/** * Constructs a holder for v2 attribute certificates with a hash value for some type of object. * * <p><code>digestedObjectType</code> can be one of the following: * * <ul> * <li>0 - publicKey - A hash of the public key of the holder must be passed. * <li>1 - publicKeyCert - A hash of the public key certificate of the holder must be passed. * <li>2 - otherObjectDigest - A hash of some other object type must be passed. <code> * otherObjectTypeID</code> must not be empty. * </ul> * * <p>This cannot be used if a v1 attribute certificate is used. * * @param digestedObjectType The digest object type. * @param digestAlgorithm The algorithm identifier for the hash. * @param otherObjectTypeID The object type ID if <code>digestedObjectType</code> is <code> * otherObjectDigest</code>. * @param objectDigest The hash value. */ public AttributeCertificateHolder( int digestedObjectType, String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest) { holder = new Holder( new ObjectDigestInfo( digestedObjectType, otherObjectTypeID, new AlgorithmIdentifier(digestAlgorithm), Arrays.clone(objectDigest))); }
public boolean match(Certificate cert) { if (!(cert instanceof X509Certificate)) { return false; } X509Certificate x509Cert = (X509Certificate) cert; try { if (holder.getBaseCertificateID() != null) { return holder .getBaseCertificateID() .getSerial() .getValue() .equals(x509Cert.getSerialNumber()) && matchesDN( PrincipalUtil.getIssuerX509Principal(x509Cert), holder.getBaseCertificateID().getIssuer()); } if (holder.getEntityName() != null) { if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), holder.getEntityName())) { return true; } } if (holder.getObjectDigestInfo() != null) { MessageDigest md = null; try { md = MessageDigest.getInstance(getDigestAlgorithm(), "DFBC"); } catch (Exception e) { return false; } switch (getDigestedObjectType()) { case ObjectDigestInfo.publicKey: // TODO: DSA Dss-parms md.update(cert.getPublicKey().getEncoded()); break; case ObjectDigestInfo.publicKeyCert: md.update(cert.getEncoded()); break; } if (!Arrays.areEqual(md.digest(), getObjectDigest())) { return false; } } } catch (CertificateEncodingException e) { return false; } return false; }