Java 类java.security.cert.X509CertSelector 实例源码

/**
 * Returns an instance of <code>ExtendedPKIXParameters</code> which can be
 * safely casted to <code>ExtendedPKIXBuilderParameters</code>.
 * <p>
 * This method can be used to get a copy from other
 * <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>,
 * and <code>ExtendedPKIXParameters</code> instances.
 * 
 * @param pkixParams The PKIX parameters to create a copy of.
 * @return An <code>ExtendedPKIXBuilderParameters</code> instance.
 */
public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
{
    ExtendedPKIXBuilderParameters params;
    try
    {
        params = new ExtendedPKIXBuilderParameters(pkixParams
                .getTrustAnchors(), X509CertStoreSelector
                .getInstance((X509CertSelector) pkixParams
                        .getTargetCertConstraints()));
    }
    catch (Exception e)
    {
        // cannot happen
        throw new RuntimeException(e.getMessage());
    }
    params.setParams(pkixParams);
    return params;
}

public X509CertificateHolderSelector getCertificateHolderSelector(X509CertSelector certSelector)
{
    try
    {
        if (certSelector.getSubjectKeyIdentifier() != null)
        {
            return new X509CertificateHolderSelector(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
        }
        else
        {
            return new X509CertificateHolderSelector(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
        }
    }
    catch (IOException e)
    {
        throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
    }
}

private Set getCACertificates(X509CertSelector xselector)
    throws CertStoreException
{
    String[] attrs = {params.getCACertificateAttribute()};
    String attrName = params.getLdapCACertificateAttributeName();
    String subjectAttributeName = params
        .getCACertificateSubjectAttributeName();
    Set set = certSubjectSerialSearch(xselector, attrs, attrName,
        subjectAttributeName);

    if (set.isEmpty())
    {
        set.addAll(search(null, "*", attrs));
    }

    return set;
}

private Set getCrossCertificates(X509CertSelector xselector)
    throws CertStoreException
{
    String[] attrs = {params.getCrossCertificateAttribute()};
    String attrName = params.getLdapCrossCertificateAttributeName();
    String subjectAttributeName = params
        .getCrossCertificateSubjectAttributeName();
    Set set = certSubjectSerialSearch(xselector, attrs, attrName,
        subjectAttributeName);

    if (set.isEmpty())
    {
        set.addAll(search(null, "*", attrs));
    }

    return set;
}

public SignerId getSignerId(X509CertSelector certSelector)
{
    try
    {
        if (certSelector.getSubjectKeyIdentifier() != null)
        {
            return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
        }
        else
        {
            return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
        }
    }
    catch (IOException e)
    {
        throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
    }
}

public KeyTransRecipientId getKeyTransRecipientId(X509CertSelector certSelector)
{
    try
    {
        if (certSelector.getSubjectKeyIdentifier() != null)
        {
            return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
        }
        else
        {
            return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
        }
    }
    catch (IOException e)
    {
        throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
    }
}

/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}

private void testPrivateKeyValid() throws IOException, CertificateException {
    System.out.println("X.509 Certificate Match on privateKeyValid");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Calendar cal = Calendar.getInstance();
    cal.set(1968, 12, 31);
    selector.setPrivateKeyValid(cal.getTime());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
    byte[] encoded = in.getOctetString();
    PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
    Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
    selector.setPrivateKeyValid(validDate);
    checkMatch(selector, cert, true);

}

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}

private void testPrivateKeyValid() throws IOException, CertificateException {
    System.out.println("X.509 Certificate Match on privateKeyValid");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Calendar cal = Calendar.getInstance();
    cal.set(1968, 12, 31);
    selector.setPrivateKeyValid(cal.getTime());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
    byte[] encoded = in.getOctetString();
    PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
    Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
    selector.setPrivateKeyValid(validDate);
    checkMatch(selector, cert, true);

}

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}

/**
 * Return the initialization parameters for the TrustManager. Currently,
 * only the default <code>PKIX</code> is supported.
 *
 * @param algorithm
 *            The algorithm to get parameters for.
 * @param crlf
 *            The path to the CRL file.
 * @param trustStore
 *            The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
    CertPathParameters params = null;
    if ("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if (trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch (Exception ex) {
                log.warn("Bad maxCertLength: " + trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: " + algorithm);
    }
    return params;
}

