Examples of java.security.cert.X509CertSelector

• java.security.cert.X509CertSelector
  @com.intel.drl.spec_ref

                                                KeyStore trustStore)
        throws Exception {
        CertPathParameters params = null;
        if("PKIX".equalsIgnoreCase(algorithm)) {
            PKIXBuilderParameters xparams =
                new PKIXBuilderParameters(trustStore, new X509CertSelector());
            Collection<? extends CRL> crls = getCRLs(crlf);
            CertStoreParameters csp = new CollectionCertStoreParameters(crls);
            CertStore store = CertStore.getInstance("Collection", csp);
            xparams.addCertStore(store);
            xparams.setRevocationEnabled(true);

            //Verify certificate path
            try {
                CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
                CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
                X509CertSelector certSelector = new X509CertSelector();
                certSelector.setCertificate(x509Certificates[0]);
                PKIXBuilderParameters params = new PKIXBuilderParameters(trustStore,certSelector);
                if(useCRLs) {
                    params.addCertStore(crlStore);
                } else {
                    Log.debug("ClientTrustManager: no CRL's found, so setRevocationEnabled(false)");

                // Check cert stores if responder cert has not yet been found
                if (!haveResponderCert) {
                    Log.debug("OCSPChecker: Searching cert stores for responder's certificate");

                    if (responderSubjectName != null) {
                        X509CertSelector filter = new X509CertSelector();
                        filter.setSubject(responderSubjectName.getName());

                        List<CertStore> certStores = pkixParams.getCertStores();
                        for (CertStore certStore : certStores) {
                            Iterator i = certStore.getCertificates(filter).iterator();
                            if (i.hasNext()) {

    protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException
    {
        Collection trustColl = new ArrayList();
        Iterator it = trustanchors.iterator();

        X509CertSelector certSelectX509 = new X509CertSelector();

        try
        {
            certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
            byte[] ext = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());

            if (ext != null)
            {
                ASN1OctetString oct = (ASN1OctetString)ASN1Object.fromByteArray(ext);
                AuthorityKeyIdentifier authID = AuthorityKeyIdentifier.getInstance(ASN1Object.fromByteArray(oct.getOctets()));

                certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber());
                byte[] keyID = authID.getKeyIdentifier();
                if (keyID != null)
                {
                    certSelectX509.setSubjectKeyIdentifier(new DEROctetString(keyID).getEncoded());
                }
            }
        }
        catch (IOException ex)
        {
            ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError");
            throw new CertPathReviewerException(msg);
        }

        while (it.hasNext())
        {
            TrustAnchor trust = (TrustAnchor) it.next();
            if (trust.getTrustedCert() != null)
            {
                if (certSelectX509.match(trust.getTrustedCert()))
                {
                    trustColl.add(trust);
                }
            }
            else if (trust.getCAName() != null && trust.getCAPublicKey() != null)

    {
        TrustAnchor trust = null;
        PublicKey trustPublicKey = null;
        Exception invalidKeyEx = null;

        X509CertSelector certSelectX509 = new X509CertSelector();
        X500Principal certIssuer = getEncodedIssuerPrincipal(cert);

        try
        {
            certSelectX509.setSubject(certIssuer.getEncoded());
        }
        catch (IOException ex)
        {
            throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex);
        }

        Iterator iter = trustAnchors.iterator();
        while (iter.hasNext() && trust == null)
        {
            trust = (TrustAnchor) iter.next();
            if (trust.getTrustedCert() != null)
            {
                if (certSelectX509.match(trust.getTrustedCert()))
                {
                    trustPublicKey = trust.getTrustedCert().getPublicKey();
                }
                else
                {

  }
    }

    private static X509Certificate findIssuer(CertStore store)
      throws CertStoreException {
  X509CertSelector selector = new X509CertSelector();
  selector.setBasicConstraints(0);

  LOGGER.debug("Selecting certificate with basicConstraints pathLen > 0");
  Collection<? extends Certificate> certs = store
    .getCertificates(selector);
  if (certs.size() > 0) {

    private static X509Certificate findSigner(CertStore store)
      throws CertStoreException {
  boolean[] keyUsage = new boolean[KEY_USAGE_LENGTH];
  keyUsage[DIGITAL_SIGNATURE] = true;
  X509CertSelector signingSelector = new X509CertSelector();
  signingSelector.setBasicConstraints(-2);
  signingSelector.setKeyUsage(keyUsage);

  LOGGER.debug("Selecting certificate with keyUsage:digitalSignature");
  Collection<? extends Certificate> certs = store
    .getCertificates(signingSelector);
  if (certs.size() > 0) {

    private static X509Certificate findRecipient(CertStore store)
      throws CertStoreException {
  boolean[] keyUsage = new boolean[KEY_USAGE_LENGTH];
  keyUsage[KEY_ENCIPHERMENT] = true;
  X509CertSelector signingSelector = new X509CertSelector();
  signingSelector.setBasicConstraints(-2);
  signingSelector.setKeyUsage(keyUsage);

  LOGGER.debug("Selecting certificate with keyUsage:keyEncipherment");
  Collection<? extends Certificate> certs = store
    .getCertificates(signingSelector);
  if (certs.size() > 0) {
      LOGGER.debug(
        "Found {} certificate(s) with keyUsage:keyEncipherment",
        certs.size());
      return (X509Certificate) certs.iterator().next();
  } else {
      LOGGER.debug("No certificates found.");
  }

  LOGGER.debug("Selecting certificate with keyUsage:dataEncipherment");
  keyUsage = new boolean[KEY_USAGE_LENGTH];
  keyUsage[DATA_ENCIPHERMENT] = true;
  signingSelector.setKeyUsage(keyUsage);

  certs = store.getCertificates(signingSelector);
  if (certs.size() > 0) {
      LOGGER.debug(
        "Found {} certificate(s) with keyUsage:dataEncipherment",

        try
        {
            CertPathBuilder _cpb = CertPathBuilder.getInstance("PKIX", "BC");
            X509Certificate _ee = decodeCertificate(_data[_data.length - 1]);
            X509CertSelector _select = new X509CertSelector();
            _select.setSubject(_ee.getSubjectX500Principal().getEncoded());

            PKIXBuilderParameters _param = new PKIXBuilderParameters(
                    trustedSet, _select);
            _param.setExplicitPolicyRequired(_explicit);
            _param.addCertStore(makeCertStore(_data));

                //Searching for rootCert by subjectDN without CRL
            Set trust = new HashSet();
            trust.add(new TrustAnchor(rootCert, null));

            CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","BC");
            X509CertSelector targetConstraints = new X509CertSelector();
            targetConstraints.setSubject(finalCert.getSubjectX500Principal().getEncoded());
            PKIXBuilderParameters params = new PKIXBuilderParameters(trust, targetConstraints);
            params.addCertStore(store);
            params.setDate(validDate.getTime());
            PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) cpb.build(params);
            CertPath                  path = result.getCertPath();