String  oid)
                              throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Sets the subjectPublicKeyAlgID criterion. The X509Certificate must contain a subject public key with the specified algorithm. If null, no subjectPublicKeyAlgID check will be done.

Parameters:
oid - The object identifier (OID) of the algorithm to check for (or null). An OID is represented by a set of nonnegative integers separated by periods.
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if the OID is invalid, such as the first component being not 0, 1 or 2 or the second component being greater than 39.
See Also:
getSubjectPublicKeyAlgID() sample code for java.security.cert.X509CertSelector.getSubjectPublicKeyAlgID() definition code for java.security.cert.X509CertSelector.getSubjectPublicKeyAlgID()

setSubjectPublicKey sample code for java.security.cert.X509CertSelector.setSubjectPublicKey(java.security.PublicKey) definition code for java.security.cert.X509CertSelector.setSubjectPublicKey(java.security.PublicKey)

public void setSubjectPublicKey(PublicKey sample code for java.security.PublicKey definition code for java.security.PublicKey  key)
Sets the subjectPublicKey criterion. The X509Certificate must contain the specified subject public key. If null, no subjectPublicKey check will be done.

Parameters:
key - the subject public key to check for (or null)
See Also:
getSubjectPublicKey() sample code for java.security.cert.X509CertSelector.getSubjectPublicKey() definition code for java.security.cert.X509CertSelector.getSubjectPublicKey()

setSubjectPublicKey sample code for java.security.cert.X509CertSelector.setSubjectPublicKey(byte[]) definition code for java.security.cert.X509CertSelector.setSubjectPublicKey(byte[])

public void setSubjectPublicKey(byte[] key)
                         throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Sets the subjectPublicKey criterion. The X509Certificate must contain the specified subject public key. If null, no subjectPublicKey check will be done.

Because this method allows the public key to be specified as a byte array, it may be used for unknown key types.

If key is not null, it should contain a single DER encoded SubjectPublicKeyInfo structure, as defined in X.509. The ASN.1 notation for this structure is as follows.


 SubjectPublicKeyInfo  ::=  SEQUENCE  {
   algorithm            AlgorithmIdentifier,
   subjectPublicKey     BIT STRING  }

 AlgorithmIdentifier  ::=  SEQUENCE  {
   algorithm               OBJECT IDENTIFIER,
   parameters              ANY DEFINED BY algorithm OPTIONAL  }
                              -- contains a value of the type
                              -- registered for use with the
                              -- algorithm object identifier value
 

Note that the byte array supplied here is cloned to protect against subsequent modifications.

Parameters:
key - a byte array containing the subject public key in ASN.1 DER form (or null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if an encoding error occurs (incorrect form for subject public key)
See Also:
getSubjectPublicKey() sample code for java.security.cert.X509CertSelector.getSubjectPublicKey() definition code for java.security.cert.X509CertSelector.getSubjectPublicKey()

setKeyUsage sample code for java.security.cert.X509CertSelector.setKeyUsage(boolean[]) definition code for java.security.cert.X509CertSelector.setKeyUsage(boolean[])

public void setKeyUsage(boolean[] keyUsage)
Sets the keyUsage criterion. The X509Certificate must allow the specified keyUsage values. If null, no keyUsage check will be done. Note that an X509Certificate that has no keyUsage extension implicitly allows all keyUsage values.

Note that the boolean array supplied here is cloned to protect against subsequent modifications.

Parameters:
keyUsage - a boolean array in the same format as the boolean array returned by X509Certificate.getKeyUsage() sample code for java.security.cert.X509Certificate.getKeyUsage() definition code for java.security.cert.X509Certificate.getKeyUsage() . Or null.
See Also:
getKeyUsage() sample code for java.security.cert.X509CertSelector.getKeyUsage() definition code for java.security.cert.X509CertSelector.getKeyUsage()

setExtendedKeyUsage sample code for java.security.cert.X509CertSelector.setExtendedKeyUsage(java.util.Set<java.lang.String>) definition code for java.security.cert.X509CertSelector.setExtendedKeyUsage(java.util.Set<java.lang.String>)

public void setExtendedKeyUsage(Set sample code for java.util.Set definition code for java.util.Set <String sample code for java.lang.String definition code for java.lang.String > keyPurposeSet)
                         throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Sets the extendedKeyUsage criterion. The X509Certificate must allow the specified key purposes in its extended key usage extension. If keyPurposeSet is empty or null, no extendedKeyUsage check will be done. Note that an X509Certificate that has no extendedKeyUsage extension implicitly allows all key purposes.

Note that the Set is cloned to protect against subsequent modifications.

Parameters:
keyPurposeSet - a Set of key purpose OIDs in string format (or null). Each OID is represented by a set of nonnegative integers separated by periods.
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if the OID is invalid, such as the first component being not 0, 1 or 2 or the second component being greater than 39.
See Also:
getExtendedKeyUsage() sample code for java.security.cert.X509CertSelector.getExtendedKeyUsage() definition code for java.security.cert.X509CertSelector.getExtendedKeyUsage()

setMatchAllSubjectAltNames sample code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) definition code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean)

public void setMatchAllSubjectAltNames(boolean matchAllNames)
Enables/disables matching all of the subjectAlternativeNames specified in the setSubjectAlternativeNames sample code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) definition code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) or addSubjectAlternativeName sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) methods. If enabled, the X509Certificate must contain all of the specified subject alternative names. If disabled, the X509Certificate must contain at least one of the specified subject alternative names.

