Google Git
Sign in
android / platform / external / bouncycastle / 1b335c5efbcf241b55345622fe9978047c3fdf9e / . / bcpkix / src / main / java / org / bouncycastle / cert / selector / X509AttributeCertificateHolderSelector.java
blob: c325fbad2200614877bba554650b5c9379273ae3 [file] [log] [blame]
package org.bouncycastle.cert.selector;
import java.math.BigInteger;
import java.util.Collection;
import java.util.Date;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.Target;
import org.bouncycastle.asn1.x509.TargetInformation;
import org.bouncycastle.asn1.x509.Targets;
import org.bouncycastle.cert.AttributeCertificateHolder;
import org.bouncycastle.cert.AttributeCertificateIssuer;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.bouncycastle.util.Selector;
/**
* This class is an <code>Selector</code> like implementation to select
* attribute certificates from a given set of criteria.
*/
public class X509AttributeCertificateHolderSelector
implements Selector
{
// TODO: name constraints???
private final AttributeCertificateHolder holder;
private final AttributeCertificateIssuer issuer;
private final BigInteger serialNumber;
private final Date attributeCertificateValid;
private final X509AttributeCertificateHolder attributeCert;
private final Collection targetNames;
private final Collection targetGroups;
X509AttributeCertificateHolderSelector(
AttributeCertificateHolder holder,
AttributeCertificateIssuer issuer,
BigInteger serialNumber,
Date attributeCertificateValid,
X509AttributeCertificateHolder attributeCert,
Collection targetNames,
Collection targetGroups)
{
this.holder = holder;
this.issuer = issuer;
this.serialNumber = serialNumber;
this.attributeCertificateValid = attributeCertificateValid;
this.attributeCert = attributeCert;
this.targetNames = targetNames;
this.targetGroups = targetGroups;
}
/**
* Decides if the given attribute certificate should be selected.
*
* @param obj The X509AttributeCertificateHolder which should be checked.
* @return <code>true</code> if the attribute certificate is a match
* <code>false</code> otherwise.
*/
public boolean match(Object obj)
{
if (!(obj instanceof X509AttributeCertificateHolder))
{
return false;
}
X509AttributeCertificateHolder attrCert = (X509AttributeCertificateHolder)obj;
if (this.attributeCert != null)
{
if (!this.attributeCert.equals(attrCert))
{
return false;
}
}
if (serialNumber != null)
{
if (!attrCert.getSerialNumber().equals(serialNumber))
{
return false;
}
}
if (holder != null)
{
if (!attrCert.getHolder().equals(holder))
{
return false;
}
}
if (issuer != null)
{
if (!attrCert.getIssuer().equals(issuer))
{
return false;
}
}
if (attributeCertificateValid != null)
{
if (!attrCert.isValidOn(attributeCertificateValid))
{
return false;
}
}
if (!targetNames.isEmpty() || !targetGroups.isEmpty())
{
Extension targetInfoExt = attrCert.getExtension(Extension.targetInformation);
if (targetInfoExt != null)
{
TargetInformation targetinfo;
try
{
targetinfo = TargetInformation.getInstance(targetInfoExt.getParsedValue());
}
catch (IllegalArgumentException e)
{
return false;
}
Targets[] targetss = targetinfo.getTargetsObjects();
if (!targetNames.isEmpty())
{
boolean found = false;
for (int i=0; i<targetss.length; i++)
{
Targets t = targetss[i];
Target[] targets = t.getTargets();
for (int j=0; j<targets.length; j++)
{
if (targetNames.contains(GeneralName.getInstance(targets[j]
.getTargetName())))
{
found = true;
break;
}
}
}
if (!found)
{
return false;
}
}
if (!targetGroups.isEmpty())
{
boolean found = false;
for (int i=0; i<targetss.length; i++)
{
Targets t = targetss[i];
Target[] targets = t.getTargets();
for (int j=0; j<targets.length; j++)
{
if (targetGroups.contains(GeneralName.getInstance(targets[j]
.getTargetGroup())))
{
found = true;
break;
}
}
}
if (!found)
{
return false;
}
}
}
}
return true;
}
/**
* Returns a clone of this object.
*
* @return the clone.
*/
public Object clone()
{
X509AttributeCertificateHolderSelector sel = new X509AttributeCertificateHolderSelector(
holder, issuer, serialNumber, attributeCertificateValid, attributeCert, targetNames, targetGroups);
return sel;
}
/**
* Returns the attribute certificate holder which must be matched.
*
* @return Returns an X509AttributeCertificateHolder
*/
public X509AttributeCertificateHolder getAttributeCert()
{
return attributeCert;
}
/**
* Get the criteria for the validity.
*
* @return Returns the attributeCertificateValid.
*/
public Date getAttributeCertificateValid()
{
if (attributeCertificateValid != null)
{
return new Date(attributeCertificateValid.getTime());
}
return null;
}
/**
* Gets the holder.
*
* @return Returns the holder.
*/
public AttributeCertificateHolder getHolder()
{
return holder;
}
/**
* Returns the issuer criterion.
*
* @return Returns the issuer.
*/
public AttributeCertificateIssuer getIssuer()
{
return issuer;
}
/**
* Gets the serial number the attribute certificate must have.
*
* @return Returns the serialNumber.
*/
public BigInteger getSerialNumber()
{
return serialNumber;
}
/**
* Gets the target names. The collection consists of GeneralName objects.
* <p>
* The returned collection is immutable.
*
* @return The collection of target names
*/
public Collection getTargetNames()
{
return targetNames;
}
/**
* Gets the target groups. The collection consists of GeneralName objects.
* <p>
* The returned collection is immutable.
*
* @return The collection of target groups.
*/
public Collection getTargetGroups()
{
return targetGroups;
}
}