1 package org.bouncycastle.x509; 2 3 import java.io.IOException; 4 import java.security.Principal; 5 import java.security.cert.CertSelector; 6 import java.security.cert.Certificate; 7 import java.security.cert.X509Certificate; 8 import java.util.ArrayList; 9 import java.util.List; 10 11 import javax.security.auth.x500.X500Principal; 12 13 import org.bouncycastle.asn1.ASN1Encodable; 14 import org.bouncycastle.asn1.DERSequence; 15 import org.bouncycastle.asn1.x509.AttCertIssuer; 16 import org.bouncycastle.asn1.x509.GeneralName; 17 import org.bouncycastle.asn1.x509.GeneralNames; 18 import org.bouncycastle.asn1.x509.V2Form; 19 import org.bouncycastle.asn1.x509.X509Name; 20 import org.bouncycastle.jce.X509Principal; 21 22 /** 23 * Carrying class for an attribute certificate issuer. 24 */ 25 public class AttributeCertificateIssuer 26 implements CertSelector 27 { 28 final ASN1Encodable form; 29 30 /** 31 * @param issuer 32 */ 33 AttributeCertificateIssuer( 34 AttCertIssuer issuer) 35 { 36 form = issuer.getIssuer(); 37 } 38 39 public AttributeCertificateIssuer( 40 X500Principal principal) 41 throws IOException 42 { 43 this(new X509Principal(principal.getEncoded())); 44 } 45 46 public AttributeCertificateIssuer( 47 X509Principal principal) 48 { 49 form = new V2Form(new GeneralNames(new DERSequence(new GeneralName(principal)))); 50 } 51 52 private Object[] getNames() 53 { 54 GeneralNames name; 55 56 if (form instanceof V2Form) 57 { 58 name = ((V2Form)form).getIssuerName(); 59 } 60 else 61 { 62 name = (GeneralNames)form; 63 } 64 65 GeneralName[] names = name.getNames(); 66 67 List l = new ArrayList(names.length); 68 69 for (int i = 0; i != names.length; i++) 70 { 71 if (names[i].getTagNo() == GeneralName.directoryName) 72 { 73 try 74 { 75 l.add(new X500Principal(((ASN1Encodable)names[i].getName()).getEncoded())); 76 } 77 catch (IOException e) 78 { 79 throw new RuntimeException("badly formed Name object"); 80 } 81 } 82 } 83 84 return l.toArray(new Object[l.size()]); 85 } 86 87 /** 88 * Return any principal objects inside the attribute certificate issuer object. 89 * 90 * @return an array of Principal objects (usually X500Principal) 91 */ 92 public Principal[] getPrincipals() 93 { 94 Object[] p = this.getNames(); 95 List l = new ArrayList(); 96 97 for (int i = 0; i != p.length; i++) 98 { 99 if (p[i] instanceof Principal) 100 { 101 l.add(p[i]); 102 } 103 } 104 105 return (Principal[])l.toArray(new Principal[l.size()]); 106 } 107 108 private boolean matchesDN(X500Principal subject, GeneralNames targets) 109 { 110 GeneralName[] names = targets.getNames(); 111 112 for (int i = 0; i != names.length; i++) 113 { 114 GeneralName gn = names[i]; 115 116 if (gn.getTagNo() == GeneralName.directoryName) 117 { 118 try 119 { 120 if (new X500Principal(((ASN1Encodable)gn.getName()).getEncoded()).equals(subject)) 121 { 122 return true; 123 } 124 } 125 catch (IOException e) 126 { 127 } 128 } 129 } 130 131 return false; 132 } 133 134 /* (non-Javadoc) 135 * @see java.security.cert.CertSelector#clone() 136 */ 137 public Object clone() 138 { 139 return new AttributeCertificateIssuer(AttCertIssuer.getInstance(form)); 140 } 141 142 /* (non-Javadoc) 143 * @see java.security.cert.CertSelector#match(java.security.cert.Certificate) 144 */ 145 public boolean match(Certificate cert) 146 { 147 if (!(cert instanceof X509Certificate)) 148 { 149 return false; 150 } 151 152 X509Certificate x509Cert = (X509Certificate)cert; 153 154 if (form instanceof V2Form) 155 { 156 V2Form issuer = (V2Form)form; 157 if (issuer.getBaseCertificateID() != null) 158 { 159 return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) 160 && matchesDN(x509Cert.getIssuerX500Principal(), issuer.getBaseCertificateID().getIssuer()); 161 } 162 163 GeneralNames name = issuer.getIssuerName(); 164 if (matchesDN(x509Cert.getSubjectX500Principal(), name)) 165 { 166 return true; 167 } 168 } 169 else 170 { 171 GeneralNames name = (GeneralNames)form; 172 if (matchesDN(x509Cert.getSubjectX500Principal(), name)) 173 { 174 return true; 175 } 176 } 177 178 return false; 179 } 180 } 181