The matchAllNames flag is true by default.

Parameters:
matchAllNames - if true, the flag is enabled; if false, the flag is disabled.
See Also:
getMatchAllSubjectAltNames() sample code for java.security.cert.X509CertSelector.getMatchAllSubjectAltNames() definition code for java.security.cert.X509CertSelector.getMatchAllSubjectAltNames()

setSubjectAlternativeNames sample code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection<java.util.List<?>>) definition code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection<java.util.List<?>>)

public void setSubjectAlternativeNames(Collection sample code for java.util.Collection definition code for java.util.Collection <List sample code for java.util.List definition code for java.util.List <?>> names)
                                throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Sets the subjectAlternativeNames criterion. The X509Certificate must contain all or at least one of the specified subjectAlternativeNames, depending on the value of the matchAllNames flag (see setMatchAllSubjectAltNames sample code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) definition code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) ).

This method allows the caller to specify, with a single method call, the complete set of subject alternative names for the subjectAlternativeNames criterion. The specified value replaces the previous value for the subjectAlternativeNames criterion.

The names parameter (if not null) is a Collection with one entry for each name to be included in the subject alternative name criterion. Each entry is a List whose first entry is an Integer (the name type, 0-8) and whose second entry is a String or a byte array (the name, in string or ASN.1 DER encoded form, respectively). There can be multiple names of the same type. If null is supplied as the value for this argument, no subjectAlternativeNames check will be performed.

Each subject alternative name in the Collection may be specified either as a String or as an ASN.1 encoded byte array. For more details about the formats used, see addSubjectAlternativeName(int type, String name) sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) and addSubjectAlternativeName(int type, byte [] name) sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) .

Note: for distinguished names, specify the byte array form instead of the String form. See the note in addSubjectAlternativeName(int, String) sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) for more information.

Note that the names parameter can contain duplicate names (same name and name type), but they may be removed from the Collection of names returned by the getSubjectAlternativeNames sample code for java.security.cert.X509CertSelector.getSubjectAlternativeNames() definition code for java.security.cert.X509CertSelector.getSubjectAlternativeNames() method.

Note that a deep copy is performed on the Collection to protect against subsequent modifications.

Parameters:
names - a Collection of names (or null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs
See Also:
getSubjectAlternativeNames() sample code for java.security.cert.X509CertSelector.getSubjectAlternativeNames() definition code for java.security.cert.X509CertSelector.getSubjectAlternativeNames()

addSubjectAlternativeName sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String)

public void addSubjectAlternativeName(int type,
                                      String sample code for java.lang.String definition code for java.lang.String  name)
                               throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Adds a name to the subjectAlternativeNames criterion. The X509Certificate must contain all or at least one of the specified subjectAlternativeNames, depending on the value of the matchAllNames flag (see setMatchAllSubjectAltNames sample code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) definition code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) ).

This method allows the caller to add a name to the set of subject alternative names. The specified name is added to any previous value for the subjectAlternativeNames criterion. If the specified name is a duplicate, it may be ignored.

The name is provided in string format. RFC 822, DNS, and URI names use the well-established string formats for those types (subject to the restrictions included in RFC 2459). IPv4 address names are supplied using dotted quad notation. OID address names are represented as a series of nonnegative integers separated by periods. And directory names (distinguished names) are supplied in RFC 2253 format. No standard string format is defined for otherNames, X.400 names, EDI party names, IPv6 address names, or any other type of names. They should be specified using the addSubjectAlternativeName(int type, byte [] name) sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) method.

Note: for distinguished names, use addSubjectAlternativeName(int, byte[]) sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) instead. This method should not be relied on as it can fail to match some certificates because of a loss of encoding information in the RFC 2253 String form of some distinguished names.

Parameters:
type - the name type (0-8, as specified in RFC 2459, section 4.2.1.7)
name - the name in string form (not null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs

addSubjectAlternativeName sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[])

public void addSubjectAlternativeName(int type,
                                      byte[] name)
                               throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Adds a name to the subjectAlternativeNames criterion. The X509Certificate must contain all or at least one of the specified subjectAlternativeNames, depending on the value of the matchAllNames flag (see setMatchAllSubjectAltNames sample code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) definition code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) ).

This method allows the caller to add a name to the set of subject alternative names. The specified name is added to any previous value for the subjectAlternativeNames criterion. If the specified name is a duplicate, it may be ignored.

The name is provided as a byte array. This byte array should contain the DER encoded name, as it would appear in the GeneralName structure defined in RFC 2459 and X.509. The encoded byte array should only contain the encoded value of the name, and should not include the tag associated with the name in the GeneralName structure. The ASN.1 definition of this structure appears below.


