| java.lang.Object | |
| ↳ | java.security.cert.X509CertSelector | 
A certificate selector (CertSelector for selecting X509Certificates that match the specified criteria.
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Creates a new  X509CertSelector. | |||||||||||
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Adds a "pathToName" to the respective criterion. | |||||||||||
| Adds a "pathToName" to the respective criterion. | |||||||||||
| Adds a subject alternative name to the respective criterion. | |||||||||||
| Adds a subject alternative name to the respective criterion. | |||||||||||
| Clones this  X509CertSelectorinstance. | |||||||||||
| Returns the criterion for the AuthorityKeyIdentifier
 extension. | |||||||||||
| Returns the criterion for the basic constraints extension. | |||||||||||
| Returns the certificate that a matching certificate must be equal to. | |||||||||||
| Returns the criterion for the validity date of the certificate. | |||||||||||
| Returns the criterion for the ExtendedKeyUsage extension. | |||||||||||
| Returns the issuer that a certificate must match. | |||||||||||
| Returns the issuer that a certificate must match. | |||||||||||
| Do not use, use  getIssuer()orgetIssuerAsBytes()instead. | |||||||||||
| Returns the criterion for the KeyUsage extension. | |||||||||||
| Returns the flag for the matching behavior for subject alternative names. | |||||||||||
| Returns the criterion for the name constraints. | |||||||||||
| Returns the criterion for the pathToNames constraint. | |||||||||||
| Returns the criterion for the policy constraint. | |||||||||||
| Returns the criterion for the validity date of the private key. | |||||||||||
| Returns the serial number that a certificate must match. | |||||||||||
| Returns the subject that a certificate must match. | |||||||||||
| Returns the criterion for subject alternative names. | |||||||||||
| Returns the subject that a certificate must match. | |||||||||||
| Do not use, use  getSubject()orgetSubjectAsBytes()instead. | |||||||||||
| Returns the criterion for the SubjectKeyIdentifier extension. | |||||||||||
| Returns the criterion for the subject public key. | |||||||||||
| Returns the criterion for the subject public key signature algorithm. | |||||||||||
| Returns whether the specified certificate matches all the criteria
 collected in this instance. | |||||||||||
| Sets the criterion for the AuthorityKeyIdentifier extension. | |||||||||||
| Sets the criterion for the basic constraints extension. | |||||||||||
| Sets the certificate that a matching certificate must be equal to. | |||||||||||
| Sets the criterion for the validity date of the certificate. | |||||||||||
| Sets the criterion for the ExtendedKeyUsage extension. | |||||||||||
| Do not use, use  getIssuer()orgetIssuerAsBytes()instead. | |||||||||||
| Sets the issuer that a certificate must match. | |||||||||||
| Sets the issuer that a certificate must match. | |||||||||||
| Sets the criterion for the KeyUsage extension. | |||||||||||
| Sets the flag for the matching behavior for subject alternative names. | |||||||||||
| Sets the criterion for the name constraints. | |||||||||||
| Sets the criterion for the pathToNames constraint. | |||||||||||
| Sets the criterion for the policy constraint. | |||||||||||
| Sets the criterion for the validity date of the private key. | |||||||||||
| Sets the serial number that a certificate must match. | |||||||||||
| Set the subject that a certificate must match. | |||||||||||
| Do not use, use  setSubject(byte[])orsetSubject(X500Principal)instead. | |||||||||||
| Sets the subject that a certificate must match. | |||||||||||
| Sets the criterion for subject alternative names. | |||||||||||
| Sets the criterion for the SubjectKeyIdentifier extension. | |||||||||||
| Sets the criterion for the subject public key. | |||||||||||
| Sets the criterion for the subject public key. | |||||||||||
| Sets the criterion for the subject public key signature algorithm. | |||||||||||
| Returns a string representation of this  X509CertSelectorinstance. | |||||||||||
| [Expand] Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|  From class
  java.lang.Object | |||||||||||
|  From interface
  java.security.cert.CertSelector | |||||||||||
Adds a "pathToName" to the respective criterion.
| type | the type of the name | 
|---|---|
| name | the name in ASN.1 DER encoded form. | 
| IOException | if decoding fails. | 
|---|
Adds a "pathToName" to the respective criterion.
| type | the type of the name. | 
|---|---|
| name | the name in string format. | 
| IOException | if parsing fails. | 
|---|
Adds a subject alternative name to the respective criterion.
| tag | the type of the name | 
|---|---|
| name | the name in string format. | 
| IOException | if parsing the name fails. | 
|---|
Adds a subject alternative name to the respective criterion.
| tag | the type of the name. | 
|---|---|
| name | the name in ASN.1 DER encoded form. | 
| IOException | if the decoding of the name fails. | 
|---|
Clones this X509CertSelector instance.
Returns the criterion for the AuthorityKeyIdentifier extension.
null if it is not to be
         checked.
