001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: /**
019: * @author Alexander Y. Kleymenov
020: * @version $Revision$
021: */package java.security.cert;
022:
023: import java.io.IOException;
024: import java.math.BigInteger;
025: import java.util.ArrayList;
026: import java.util.Collection;
027: import java.util.Collections;
028: import java.util.Date;
029: import javax.security.auth.x500.X500Principal;
030:
031: import org.apache.harmony.security.asn1.ASN1Integer;
032: import org.apache.harmony.security.asn1.ASN1OctetString;
033: import org.apache.harmony.security.internal.nls.Messages;
034: import org.apache.harmony.security.x501.Name;
035:
036: /**
037: * @com.intel.drl.spec_ref
038: */
039: public class X509CRLSelector implements CRLSelector {
040:
041: // issuerNames criterion:
042: // contains X.500 distinguished names in CANONICAL format
043: private ArrayList<String> issuerNames;
044: // contains X500Principal objects corresponding to the names
045: // from issuerNames collection (above)
046: private ArrayList<X500Principal> issuerPrincipals;
047: // minCRLNumber criterion
048: private BigInteger minCRL;
049: // maxCRLNumber criterion
050: private BigInteger maxCRL;
051: // dateAndTime criterion
052: private long dateAndTime = -1;
053: // the certificate being checked
054: private X509Certificate certificateChecking;
055:
056: /**
057: * @com.intel.drl.spec_ref
058: */
059: public X509CRLSelector() {
060: }
061:
062: /**
063: * @com.intel.drl.spec_ref
064: */
065: public void setIssuers(Collection<X500Principal> issuers) {
066: if (issuers == null) {
067: issuerNames = null;
068: issuerPrincipals = null;
069: return;
070: }
071: issuerNames = new ArrayList<String>(issuers.size());
072: issuerPrincipals = new ArrayList<X500Principal>(issuers);
073: for (X500Principal issuer : issuers) {
074: issuerNames.add(issuer.getName(X500Principal.CANONICAL));
075: }
076: }
077:
078: /**
079: * @com.intel.drl.spec_ref
080: */
081: public void setIssuerNames(Collection<?> names) throws IOException {
082: if (names == null) {
083: issuerNames = null;
084: issuerPrincipals = null;
085: return;
086: }
087: if (names.size() == 0) {
088: return;
089: }
090: issuerNames = new ArrayList<String>(names.size());
091: for (Object name : names) {
092: if (name instanceof String) {
093: issuerNames.add(new Name((String) name)
094: .getName(X500Principal.CANONICAL));
095: } else if (name instanceof byte[]) {
096: issuerNames.add(new Name((byte[]) name)
097: .getName(X500Principal.CANONICAL));
098: } else {
099: throw new IOException(Messages.getString("security.62")); //$NON-NLS-1$
100: }
101: }
102: }
103:
104: /**
105: * @com.intel.drl.spec_ref
106: */
107: public void addIssuer(X500Principal issuer) {
108: if (issuer == null) {
109: throw new NullPointerException(Messages
110: .getString("security.61")); //$NON-NLS-1$
111: }
112: if (issuerNames == null) {
113: issuerNames = new ArrayList<String>();
114: }
115: String name = issuer.getName(X500Principal.CANONICAL);
116: if (!issuerNames.contains(name)) {
117: issuerNames.add(name);
118: }
119: if (issuerPrincipals == null) {
120: issuerPrincipals = new ArrayList<X500Principal>(issuerNames
121: .size());
122: }
123: // extend the list of issuer Principals
124: int size = issuerNames.size() - 1;
125: for (int i = issuerPrincipals.size(); i < size; i++) {
126: issuerPrincipals.add(new X500Principal(issuerNames.get(i)));
127: }
128: issuerPrincipals.add(issuer);
129: }
130:
131: /**
132: * @com.intel.drl.spec_ref
133: */
134: public void addIssuerName(String iss_name) throws IOException {
135: if (issuerNames == null) {
136: issuerNames = new ArrayList<String>();
137: }
138:
139: if (iss_name == null) {
140: iss_name = ""; //$NON-NLS-1$
141: }
142:
143: String name = new Name(iss_name)
144: .getName(X500Principal.CANONICAL);
145: if (!issuerNames.contains(name)) {
146: issuerNames.add(name);
147: }
148: }
149:
150: /**
151: * @com.intel.drl.spec_ref
152: */
153: public void addIssuerName(byte[] iss_name) throws IOException {
154: if (iss_name == null) {
155: throw new NullPointerException(Messages
156: .getString("security.63")); //$NON-NLS-1$
157: }
158: if (issuerNames == null) {
159: issuerNames = new ArrayList<String>();
160: }
161: String name = new Name(iss_name)
162: .getName(X500Principal.CANONICAL);
163: if (!issuerNames.contains(name)) {
164: issuerNames.add(name);
165: }
166: }
167:
168: /**
169: * @com.intel.drl.spec_ref
170: */
171: public void setMinCRLNumber(BigInteger minCRL) {
172: this .minCRL = minCRL;
173: }
174:
175: /**
176: * @com.intel.drl.spec_ref
177: */
178: public void setMaxCRLNumber(BigInteger maxCRL) {