  GeneralName ::= CHOICE {
       otherName                       [0]     OtherName,
       rfc822Name                      [1]     IA5String,
       dNSName                         [2]     IA5String,
       x400Address                     [3]     ORAddress,
       directoryName                   [4]     Name,
       ediPartyName                    [5]     EDIPartyName,
       uniformResourceIdentifier       [6]     IA5String,
       iPAddress                       [7]     OCTET STRING,
       registeredID                    [8]     OBJECT IDENTIFIER}
 

Note that the byte array supplied here is cloned to protect against subsequent modifications.

Parameters:
type - the name type (0-8, as listed above)
name - a byte array containing the name in ASN.1 DER encoded form
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs

setNameConstraints sample code for java.security.cert.X509CertSelector.setNameConstraints(byte[]) definition code for java.security.cert.X509CertSelector.setNameConstraints(byte[])

public void setNameConstraints(byte[] bytes)
                        throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Sets the name constraints criterion. The X509Certificate must have subject and subject alternative names that meet the specified name constraints.

The name constraints are specified as a byte array. This byte array should contain the DER encoded form of the name constraints, as they would appear in the NameConstraints structure defined in RFC 2459 and X.509. The ASN.1 definition of this structure appears below.


  NameConstraints ::= SEQUENCE {
       permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
       excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }

  GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree

  GeneralSubtree ::= SEQUENCE {
       base                    GeneralName,
       minimum         [0]     BaseDistance DEFAULT 0,
       maximum         [1]     BaseDistance OPTIONAL }

  BaseDistance ::= INTEGER (0..MAX)

  GeneralName ::= CHOICE {
       otherName                       [0]     OtherName,
       rfc822Name                      [1]     IA5String,
       dNSName                         [2]     IA5String,
       x400Address                     [3]     ORAddress,
       directoryName                   [4]     Name,
       ediPartyName                    [5]     EDIPartyName,
       uniformResourceIdentifier       [6]     IA5String,
       iPAddress                       [7]     OCTET STRING,
       registeredID                    [8]     OBJECT IDENTIFIER}
 

Note that the byte array supplied here is cloned to protect against subsequent modifications.

Parameters:
bytes - a byte array containing the ASN.1 DER encoding of a NameConstraints extension to be used for checking name constraints. Only the value of the extension is included, not the OID or criticality flag. Can be null, in which case no name constraints check will be performed.
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs
See Also:
getNameConstraints() sample code for java.security.cert.X509CertSelector.getNameConstraints() definition code for java.security.cert.X509CertSelector.getNameConstraints()

setBasicConstraints sample code for java.security.cert.X509CertSelector.setBasicConstraints(int) definition code for java.security.cert.X509CertSelector.setBasicConstraints(int)

public void setBasicConstraints(int minMaxPathLen)
Sets the basic constraints constraint. If the value is greater than or equal to zero, X509Certificates must include a basicConstraints extension with a pathLen of at least this value. If the value is -2, only end-entity certificates are accepted. If the value is -1, no check is done.

This constraint is useful when building a certification path forward (from the target toward the trust anchor. If a partial path has been built, any candidate certificate must have a maxPathLen value greater than or equal to the number of certificates in the partial path.

Parameters:
minMaxPathLen - the value for the basic constraints constraint
Throws:
IllegalArgumentException sample code for java.lang.IllegalArgumentException definition code for java.lang.IllegalArgumentException - if the value is less than -2
See Also:
getBasicConstraints() sample code for java.security.cert.X509CertSelector.getBasicConstraints() definition code for java.security.cert.X509CertSelector.getBasicConstraints()

setPolicy sample code for java.security.cert.X509CertSelector.setPolicy(java.util.Set<java.lang.String>) definition code for java.security.cert.X509CertSelector.setPolicy(java.util.Set<java.lang.String>)

public void setPolicy(Set sample code for java.util.Set definition code for java.util.Set <String sample code for java.lang.String definition code for java.lang.String > certPolicySet)
               throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Sets the policy constraint. The X509Certificate must include at least one of the specified policies in its certificate policies extension. If certPolicySet is empty, then the X509Certificate must include at least some specified policy in its certificate policies extension. If certPolicySet is null, no policy check will be performed.

Note that the Set is cloned to protect against subsequent modifications.

Parameters:
certPolicySet - a Set of certificate policy OIDs in string format (or null). Each OID is represented by a set of nonnegative integers separated by periods.
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs on the OID such as the first component is not 0, 1 or 2 or the second component is greater than 39.
See Also:
getPolicy() sample code for java.security.cert.X509CertSelector.getPolicy() definition code for java.security.cert.X509CertSelector.getPolicy()

setPathToNames sample code for java.security.cert.X509CertSelector.setPathToNames(java.util.Collection<java.util.List<?>>) definition code for java.security.cert.X509CertSelector.setPathToNames(java.util.Collection<java.util.List<?>>)

public void setPathToNames(Collection sample code for java.util.Collection definition code for java.util.Collection <List sample code for java.util.List definition code for java.util.List <?>> names)
                    throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Sets the pathToNames criterion. The X509Certificate must not include name constraints that would prohibit building a path to the specified names.