Returns the criterion for the basic constraints extension.
 A value greater than or equal to zero indicates that a certificate must
 include a basic constraints extension with a path length of a least that
 value. A value of -2 indicates
 that only end-entity certificates
 are accepted. A value of -1 indicates that no check is done.
Returns the certificate that a matching certificate must be equal to.
Returns the criterion for the validity date of the certificate.
null if the date is not to be
         checked.
Returns the criterion for the ExtendedKeyUsage extension.
null if it's not to be
         checked.
Returns the issuer that a certificate must match.
null if the
         issuer is not to be checked.
Returns the issuer that a certificate must match.
null if the issuer is not to be checked.| IOException | if encoding the issuer fails. | 
|---|
Do not use, use getIssuer() or
 getIssuerAsBytes() instead. Returns the issuer that a
 certificate must match in a RFC 2253 format string.
null if the
         issuer is not to be checked.
Returns the criterion for the KeyUsage extension.
getKeyUsage(), or null if the key
         usage is not to be checked.
Returns the flag for the matching behavior for subject alternative names.
 The flag indicates whether a certificate must contain all or at le
ast one
 of the subject alternative names specified by setSubjectAlternativeNames(Collection or >)
addSubjectAlternativeName(int, byte[]).
true if a certificate must contain all of the specified
         subject alternative names, otherwise false.
Returns the criterion for the name constraints.
null if none specified.Returns the criterion for the pathToNames constraint.
 The constraint is a collection with an entry for each name to be included
 in the criterion. The name is specified as a List, the first
 entry is an Integer specifying the name type (0-8), the second
 entry is a byte array specifying the name in ASN.1 DER encoded form.
null if none specified.
Returns the criterion for the policy constraint.
The certificate must have at least one of the certificate policy extensions. For an empty set the certificate must have at least some policies in its policy extension.
null if not
         to be checked.
Returns the criterion for the validity date of the private key.
The private key must be valid at the specified date.
null if the date is not to be
         checked.
Returns the serial number that a certificate must match.
null if the serial number
         is not to be checked.
Returns the subject that a certificate must match.
Returns the criterion for subject alternative names.
 the certificate must contain all or at least one of the specified subject
 alternative names. The behavior is specified by
 getMatchAllSubjectAltNames().
 
 The subject alternative names is a collection with an entry for each name
 included in the criterion. The name is specified as a List, the
 first entry is an Integer specifying the name type (0-8), the
 second entry is byte array specifying the name in ASN.1 DER encoded form)
null if none specified.
Returns the subject that a certificate must match.
null if the subject is not to be checked.| IOException | if encoding the subject fails. | 
|---|
Do not use, use getSubject() or
 getSubjectAsBytes() instead. Returns the subject that a
 certificate must match.
null if the subject is not to be checked.
Returns the criterion for the SubjectKeyIdentifier extension.
null if it is not to be
         checked.
Returns the criterion for the subject public key.
null if the key is not to be
         checked.
Returns the criterion for the subject public key signature algorithm.
null if it's not to be checked.
Returns whether the specified certificate matches all the criteria collected in this instance.
| certificate | the certificate to check. | 
|---|
true if the certificate matches all the criteria,
         otherwise false.
Sets the criterion for the AuthorityKeyIdentifier extension.
| authorityKeyIdentifier | the authority key identifier, or nullto disable this
            check. | 
|---|
Sets the criterion for the basic constraints extension.
 A value greater than or equal to zero indicates that a certificate must
 include a basic constraints extension with a path length of a least that
 value. A value of -2 indicates that only end-entity certificates
 are accepted. A value of -1 indicates that no check is done.
| pathLen | the value specifying the criterion. | 
|---|
| IllegalArgumentException | if pathLenis less than-2. | 
|---|
Sets the certificate that a matching certificate must be equal to.
| certificate | the certificate to match, or null to not check this criteria. | 
|---|
Sets the criterion for the validity date of the certificate.
The certificate must be valid at the specified date.
| certificateValid | the validity date or nullto not check the date. | 
|---|
Sets the criterion for the ExtendedKeyUsage extension.
| keyUsage | the set of key usage OIDs, or nullto not check it. | 
|---|
| IOException | if one of the OIDs is invalid. | 
|---|
Do not use, use getIssuer() or
 getIssuerAsBytes() instead. Sets the issuer that a certificate
 must match.
| issuerName | the issuer in a RFC 2253 format string, or nullto not
            check the issuer. | 
|---|
| IOException | if parsing the issuer fails. | 
|---|
Sets the issuer that a certificate must match.
| issuer | the issuer to match, or nullif the issuer is not to
            be checked. | 
|---|
Sets the issuer that a certificate must match.
| issuerDN | the distinguished issuer name in ASN.1 DER encoded format, or nullto not check the iss
uer. | 
|---|
| IOException | if decoding the issuer fail. | 
|---|
Sets the criterion for the KeyUsage extension.
| keyUsage | the boolean array in the format as returned by getKeyUsage(), ornullto not
            check the key usage. | 
|---|
Sets the flag for the matching behavior for subject alternative names.
