Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/pkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java
diff options
context:
space:
mode:
Diffstat (limited to 'pkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java')
-rw-r--r--pkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java357
1 files changed, 0 insertions, 357 deletions
diff --git a/pkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java b/pkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java
deleted file mode 100644
index 074d3fc3..00000000
--- a/pkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java
+++ /dev/null
@@ -1,357 +0,0 @@
-package org.bouncycastle.cert;
-
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.Holder;
-import org.bouncycastle.asn1.x509.IssuerSerial;
-import org.bouncycastle.asn1.x509.ObjectDigestInfo;
-import org.bouncycastle.operator.DigestCalculator;
-import org.bouncycastle.operator.DigestCalculatorProvider;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Selector;
-
-/**
- * The Holder object.
- *
- * <pre>
- * Holder ::= SEQUENCE {
- * baseCertificateID [0] IssuerSerial OPTIONAL,
- * -- the issuer and serial number of
- * -- the holder's Public Key Certificate
- * entityName [1] GeneralNames OPTIONAL,
- * -- the name of the claimant or role
- * objectDigestInfo [2] ObjectDigestInfo OPTIONAL
- * -- used to directly authenticate the holder,
- * -- for example, an executable
- * }
- * </pre>
- * <p>
- * <b>Note:</b> If objectDigestInfo comparisons are to be carried out the static
- * method setDigestCalculatorProvider <b>must</b> be called once to configure the class
- * to do the necessary calculations.
- * </p>
- */
-public class AttributeCertificateHolder
- implements Selector
-{
- private static DigestCalculatorProvider digestCalculatorProvider;
-
- final Holder holder;
-
- AttributeCertificateHolder(ASN1Sequence seq)
- {
- holder = Holder.getInstance(seq);
- }
-
- public AttributeCertificateHolder(X500Name issuerName,
- BigInteger serialNumber)
- {
- holder = new Holder(new IssuerSerial(
- new GeneralNames(new GeneralName(issuerName)),
- new ASN1Integer(serialNumber)));
- }
-
- public AttributeCertificateHolder(X509CertificateHolder cert)
- {
- holder = new Holder(new IssuerSerial(generateGeneralNames(cert.getIssuer()),
- new ASN1Integer(cert.getSerialNumber())));
- }
-
- public AttributeCertificateHolder(X500Name principal)
- {
- holder = new Holder(generateGeneralNames(principal));
- }
-
- /**
- * Constructs a holder for v2 attribute certificates with a hash value for
- * some type of object.
- * <p>
- * <code>digestedObjectType</code> can be one of the following:
- * <ul>
- * <li>0 - publicKey - A hash of the public key of the holder must be
- * passed.
- * <li>1 - publicKeyCert - A hash of the public key certificate of the
- * holder must be passed.
- * <li>2 - otherObjectDigest - A hash of some other object type must be
- * passed. <code>otherObjectTypeID</code> must not be empty.
- * </ul>
- * <p>
- * This cannot be used if a v1 attribute certificate is used.
- *
- * @param digestedObjectType The digest object type.
- * @param digestAlgorithm The algorithm identifier for the hash.
- * @param otherObjectTypeID The object type ID if
- * <code>digestedObjectType</code> is
- * <code>otherObjectDigest</code>.
- * @param objectDigest The hash value.
- */
- public AttributeCertificateHolder(int digestedObjectType,
- ASN1ObjectIdentifier digestAlgorithm, ASN1ObjectIdentifier otherObjectTypeID, byte[] objectDigest)
- {
- holder = new Holder(new ObjectDigestInfo(digestedObjectType,
- otherObjectTypeID, new AlgorithmIdentifier(digestAlgorithm), Arrays
- .clone(objectDigest)));
- }
-
- /**
- * Returns the digest object type if an object digest info is used.
- * <p>
- * <ul>
- * <li>0 - publicKey - A hash of the public key of the holder must be
- * passed.
- * <li>1 - publicKeyCert - A hash of the public key certificate of the
- * holder must be passed.
- * <li>2 - otherObjectDigest - A hash of some other object type must be
- * passed. <code>otherObjectTypeID</code> must not be empty.
- * </ul>
- *
- * @return The digest object type or -1 if no object digest info is set.
- */
- public int getDigestedObjectType()
- {
- if (holder.getObjectDigestInfo() != null)
- {
- return holder.getObjectDigestInfo().getDigestedObjectType()
- .getValue().intValue();
- }
- return -1;
- }
-
- /**
- * Returns algorithm identifier for the digest used if ObjectDigestInfo is present.
- *
- * @return digest AlgorithmIdentifier or <code>null</code> if ObjectDigestInfo is absent.
- */
- public AlgorithmIdentifier getDigestAlgorithm()
- {
- if (holder.getObjectDigestInfo() != null)
- {
- return holder.getObjectDigestInfo().getDigestAlgorithm();
- }
- return null;
- }
-
- /**
- * Returns the hash if an object digest info is used.
- *
- * @return The hash or <code>null</code> if ObjectDigestInfo is absent.