This method allows the caller to specify, with a single method call, the complete set of names which the X509Certificates's name constraints must permit. The specified value replaces the previous value for the pathToNames criterion.

This constraint is useful when building a certification path forward (from the target toward the trust anchor. If a partial path has been built, any candidate certificate must not include name constraints that would prohibit building a path to any of the names in the partial path.

The names parameter (if not null) is a Collection with one entry for each name to be included in the pathToNames criterion. Each entry is a List whose first entry is an Integer (the name type, 0-8) and whose second entry is a String or a byte array (the name, in string or ASN.1 DER encoded form, respectively). There can be multiple names of the same type. If null is supplied as the value for this argument, no pathToNames check will be performed.

Each name in the Collection may be specified either as a String or as an ASN.1 encoded byte array. For more details about the formats used, see addPathToName(int type, String name) sample code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String) and addPathToName(int type, byte [] name) sample code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) definition code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) .

Note: for distinguished names, specify the byte array form instead of the String form. See the note in addPathToName(int, String) sample code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String) for more information.

Note that the names parameter can contain duplicate names (same name and name type), but they may be removed from the Collection of names returned by the getPathToNames sample code for java.security.cert.X509CertSelector.getPathToNames() definition code for java.security.cert.X509CertSelector.getPathToNames() method.

Note that a deep copy is performed on the Collection to protect against subsequent modifications.

Parameters:
names - a Collection with one entry per name (or null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs
See Also:
getPathToNames() sample code for java.security.cert.X509CertSelector.getPathToNames() definition code for java.security.cert.X509CertSelector.getPathToNames()

addPathToName sample code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String)

public void addPathToName(int type,
                          String sample code for java.lang.String definition code for java.lang.String  name)
                   throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Adds a name to the pathToNames criterion. The X509Certificate must not include name constraints that would prohibit building a path to the specified name.

This method allows the caller to add a name to the set of names which the X509Certificates's name constraints must permit. The specified name is added to any previous value for the pathToNames criterion. If the name is a duplicate, it may be ignored.

The name is provided in string format. RFC 822, DNS, and URI names use the well-established string formats for those types (subject to the restrictions included in RFC 2459). IPv4 address names are supplied using dotted quad notation. OID address names are represented as a series of nonnegative integers separated by periods. And directory names (distinguished names) are supplied in RFC 2253 format. No standard string format is defined for otherNames, X.400 names, EDI party names, IPv6 address names, or any other type of names. They should be specified using the addPathToName(int type, byte [] name) sample code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) definition code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) method.

Note: for distinguished names, use addPathToName(int, byte[]) sample code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) definition code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) instead. This method should not be relied on as it can fail to match some certificates because of a loss of encoding information in the RFC 2253 String form of some distinguished names.

Parameters:
type - the name type (0-8, as specified in RFC 2459, section 4.2.1.7)
name - the name in string form
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs

addPathToName sample code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) definition code for java.security.cert.X509CertSelector.addPathToName(int, byte[])

public void addPathToName(int type,
                          byte[] name)
                   throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Adds a name to the pathToNames criterion. The X509Certificate must not include name constraints that would prohibit building a path to the specified name.

This method allows the caller to add a name to the set of names which the X509Certificates's name constraints must permit. The specified name is added to any previous value for the pathToNames criterion. If the name is a duplicate, it may be ignored.

The name is provided as a byte array. This byte array should contain the DER encoded name, as it would appear in the GeneralName structure defined in RFC 2459 and X.509. The ASN.1 definition of this structure appears in the documentation for addSubjectAlternativeName(int type, byte [] name) sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) .

Note that the byte array supplied here is cloned to protect against subsequent modifications.

Parameters:
type - the name type (0-8, as specified in RFC 2459, section 4.2.1.7)
name - a byte array containing the name in ASN.1 DER encoded form
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if a parsing error occurs

getCertificate sample code for java.security.cert.X509CertSelector.getCertificate() definition code for java.security.cert.X509CertSelector.getCertificate()

public X509Certificate sample code for java.security.cert.X509Certificate definition code for java.security.cert.X509Certificate  getCertificate()
Returns the certificateEquals criterion. The specified X509Certificate must be equal to the X509Certificate passed to the match method. If null, this check is not applied.

Returns:
the X509Certificate to match (or null)
See Also:
setCertificate(java.security.cert.X509Certificate) sample code for java.security.cert.X509CertSelector.setCertificate(java.security.cert.X509Certificate) definition code for java.security.cert.X509CertSelector.setCertificate(java.security.cert.X509Certificate)

getSerialNumber sample code for java.security.cert.X509CertSelector.getSerialNumber() definition code for java.security.cert.X509CertSelector.getSerialNumber()

public BigInteger sample code for java.math.BigInteger definition code for java.math.BigInteger  getSerialNumber()
Returns the serialNumber criterion. The specified serial number must match the certificate serial number in the X509Certificate. If null, any certificate serial number will do.