 The flag indicates whether a certificate must contain all or at least one
 of the subject alternative names specified by setSubjectAlternativeNames(Collection or >)
addSubjectAlternativeName(int, byte[]).
| matchAllNames | trueif a certificate must contain all of the
            specified subject alternative names, otherwisefalse. | 
|---|
Sets the criterion for the name constraints.
The certificate must constraint subject and subject alternative names that match the specified name constraints.
The name constraints in ASN.1:
 NameConstraints ::= SEQUENCE {
        permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
        excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
 GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
 GeneralSubtree ::= SEQUENCE {
        base                    GeneralName,
        minimum         [0]     BaseDistance DEFAULT 0,
        maximum         [1]     BaseDistance OPTIONAL }
 BaseDistance ::= INTEGER (0..MAX)
 GeneralName ::= CHOICE {
        otherName                       [0]     OtherName,
        rfc822Name                      [1]     IA5String,
        dNSName                         [2]     IA5String,
        x400Address                     [3]     ORAddress,
        directoryName                   [4]     Name,
        ediPartyName                    [5]     EDIPartyName,
        uniformResourceIdentifier       [6]     IA5String,
        iPAddress                       [7]     OCTET STRING,
        registeredID                    [8]     OBJECT IDENTIFIER}
 | bytes | the name constraints in ASN.1 DER encoded format, or null to not check any constraints. | 
|---|
| IOException | if decoding the name constraints fail. | 
|---|
Sets the criterion for the pathToNames constraint.
This allows to specify the complete set of names, a certificate's name constraints must permit.
 The specified parameter names is a collection with an entry for
 each name to be included in the criterion. The name is specified as a
 List, the first entry must be an Integer specifying the
 name type (0-8), the second entry must be a String or a byte
 array specifying the name (in string or ASN.1 DER encoded form)
| names | the names collection or nullto not perform this
            check. | 
|---|
| IOException | if decoding fails. | 
|---|
Sets the criterion for the policy constraint.
The certificate must have at least one of the specified certificate policy extensions. For an empty set the certificate must have at least some policies in its policy extension.
| policies | the certificate policy OIDs, an empty set, or nullto
            not perform this check. | 
|---|
| IOException | if parsing the specified OIDs fails. | 
|---|
Sets the criterion for the validity date of the private key.
The private key must be valid at the specified date.
| privateKeyValid | the validity date or nullto not check the date. | 
|---|
Sets the serial number that a certificate must match.
| serialNumber | the serial number to match, or nullto not check the
            serial number. | 
|---|
Set the subject that a certificate must match.
| subject | the subject distinguished name or nullto not check
            the subject. | 
|---|
Do not use, use setSubject(byte[]) or
 setSubject(X500Principal) instead. Returns the subject that a
 certificate must match.
| subjectDN | the subject distinguished name in RFC 2253 format or nullto not check the subject. | 
|---|
| IOException | if decoding the subject fails. | 
|---|
Sets the subject that a certificate must match.
| subjectDN | the subject distinguished name in ASN.1 DER format, or nullto not check the subject. | 
|---|
| IOException | if decoding the subject fails. | 
|---|
Sets the criterion for subject alternative names.
 the certificate must contain all or at least one of the specified subject
 alternative names. The behavior is specified by
 getMatchAllSubjectAltNames().
 
 The specified parameter names is a collection with an entry for
 each name to be included in the criterion. The name is specified as a
 List, the first entry must be an Integer specifying the
 name type (0-8), the second entry must be a String or a byte
 array specifying the name (in string or ASN.1 DER encoded form)
| names | the names collection or nullto not perform this check. | 
|---|
| IOException | if the decoding of a name fails. | 
|---|
Sets the criterion for the SubjectKeyIdentifier extension.
 The subjectKeyIdentifier should be a single DER encoded value.
| subjectKeyIdentifier | the subject key identifier or nullto disable this
            check. | 
|---|
Sets the criterion for the subject public key.
| key | the subject public key in ASN.1 DER encoded format or nullto
            not check the key. | 
|---|
| IOException | if decoding the the public key fails. | 
|---|
Sets the criterion for the subject public key.
| key | the subject public key or nullto not check the key. | 
|---|
Sets the criterion for the subject public key signature algorithm.
The certificate must contain a subject public key with the algorithm specified.
| oid | the OID (object identifier) of the signature algorithm or nullto not check the OID. | 
|---|
| IOException | if the specified object identifier is invalid. | 
|---|
Returns a string representation of this X509CertSelector
 instance.
X509CertSelector
         instance.