com.entrust.toolkit.credentials

Class KeychainIdentityCertFilter

java.lang.Object

com.entrust.toolkit.credentials.KeychainIdentityCertFilter

All Implemented Interfaces:

KeychainCertFilter

public class KeychainIdentityCertFilter
extends java.lang.Object
implements KeychainCertFilter

A KeychainIdentityCertFilter is a KeychainCertFilter that is used to find a specific identity in the Keychain based on certificate criteria. The following Criteria types are supported:

• X509Certificate - uses the Subject DN of the specified certificate as the filter to find other certificates that contain that same subject DN. For example, an end user verification or encryption certificate could be specified, and only certificates containing the same DN would be acceptable.
• KeychainContainerName - If the KeychainContainerName is known, this can be used to find all certificates in that particular identity. The certificates are filtered by this KeychainContainerName. A KeychainContainerName is unique for each identity.
• Principal - Represents the Subject Name of a Certificate as the criteria for filtering acceptable certificates. This filter will accept all certificates that contain the same Subject name.

Most Digital identities types contain two or more certificates. This filter allows an identity to be found by knowing details contained in a single certificates.

Since:

8.0

Constructor Summary

Constructors

Constructor and Description
KeychainIdentityCertFilter(ContainerName KeychainContainerName) This can be used to find all certificates in that particular identity.
KeychainIdentityCertFilter(java.security.Principal subjectDN) This constructor takes a Principal which represents the Subject Name of a Certificate as the criteria for filtering acceptable certificates.
KeychainIdentityCertFilter(X509Certificate cert) This constructor takes an X509Certificate and uses the SubjectName as the criteria for filtering acceptable certificates.

Method Summary

Modifier and Type	Method and Description
boolean	acceptCertificate(X509Certificate certificate) This method checks whether the certificate should be accepted depending on whether it has the same subject name or KeychainContainerName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeychainIdentityCertFilter

public KeychainIdentityCertFilter(X509Certificate cert)
                           throws KeychainException

This constructor takes an X509Certificate and uses the SubjectName as the criteria for filtering acceptable certificates. This will allow all certificates for a particular identity to be acceptable.

Parameters:

cert - The X509Certificate whose subject DN is used to find acceptable certificates

Throws:

KeychainException

KeychainIdentityCertFilter

public KeychainIdentityCertFilter(java.security.Principal subjectDN)
                           throws KeychainException

This constructor takes a Principal which represents the Subject Name of a Certificate as the criteria for filtering acceptable certificates. This will allow all certificates for a particular identity to be acceptable.

Parameters:

subjectDN - The SubjectDN which will be used to find acceptable certificates

Throws:

KeychainException

KeychainIdentityCertFilter

public KeychainIdentityCertFilter(ContainerName KeychainContainerName)
                           throws KeychainException

This can be used to find all certificates in that particular identity. The certificates are filtered by this ContainerName.

Parameters:

KeychainContainerName - The KeychainContainerName

Throws:

KeychainException

Method Detail

acceptCertificate

public boolean acceptCertificate(X509Certificate certificate)

This method checks whether the certificate should be accepted depending on whether it has the same subject name or KeychainContainerName

Specified by:

acceptCertificate in interface KeychainCertFilter

Parameters:

certificate - The certificate that will be checked for acceptability