Returns:
the certificate serial number to match (or null)
See Also:
setSerialNumber(java.math.BigInteger) sample code for java.security.cert.X509CertSelector.setSerialNumber(java.math.BigInteger) definition code for java.security.cert.X509CertSelector.setSerialNumber(java.math.BigInteger)

getIssuer sample code for java.security.cert.X509CertSelector.getIssuer() definition code for java.security.cert.X509CertSelector.getIssuer()

public X500Principal sample code for javax.security.auth.x500.X500Principal definition code for javax.security.auth.x500.X500Principal  getIssuer()
Returns the issuer criterion as an X500Principal. This distinguished name must match the issuer distinguished name in the X509Certificate. If null, the issuer criterion is disabled and any issuer distinguished name will do.

Returns:
the required issuer distinguished name as X500Principal (or null)
Since:
1.5

getIssuerAsString sample code for java.security.cert.X509CertSelector.getIssuerAsString() definition code for java.security.cert.X509CertSelector.getIssuerAsString()

public String sample code for java.lang.String definition code for java.lang.String  getIssuerAsString()
Denigrated, use getIssuer() sample code for java.security.cert.X509CertSelector.getIssuer() definition code for java.security.cert.X509CertSelector.getIssuer() or getIssuerAsBytes() sample code for java.security.cert.X509CertSelector.getIssuerAsBytes() definition code for java.security.cert.X509CertSelector.getIssuerAsBytes() instead. This method should not be relied on as it can fail to match some certificates because of a loss of encoding information in the RFC 2253 String form of some distinguished names.

Returns the issuer criterion as a String. This distinguished name must match the issuer distinguished name in the X509Certificate. If null, the issuer criterion is disabled and any issuer distinguished name will do.

If the value returned is not null, it is a distinguished name, in RFC 2253 format.

Returns:
the required issuer distinguished name in RFC 2253 format (or null)

getIssuerAsBytes sample code for java.security.cert.X509CertSelector.getIssuerAsBytes() definition code for java.security.cert.X509CertSelector.getIssuerAsBytes()

public byte[] getIssuerAsBytes()
                        throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Returns the issuer criterion as a byte array. This distinguished name must match the issuer distinguished name in the X509Certificate. If null, the issuer criterion is disabled and any issuer distinguished name will do.

If the value returned is not null, it is a byte array containing a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure is supplied in the documentation for setIssuer(byte [] issuerDN) sample code for java.security.cert.X509CertSelector.setIssuer(byte[]) definition code for java.security.cert.X509CertSelector.setIssuer(byte[]) .

Note that the byte array returned is cloned to protect against subsequent modifications.

Returns:
a byte array containing the required issuer distinguished name in ASN.1 DER format (or null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if an encoding error occurs

getSubject sample code for java.security.cert.X509CertSelector.getSubject() definition code for java.security.cert.X509CertSelector.getSubject()

public X500Principal sample code for javax.security.auth.x500.X500Principal definition code for javax.security.auth.x500.X500Principal  getSubject()
Returns the subject criterion as an X500Principal. This distinguished name must match the subject distinguished name in the X509Certificate. If null, the subject criterion is disabled and any subject distinguished name will do.

Returns:
the required subject distinguished name as X500Principal (or null)
Since:
1.5

getSubjectAsString sample code for java.security.cert.X509CertSelector.getSubjectAsString() definition code for java.security.cert.X509CertSelector.getSubjectAsString()

public String sample code for java.lang.String definition code for java.lang.String  getSubjectAsString()
Denigrated, use getSubject() sample code for java.security.cert.X509CertSelector.getSubject() definition code for java.security.cert.X509CertSelector.getSubject() or getSubjectAsBytes() sample code for java.security.cert.X509CertSelector.getSubjectAsBytes() definition code for java.security.cert.X509CertSelector.getSubjectAsBytes() instead. This method should not be relied on as it can fail to match some certificates because of a loss of encoding information in the RFC 2253 String form of some distinguished names.

Returns the subject criterion as a String. This distinguished name must match the subject distinguished name in the X509Certificate. If null, the subject criterion is disabled and any subject distinguished name will do.

If the value returned is not null, it is a distinguished name, in RFC 2253 format.

Returns:
the required subject distinguished name in RFC 2253 format (or null)

getSubjectAsBytes sample code for java.security.cert.X509CertSelector.getSubjectAsBytes() definition code for java.security.cert.X509CertSelector.getSubjectAsBytes()

public byte[] getSubjectAsBytes()
                         throws IOException sample code for java.io.IOException definition code for java.io.IOException 
Returns the subject criterion as a byte array. This distinguished name must match the subject distinguished name in the X509Certificate. If null, the subject criterion is disabled and any subject distinguished name will do.

If the value returned is not null, it is a byte array containing a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure is supplied in the documentation for setSubject(byte [] subjectDN) sample code for java.security.cert.X509CertSelector.setSubject(byte[]) definition code for java.security.cert.X509CertSelector.setSubject(byte[]) .

Note that the byte array returned is cloned to protect against subsequent modifications.