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}

private void testPrivateKeyValid() throws IOException, CertificateException {
    System.out.println("X.509 Certificate Match on privateKeyValid");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Calendar cal = Calendar.getInstance();
    cal.set(1968, 12, 31);
    selector.setPrivateKeyValid(cal.getTime());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
    byte[] encoded = in.getOctetString();
    PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
    Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
    selector.setPrivateKeyValid(validDate);
    checkMatch(selector, cert, true);

}

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}

private void testPrivateKeyValid() throws IOException, CertificateException {
    System.out.println("X.509 Certificate Match on privateKeyValid");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Calendar cal = Calendar.getInstance();
    cal.set(1968, 12, 31);
    selector.setPrivateKeyValid(cal.getTime());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
    byte[] encoded = in.getOctetString();
    PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
    Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
    selector.setPrivateKeyValid(validDate);
    checkMatch(selector, cert, true);

}

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}

private void testPrivateKeyValid() throws IOException, CertificateException {
    System.out.println("X.509 Certificate Match on privateKeyValid");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Calendar cal = Calendar.getInstance();
    cal.set(1968, 12, 31);
    selector.setPrivateKeyValid(cal.getTime());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
    byte[] encoded = in.getOctetString();
    PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
    Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
    selector.setPrivateKeyValid(validDate);
    checkMatch(selector, cert, true);

}

private void testPolicy() throws IOException {
    System.out.println("X.509 Certificate Match on certificatePolicies");
    // test encoding of CertificatePoliciesExtension because we wrote the
    // code
    // bad match
    X509CertSelector selector = new X509CertSelector();
    Set<String> s = new HashSet<>();
    s.add(new String("1.2.5.7.68"));
    selector.setPolicy(s);
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
    CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
    List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
    // match on the first policy id
    PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
    s.clear();
    s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
    selector.setPolicy(s);
    checkMatch(selector, cert, true);
}

public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}

/**
 * Returns an instance of <code>ExtendedPKIXParameters</code> which can be
 * safely casted to <code>ExtendedPKIXBuilderParameters</code>.
 * <p>
 * This method can be used to get a copy from other
 * <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>,
 * and <code>ExtendedPKIXParameters</code> instances.
 * 
 * @param pkixParams The PKIX parameters to create a copy of.
 * @return An <code>ExtendedPKIXBuilderParameters</code> instance.
 */
public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
{
    ExtendedPKIXBuilderParameters params;
    try
    {
        params = new ExtendedPKIXBuilderParameters(pkixParams
                .getTrustAnchors(), X509CertStoreSelector
                .getInstance((X509CertSelector) pkixParams
                        .getTargetCertConstraints()));
    }
    catch (Exception e)
    {
        // cannot happen
        throw new RuntimeException(e.getMessage());
    }
    params.setParams(pkixParams);
    return params;
}

public X509CertificateHolderSelector getCertificateHolderSelector(X509CertSelector certSelector)
{
    try
    {
        if (certSelector.getSubjectKeyIdentifier() != null)
        {
            return new X509CertificateHolderSelector(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
        }
        else
        {
            return new X509CertificateHolderSelector(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
        }
    }
    catch (IOException e)
    {
        throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
    }
}

private Set getCACertificates(X509CertSelector xselector)
    throws CertStoreException
{
    String[] attrs = {params.getCACertificateAttribute()};
    String attrName = params.getLdapCACertificateAttributeName();
    String subjectAttributeName = params
        .getCACertificateSubjectAttributeName();
    Set set = certSubjectSerialSearch(xselector, attrs, attrName,
        subjectAttributeName);

    if (set.isEmpty())
    {
        set.addAll(search(null, "*", attrs));
    }

    return set;
}

private Set getCrossCertificates(X509CertSelector xselector)
    throws CertStoreException
{
    String[] attrs = {params.getCrossCertificateAttribute()};
    String attrName = params.getLdapCrossCertificateAttributeName();
    String subjectAttributeName = params
        .getCrossCertificateSubjectAttributeName();
    Set set = certSubjectSerialSearch(xselector, attrs, attrName,
        subjectAttributeName);

