sun.security.x509.AuthorityKeyIdentifierExtension Java Examples

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        KeyIdentifier akid = (KeyIdentifier)ext.get(
            AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            DerOutputStream derout = new DerOutputStream();
            derout.putOctetString(akid.getIdentifier());
            ski = derout.toByteArray();
        }
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        KeyIdentifier akid = (KeyIdentifier)ext.get(
            AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            DerOutputStream derout = new DerOutputStream();
            derout.putOctetString(akid.getIdentifier());
            ski = derout.toByteArray();
        }
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        KeyIdentifier akid = (KeyIdentifier)ext.get(
            AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            DerOutputStream derout = new DerOutputStream();
            derout.putOctetString(akid.getIdentifier());
            ski = derout.toByteArray();
        }
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

/**
 * Returns an X509CertSelector for matching on the authority key
 * identifier, or null if not applicable.
 */
private X509CertSelector getSelector(X509CertImpl previousCert)
    throws IOException {
    if (previousCert != null) {
        AuthorityKeyIdentifierExtension akidExt =
            previousCert.getAuthorityKeyIdentifierExtension();
        if (akidExt != null) {
            byte[] skid = akidExt.getEncodedKeyIdentifier();
            if (skid != null) {
                X509CertSelector selector = new X509CertSelector();
                selector.setSubjectKeyIdentifier(skid);
                return selector;
            }
        }
    }
    return null;
}
 

/**
 * Sets the subjectKeyIdentifier and serialNumber criteria from the
 * authority key identifier extension.
 *
 * The subjectKeyIdentifier criterion is set to the keyIdentifier field
 * of the extension, or null if it is empty. The serialNumber criterion
 * is set to the authorityCertSerialNumber field, or null if it is empty.
 *
 * Note that we do not set the subject criterion to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before calling match().
 *
 * @param ext the authorityKeyIdentifier extension
 * @throws IOException if there is an error parsing the extension
 */
void setSkiAndSerialNumber(AuthorityKeyIdentifierExtension ext)
    throws IOException {

    ski = null;
    serial = null;

    if (ext != null) {
        ski = ext.getEncodedKeyIdentifier();
        SerialNumber asn = (SerialNumber)ext.get(
            AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            serial = asn.getNumber();
        }
        // the subject criterion should be set by the caller
    }
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

/**
 * Parse the authority key identifier extension.
 *
 * If the keyIdentifier field of the extension is non-null, set the
 * subjectKeyIdentifier criterion. If the authorityCertSerialNumber
 * field is non-null, set the serialNumber criterion.
 *
 * Note that we will not set the subject criterion according to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before call match().
 *
 * @param akidext the authorityKeyIdentifier extension
 */
void parseAuthorityKeyIdentifierExtension(
        AuthorityKeyIdentifierExtension akidext) throws IOException {
    if (akidext != null) {
        KeyIdentifier akid = (KeyIdentifier)akidext.get(
                AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            // Do not override the previous setting for initial selection.
            if (isSKIDSensitive || getSubjectKeyIdentifier() == null) {
                DerOutputStream derout = new DerOutputStream();
                derout.putOctetString(akid.getIdentifier());
                super.setSubjectKeyIdentifier(derout.toByteArray());

                isSKIDSensitive = true;
            }
        }

        SerialNumber asn = (SerialNumber)akidext.get(
                AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            // Do not override the previous setting for initial selection.
            if (isSNSensitive || getSerialNumber() == null) {
                super.setSerialNumber(asn.getNumber());
                isSNSensitive = true;
            }
        }

        // the subject criterion should be set by the caller.
    }
}
 

/**
 * Parse the authority key identifier extension.
 *
 * If the keyIdentifier field of the extension is non-null, set the
 * subjectKeyIdentifier criterion. If the authorityCertSerialNumber
 * field is non-null, set the serialNumber criterion.
 *
 * Note that we will not set the subject criterion according to the
 * authorityCertIssuer field of the extension. The caller MUST set
 * the subject criterion before call match().
 *
 * @param akidext the authorityKeyIdentifier extension
 */
void parseAuthorityKeyIdentifierExtension(
        AuthorityKeyIdentifierExtension akidext) throws IOException {
    if (akidext != null) {
        KeyIdentifier akid = (KeyIdentifier)akidext.get(
                AuthorityKeyIdentifierExtension.KEY_ID);
        if (akid != null) {
            // Do not override the previous setting for initial selection.
            if (isSKIDSensitive || getSubjectKeyIdentifier() == null) {
                DerOutputStream derout = new DerOutputStream();
                derout.putOctetString(akid.getIdentifier());
                super.setSubjectKeyIdentifier(derout.toByteArray());

                isSKIDSensitive = true;
            }
        }

        SerialNumber asn = (SerialNumber)akidext.get(
                AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
        if (asn != null) {
            // Do not override the previous setting for initial selection.
            if (isSNSensitive || getSerialNumber() == null) {
                super.setSerialNumber(asn.getNumber());
                isSNSensitive = true;
            }
        }

        // the subject criterion should be set by the caller.
    }
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}
 

private void testAuthorityKeyIdentifier() throws IOException {
    System.out.println("X.509 Certificate Match on authorityKeyIdentifier");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    byte[] b = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    AuthorityKeyIdentifierExtension a = new AuthorityKeyIdentifierExtension(new KeyIdentifier(b), null, null);
    selector.setAuthorityKeyIdentifier(a.getExtensionValue());
    checkMatch(selector, cert, false);

    // good match
    DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.35"));
    byte[] encoded = in.getOctetString();
    selector.setAuthorityKeyIdentifier(encoded);
    checkMatch(selector, cert, true);
}