📄 x509certselector.java
字号:
* @see #getSubjectKeyIdentifier */ public void setSubjectKeyIdentifier(byte[] subjectKeyID) { if (subjectKeyID == null) { this.subjectKeyID = null; } else { this.subjectKeyID = (byte []) subjectKeyID.clone(); } } /** * Sets the authorityKeyIdentifier criterion. The * <code>X509Certificate</code> must contain an * AuthorityKeyIdentifier extension for which the contents of the * extension value matches the specified criterion value. * If the criterion value is <code>null</code>, no * authorityKeyIdentifier check will be done. * <p> * If <code>authorityKeyID</code> is not <code>null</code>, it * should contain a single DER encoded value corresponding to the contents * of the extension value (not including the object identifier, * criticality setting, and encapsulating OCTET STRING) * for an AuthorityKeyIdentifier extension. * The ASN.1 notation for this structure follows. * <p> * <pre><code> * AuthorityKeyIdentifier ::= SEQUENCE { * keyIdentifier [0] KeyIdentifier OPTIONAL, * authorityCertIssuer [1] GeneralNames OPTIONAL, * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } * * KeyIdentifier ::= OCTET STRING * </code></pre> * <p> * Authority key identifiers are not parsed by the * <code>X509CertSelector</code>. Instead, the values are * compared using a byte-by-byte comparison. * <p> * When the <code>keyIdentifier</code> field of * <code>AuthorityKeyIdentifier</code> is populated, the value is * usually taken from the <code>SubjectKeyIdentifier</code> extension * in the issuer's certificate. Note, however, that the result of * <code>X509Certificate.getExtensionValue(<SubjectKeyIdentifier Object * Identifier>)</code> on the issuer's certificate may NOT be used * directly as the input to <code>setAuthorityKeyIdentifier</code>. * This is because the SubjectKeyIdentifier contains * only a KeyIdentifier OCTET STRING, and not a SEQUENCE of * KeyIdentifier, GeneralNames, and CertificateSerialNumber. * In order to use the extension value of the issuer certificate's * <code>SubjectKeyIdentifier</code> * extension, it will be necessary to extract the value of the embedded * <code>KeyIdentifier</code> OCTET STRING, then DER encode this OCTET * STRING inside a SEQUENCE. * For more details on SubjectKeyIdentifier, see * {@link #setSubjectKeyIdentifier(byte[] subjectKeyID)}. * <p> * Note also that the byte array supplied here is cloned to protect against * subsequent modifications. * * @param authorityKeyID the authority key identifier * (or <code>null</code>) * @see #getAuthorityKeyIdentifier */ public void setAuthorityKeyIdentifier(byte[] authorityKeyID) { if (authorityKeyID == null) { this.authorityKeyID = null; } else { this.authorityKeyID = (byte[])authorityKeyID.clone(); } } /** * Sets the certificateValid criterion. The specified date must fall * within the certificate validity period for the * <code>X509Certificate</code>. If <code>null</code>, no certificateValid * check will be done. * <p> * Note that the <code>Date</code> supplied here is cloned to protect * against subsequent modifications. * * @param certValid the <code>Date</code> to check (or <code>null</code>) * @see #getCertificateValid */ public void setCertificateValid(Date certValid) { if (certValid == null) { certificateValid = null; } else { certificateValid = (Date)certValid.clone(); } } /** * Sets the privateKeyValid criterion. The specified date must fall * within the private key validity period for the * <code>X509Certificate</code>. If <code>null</code>, no privateKeyValid * check will be done. * <p> * Note that the <code>Date</code> supplied here is cloned to protect * against subsequent modifications. * * @param privateKeyValid the <code>Date</code> to check (or * <code>null</code>) * @see #getPrivateKeyValid */ public void setPrivateKeyValid(Date privateKeyValid) { if (privateKeyValid == null) { this.privateKeyValid = null; } else { this.privateKeyValid = (Date)privateKeyValid.clone(); } } /** * Sets the subjectPublicKeyAlgID criterion. The * <code>X509Certificate</code> must contain a subject public key * with the specified algorithm. If <code>null</code>, no * subjectPublicKeyAlgID check will be done. * * @param oid The object identifier (OID) of the algorithm to check * for (or <code>null</code>). An OID is represented by a * set of nonnegative integers separated by periods. * @throws IOException if the OID is invalid, such as * the first component being not 0, 1 or 2 or the second component * being greater than 39. * * @see #getSubjectPublicKeyAlgID */ public void setSubjectPublicKeyAlgID(String oid) throws IOException { if (oid == null) { subjectPublicKeyAlgID = null; } else { subjectPublicKeyAlgID = new ObjectIdentifier(oid); } } /** * Sets the subjectPublicKey criterion. The * <code>X509Certificate</code> must contain the specified subject public * key. If <code>null</code>, no subjectPublicKey check will be done. * * @param key the subject public key to check for (or <code>null</code>) * @see #getSubjectPublicKey */ public void setSubjectPublicKey(PublicKey key) { if (key == null) { subjectPublicKey = null; subjectPublicKeyBytes = null; } else { subjectPublicKey = key; subjectPublicKeyBytes = key.getEncoded(); } } /** * Sets the subjectPublicKey criterion. The <code>X509Certificate</code> * must contain the specified subject public key. If <code>null</code>, * no subjectPublicKey check will be done. * <p> * Because this method allows the public key to be specified as a byte * array, it may be used for unknown key types. * <p> * If <code>key</code> is not <code>null</code>, it should contain a * single DER encoded SubjectPublicKeyInfo structure, as defined in X.509. * The ASN.1 notation for this structure is as follows. * <pre><code> * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } * * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } * -- contains a value of the type * -- registered for use with the * -- algorithm