001: package org.bouncycastle.x509;
002:
003: import org.bouncycastle.asn1.ASN1Encodable;
004: import org.bouncycastle.asn1.DERSequence;
005: import org.bouncycastle.asn1.x509.AttCertIssuer;
006: import org.bouncycastle.asn1.x509.GeneralName;
007: import org.bouncycastle.asn1.x509.GeneralNames;
008: import org.bouncycastle.asn1.x509.V2Form;
009: import org.bouncycastle.jce.X509Principal;
010: import org.bouncycastle.util.Selector;
011:
012: import javax.security.auth.x500.X500Principal;
013: import java.io.IOException;
014: import java.security.Principal;
015: import java.security.cert.CertSelector;
016: import java.security.cert.Certificate;
017: import java.security.cert.X509Certificate;
018: import java.util.ArrayList;
019: import java.util.List;
020:
021: /**
022: * Carrying class for an attribute certificate issuer.
023: */
024: public class AttributeCertificateIssuer implements CertSelector,
025: Selector {
026: final ASN1Encodable form;
027:
028: /**
029: * Set the issuer directly with the ASN.1 structure.
030: *
031: * @param issuer The issuer
032: */
033: AttributeCertificateIssuer(AttCertIssuer issuer) {
034: form = issuer.getIssuer();
035: }
036:
037: public AttributeCertificateIssuer(X500Principal principal)
038: throws IOException {
039: this (new X509Principal(principal.getEncoded()));
040: }
041:
042: public AttributeCertificateIssuer(X509Principal principal) {
043: form = new V2Form(new GeneralNames(new DERSequence(
044: new GeneralName(principal))));
045: }
046:
047: private Object[] getNames() {
048: GeneralNames name;
049:
050: if (form instanceof V2Form) {
051: name = ((V2Form) form).getIssuerName();
052: } else {
053: name = (GeneralNames) form;
054: }
055:
056: GeneralName[] names = name.getNames();
057:
058: List l = new ArrayList(names.length);
059:
060: for (int i = 0; i != names.length; i++) {
061: if (names[i].getTagNo() == GeneralName.directoryName) {
062: try {
063: l.add(new X500Principal(((ASN1Encodable) names[i]
064: .getName()).getEncoded()));
065: } catch (IOException e) {
066: throw new RuntimeException(
067: "badly formed Name object");
068: }
069: }
070: }
071:
072: return l.toArray(new Object[l.size()]);
073: }
074:
075: /**
076: * Return any principal objects inside the attribute certificate issuer
077: * object.
078: *
079: * @return an array of Principal objects (usually X500Principal)
080: */
081: public Principal[] getPrincipals() {
082: Object[] p = this .getNames();
083: List l = new ArrayList();
084:
085: for (int i = 0; i != p.length; i++) {
086: if (p[i] instanceof Principal) {
087: l.add(p[i]);
088: }
089: }
090:
091: return (Principal[]) l.toArray(new Principal[l.size()]);
092: }
093:
094: private boolean matchesDN(X500Principal subject,
095: GeneralNames targets) {
096: GeneralName[] names = targets.getNames();
097:
098: for (int i = 0; i != names.length; i++) {
099: GeneralName gn = names[i];
100:
101: if (gn.getTagNo() == GeneralName.directoryName) {
102: try {
103: if (new X500Principal(
104: ((ASN1Encodable) gn.getName()).getEncoded())
105: .equals(subject)) {
106: return true;
107: }
108: } catch (IOException e) {
109: }
110: }
111: }
112:
113: return false;
114: }
115:
116: public Object clone() {
117: return new AttributeCertificateIssuer(AttCertIssuer
118: .getInstance(form));
119: }
120:
121: public boolean match(Certificate cert) {
122: if (!(cert instanceof X509Certificate)) {
123: return false;
124: }
125:
126: X509Certificate x509Cert = (X509Certificate) cert;
127:
128: if (form instanceof V2Form) {
129: V2Form issuer = (V2Form) form;
130: if (issuer.getBaseCertificateID() != null) {
131: return issuer.getBaseCertificateID().getSerial()
132: .getValue().equals(x509Cert.getSerialNumber())
133: && matchesDN(x509Cert.getIssuerX500Principal(),
134: issuer.getBaseCertificateID()
135: .getIssuer());
136: }
137:
138: GeneralNames name = issuer.getIssuerName();
139: if (matchesDN(x509Cert.getSubjectX500Principal(), name)) {
140: return true;
141: }
142: } else {
143: GeneralNames name = (GeneralNames) form;
144: if (matchesDN(x509Cert.getSubjectX500Principal(), name)) {
145: return true;
146: }
147: }
148:
149: return false;
150: }
151:
152: public boolean equals(Object obj) {
153: if (obj == this ) {
154: return true;
155: }
156:
157: if (!(obj instanceof AttributeCertificateIssuer)) {
158: return false;
159: }
160:
161: AttributeCertificateIssuer other = (AttributeCertificateIssuer) obj;
162:
163: return this .form.equals(other.form);
164: }
165:
166: public int hashCode() {
167: return this .form.hashCode();
168: }
169:
170: public boolean match(Object obj) {
171: if (!(obj instanceof X509Certificate)) {
172: return false;
173: }
174:
175: return match((Certificate) obj);
176: }
177: }
|