blob: f9707340b6d5dc9429295076a9d11c98af287de2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
package org.bouncycastle.cert.selector;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.cert.AttributeCertificateHolder;
import org.bouncycastle.cert.AttributeCertificateIssuer;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
/**
* This class builds selectors according to the set criteria.
*/
public class X509AttributeCertificateHolderSelectorBuilder
{
// TODO: name constraints???
private AttributeCertificateHolder holder;
private AttributeCertificateIssuer issuer;
private BigInteger serialNumber;
private Date attributeCertificateValid;
private X509AttributeCertificateHolder attributeCert;
private Collection targetNames = new HashSet();
private Collection targetGroups = new HashSet();
public X509AttributeCertificateHolderSelectorBuilder()
{
}
/**
* Set the attribute certificate to be matched. If <code>null</code> is
* given any will do.
*
* @param attributeCert The attribute certificate holder to set.
*/
public void setAttributeCert(X509AttributeCertificateHolder attributeCert)
{
this.attributeCert = attributeCert;
}
/**
* Set the time, when the certificate must be valid. If <code>null</code>
* is given any will do.
*
* @param attributeCertificateValid The attribute certificate validation
* time to set.
*/
public void setAttributeCertificateValid(Date attributeCertificateValid)
{
if (attributeCertificateValid != null)
{
this.attributeCertificateValid = new Date(attributeCertificateValid
.getTime());
}
else
{
this.attributeCertificateValid = null;
}
}
/**
* Sets the holder. If <code>null</code> is given any will do.
*
* @param holder The holder to set.
*/
public void setHolder(AttributeCertificateHolder holder)
{
this.holder = holder;
}
/**
* Sets the issuer the attribute certificate must have. If <code>null</code>
* is given any will do.
*
* @param issuer The issuer to set.
*/
public void setIssuer(AttributeCertificateIssuer issuer)
{
this.issuer = issuer;
}
/**
* Sets the serial number the attribute certificate must have. If
* <code>null</code> is given any will do.
*
* @param serialNumber The serialNumber to set.
*/
public void setSerialNumber(BigInteger serialNumber)
{
this.serialNumber = serialNumber;
}
/**
* Adds a target name criterion for the attribute certificate to the target
* information extension criteria. The <code>X509AttributeCertificateHolder</code>
* must contain at least one of the specified target names.
* <p>
* Each attribute certificate may contain a target information extension
* limiting the servers where this attribute certificate can be used. If
* this extension is not present, the attribute certificate is not targeted
* and may be accepted by any server.
*
* @param name The name as a GeneralName (not <code>null</code>)
*/
public void addTargetName(GeneralName name)
{
targetNames.add(name);
}
/**
* Adds a collection with target names criteria. If <code>null</code> is
* given any will do.
* <p>
* The collection consists of either GeneralName objects or byte[] arrays representing
* DER encoded GeneralName structures.
*
* @param names A collection of target names.
* @throws java.io.IOException if a parsing error occurs.
* @see #addTargetName(org.bouncycastle.asn1.x509.GeneralName)
*/
public void setTargetNames(Collection names) throws IOException
{
targetNames = extractGeneralNames(names);
}
/**
* Adds a target group criterion for the attribute certificate to the target
* information extension criteria. The <code>X509AttributeCertificateHolder</code>
* must contain at least one of the specified target groups.
* <p>
* Each attribute certificate may contain a target information extension
* limiting the servers where this attribute certificate can be used. If
* this extension is not present, the attribute certificate is not targeted
* and may be accepted by any server.
*
* @param group The group as GeneralName form (not <code>null</code>)
*/
public void addTargetGroup(GeneralName group)
{
targetGroups.add(group);
}
/**
* Adds a collection with target groups criteria. If <code>null</code> is
* given any will do.
* <p>
* The collection consists of <code>GeneralName</code> objects or <code>byte[]</code representing DER
* encoded GeneralNames.
*
* @param names A collection of target groups.
* @throws java.io.IOException if a parsing error occurs.
* @see #addTargetGroup(org.bouncycastle.asn1.x509.GeneralName)
*/
public void setTargetGroups(Collection names) throws IOException
{
targetGroups = extractGeneralNames(names);
}
private Set extractGeneralNames(Collection names)
throws IOException
{
if (names == null || names.isEmpty())
{
return new HashSet();
}
Set temp = new HashSet();
for (Iterator it = names.iterator(); it.hasNext();)
{
temp.add(GeneralName.getInstance(it.next()));
}
return temp;
}
public X509AttributeCertificateHolderSelector build()
{
X509AttributeCertificateHolderSelector sel = new X509AttributeCertificateHolderSelector(
holder, issuer, serialNumber, attributeCertificateValid, attributeCert, Collections.unmodifiableCollection(new HashSet(targetNames)), Collections.unmodifiableCollection(new HashSet(targetGroups)));
return sel;
}
}
|
