Java in a Nutshell, 5th Edition [Electronic resources]

نسخه متنی -صفحه : 1191/ 602
نمايش فراداده

This class is a CertSelector for X.509 certificates. Its various set methods allow you to specify values for various certificate fields and extensions. The match( ) method will only return true for certificates that have the specified values for those fields and extensions. A full understanding of this class requires detailed knowledge of the X.509 standard which is beyond the scope of this reference. Some of the more important methods are described here, however.

When you want to match exactly one specific certificate, simply pass the desired X509Certificate to setCertificate( ). Constrain the subject of the certificate with setSubject( ), setSubjectAlternativeNames( ), of addSubjectAlternativeName( ). Constrain the issuer of the certificate with setIssuer( ). Constrain the public key of the certificate with setPublicKey( ). Constrain the certificate to be valid on a given date with setCertificateValid( ). And specify a specific issuer's serial number for the certificate with setSerialNumber( ).

Java 5.0 adds methods for identifying certificate subjects and issuers with javax.security.auth.x500.X500Principal objects instead of with strings.

Figure 14-72. java.security.cert.X509CertSelector

public class 
X509CertSelector  implements CertSelector {
// Public Constructors
public 
X509CertSelector ( );  
// Public Instance Methods
public void 
addPathToName (int 
type , String 
name ) 
throws java.io.IOException;  
public void 
addPathToName (int 
type , byte[ ] 
name ) 
throws java.io.IOException;  
public void 
addSubjectAlternativeName (int 
type , byte[ ] 
name ) 
throws java.io.IOException;  
public void 
addSubjectAlternativeName (int 
type , String 
name ) 
throws java.io.IOException;  
public byte[ ] 
getAuthorityKeyIdentifier ( );               default:null
public int 
getBasicConstraints ( );                         default:-1
public X509Certificate 
getCertificate ( );                  default:null
public java.util.Date 
getCertificateValid ( );              default:null
public java.util.Set<String> 
getExtendedKeyUsage ( );    default:null

5.0   public javax.security.auth.x500.X500Principal 
getIssuer ( );  default:null
public byte[ ] 
getIssuerAsBytes ( ) 
throws java.io.IOException;     default:null
public String 
getIssuerAsString ( );                        default:null
public boolean[ ] 
getKeyUsage ( );                          default:null
public boolean 
getMatchAllSubjectAltNames ( );         default:true
public byte[ ] 
getNameConstraints ( );                         default:null
public java.util.Collection<java.util.List<?>> 

getPathToNames ( );     default:null
public java.util.Set<String> 
getPolicy ( );      default:null
public java.util.Date 
getPrivateKeyValid ( );          default:null
public java.math.BigInteger 
getSerialNumber ( );       default:null

5.0   public javax.security.auth.x500.X500Principal 

getSubject ( );     default:null
public java.util.Collection<java.util.List<?>> 

getSubjectAlternativeNames ( );     default:null
public byte[ ] 
getSubjectAsBytes ( ) 
throws java.io.IOException;     default:null
public String 
getSubjectAsString ( );                default:null
public byte[ ] 
getSubjectKeyIdentifier ( );          default:null
public java.security.PublicKey 
getSubjectPublicKey ( );  default:null
public String 
getSubjectPublicKeyAlgID ( );          default:null
public void 
setAuthorityKeyIdentifier (byte[ ] 
authorityKeyID );  
public void 
setBasicConstraints (int 
minMaxPathLen );  
public void 
setCertificate (X509Certificate 
cert );  
public void 
setCertificateValid (java.util.Date 
certValid );  
public void 
setExtendedKeyUsage (java.util.Set<String> 
keyPurposeSet ) 
throws java.io.IOException;  

5.0   public void 
setIssuer (javax.security.auth.x500.X500Principal 
issuer );  
public void 
setIssuer (byte[ ] 
issuerDN ) throws java.io.IOException;  
public void 
setIssuer (String 
issuerDN ) throws java.io.IOException;  
public void 
setKeyUsage (boolean[ ] 
keyUsage );  
public void 
setMatchAllSubjectAltNames (boolean 
matchAllNames );  
public void 
setNameConstraints (byte[ ] 
bytes ) throws java.io.IOException;  
public void 
setPathToNames (java.util.Collection<java.util.List<?>> 
names ) 
throws java.io.IOException;  
public void 
setPolicy (java.util.Set<String> 
certPolicySet ) throws java.io.IOException;  
public void 
setPrivateKeyValid (java.util.Date 
privateKeyValid );  
public void 
setSerialNumber (java.math.BigInteger 
serial );  
public void 
setSubject (String 
subjectDN ) throws java.io.IOException;  

5.0   public void 
setSubject (javax.security.auth.x500.X500Principal 
subject );  
public void 
setSubject (byte[ ] 
subjectDN ) throws java.io.IOException;  
public void 
setSubjectAlternativeNames (java.util.Collection<
java.util.List<?>> 
names ) throws java.io.IOException;  
public void 
setSubjectKeyIdentifier (byte[ ] 
subjectKeyID );  
public void 
setSubjectPublicKey (byte[ ] 
key ) throws java.io.IOException;  
public void 
setSubjectPublicKey (java.security.PublicKey 
key );  
public void 
setSubjectPublicKeyAlgID (String 
oid ) throws java.io.IOException;  
// Methods Implementing CertSelector
public Object 
clone ( );  
public boolean 
match (java.security.cert.Certificate 
cert );  
// Public Methods Overriding Object
public String 
toString ( );  
}