object identifier value * </code></pre> * <p> * Note that the byte array supplied here is cloned to protect against * subsequent modifications. * * @param key a byte array containing the subject public key in ASN.1 DER * form (or <code>null</code>) * @throws IOException if an encoding error occurs (incorrect form for * subject public key) * @see #getSubjectPublicKey */ public void setSubjectPublicKey(byte[] key) throws IOException { if (key == null) { subjectPublicKey = null; subjectPublicKeyBytes = null; } else { subjectPublicKeyBytes = (byte[])key.clone(); subjectPublicKey = X509Key.parse(new DerValue(subjectPublicKeyBytes)); } } /** * Sets the keyUsage criterion. The <code>X509Certificate</code> * must allow the specified keyUsage values. If <code>null</code>, no * keyUsage check will be done. Note that an <code>X509Certificate</code> * that has no keyUsage extension implicitly allows all keyUsage values. * <p> * Note that the boolean array supplied here is cloned to protect against * subsequent modifications. * * @param keyUsage a boolean array in the same format as the boolean * array returned by * {@link X509Certificate#getKeyUsage() X509Certificate.getKeyUsage()}. * Or <code>null</code>. * @see #getKeyUsage */ public void setKeyUsage(boolean[] keyUsage) { if (keyUsage == null) { this.keyUsage = null; } else { this.keyUsage = (boolean[])keyUsage.clone(); } } /** * Sets the extendedKeyUsage criterion. The <code>X509Certificate</code> * must allow the specified key purposes in its extended key usage * extension. If <code>keyPurposeSet</code> is empty or <code>null</code>, * no extendedKeyUsage check will be done. Note that an * <code>X509Certificate</code> that has no extendedKeyUsage extension * implicitly allows all key purposes. * <p> * Note that the <code>Set</code> is cloned to protect against * subsequent modifications. * * @param keyPurposeSet a <code>Set</code> of key purpose OIDs in string * format (or <code>null</code>). Each OID is represented by a set of * nonnegative integers separated by periods. * @throws IOException if the OID is invalid, such as * the first component being not 0, 1 or 2 or the second component * being greater than 39. * @see #getExtendedKeyUsage */ public void setExtendedKeyUsage(Set keyPurposeSet) throws IOException { if ((keyPurposeSet == null) || keyPurposeSet.isEmpty()) { this.keyPurposeSet = null; } else { this.keyPurposeSet = Collections.unmodifiableSet(new HashSet(keyPurposeSet)); keyPurposeOIDSet = new HashSet(); for (Iterator t = this.keyPurposeSet.iterator(); t.hasNext();) { String s = (String)t.next(); keyPurposeOIDSet.add(new ObjectIdentifier(s)); } } } /** * Enables/disables matching all of the subjectAlternativeNames * specified in the {@link #setSubjectAlternativeNames * setSubjectAlternativeNames} or {@link #addSubjectAlternativeName * addSubjectAlternativeName} methods. If enabled, * the <code>X509Certificate</code> must contain all of the * specified subject alternative names. If disabled, the * <code>X509Certificate</code> must contain at least one of the * specified subject alternative names. * * <p>The matchAllNames flag is <code>true</code> by default. * * @param matchAllNames if <code>true</code>, the flag is enabled; * if <code>false</code>, the flag is disabled. * @see #getMatchAllSubjectAltNames */ public void setMatchAllSubjectAltNames(boolean matchAllNames) { this.matchAllSubjectAltNames = matchAllNames; } /** * Sets the subjectAlternativeNames criterion. The * <code>X509Certificate</code> must contain all or at least one of the * specified subjectAlternativeNames, depending on the value of * the matchAllNames flag (see {@link #setMatchAllSubjectAltNames * setMatchAllSubjectAltNames}). * <p> * This method allows the caller to specify, with a single method call, * the complete set of subject alternative names for the * subjectAlternativeNames criterion. The specified value replaces * the previous value for the subjectAlternativeNames criterion. * <p> * The <code>names</code> parameter (if not <code>null</code>) is a * <code>Collection</code> with one * entry for each name to be included in the subject alternative name * criterion. Each entry is a <code>List</code> whose first entry is an * <code>Integer</code> (the name type, 0-8) and whose second * entry is a <code>String</code> or a byte array (the name, in * string or ASN.1 DER encoded form, respectively). * There can be multiple names of the same type. If <code>null</code> * is supplied as the value for this argument, no * subjectAlternativeNames check will be performed. * <p> * Each subject alternative name in the <code>Collection</code> * may be specified either as a <code>String</code> or as an ASN.1 encoded * byte array. For more details about the formats used, see * {@link #addSubjectAlternativeName(int type, String name) * addSubjectAlternativeName(int type, String name)} and * {@link #addSubjectAlternativeName(int type, byte [] name) * addSubjectAlternativeName(int type, byte [] name)}. * <p> * Note that the <code>names</code> parameter can contain duplicate * names (same name and name type), but they may be removed from the * <code>Collection</code> of names returned by the * {@link #getSubjectAlternativeNames getSubjectAlternativeNames} method. * <p> * Note that a deep copy is performed on the <code>Collection</code> to * protect against subsequent modifications. * * @param names a <code>Collection</code> of names (or <code>null</code>) * @throws IOException if a parsing error occurs * @see #getSubjectAlternativeNames */ public void setSubjectAlternativeNames(Collection names) throws IOException { if (names == null) { subjectAlternativeNames = null; subjectAlternativeGeneralNames = null; } else { if (names.isEmpty()) { subjectAlternativeNames = null; subjectAlternativeGeneralNames = null; return; } Set tempNames = cloneAndCheckNames(names);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -