1e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrompackage org.bouncycastle.cert; 2e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 3e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.io.IOException; 4e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.io.OutputStream; 5e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.math.BigInteger; 6e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.util.ArrayList; 7e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.util.Date; 8e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.util.List; 9e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport java.util.Set; 10e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 11e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.ASN1ObjectIdentifier; 12e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.ASN1Primitive; 13e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.ASN1Sequence; 14e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.DEROutputStream; 15e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.AlgorithmIdentifier; 16e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.AttCertValidityPeriod; 17e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.Attribute; 18e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.AttributeCertificate; 19e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.AttributeCertificateInfo; 20e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.Extension; 21e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.asn1.x509.Extensions; 22e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.operator.ContentVerifier; 23e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstromimport org.bouncycastle.operator.ContentVerifierProvider; 24e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 25e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom/** 26e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Holding class for an X.509 AttributeCertificate structure. 27e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 28e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrompublic class X509AttributeCertificateHolder 29e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom{ 30e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom private static Attribute[] EMPTY_ARRAY = new Attribute[0]; 31e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 32e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom private AttributeCertificate attrCert; 33e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom private Extensions extensions; 34e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 35e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom private static AttributeCertificate parseBytes(byte[] certEncoding) 36e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throws IOException 37e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 38e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom try 39e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 40e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return AttributeCertificate.getInstance(ASN1Primitive.fromByteArray(certEncoding)); 41e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 42e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom catch (ClassCastException e) 43e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 44e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throw new CertIOException("malformed data: " + e.getMessage(), e); 45e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 46e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom catch (IllegalArgumentException e) 47e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 48e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throw new CertIOException("malformed data: " + e.getMessage(), e); 49e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 50e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 51e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 52e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 53e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Create a X509AttributeCertificateHolder from the passed in bytes. 54e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 55e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param certEncoding BER/DER encoding of the certificate. 56e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @throws IOException in the event of corrupted data, or an incorrect structure. 57e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 58e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public X509AttributeCertificateHolder(byte[] certEncoding) 59e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throws IOException 60e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 61e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom this(parseBytes(certEncoding)); 62e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 63e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 64e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 65e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Create a X509AttributeCertificateHolder from the passed in ASN.1 structure. 66e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 67e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param attrCert an ASN.1 AttributeCertificate structure. 68e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 69e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public X509AttributeCertificateHolder(AttributeCertificate attrCert) 70e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 71e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom this.attrCert = attrCert; 72e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom this.extensions = attrCert.getAcinfo().getExtensions(); 73e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 74e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 75e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 76e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the ASN.1 encoding of this holder's attribute certificate. 77e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 78e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return a DER encoded byte array. 79e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @throws IOException if an encoding cannot be generated. 80e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 81e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public byte[] getEncoded() 82e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throws IOException 83e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 84e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return attrCert.getEncoded(); 85e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 86e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 87e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public int getVersion() 88e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 89e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return attrCert.getAcinfo().getVersion().getValue().intValue() + 1; 90e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 91e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 92e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 93e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the serial number of this attribute certificate. 94e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 95e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the serial number. 96e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 97e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public BigInteger getSerialNumber() 98e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 99e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return attrCert.getAcinfo().getSerialNumber().getValue(); 100e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 101e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 102e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 103e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the holder details for this attribute certificate. 104e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 105e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return this attribute certificate's holder structure. 106e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 107e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public AttributeCertificateHolder getHolder() 108e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 109e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return new AttributeCertificateHolder((ASN1Sequence)attrCert.getAcinfo().getHolder().toASN1Primitive()); 110e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 111e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 112e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 113e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the issuer details for this attribute certificate. 114e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 115e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return this attribute certificate's issuer structure, 116e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 117e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public AttributeCertificateIssuer getIssuer() 118e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 119e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return new AttributeCertificateIssuer(attrCert.getAcinfo().getIssuer()); 120e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 121e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 122e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 123e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the date before which this attribute certificate is not valid. 124e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 125e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the start date for the attribute certificate's validity period. 126e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 127e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Date getNotBefore() 128e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 129e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return CertUtils.recoverDate(attrCert.getAcinfo().getAttrCertValidityPeriod().getNotBeforeTime()); 130e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 131e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 132e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 133e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the date after which this attribute certificate is not valid. 134e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 135e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the final date for the attribute certificate's validity period. 136e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 137e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Date getNotAfter() 138e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 139e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return CertUtils.recoverDate(attrCert.getAcinfo().getAttrCertValidityPeriod().getNotAfterTime()); 140e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 141e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 142e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 143e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the attributes, if any associated with this request. 144e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 145e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return an array of Attribute, zero length if none present. 146e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 147e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Attribute[] getAttributes() 148e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 149e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom ASN1Sequence seq = attrCert.getAcinfo().getAttributes(); 150e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom Attribute[] attrs = new Attribute[seq.size()]; 151e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 152e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom for (int i = 0; i != seq.size(); i++) 153e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 154e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom attrs[i] = Attribute.getInstance(seq.getObjectAt(i)); 155e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 156e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 157e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return attrs; 158e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 159e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 160e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 161e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return an array of attributes matching the passed in type OID. 162e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 163e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param type the type of the attribute being looked for. 164e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return an array of Attribute of the requested type, zero length if none present. 