179: this .maxCRL = maxCRL;
180: }
181:
182: /**
183: * @com.intel.drl.spec_ref
184: */
185: public void setDateAndTime(Date dateAndTime) {
186: if (dateAndTime == null) {
187: this .dateAndTime = -1;
188: return;
189: }
190: this .dateAndTime = dateAndTime.getTime();
191: }
192:
193: /**
194: * @com.intel.drl.spec_ref
195: */
196: public void setCertificateChecking(X509Certificate cert) {
197: this .certificateChecking = cert;
198: }
199:
200: /**
201: * @com.intel.drl.spec_ref
202: */
203: public Collection<X500Principal> getIssuers() {
204: if (issuerNames == null) {
205: return null;
206: }
207: if (issuerPrincipals == null) {
208: issuerPrincipals = new ArrayList<X500Principal>(issuerNames
209: .size());
210: }
211: int size = issuerNames.size();
212: // extend the list of issuer Principals
213: for (int i = issuerPrincipals.size(); i < size; i++) {
214: issuerPrincipals.add(new X500Principal(issuerNames.get(i)));
215: }
216: return Collections.unmodifiableCollection(issuerPrincipals);
217: }
218:
219: /**
220: * @com.intel.drl.spec_ref
221: */
222: public Collection<Object> getIssuerNames() {
223: if (issuerNames == null) {
224: return null;
225: }
226: return Collections
227: .unmodifiableCollection((ArrayList<?>) issuerNames);
228: }
229:
230: /**
231: * @com.intel.drl.spec_ref
232: */
233: public BigInteger getMinCRL() {
234: return minCRL;
235: }
236:
237: /**
238: * @com.intel.drl.spec_ref
239: */
240: public BigInteger getMaxCRL() {
241: return maxCRL;
242: }
243:
244: /**
245: * @com.intel.drl.spec_ref
246: */
247: public Date getDateAndTime() {
248: if (dateAndTime == -1) {
249: return null;
250: }
251: return new Date(dateAndTime);
252: }
253:
254: /**
255: * @com.intel.drl.spec_ref
256: */
257: public X509Certificate getCertificateChecking() {
258: return certificateChecking;
259: }
260:
261: /**
262: * @com.intel.drl.spec_ref
263: */
264: public String toString() {
265: StringBuffer result = new StringBuffer();
266: result.append("X509CRLSelector:\n["); //$NON-NLS-1$
267: if (issuerNames != null) {
268: result.append("\n IssuerNames:\n ["); //$NON-NLS-1$
269: int size = issuerNames.size();
270: for (int i = 0; i < size; i++) {
271: result.append("\n " //$NON-NLS-1$
272: + issuerNames.get(i));
273: }
274: result.append("\n ]"); //$NON-NLS-1$
275: }
276: if (minCRL != null) {
277: result.append("\n minCRL: " + minCRL); //$NON-NLS-1$
278: }
279: if (maxCRL != null) {
280: result.append("\n maxCRL: " + maxCRL); //$NON-NLS-1$
281: }
282: if (dateAndTime != -1) {
283: result
284: .append("\n dateAndTime: " + (new Date(dateAndTime))); //$NON-NLS-1$
285: }
286: if (certificateChecking != null) {
287: result
288: .append("\n certificateChecking: " + certificateChecking); //$NON-NLS-1$
289: }
290: result.append("\n]"); //$NON-NLS-1$
291: return result.toString();
292: }
293:
294: /**
295: * @com.intel.drl.spec_ref
296: */
297: public boolean match(CRL crl) {
298: if (!(crl instanceof X509CRL)) {
299: return false;
300: }
301: X509CRL crlist = (X509CRL) crl;
302: if ((issuerNames != null) &&
303: // the search speed depends on the class of issuerNames
304: !(issuerNames.contains(crlist.getIssuerX500Principal()
305: .getName(X500Principal.CANONICAL)))) {
306: return false;
307: }
308: if ((minCRL != null) || (maxCRL != null)) {
309: try {
310: // As specified in rfc 3280 (http://www.ietf.org/rfc/rfc3280.txt)
311: // CRL Number Extension's OID is 2.5.29.20 .
312: byte[] bytes = crlist.getExtensionValue("2.5.29.20"); //$NON-NLS-1$
313: bytes = (byte[]) ASN1OctetString.getInstance().decode(
314: bytes);
315: BigInteger crlNumber = new BigInteger(
316: (byte[]) ASN1Integer.getInstance()
317: .decode(bytes));
318: if ((minCRL != null)
319: && (crlNumber.compareTo(minCRL) < 0)) {
320: return false;
321: }
322: if ((maxCRL != null)
323: && (crlNumber.compareTo(maxCRL) > 0)) {
324: return false;
325: }
326: } catch (IOException e) {
327: return false;
328: }
329: }
330: if (dateAndTime != -1) {
331: Date this Up = crlist.getThisUpdate();
332: Date nextUp = crlist.getNextUpdate();
333: if ((this Up == null) || (nextUp == null)) {
334: return false;
335: }
336: if ((dateAndTime < this Up.getTime())
337: || (dateAndTime > nextUp.getTime())) {
338: return false;
339: }
340: }
341: return true;
342: }
343:
344: /**
345: * @com.intel.drl.spec_ref
346: */
347: public Object clone() {
348: X509CRLSelector result;
349:
350: try {
351: result = (X509CRLSelector) super .clone();
352: if (issuerNames != null) {
353: result.issuerNames = new ArrayList<String>(issuerNames);
354: }
355: } catch (CloneNotSupportedException e) {
356: result = null;
357: }
358: return result;
359: }
360: }
|