Returns:
a byte array containing the required subject distinguished name in ASN.1 DER format (or null)
Throws:
IOException sample code for java.io.IOException definition code for java.io.IOException - if an encoding error occurs

getSubjectKeyIdentifier sample code for java.security.cert.X509CertSelector.getSubjectKeyIdentifier() definition code for java.security.cert.X509CertSelector.getSubjectKeyIdentifier()

public byte[] getSubjectKeyIdentifier()
Returns the subjectKeyIdentifier criterion. The X509Certificate must contain a SubjectKeyIdentifier extension with the specified value. If null, no subjectKeyIdentifier check will be done.

Note that the byte array returned is cloned to protect against subsequent modifications.

Returns:
the key identifier (or null)
See Also:
setSubjectKeyIdentifier(byte[]) sample code for java.security.cert.X509CertSelector.setSubjectKeyIdentifier(byte[]) definition code for java.security.cert.X509CertSelector.setSubjectKeyIdentifier(byte[])

getAuthorityKeyIdentifier sample code for java.security.cert.X509CertSelector.getAuthorityKeyIdentifier() definition code for java.security.cert.X509CertSelector.getAuthorityKeyIdentifier()

public byte[] getAuthorityKeyIdentifier()
Returns the authorityKeyIdentifier criterion. The X509Certificate must contain a AuthorityKeyIdentifier extension with the specified value. If null, no authorityKeyIdentifier check will be done.

Note that the byte array returned is cloned to protect against subsequent modifications.

Returns:
the key identifier (or null)
See Also:
setAuthorityKeyIdentifier(byte[]) sample code for java.security.cert.X509CertSelector.setAuthorityKeyIdentifier(byte[]) definition code for java.security.cert.X509CertSelector.setAuthorityKeyIdentifier(byte[])

getCertificateValid sample code for java.security.cert.X509CertSelector.getCertificateValid() definition code for java.security.cert.X509CertSelector.getCertificateValid()

public Date sample code for java.util.Date definition code for java.util.Date  getCertificateValid()
Returns the certificateValid criterion. The specified date must fall within the certificate validity period for the X509Certificate. If null, no certificateValid check will be done.

Note that the Date returned is cloned to protect against subsequent modifications.

Returns:
the Date to check (or null)
See Also:
setCertificateValid(java.util.Date) sample code for java.security.cert.X509CertSelector.setCertificateValid(java.util.Date) definition code for java.security.cert.X509CertSelector.setCertificateValid(java.util.Date)

getPrivateKeyValid sample code for java.security.cert.X509CertSelector.getPrivateKeyValid() definition code for java.security.cert.X509CertSelector.getPrivateKeyValid()

public Date sample code for java.util.Date definition code for java.util.Date  getPrivateKeyValid()
Returns the privateKeyValid criterion. The specified date must fall within the private key validity period for the X509Certificate. If null, no privateKeyValid check will be done.

Note that the Date returned is cloned to protect against subsequent modifications.

Returns:
the Date to check (or null)
See Also:
setPrivateKeyValid(java.util.Date) sample code for java.security.cert.X509CertSelector.setPrivateKeyValid(java.util.Date) definition code for java.security.cert.X509CertSelector.setPrivateKeyValid(java.util.Date)

getSubjectPublicKeyAlgID sample code for java.security.cert.X509CertSelector.getSubjectPublicKeyAlgID() definition code for java.security.cert.X509CertSelector.getSubjectPublicKeyAlgID()

public String sample code for java.lang.String definition code for java.lang.String  getSubjectPublicKeyAlgID()
Returns the subjectPublicKeyAlgID criterion. The X509Certificate must contain a subject public key with the specified algorithm. If null, no subjectPublicKeyAlgID check will be done.

Returns:
the object identifier (OID) of the signature algorithm to check for (or null). An OID is represented by a set of nonnegative integers separated by periods.
See Also:
setSubjectPublicKeyAlgID(java.lang.String) sample code for java.security.cert.X509CertSelector.setSubjectPublicKeyAlgID(java.lang.String) definition code for java.security.cert.X509CertSelector.setSubjectPublicKeyAlgID(java.lang.String)

getSubjectPublicKey sample code for java.security.cert.X509CertSelector.getSubjectPublicKey() definition code for java.security.cert.X509CertSelector.getSubjectPublicKey()

public PublicKey sample code for java.security.PublicKey definition code for java.security.PublicKey  getSubjectPublicKey()
Returns the subjectPublicKey criterion. The X509Certificate must contain the specified subject public key. If null, no subjectPublicKey check will be done.

Returns:
the subject public key to check for (or null)
See Also:
setSubjectPublicKey(java.security.PublicKey) sample code for java.security.cert.X509CertSelector.setSubjectPublicKey(java.security.PublicKey) definition code for java.security.cert.X509CertSelector.setSubjectPublicKey(java.security.PublicKey)

getKeyUsage sample code for java.security.cert.X509CertSelector.getKeyUsage() definition code for java.security.cert.X509CertSelector.getKeyUsage()

public boolean[] getKeyUsage()
Returns the keyUsage criterion. The X509Certificate must allow the specified keyUsage values. If null, no keyUsage check will be done.

