1 package org.bouncycastle.x509; 2 3 import org.bouncycastle.asn1.ASN1Encodable; 4 import org.bouncycastle.asn1.DERSequence; 5 import org.bouncycastle.asn1.x509.AttCertIssuer; 6 import org.bouncycastle.asn1.x509.GeneralName; 7 import org.bouncycastle.asn1.x509.GeneralNames; 8 import org.bouncycastle.asn1.x509.V2Form; 9 import org.bouncycastle.jce.PrincipalUtil; 10 import org.bouncycastle.jce.X509Principal; 11 import org.bouncycastle.util.Selector; 12 13 import java.io.IOException; 14 import java.security.Principal; 15 import java.security.cert.CertSelector; 16 import java.security.cert.Certificate; 17 import java.security.cert.CertificateEncodingException; 18 import java.security.cert.X509Certificate; 19 import java.util.ArrayList; 20 import java.util.List; 21 22 /** 23 * Carrying class for an attribute certificate issuer. 24 */ 25 public class AttributeCertificateIssuer 26 implements CertSelector, Selector 27 { 28 final ASN1Encodable form; 29 30 /** 31 * @param issuer 32 */ AttributeCertificateIssuer( AttCertIssuer issuer)33 AttributeCertificateIssuer( 34 AttCertIssuer issuer) 35 { 36 form = issuer.getIssuer(); 37 } 38 AttributeCertificateIssuer( X509Principal principal)39 public AttributeCertificateIssuer( 40 X509Principal principal) 41 { 42 form = new V2Form(new GeneralNames(new GeneralName(principal))); 43 } 44 getNames()45 private Object[] getNames() 46 { 47 GeneralNames name; 48 49 if (form instanceof V2Form) 50 { 51 name = ((V2Form)form).getIssuerName(); 52 } 53 else 54 { 55 name = (GeneralNames)form; 56 } 57 58 GeneralName[] names = name.getNames(); 59 60 List l = new ArrayList(names.length); 61 62 for (int i = 0; i != names.length; i++) 63 { 64 if (names[i].getTagNo() == GeneralName.directoryName) 65 { 66 try 67 { 68 l.add(new X509Principal(((ASN1Encodable)names[i].getName()).toASN1Primitive().getEncoded())); 69 } 70 catch (IOException e) 71 { 72 throw new RuntimeException("badly formed Name object"); 73 } 74 } 75 } 76 77 return l.toArray(new Object[l.size()]); 78 } 79 80 /** 81 * Return any principal objects inside the attribute certificate issuer object. 82 * 83 * @return an array of Principal objects (usually X509Principal) 84 */ getPrincipals()85 public Principal[] getPrincipals() 86 { 87 Object[] p = this.getNames(); 88 List l = new ArrayList(); 89 90 for (int i = 0; i != p.length; i++) 91 { 92 if (p[i] instanceof Principal) 93 { 94 l.add(p[i]); 95 } 96 } 97 98 return (Principal[])l.toArray(new Principal[l.size()]); 99 } 100 matchesDN(X509Principal subject, GeneralNames targets)101 private boolean matchesDN(X509Principal subject, GeneralNames targets) 102 { 103 GeneralName[] names = targets.getNames(); 104 105 for (int i = 0; i != names.length; i++) 106 { 107 GeneralName gn = names[i]; 108 109 if (gn.getTagNo() == GeneralName.directoryName) 110 { 111 try 112 { 113 if (new X509Principal(((ASN1Encodable)gn.getName()).toASN1Primitive().getEncoded()).equals(subject)) 114 { 115 return true; 116 } 117 } 118 catch (IOException e) 119 { 120 } 121 } 122 } 123 124 return false; 125 } 126 127 /* (non-Javadoc) 128 * @see java.security.cert.CertSelector#clone() 129 */ clone()130 public Object clone() 131 { 132 return new AttributeCertificateIssuer(AttCertIssuer.getInstance(form)); 133 } 134 135 /* (non-Javadoc) 136 * @see java.security.cert.CertSelector#match(java.security.cert.Certificate) 137 */ match(Certificate cert)138 public boolean match(Certificate cert) 139 { 140 if (!(cert instanceof X509Certificate)) 141 { 142 return false; 143 } 144 145 X509Certificate x509Cert = (X509Certificate)cert; 146 147 try 148 { 149 if (form instanceof V2Form) 150 { 151 V2Form issuer = (V2Form)form; 152 if (issuer.getBaseCertificateID() != null) 153 { 154 return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) 155 && matchesDN(PrincipalUtil.getIssuerX509Principal(x509Cert), issuer.getBaseCertificateID().getIssuer()); 156 } 157 158 GeneralNames name = issuer.getIssuerName(); 159 if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), name)) 160 { 161 return true; 162 } 163 } 164 else 165 { 166 GeneralNames name = (GeneralNames)form; 167 if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), name)) 168 { 169 return true; 170 } 171 } 172 } 173 catch (CertificateEncodingException e) 174 { 175 return false; 176 } 177 178 return false; 179 } 180 equals(Object obj)181 public boolean equals(Object obj) 182 { 183 if (obj == this) 184 { 185 return true; 186 } 187 188 if (!(obj instanceof AttributeCertificateIssuer)) 189 { 190 return false; 191 } 192 193 AttributeCertificateIssuer other = (AttributeCertificateIssuer)obj; 194 195 return this.form.equals(other.form); 196 } 197 hashCode()198 public int hashCode() 199 { 200 return this.form.hashCode(); 201 } 202 match(Object obj)203 public boolean match(Object obj) 204 { 205 if (!(obj instanceof X509Certificate)) 206 { 207 return false; 208 } 209 210 return match((Certificate)obj); 211 } 212 } 213