    if (set.isEmpty())
    {
        set.addAll(search(null, "*", attrs));
    }

    return set;
}

public SignerId getSignerId(X509CertSelector certSelector)
{
    try
    {
        if (certSelector.getSubjectKeyIdentifier() != null)
        {
            return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
        }
        else
        {
            return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
        }
    }
    catch (IOException e)
    {
        throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
    }
}

public KeyTransRecipientId getKeyTransRecipientId(X509CertSelector certSelector)
{
    try
    {
        if (certSelector.getSubjectKeyIdentifier() != null)
        {
            return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
        }
        else
        {
            return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
        }
    }
    catch (IOException e)
    {
        throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
    }
}

@Test
public void testValidateMy() throws Exception
{
    System.out.println("validateMy");

    FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/my");
    KeyStore ks = KeyStore.getInstance("jks");
    FileInputStream fis = new FileInputStream("./src/test/cert/my/myStore");
    ks.load(fis, "mystorepass".toCharArray());
    fis.close();

    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setSubject(new X500Principal("CN = Luis Goncalves,OU = CC,O = ISEL,C = PT"));
    Collection<X509Certificate> otherCerts = Collections.emptyList();

    PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, false, certStore.getStore());
    ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
    assertEquals(result.getCerts().size(), 3);
}

@Test
public void testValidateNist() throws Exception
{
    System.out.println("validateNist");

    FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/csrc.nist");
    KeyStore ks = KeyStore.getInstance("jks");
    FileInputStream fis = new FileInputStream("./src/test/cert/csrc.nist/trustAnchor");
    ks.load(fis, "password".toCharArray());
    fis.close();

    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setSubject(new X500Principal("CN = User1-CP.02.01,OU = Testing,OU = DoD,O = U.S. Government,C = US"));
    Collection<X509Certificate> otherCerts = Collections.emptyList();

    PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, true, certStore.getStore());
    ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
    assertEquals(result.getCerts().size(), 4);
    assertEquals(result.getCrls().size(), 3);
}

public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}

public static void createPath(String[] certs) throws Exception {
    TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
    List list = new ArrayList();
    for (int i = 1; i < certs.length; i++) {
        list.add(0, getCertFromFile(certs[i]));
    }
    CertificateFactory cf = CertificateFactory.getInstance("X509");
    path = cf.generateCertPath(list);

    Set anchors = Collections.singleton(anchor);
    params = new PKIXParameters(anchors);
    params.setRevocationEnabled(false);
    X509CertSelector sel = new X509CertSelector();
    sel.setSerialNumber(new BigInteger("1427"));
    params.setTargetCertConstraints(sel);
}

/**
 * Test #1 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
 * constructor<br>
 * Assertion: creates an instance of <code>PKIXBuilderParameters</code>
 * @throws InvalidAlgorithmParameterException
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "Verifies positive case.",
    method = "PKIXBuilderParameters",
    args = {java.util.Set.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersSetCertSelector01()
    throws InvalidAlgorithmParameterException {
    Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet();
    if (taSet == null) {
        fail(getName() + ": not performed (could not create test TrustAnchor set)");
    }
    // both parameters are valid and non-null
    PKIXParameters p =
        new PKIXBuilderParameters(taSet, new X509CertSelector());
    assertTrue("instanceOf", p instanceof PKIXBuilderParameters);
    assertNotNull("certSelector", p.getTargetCertConstraints());
}

/**
 * Test #1 for <code>PKIXBuilderParameters(KeyStore, CertSelector)</code>
 * constructor<br>
 * Assertion: <code>NullPointerException</code> - if the
 * <code>keystore</code> is <code>null</code>
 */
@TestTargetNew(
    level = TestLevel.PARTIAL_COMPLETE,
    notes = "Veirifies null as a KeyStore parameter.",
    method = "PKIXBuilderParameters",
    args = {java.security.KeyStore.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersKeyStoreCertSelector01()
        throws Exception {
    try {
        new PKIXBuilderParameters((KeyStore) null, new X509CertSelector());
        fail("NullPointerException expected");
    } catch (NullPointerException e) {
        // expected
    }
}