package org.bouncycastle.jcajce;

import java.io.IOException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CertSelector;
import java.util.Collection;

import org.bouncycastle.util.Selector;

This class is a Selector implementation for certificates.
See Also:
  • Selector
/** * This class is a Selector implementation for certificates. * * @see org.bouncycastle.util.Selector */
public class PKIXCertStoreSelector<T extends Certificate> implements Selector<T> {
Builder for a PKIXCertStoreSelector.
/** * Builder for a PKIXCertStoreSelector. */
public static class Builder { private final CertSelector baseSelector;
Constructor initializing a builder with a CertSelector.
Params:
  • certSelector – the CertSelector to copy the match details from.
/** * Constructor initializing a builder with a CertSelector. * * @param certSelector the CertSelector to copy the match details from. */
public Builder(CertSelector certSelector) { this.baseSelector = (CertSelector)certSelector.clone(); }
Build a selector.
Returns:a new PKIXCertStoreSelector
/** * Build a selector. * * @return a new PKIXCertStoreSelector */
public PKIXCertStoreSelector<? extends Certificate> build() { return new PKIXCertStoreSelector(baseSelector); } } private final CertSelector baseSelector; private PKIXCertStoreSelector(CertSelector baseSelector) { this.baseSelector = baseSelector; } public boolean match(Certificate cert) { return baseSelector.match(cert); } public Object clone() { return new PKIXCertStoreSelector(baseSelector); } public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore) throws CertStoreException { return certStore.getCertificates(new SelectorClone(selector)); } private static class SelectorClone extends X509CertSelector { private final PKIXCertStoreSelector selector; SelectorClone(PKIXCertStoreSelector selector) { this.selector = selector; if (selector.baseSelector instanceof X509CertSelector) { X509CertSelector baseSelector = (X509CertSelector)selector.baseSelector; this.setAuthorityKeyIdentifier(baseSelector.getAuthorityKeyIdentifier()); this.setBasicConstraints(baseSelector.getBasicConstraints()); this.setCertificate(baseSelector.getCertificate()); this.setCertificateValid(baseSelector.getCertificateValid()); this.setKeyUsage(baseSelector.getKeyUsage()); this.setMatchAllSubjectAltNames(baseSelector.getMatchAllSubjectAltNames()); this.setPrivateKeyValid(baseSelector.getPrivateKeyValid()); this.setSerialNumber(baseSelector.getSerialNumber()); this.setSubjectKeyIdentifier(baseSelector.getSubjectKeyIdentifier()); this.setSubjectPublicKey(baseSelector.getSubjectPublicKey()); try { this.setExtendedKeyUsage(baseSelector.getExtendedKeyUsage()); this.setIssuer(baseSelector.getIssuerAsBytes()); this.setNameConstraints(baseSelector.getNameConstraints()); this.setPathToNames(baseSelector.getPathToNames()); this.setPolicy(baseSelector.getPolicy()); this.setSubject(baseSelector.getSubjectAsBytes()); this.setSubjectAlternativeNames(baseSelector.getSubjectAlternativeNames()); this.setSubjectPublicKeyAlgID(baseSelector.getSubjectPublicKeyAlgID()); } catch (IOException e) { throw new IllegalStateException("base selector invalid: " + e.getMessage(), e); } } } public boolean match(Certificate certificate) { return (selector == null) ? (certificate != null) : selector.match(certificate); } } }