Note that the boolean array returned is cloned to protect against subsequent modifications.

Returns:
a boolean array in the same format as the boolean array returned by X509Certificate.getKeyUsage() sample code for java.security.cert.X509Certificate.getKeyUsage() definition code for java.security.cert.X509Certificate.getKeyUsage() . Or null.
See Also:
setKeyUsage(boolean[]) sample code for java.security.cert.X509CertSelector.setKeyUsage(boolean[]) definition code for java.security.cert.X509CertSelector.setKeyUsage(boolean[])

getExtendedKeyUsage sample code for java.security.cert.X509CertSelector.getExtendedKeyUsage() definition code for java.security.cert.X509CertSelector.getExtendedKeyUsage()

public Set sample code for java.util.Set definition code for java.util.Set <String sample code for java.lang.String definition code for java.lang.String > getExtendedKeyUsage()
Returns the extendedKeyUsage criterion. The X509Certificate must allow the specified key purposes in its extended key usage extension. If the keyPurposeSet returned is empty or null, no extendedKeyUsage check will be done. Note that an X509Certificate that has no extendedKeyUsage extension implicitly allows all key purposes.

Returns:
an immutable Set of key purpose OIDs in string format (or null)
See Also:
setExtendedKeyUsage(java.util.Set) sample code for java.security.cert.X509CertSelector.setExtendedKeyUsage(java.util.Set) definition code for java.security.cert.X509CertSelector.setExtendedKeyUsage(java.util.Set)

getMatchAllSubjectAltNames sample code for java.security.cert.X509CertSelector.getMatchAllSubjectAltNames() definition code for java.security.cert.X509CertSelector.getMatchAllSubjectAltNames()

public boolean getMatchAllSubjectAltNames()
Indicates if the X509Certificate must contain all or at least one of the subjectAlternativeNames specified in the setSubjectAlternativeNames sample code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) definition code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) or addSubjectAlternativeName sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) methods. If true, the X509Certificate must contain all of the specified subject alternative names. If false, the X509Certificate must contain at least one of the specified subject alternative names.

Returns:
true if the flag is enabled; false if the flag is disabled. The flag is true by default.
See Also:
setMatchAllSubjectAltNames(boolean) sample code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean) definition code for java.security.cert.X509CertSelector.setMatchAllSubjectAltNames(boolean)

getSubjectAlternativeNames sample code for java.security.cert.X509CertSelector.getSubjectAlternativeNames() definition code for java.security.cert.X509CertSelector.getSubjectAlternativeNames()

public Collection sample code for java.util.Collection definition code for java.util.Collection <List sample code for java.util.List definition code for java.util.List <?>> getSubjectAlternativeNames()
Returns a copy of the subjectAlternativeNames criterion. The X509Certificate must contain all or at least one of the specified subjectAlternativeNames, depending on the value of the matchAllNames flag (see getMatchAllSubjectAltNames sample code for java.security.cert.X509CertSelector.getMatchAllSubjectAltNames() definition code for java.security.cert.X509CertSelector.getMatchAllSubjectAltNames() ). If the value returned is null, no subjectAlternativeNames check will be performed.

If the value returned is not null, it is a Collection with one entry for each name to be included in the subject alternative name criterion. Each entry is a List whose first entry is an Integer (the name type, 0-8) and whose second entry is a String or a byte array (the name, in string or ASN.1 DER encoded form, respectively). There can be multiple names of the same type. Note that the Collection returned may contain duplicate names (same name and name type).

Each subject alternative name in the Collection may be specified either as a String or as an ASN.1 encoded byte array. For more details about the formats used, see addSubjectAlternativeName(int type, String name) sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, java.lang.String) and addSubjectAlternativeName(int type, byte [] name) sample code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) definition code for java.security.cert.X509CertSelector.addSubjectAlternativeName(int, byte[]) .

Note that a deep copy is performed on the Collection to protect against subsequent modifications.

Returns:
a Collection of names (or null)
See Also:
setSubjectAlternativeNames(java.util.Collection>) sample code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection) definition code for java.security.cert.X509CertSelector.setSubjectAlternativeNames(java.util.Collection)

getNameConstraints sample code for java.security.cert.X509CertSelector.getNameConstraints() definition code for java.security.cert.X509CertSelector.getNameConstraints()

public byte[] getNameConstraints()
Returns the name constraints criterion. The X509Certificate must have subject and subject alternative names that meet the specified name constraints.

The name constraints are returned as a byte array. This byte array contains the DER encoded form of the name constraints, as they would appear in the NameConstraints structure defined in RFC 2459 and X.509. The ASN.1 notation for this structure is supplied in the documentation for setNameConstraints(byte [] bytes) sample code for java.security.cert.X509CertSelector.setNameConstraints(byte[]) definition code for java.security.cert.X509CertSelector.setNameConstraints(byte[]) .

Note that the byte array returned is cloned to protect against subsequent modifications.

