1 files changed, 168 insertions, 0 deletions

diff --git a/core/src/main/java/org/spongycastle/asn1/x509/CertificatePair.java b/core/src/main/java/org/spongycastle/asn1/x509/CertificatePair.java
new file mode 100644
index 00000000..976473fd
--- /dev/null
+++ b/core/src/main/java/org/spongycastle/asn1/x509/CertificatePair.java
@@ -0,0 +1,168 @@
+package org.spongycastle.asn1.x509;
+
+import java.util.Enumeration;
+
+import org.spongycastle.asn1.ASN1EncodableVector;
+import org.spongycastle.asn1.ASN1Object;
+import org.spongycastle.asn1.ASN1Primitive;
+import org.spongycastle.asn1.ASN1Sequence;
+import org.spongycastle.asn1.ASN1TaggedObject;
+import org.spongycastle.asn1.DERSequence;
+import org.spongycastle.asn1.DERTaggedObject;
+
+/**
+ * This class helps to support crossCerfificatePairs in a LDAP directory
+ * according RFC 2587
+ * 
+ * <pre>
+ *     crossCertificatePairATTRIBUTE::={
+ *       WITH SYNTAX   CertificatePair
+ *       EQUALITY MATCHING RULE certificatePairExactMatch
+ *       ID joint-iso-ccitt(2) ds(5) attributeType(4) crossCertificatePair(40)}
+ * </pre>
+ * 
+ * <blockquote> The forward elements of the crossCertificatePair attribute of a
+ * CA's directory entry shall be used to store all, except self-issued
+ * certificates issued to this CA. Optionally, the reverse elements of the
+ * crossCertificatePair attribute, of a CA's directory entry may contain a
+ * subset of certificates issued by this CA to other CAs. When both the forward
+ * and the reverse elements are present in a single attribute value, issuer name
+ * in one certificate shall match the subject name in the other and vice versa,
+ * and the subject public key in one certificate shall be capable of verifying
+ * the digital signature on the other certificate and vice versa.
+ * 
+ * When a reverse element is present, the forward element value and the reverse
+ * element value need not be stored in the same attribute value; in other words,
+ * they can be stored in either a single attribute value or two attribute
+ * values. </blockquote>
+ * 
+ * <pre>
+ *       CertificatePair ::= SEQUENCE {
+ *         forward        [0]    Certificate OPTIONAL,
+ *         reverse        [1]    Certificate OPTIONAL,
+ *         -- at least one of the pair shall be present -- } 
+ * </pre>
+ */
+public class CertificatePair
+    extends ASN1Object
+{
+    private Certificate forward;
+
+    private Certificate reverse;
+
+    public static CertificatePair getInstance(Object obj)
+    {
+        if (obj == null || obj instanceof CertificatePair)
+        {
+            return (CertificatePair)obj;
+        }
+
+        if (obj instanceof ASN1Sequence)
+        {
+            return new CertificatePair((ASN1Sequence)obj);
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: "
+            + obj.getClass().getName());
+    }
+
+    /**
+     * Constructor from ASN1Sequence.
+     * <p/>
+     * The sequence is of type CertificatePair:
+     * <p/>
+     * <pre>
+     *       CertificatePair ::= SEQUENCE {
+     *         forward        [0]    Certificate OPTIONAL,
+     *         reverse        [1]    Certificate OPTIONAL,
+     *         -- at least one of the pair shall be present -- }
+     * </pre>
+     *
+     * @param seq The ASN.1 sequence.
+     */
+    private CertificatePair(ASN1Sequence seq)
+    {
+        if (seq.size() != 1 && seq.size() != 2)
+        {
+            throw new IllegalArgumentException("Bad sequence size: "
+                + seq.size());
+        }
+
+        Enumeration e = seq.getObjects();
+
+        while (e.hasMoreElements())
+        {
+            ASN1TaggedObject o = ASN1TaggedObject.getInstance(e.nextElement());
+            if (o.getTagNo() == 0)
+            {
+                forward = Certificate.getInstance(o, true);
+            }
+            else if (o.getTagNo() == 1)
+            {
+                reverse = Certificate.getInstance(o, true);
+            }
+            else
+            {
+                throw new IllegalArgumentException("Bad tag number: "
+                    + o.getTagNo());
+            }
+        }
+    }
+
+    /**
+     * Constructor from a given details.
+     *
+     * @param forward Certificates issued to this CA.
+     * @param reverse Certificates issued by this CA to other CAs.
+     */
+    public CertificatePair(Certificate forward, Certificate reverse)
+    {
+        this.forward = forward;
+        this.reverse = reverse;
+    }
+
+    /**
+     * Produce an object suitable for an ASN1OutputStream.
+     * <p>
+     * Returns:
+     * <pre>
+     *       CertificatePair ::= SEQUENCE {
+     *         forward        [0]    Certificate OPTIONAL,
+     *         reverse        [1]    Certificate OPTIONAL,
+     *         -- at least one of the pair shall be present -- }
+     * </pre>
+     *
+     * @return a ASN1Primitive
+     */
+    public ASN1Primitive toASN1Primitive()
+    {
+        ASN1EncodableVector vec = new ASN1EncodableVector();
+
+        if (forward != null)
+        {
+            vec.add(new DERTaggedObject(0, forward));
+        }
+        if (reverse != null)
+        {
+            vec.add(new DERTaggedObject(1, reverse));
+        }
+
+        return new DERSequence(vec);
+    }
+
+    /**
+     * @return Returns the forward.
+     */
+    public Certificate getForward()
+    {
+        return forward;
+    }
+
+    /**
+     * @return Returns the reverse.
+     */
+    public Certificate getReverse()
+    {
+        return reverse;
+    }
+}