4646 * getBasicConstraints} method). Therefore, the {@link #match match}
4747 * method would return {@code true} for any {@code X509Certificate}.
4848 * Typically, several criteria are enabled (by calling
49- * {@link #setIssuer setIssuer } or
49+ * {@link #setIssuer(X500Principal) } or
5050 * {@link #setKeyUsage setKeyUsage}, for instance) and then the
5151 * {@code X509CertSelector} is passed to
5252 * {@link CertStore#getCertificates CertStore.getCertificates} or some similar
5353 * method.
5454 * <p>
55- * Several criteria can be enabled (by calling {@link #setIssuer setIssuer}
55+ * Several criteria can be enabled (by calling
56+ * {@link #setIssuer(X500Principal)}
5657 * and {@link #setSerialNumber setSerialNumber},
5758 * for example) such that the {@code match} method
5859 * usually uniquely matches a single {@code X509Certificate}. We say
@@ -184,25 +185,25 @@ public void setIssuer(X500Principal issuer) {
184185 }
185186
186187 /**
187- * <strong>Denigrated</strong>, use {@linkplain #setIssuer(X500Principal)}
188- * or {@linkplain #setIssuer(byte[])} instead. This method should not be
189- * relied on as it can fail to match some certificates because of a loss of
190- * encoding information in the
191- * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> String form
192- * of some distinguished names.
193- * <p>
194188 * Sets the issuer criterion. The specified distinguished name
195189 * must match the issuer distinguished name in the
196190 * {@code X509Certificate}. If {@code null}, any issuer
197191 * distinguished name will do.
198192 * <p>
199193 * If {@code issuerDN} is not {@code null}, it should contain a
200- * distinguished name, in RFC 2253 format.
194+ * distinguished name, in
195+ * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> format.
201196 *
202197 * @param issuerDN a distinguished name in RFC 2253 format
203198 * (or {@code null})
204199 * @throws IOException if a parsing error occurs (incorrect form for DN)
200+ *
201+ * @deprecated Use {@link #setIssuer(X500Principal)} or
202+ * {@link #setIssuer(byte[])} instead. This method should not be relied on
203+ * as it can fail to match some certificates because of a loss of encoding
204+ * information in the RFC 2253 String form of some distinguished names.
205205 */
206+ @ Deprecated (since ="16" )
206207 public void setIssuer (String issuerDN ) throws IOException {
207208 if (issuerDN == null ) {
208209 issuer = null ;
@@ -276,24 +277,26 @@ public void setSubject(X500Principal subject) {
276277 }
277278
278279 /**
279- * <strong>Denigrated</strong>, use {@linkplain #setSubject(X500Principal)}
280- * or {@linkplain #setSubject(byte[])} instead. This method should not be
281- * relied on as it can fail to match some certificates because of a loss of
282- * encoding information in the RFC 2253 String form of some distinguished
283- * names.
284- * <p>
285280 * Sets the subject criterion. The specified distinguished name
286281 * must match the subject distinguished name in the
287282 * {@code X509Certificate}. If {@code null}, any subject
288283 * distinguished name will do.
289284 * <p>
290285 * If {@code subjectDN} is not {@code null}, it should contain a
291- * distinguished name, in RFC 2253 format.
286+ * distinguished name, in
287+ * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> format.
292288 *
293289 * @param subjectDN a distinguished name in RFC 2253 format
294290 * (or {@code null})
295291 * @throws IOException if a parsing error occurs (incorrect form for DN)
292+ *
293+ * @deprecated Use {@link #setSubject(X500Principal)} or
294+ * {@link #setSubject(byte[])} instead. This method should not be relied
295+ * on as it can fail to match some certificates because of a loss of
296+ * encoding information in the RFC 2253 String form of some distinguished
297+ * names.
296298 */
299+ @ Deprecated (since ="16" )
297300 public void setSubject (String subjectDN ) throws IOException {
298301 if (subjectDN == null ) {
299302 subject = null ;
@@ -310,8 +313,7 @@ public void setSubject(String subjectDN) throws IOException {
310313 * <p>
311314 * If {@code subjectDN} is not {@code null}, it should contain a
312315 * single DER encoded distinguished name, as defined in X.501. For the ASN.1
313- * notation for this structure, see
314- * {@link #setIssuer(byte [] issuerDN) setIssuer(byte [] issuerDN)}.
316+ * notation for this structure, see {@link #setIssuer(byte[])}.
315317 *
316318 * @param subjectDN a byte array containing the distinguished name in
317319 * ASN.1 DER format (or {@code null})
@@ -711,7 +713,8 @@ public void setSubjectAlternativeNames(Collection<List<?>> names)
711713 * the restrictions included in RFC 5280). IPv4 address names are
712714 * supplied using dotted quad notation. OID address names are represented
713715 * as a series of nonnegative integers separated by periods. And
714- * directory names (distinguished names) are supplied in RFC 2253 format.
