コード例 #1
0
 private Set extractGeneralNames(Collection names) throws IOException {
   if (names == null || names.isEmpty()) {
     return new HashSet();
   }
   Set temp = new HashSet();
   for (Iterator it = names.iterator(); it.hasNext(); ) {
     Object o = it.next();
     if (o instanceof GeneralName) {
       temp.add(o);
     } else {
       temp.add(GeneralName.getInstance(ASN1Object.fromByteArray((byte[]) o)));
     }
   }
   return temp;
 }
コード例 #2
0
  /**
   * Decides if the given attribute certificate should be selected.
   *
   * @param obj The attribute certificate which should be checked.
   * @return <code>true</code> if the attribute certificate can be selected, <code>false</code>
   *     otherwise.
   */
  public boolean match(Object obj) {
    if (!(obj instanceof X509AttributeCertificate)) {
      return false;
    }

    X509AttributeCertificate attrCert = (X509AttributeCertificate) obj;

    if (this.attributeCert != null) {
      if (!this.attributeCert.equals(attrCert)) {
        return false;
      }
    }
    if (serialNumber != null) {
      if (!attrCert.getSerialNumber().equals(serialNumber)) {
        return false;
      }
    }
    if (holder != null) {
      if (!attrCert.getHolder().equals(holder)) {
        return false;
      }
    }
    if (issuer != null) {
      if (!attrCert.getIssuer().equals(issuer)) {
        return false;
      }
    }

    if (attributeCertificateValid != null) {
      try {
        attrCert.checkValidity(attributeCertificateValid);
      } catch (CertificateExpiredException e) {
        return false;
      } catch (CertificateNotYetValidException e) {
        return false;
      }
    }
    if (!targetNames.isEmpty() || !targetGroups.isEmpty()) {

      byte[] targetInfoExt = attrCert.getExtensionValue(X509Extensions.TargetInformation.getId());
      if (targetInfoExt != null) {
        TargetInformation targetinfo;
        try {
          targetinfo =
              TargetInformation.getInstance(
                  new ASN1InputStream(
                          ((DEROctetString) DEROctetString.fromByteArray(targetInfoExt))
                              .getOctets())
                      .readObject());
        } catch (IOException e) {
          return false;
        } catch (IllegalArgumentException e) {
          return false;
        }
        Targets[] targetss = targetinfo.getTargetsObjects();
        if (!targetNames.isEmpty()) {
          boolean found = false;

          for (int i = 0; i < targetss.length; i++) {
            Targets t = targetss[i];
            Target[] targets = t.getTargets();
            for (int j = 0; j < targets.length; j++) {
              if (targetNames.contains(GeneralName.getInstance(targets[j].getTargetName()))) {
                found = true;
                break;
              }
            }
          }
          if (!found) {
            return false;
          }
        }
        if (!targetGroups.isEmpty()) {
          boolean found = false;

          for (int i = 0; i < targetss.length; i++) {
            Targets t = targetss[i];
            Target[] targets = t.getTargets();
            for (int j = 0; j < targets.length; j++) {
              if (targetGroups.contains(GeneralName.getInstance(targets[j].getTargetGroup()))) {
                found = true;
                break;
              }
            }
          }
          if (!found) {
            return false;
          }
        }
      }
    }
    return true;
  }
コード例 #3
0
 /**
  * Adds a target group criterion for the attribute certificate to the target information extension
  * criteria. The <code>X509AttributeCertificate</code> must contain at least one of the specified
  * target groups.
  *
  * <p>Each attribute certificate may contain a target information extension limiting the servers
  * where this attribute certificate can be used. If this extension is not present, the attribute
  * certificate is not targeted and may be accepted by any server.
  *
  * @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
  * @throws IOException if a parsing error occurs.
  */
 public void addTargetGroup(byte[] name) throws IOException {
   addTargetGroup(GeneralName.getInstance(ASN1Object.fromByteArray(name)));
 }