| package org.bouncycastle.jcajce; |
| |
| import java.io.IOException; |
| import java.security.cert.CertSelector; |
| import java.security.cert.CertStore; |
| import java.security.cert.CertStoreException; |
| import java.security.cert.Certificate; |
| import java.security.cert.X509CertSelector; |
| import java.util.Collection; |
| |
| import org.bouncycastle.util.Selector; |
| |
| /** |
| * This class is a Selector implementation for certificates. |
| * |
| * @see org.bouncycastle.util.Selector |
| */ |
| public class PKIXCertStoreSelector<T extends Certificate> |
| implements Selector<T> |
| { |
| /** |
| * Builder for a PKIXCertStoreSelector. |
| */ |
| public static class Builder |
| { |
| private final CertSelector baseSelector; |
| |
| /** |
| * Constructor initializing a builder with a CertSelector. |
| * |
| * @param certSelector the CertSelector to copy the match details from. |
| */ |
| public Builder(CertSelector certSelector) |
| { |
| this.baseSelector = (CertSelector)certSelector.clone(); |
| } |
| |
| /** |
| * Build a selector. |
| * |
| * @return a new PKIXCertStoreSelector |
| */ |
| public PKIXCertStoreSelector<? extends Certificate> build() |
| { |
| return new PKIXCertStoreSelector(baseSelector); |
| } |
| } |
| |
| private final CertSelector baseSelector; |
| |
| private PKIXCertStoreSelector(CertSelector baseSelector) |
| { |
| this.baseSelector = baseSelector; |
| } |
| |
| public boolean match(Certificate cert) |
| { |
| return baseSelector.match(cert); |
| } |
| |
| public Object clone() |
| { |
| return new PKIXCertStoreSelector(baseSelector); |
| } |
| |
| public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore) |
| throws CertStoreException |
| { |
| return certStore.getCertificates(new SelectorClone(selector)); |
| } |
| |
| private static class SelectorClone |
| extends X509CertSelector |
| { |
| private final PKIXCertStoreSelector selector; |
| |
| SelectorClone(PKIXCertStoreSelector selector) |
| { |
| this.selector = selector; |
| |
| if (selector.baseSelector instanceof X509CertSelector) |
| { |
| X509CertSelector baseSelector = (X509CertSelector)selector.baseSelector; |
| |
| this.setAuthorityKeyIdentifier(baseSelector.getAuthorityKeyIdentifier()); |
| this.setBasicConstraints(baseSelector.getBasicConstraints()); |
| this.setCertificate(baseSelector.getCertificate()); |
| this.setCertificateValid(baseSelector.getCertificateValid()); |
| this.setKeyUsage(baseSelector.getKeyUsage()); |
| this.setMatchAllSubjectAltNames(baseSelector.getMatchAllSubjectAltNames()); |
| this.setPrivateKeyValid(baseSelector.getPrivateKeyValid()); |
| this.setSerialNumber(baseSelector.getSerialNumber()); |
| this.setSubjectKeyIdentifier(baseSelector.getSubjectKeyIdentifier()); |
| this.setSubjectPublicKey(baseSelector.getSubjectPublicKey()); |
| |
| try |
| { |
| this.setExtendedKeyUsage(baseSelector.getExtendedKeyUsage()); |
| this.setIssuer(baseSelector.getIssuerAsBytes()); |
| this.setNameConstraints(baseSelector.getNameConstraints()); |
| this.setPathToNames(baseSelector.getPathToNames()); |
| this.setPolicy(baseSelector.getPolicy()); |
| this.setSubject(baseSelector.getSubjectAsBytes()); |
| this.setSubjectAlternativeNames(baseSelector.getSubjectAlternativeNames()); |
| this.setSubjectPublicKeyAlgID(baseSelector.getSubjectPublicKeyAlgID()); |
| } |
| catch (IOException e) |
| { |
| throw new IllegalStateException("base selector invalid: " + e.getMessage(), e); |
| } |
| } |
| } |
| |
| public boolean match(Certificate certificate) |
| { |
| return (selector == null) ? (certificate != null) : selector.match(certificate); |
| } |
| } |
| } |
