1 package org.bouncycastle.x509; 2 3 import java.io.IOException; 4 import java.security.Principal; 5 import java.security.cert.Certificate; 6 import java.security.cert.CertificateEncodingException; 7 import java.security.cert.X509Certificate; 8 import java.util.ArrayList; 9 import java.util.List; 10 11 import org.bouncycastle.asn1.ASN1Encodable; 12 import org.bouncycastle.asn1.x509.AttCertIssuer; 13 import org.bouncycastle.asn1.x509.GeneralName; 14 import org.bouncycastle.asn1.x509.GeneralNames; 15 import org.bouncycastle.asn1.x509.V2Form; 16 import org.bouncycastle.jce.PrincipalUtil; 17 import org.bouncycastle.jce.X509Principal; 18 import org.bouncycastle.jce.cert.CertSelector; 19 import org.bouncycastle.util.Selector; 20 21 /** 22 * Carrying class for an attribute certificate issuer. 23 */ 24 public class AttributeCertificateIssuer 25 implements CertSelector, Selector 26 { 27 final ASN1Encodable form; 28 29 /** 30 * @param issuer 31 */ AttributeCertificateIssuer( AttCertIssuer issuer)32 AttributeCertificateIssuer( 33 AttCertIssuer issuer) 34 { 35 form = issuer.getIssuer(); 36 } 37 AttributeCertificateIssuer( X509Principal principal)38 public AttributeCertificateIssuer( 39 X509Principal principal) 40 { 41 form = new V2Form(new GeneralNames(new GeneralName(principal))); 42 } 43 getNames()44 private Object[] getNames() 45 { 46 GeneralNames name; 47 48 if (form instanceof V2Form) 49 { 50 name = ((V2Form)form).getIssuerName(); 51 } 52 else 53 { 54 name = (GeneralNames)form; 55 } 56 57 GeneralName[] names = name.getNames(); 58 59 List l = new ArrayList(names.length); 60 61 for (int i = 0; i != names.length; i++) 62 { 63 if (names[i].getTagNo() == GeneralName.directoryName) 64 { 65 try 66 { 67 l.add(new X509Principal(((ASN1Encodable)names[i].getName()).toASN1Primitive().getEncoded())); 68 } 69 catch (IOException e) 70 { 71 throw new RuntimeException("badly formed Name object"); 72 } 73 } 74 } 75 76 return l.toArray(new Object[l.size()]); 77 } 78 79 /** 80 * Return any principal objects inside the attribute certificate issuer object. 81 * 82 * @return an array of Principal objects (usually X509Principal) 83 */ getPrincipals()84 public Principal[] getPrincipals() 85 { 86 Object[] p = this.getNames(); 87 List l = new ArrayList(); 88 89 for (int i = 0; i != p.length; i++) 90 { 91 if (p[i] instanceof Principal) 92 { 93 l.add(p[i]); 94 } 95 } 96 97 return (Principal[])l.toArray(new Principal[l.size()]); 98 } 99 matchesDN(X509Principal subject, GeneralNames targets)100 private boolean matchesDN(X509Principal subject, GeneralNames targets) 101 { 102 GeneralName[] names = targets.getNames(); 103 104 for (int i = 0; i != names.length; i++) 105 { 106 GeneralName gn = names[i]; 107 108 if (gn.getTagNo() == GeneralName.directoryName) 109 { 110 try 111 { 112 if (new X509Principal(((ASN1Encodable)gn.getName()).toASN1Primitive().getEncoded()).equals(subject)) 113 { 114 return true; 115 } 116 } 117 catch (IOException e) 118 { 119 } 120 } 121 } 122 123 return false; 124 } 125 126 /* (non-Javadoc) 127 * @see java.security.cert.CertSelector#clone() 128 */ clone()129 public Object clone() 130 { 131 return new AttributeCertificateIssuer(AttCertIssuer.getInstance(form)); 132 } 133 134 /* (non-Javadoc) 135 * @see java.security.cert.CertSelector#match(java.security.cert.Certificate) 136 */ match(Certificate cert)137 public boolean match(Certificate cert) 138 { 139 if (!(cert instanceof X509Certificate)) 140 { 141 return false; 142 } 143 144 X509Certificate x509Cert = (X509Certificate)cert; 145 146 try 147 { 148 if (form instanceof V2Form) 149 { 150 V2Form issuer = (V2Form)form; 151 if (issuer.getBaseCertificateID() != null) 152 { 153 return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) 154 && matchesDN(PrincipalUtil.getIssuerX509Principal(x509Cert), issuer.getBaseCertificateID().getIssuer()); 155 } 156 157 GeneralNames name = issuer.getIssuerName(); 158 if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), name)) 159 { 160 return true; 161 } 162 } 163 else 164 { 165 GeneralNames name = (GeneralNames)form; 166 if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), name)) 167 { 168 return true; 169 } 170 } 171 } 172 catch (CertificateEncodingException e) 173 { 174 return false; 175 } 176 177 return false; 178 } 179 equals(Object obj)180 public boolean equals(Object obj) 181 { 182 if (obj == this) 183 { 184 return true; 185 } 186 187 if (!(obj instanceof AttributeCertificateIssuer)) 188 { 189 return false; 190 } 191 192 AttributeCertificateIssuer other = (AttributeCertificateIssuer)obj; 193 194 return this.form.equals(other.form); 195 } 196 hashCode()197 public int hashCode() 198 { 199 return this.form.hashCode(); 200 } 201 match(Object obj)202 public boolean match(Object obj) 203 { 204 if (!(obj instanceof X509Certificate)) 205 { 206 return false; 207 } 208 209 return match((Certificate)obj); 210 } 211 } 212