X509CertSelector.SetAuthorityKeyIdentifier(Byte[]) Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Sets the authorityKeyIdentifier criterion.
[Android.Runtime.Register("setAuthorityKeyIdentifier", "([B)V", "GetSetAuthorityKeyIdentifier_arrayBHandler")]
public virtual void SetAuthorityKeyIdentifier (byte[]? authorityKeyID);[<Android.Runtime.Register("setAuthorityKeyIdentifier", "([B)V", "GetSetAuthorityKeyIdentifier_arrayBHandler")>]
abstract member SetAuthorityKeyIdentifier : byte[] -> unit
override this.SetAuthorityKeyIdentifier : byte[] -> unitParameters
- authorityKeyID
- Byte[]
the authority key identifier
(or null)
- Attributes
Remarks
Sets the authorityKeyIdentifier criterion. The X509Certificate must contain an AuthorityKeyIdentifier extension for which the contents of the extension value matches the specified criterion value. If the criterion value is null, no authorityKeyIdentifier check will be done.
If authorityKeyID is not null, it should contain a single DER encoded value corresponding to the contents of the extension value (not including the object identifier, criticality setting, and encapsulating OCTET STRING) for an AuthorityKeyIdentifier extension. The ASN.1 notation for this structure follows.
{@code
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] KeyIdentifier OPTIONAL,
authorityCertIssuer [1] GeneralNames OPTIONAL,
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
KeyIdentifier ::= OCTET STRING
}
Authority key identifiers are not parsed by the X509CertSelector. Instead, the values are compared using a byte-by-byte comparison.
When the keyIdentifier field of AuthorityKeyIdentifier is populated, the value is usually taken from the SubjectKeyIdentifier extension in the issuer's certificate. Note, however, that the result of X509Certificate.getExtensionValue(<SubjectKeyIdentifier Object Identifier>) on the issuer's certificate may NOT be used directly as the input to setAuthorityKeyIdentifier. This is because the SubjectKeyIdentifier contains only a KeyIdentifier OCTET STRING, and not a SEQUENCE of KeyIdentifier, GeneralNames, and CertificateSerialNumber. In order to use the extension value of the issuer certificate's SubjectKeyIdentifier extension, it will be necessary to extract the value of the embedded KeyIdentifier OCTET STRING, then DER encode this OCTET STRING inside a SEQUENCE. For more details on SubjectKeyIdentifier, see #setSubjectKeyIdentifier(byte[] subjectKeyID).
Note also that the byte array supplied here is cloned to protect against subsequent modifications.
Java documentation for java.security.cert.X509CertSelector.setAuthorityKeyIdentifier(byte[]).
Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.