- */
- public byte[] getObjectDigest()
- {
- if (holder.getObjectDigestInfo() != null)
- {
- return holder.getObjectDigestInfo().getObjectDigest().getBytes();
- }
- return null;
- }
-
- /**
- * Returns the digest algorithm ID if an object digest info is used.
- *
- * @return The digest algorithm ID or <code>null</code> if no object
- * digest info is set.
- */
- public ASN1ObjectIdentifier getOtherObjectTypeID()
- {
- if (holder.getObjectDigestInfo() != null)
- {
- new ASN1ObjectIdentifier(holder.getObjectDigestInfo().getOtherObjectTypeID().getId());
- }
- return null;
- }
-
- private GeneralNames generateGeneralNames(X500Name principal)
- {
- return new GeneralNames(new GeneralName(principal));
- }
-
- private boolean matchesDN(X500Name subject, GeneralNames targets)
- {
- GeneralName[] names = targets.getNames();
-
- for (int i = 0; i != names.length; i++)
- {
- GeneralName gn = names[i];
-
- if (gn.getTagNo() == GeneralName.directoryName)
- {
- if (X500Name.getInstance(gn.getName()).equals(subject))
- {
- return true;
- }
- }
- }
-
- return false;
- }
-
- private X500Name[] getPrincipals(GeneralName[] names)
- {
- List l = new ArrayList(names.length);
-
- for (int i = 0; i != names.length; i++)
- {
- if (names[i].getTagNo() == GeneralName.directoryName)
- {
- l.add(X500Name.getInstance(names[i].getName()));
- }
- }
-
- return (X500Name[])l.toArray(new X500Name[l.size()]);
- }
-
- /**
- * Return any principal objects inside the attribute certificate holder
- * entity names field.
- *
- * @return an array of Principal objects (usually X500Principal), null if no
- * entity names field is set.
- */
- public X500Name[] getEntityNames()
- {
- if (holder.getEntityName() != null)
- {
- return getPrincipals(holder.getEntityName().getNames());
- }
-
- return null;
- }
-
- /**
- * Return the principals associated with the issuer attached to this holder
- *
- * @return an array of principals, null if no BaseCertificateID is set.
- */
- public X500Name[] getIssuer()
- {
- if (holder.getBaseCertificateID() != null)
- {
- return getPrincipals(holder.getBaseCertificateID().getIssuer().getNames());
- }
-
- return null;
- }
-
- /**
- * Return the serial number associated with the issuer attached to this
- * holder.
- *
- * @return the certificate serial number, null if no BaseCertificateID is
- * set.
- */
- public BigInteger getSerialNumber()
- {
- if (holder.getBaseCertificateID() != null)
- {
- return holder.getBaseCertificateID().getSerial().getValue();
- }
-
- return null;
- }
-
- public Object clone()
- {
- return new AttributeCertificateHolder((ASN1Sequence)holder.toASN1Primitive());
- }
-
- public boolean match(Object obj)
- {
- if (!(obj instanceof X509CertificateHolder))
- {
- return false;
- }
-
- X509CertificateHolder x509Cert = (X509CertificateHolder)obj;
-
- if (holder.getBaseCertificateID() != null)
- {
- return holder.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber())
- && matchesDN(x509Cert.getIssuer(), holder.getBaseCertificateID().getIssuer());
- }
-
- if (holder.getEntityName() != null)
- {
- if (matchesDN(x509Cert.getSubject(),
- holder.getEntityName()))
- {
- return true;
- }
- }
-
- if (holder.getObjectDigestInfo() != null)
- {
- try
- {
- DigestCalculator digCalc = digestCalculatorProvider.get(holder.getObjectDigestInfo().getDigestAlgorithm());
- OutputStream digOut = digCalc.getOutputStream();
-
- switch (getDigestedObjectType())
- {
- case ObjectDigestInfo.publicKey:
- // TODO: DSA Dss-parms
- digOut.write(x509Cert.getSubjectPublicKeyInfo().getEncoded());
- break;
- case ObjectDigestInfo.publicKeyCert:
- digOut.write(x509Cert.getEncoded());
- break;
- }
-
- digOut.close();
-
- if (!Arrays.areEqual(digCalc.getDigest(), getObjectDigest()))
- {
- return false;
- }
- }
- catch (Exception e)
- {
- return false;
- }
- }
-
- return false;
- }
-
- public boolean equals(Object obj)
- {
- if (obj == this)
- {
- return true;
- }
-
- if (!(obj instanceof AttributeCertificateHolder))
- {
- return false;
- }
-
- AttributeCertificateHolder other = (AttributeCertificateHolder)obj;
-
- return this.holder.equals(other.holder);
- }
-
- public int hashCode()
- {
- return this.holder.hashCode();
- }
-
- /**
- * Set a digest calculator provider to be used if matches are attempted using
- * ObjectDigestInfo,
- *
- * @param digCalcProvider a provider of digest calculators.
- */
- public static void setDigestCalculatorProvider(DigestCalculatorProvider digCalcProvider)
- {
- digestCalculatorProvider = digCalcProvider;
- }
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-04 12:34:51 +0300