private Set extractGeneralNames(Collection names) throws IOException {
if (names == null || names.isEmpty()) {
return new HashSet();
}
Set temp = new HashSet();
for (Iterator it = names.iterator(); it.hasNext(); ) {
Object o = it.next();
if (o instanceof GeneralName) {
temp.add(o);
} else {
temp.add(GeneralName.getInstance(ASN1Object.fromByteArray((byte[]) o)));
}
}
return temp;
}
/**
* Decides if the given attribute certificate should be selected.
*
* @param obj The attribute certificate which should be checked.
* @return <code>true</code> if the attribute certificate can be selected, <code>false</code>
* otherwise.
*/
public boolean match(Object obj) {
if (!(obj instanceof X509AttributeCertificate)) {
return false;
}
X509AttributeCertificate attrCert = (X509AttributeCertificate) obj;
if (this.attributeCert != null) {
if (!this.attributeCert.equals(attrCert)) {
return false;
}
}
if (serialNumber != null) {
if (!attrCert.getSerialNumber().equals(serialNumber)) {
return false;
}
}
if (holder != null) {
if (!attrCert.getHolder().equals(holder)) {
return false;
}
}
if (issuer != null) {
if (!attrCert.getIssuer().equals(issuer)) {
return false;
}
}
if (attributeCertificateValid != null) {
try {
attrCert.checkValidity(attributeCertificateValid);
} catch (CertificateExpiredException e) {
return false;
} catch (CertificateNotYetValidException e) {
return false;
}
}
if (!targetNames.isEmpty() || !targetGroups.isEmpty()) {
byte[] targetInfoExt = attrCert.getExtensionValue(X509Extensions.TargetInformation.getId());
if (targetInfoExt != null) {
TargetInformation targetinfo;
try {
targetinfo =
TargetInformation.getInstance(
new ASN1InputStream(
((DEROctetString) DEROctetString.fromByteArray(targetInfoExt))
.getOctets())
.readObject());
} catch (IOException e) {
return false;
} catch (IllegalArgumentException e) {
return false;
}
Targets[] targetss = targetinfo.getTargetsObjects();
if (!targetNames.isEmpty()) {
boolean found = false;
for (int i = 0; i < targetss.length; i++) {
Targets t = targetss[i];
Target[] targets = t.getTargets();
for (int j = 0; j < targets.length; j++) {
if (targetNames.contains(GeneralName.getInstance(targets[j].getTargetName()))) {
found = true;
break;
}
}
}
if (!found) {
return false;
}
}
if (!targetGroups.isEmpty()) {
boolean found = false;
for (int i = 0; i < targetss.length; i++) {
Targets t = targetss[i];
Target[] targets = t.getTargets();
for (int j = 0; j < targets.length; j++) {
if (targetGroups.contains(GeneralName.getInstance(targets[j].getTargetGroup()))) {
found = true;
break;
}
}
}
if (!found) {
return false;
}
}
}
}
return true;
}
/**
* Adds a target group criterion for the attribute certificate to the target information extension
* criteria. The <code>X509AttributeCertificate</code> must contain at least one of the specified
* target groups.
*
* <p>Each attribute certificate may contain a target information extension limiting the servers
* where this attribute certificate can be used. If this extension is not present, the attribute
* certificate is not targeted and may be accepted by any server.
*
* @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
* @throws IOException if a parsing error occurs.
*/
public void addTargetGroup(byte[] name) throws IOException {
addTargetGroup(GeneralName.getInstance(ASN1Object.fromByteArray(name)));
}