Returns:
a byte array containing the ASN.1 DER encoding of a NameConstraints extension used for checking name constraints. null if no name constraints check will be performed.
See Also:
setNameConstraints(byte[]) sample code for java.security.cert.X509CertSelector.setNameConstraints(byte[]) definition code for java.security.cert.X509CertSelector.setNameConstraints(byte[])

getBasicConstraints sample code for java.security.cert.X509CertSelector.getBasicConstraints() definition code for java.security.cert.X509CertSelector.getBasicConstraints()

public int getBasicConstraints()
Returns the basic constraints constraint. If the value is greater than or equal to zero, the X509Certificates must include a basicConstraints extension with a pathLen of at least this value. If the value is -2, only end-entity certificates are accepted. If the value is -1, no basicConstraints check is done.

Returns:
the value for the basic constraints constraint
See Also:
setBasicConstraints(int) sample code for java.security.cert.X509CertSelector.setBasicConstraints(int) definition code for java.security.cert.X509CertSelector.setBasicConstraints(int)

getPolicy sample code for java.security.cert.X509CertSelector.getPolicy() definition code for java.security.cert.X509CertSelector.getPolicy()

public Set sample code for java.util.Set definition code for java.util.Set <String sample code for java.lang.String definition code for java.lang.String > getPolicy()
Returns the policy criterion. The X509Certificate must include at least one of the specified policies in its certificate policies extension. If the Set returned is empty, then the X509Certificate must include at least some specified policy in its certificate policies extension. If the Set returned is null, no policy check will be performed.

Returns:
an immutable Set of certificate policy OIDs in string format (or null)
See Also:
setPolicy(java.util.Set) sample code for java.security.cert.X509CertSelector.setPolicy(java.util.Set) definition code for java.security.cert.X509CertSelector.setPolicy(java.util.Set)

getPathToNames sample code for java.security.cert.X509CertSelector.getPathToNames() definition code for java.security.cert.X509CertSelector.getPathToNames()

public Collection sample code for java.util.Collection definition code for java.util.Collection <List sample code for java.util.List definition code for java.util.List <?>> getPathToNames()
Returns a copy of the pathToNames criterion. The X509Certificate must not include name constraints that would prohibit building a path to the specified names. If the value returned is null, no pathToNames check will be performed.

If the value returned is not null, it is a Collection with one entry for each name to be included in the pathToNames criterion. Each entry is a List whose first entry is an Integer (the name type, 0-8) and whose second entry is a String or a byte array (the name, in string or ASN.1 DER encoded form, respectively). There can be multiple names of the same type. Note that the Collection returned may contain duplicate names (same name and name type).

Each name in the Collection may be specified either as a String or as an ASN.1 encoded byte array. For more details about the formats used, see addPathToName(int type, String name) sample code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String) definition code for java.security.cert.X509CertSelector.addPathToName(int, java.lang.String) and addPathToName(int type, byte [] name) sample code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) definition code for java.security.cert.X509CertSelector.addPathToName(int, byte[]) .

Note that a deep copy is performed on the Collection to protect against subsequent modifications.

Returns:
a Collection of names (or null)
See Also:
setPathToNames(java.util.Collection>) sample code for java.security.cert.X509CertSelector.setPathToNames(java.util.Collection) definition code for java.security.cert.X509CertSelector.setPathToNames(java.util.Collection)

toString sample code for java.security.cert.X509CertSelector.toString() definition code for java.security.cert.X509CertSelector.toString()

public String sample code for java.lang.String definition code for java.lang.String  toString()
Return a printable representation of the CertSelector.

Overrides:
toString sample code for java.lang.Object.toString() definition code for java.lang.Object.toString() in class Object sample code for java.lang.Object definition code for java.lang.Object
Returns:
a String describing the contents of the CertSelector

match sample code for java.security.cert.X509CertSelector.match(java.security.cert.Certificate) definition code for java.security.cert.X509CertSelector.match(java.security.cert.Certificate)

public boolean match(Certificate sample code for java.security.cert.Certificate definition code for java.security.cert.Certificate  cert)
Decides whether a Certificate should be selected.

Specified by:
match sample code for java.security.cert.CertSelector.match(java.security.cert.Certificate) definition code for java.security.cert.CertSelector.match(java.security.cert.Certificate) in interface CertSelector sample code for java.security.cert.CertSelector definition code for java.security.cert.CertSelector
Parameters:
cert - the Certificate to be checked
Returns:
true if the Certificate should be selected, false otherwise

clone sample code for java.security.cert.X509CertSelector.clone() definition code for java.security.cert.X509CertSelector.clone()

public Object sample code for java.lang.Object definition code for java.lang.Object  clone()
Returns a copy of this object.

Specified by:
clone sample code for java.security.cert.CertSelector.clone() definition code for java.security.cert.CertSelector.clone() in interface CertSelector sample code for java.security.cert.CertSelector definition code for java.security.cert.CertSelector
Overrides:
clone sample code for java.lang.Object.clone() definition code for java.lang.Object.clone() in class Object sample code for java.lang.Object definition code for java.lang.Object
Returns:
the copy
See Also:
Cloneable sample code for java.lang.Cloneable definition code for java.lang.Cloneable