716+ * directory names (distinguished names) are supplied in
717+ * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> format.
715718 * No standard string format is defined for otherNames, X.400 names,
716719 * EDI party names, IPv6 address names, or any other type of names. They
717720 * should be specified using the
@@ -1299,23 +1302,24 @@ public X500Principal getIssuer() {
12991302 }
13001303
13011304 /**
1302- * <strong>Denigrated</strong>, use {@linkplain #getIssuer()} or
1303- * {@linkplain #getIssuerAsBytes()} instead. This method should not be
1304- * relied on as it can fail to match some certificates because of a loss of
1305- * encoding information in the RFC 2253 String form of some distinguished
1306- * names.
1307- * <p>
13081305 * Returns the issuer criterion as a {@code String}. This
13091306 * distinguished name must match the issuer distinguished name in the
13101307 * {@code X509Certificate}. If {@code null}, the issuer criterion
13111308 * is disabled and any issuer distinguished name will do.
13121309 * <p>
13131310 * If the value returned is not {@code null}, it is a
1314- * distinguished name, in RFC 2253 format.
1311+ * distinguished name, in
1312+ * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> format.
13151313 *
13161314 * @return the required issuer distinguished name in RFC 2253 format
13171315 * (or {@code null})
1316+ *
1317+ * @deprecated Use {@link #getIssuer()} or {@link #getIssuerAsBytes()}
1318+ * instead. This method should not be relied on as it can fail to match
1319+ * some certificates because of a loss of encoding information in the
1320+ * RFC 2253 String form of some distinguished names.
13181321 */
1322+ @ Deprecated (since ="16" )
13191323 public String getIssuerAsString () {
13201324 return (issuer == null ? null : issuer .getName ());
13211325 }
@@ -1329,8 +1333,7 @@ public String getIssuerAsString() {
13291333 * If the value returned is not {@code null}, it is a byte
13301334 * array containing a single DER encoded distinguished name, as defined in
13311335 * X.501. The ASN.1 notation for this structure is supplied in the
1332- * documentation for
1333- * {@link #setIssuer(byte [] issuerDN) setIssuer(byte [] issuerDN)}.
1336+ * documentation for {@link #setIssuer(byte[])}.
13341337 * <p>
13351338 * Note that the byte array returned is cloned to protect against
13361339 * subsequent modifications.
@@ -1358,23 +1361,24 @@ public X500Principal getSubject() {
13581361 }
13591362
13601363 /**
1361- * <strong>Denigrated</strong>, use {@linkplain #getSubject()} or
1362- * {@linkplain #getSubjectAsBytes()} instead. This method should not be
1363- * relied on as it can fail to match some certificates because of a loss of
1364- * encoding information in the RFC 2253 String form of some distinguished
1365- * names.
1366- * <p>
13671364 * Returns the subject criterion as a {@code String}. This
13681365 * distinguished name must match the subject distinguished name in the
13691366 * {@code X509Certificate}. If {@code null}, the subject criterion
13701367 * is disabled and any subject distinguished name will do.
13711368 * <p>
13721369 * If the value returned is not {@code null}, it is a
1373- * distinguished name, in RFC 2253 format.
1370+ * distinguished name, in
1371+ * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> format.
13741372 *
13751373 * @return the required subject distinguished name in RFC 2253 format
13761374 * (or {@code null})
1375+ *
1376+ * @deprecated Use {@link #getSubject()} or {@link #getSubjectAsBytes()}
1377+ * instead. This method should not be relied on as it can fail to match
1378+ * some certificates because of a loss of encoding information in the
1379+ * RFC 2253 String form of some distinguished names.
13771380 */
1381+ @ Deprecated (since ="16" )
13781382 public String getSubjectAsString () {
13791383 return (subject == null ? null : subject .getName ());
13801384 }
@@ -1388,8 +1392,7 @@ public String getSubjectAsString() {
13881392 * If the value returned is not {@code null}, it is a byte
13891393 * array containing a single DER encoded distinguished name, as defined in
13901394 * X.501. The ASN.1 notation for this structure is supplied in the
1391- * documentation for
1392- * {@link #setSubject(byte [] subjectDN) setSubject(byte [] subjectDN)}.
1395+ * documentation for {@link #setSubject(byte[])}.
13931396 * <p>
13941397 * Note that the byte array returned is cloned to protect against
13951398 * subsequent modifications.
@@ -1985,7 +1988,7 @@ public boolean match(Certificate cert) {
19851988 if (debug != null ) {
19861989 debug .println ("X509CertSelector.match(SN: "
19871990 + (xcert .getSerialNumber ()).toString (16 ) + "\n Issuer: "
1988- + xcert .getIssuerDN () + "\n Subject: " + xcert .getSubjectDN ()
1991+ + xcert .getIssuerX500Principal () + "\n Subject: " + xcert .getSubjectX500Principal ()
19891992 + ")" );
19901993 }
19911994
0 commit comments