165e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 166e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Attribute[] getAttributes(ASN1ObjectIdentifier type) 167e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 168e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom ASN1Sequence seq = attrCert.getAcinfo().getAttributes(); 169e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom List list = new ArrayList(); 170e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 171e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom for (int i = 0; i != seq.size(); i++) 172e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 173e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom Attribute attr = Attribute.getInstance(seq.getObjectAt(i)); 174e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom if (attr.getAttrType().equals(type)) 175e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 176e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom list.add(attr); 177e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 178e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 179e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 180e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom if (list.size() == 0) 181e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 182e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return EMPTY_ARRAY; 183e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 184e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 185e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return (Attribute[])list.toArray(new Attribute[list.size()]); 186e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 187e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 188e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 189e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return whether or not the holder's attribute certificate contains extensions. 190e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 191e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return true if extension are present, false otherwise. 192e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 193e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public boolean hasExtensions() 194e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 195e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return extensions != null; 196e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 197e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 198e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 199e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Look up the extension associated with the passed in OID. 200e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 201e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param oid the OID of the extension of interest. 202e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 203e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the extension if present, null otherwise. 204e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 205e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Extension getExtension(ASN1ObjectIdentifier oid) 206e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 207e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom if (extensions != null) 208e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 209e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return extensions.getExtension(oid); 210e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 211e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 212e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return null; 213e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 214e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 215e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 21670c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom * Return the extensions block associated with this certificate if there is one. 21770c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom * 21870c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom * @return the extensions block, null otherwise. 21970c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom */ 22070c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom public Extensions getExtensions() 22170c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom { 22270c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom return extensions; 22370c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom } 22470c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom 22570c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom /** 226e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the 227e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * extensions contained in this holder's attribute certificate. 228e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 229e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return a list of extension OIDs. 230e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 231e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public List getExtensionOIDs() 232e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 233e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return CertUtils.getExtensionOIDs(extensions); 234e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 235e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 236e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 237e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the 238e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * critical extensions contained in this holder's attribute certificate. 239e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 240e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return a set of critical extension OIDs. 241e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 242e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Set getCriticalExtensionOIDs() 243e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 244e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return CertUtils.getCriticalExtensionOIDs(extensions); 245e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 246e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 247e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 248e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the 249e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * non-critical extensions contained in this holder's attribute certificate. 250e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 251e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return a set of non-critical extension OIDs. 252e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 253e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public Set getNonCriticalExtensionOIDs() 254e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 255e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return CertUtils.getNonCriticalExtensionOIDs(extensions); 256e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 257e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 258e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public boolean[] getIssuerUniqueID() 259e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 260e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return CertUtils.bitStringToBoolean(attrCert.getAcinfo().getIssuerUniqueID()); 261e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 262e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 263e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 264e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the details of the signature algorithm used to create this attribute certificate. 265e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 266e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the AlgorithmIdentifier describing the signature algorithm used to create this attribute certificate. 267e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 268e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public AlgorithmIdentifier getSignatureAlgorithm() 269e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 270e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return attrCert.getSignatureAlgorithm(); 271e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 272e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 273e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 274e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the bytes making up the signature associated with this attribute certificate. 275e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 276e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return the attribute certificate signature bytes. 277e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 278e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public byte[] getSignature() 279e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 280e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return attrCert.getSignatureValue().getBytes(); 281e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 282e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 283e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 284e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return the underlying ASN.1 structure for the attribute certificate in this holder. 285e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 286e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return a AttributeCertificate object. 287e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 288e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public AttributeCertificate toASN1Structure() 289e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 290e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return attrCert; 291e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 292e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 293e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 294e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Return whether or not this attribute certificate is valid on a particular date. 295e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 296e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param date the date of interest. 297e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return true if the attribute certificate is valid, false otherwise. 298e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 299e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public boolean isValidOn(Date date) 300e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 301e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom AttCertValidityPeriod certValidityPeriod = attrCert.getAcinfo().getAttrCertValidityPeriod(); 302e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 303e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return !date.before(CertUtils.recoverDate(certValidityPeriod.getNotBeforeTime())) && !date.after(CertUtils.recoverDate(certValidityPeriod.getNotAfterTime())); 304e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 305e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 306e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom /** 307e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * Validate the signature on the attribute certificate in this holder. 308e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * 309e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. 310e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @return true if the signature is valid, false otherwise. 311e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom * @throws CertException if the signature cannot be processed or is inappropriate. 312e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom */ 313e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public boolean isSignatureValid(ContentVerifierProvider verifierProvider) 314e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throws CertException 315e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 316e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom AttributeCertificateInfo acinfo = attrCert.getAcinfo(); 317e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 31870c8287138e69a98c2f950036f9f703ee37228c8Brian Carlstrom if (!CertUtils.isAlgIdEqual(acinfo.getSignature(), attrCert.getSignatureAlgorithm())) 319e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 320e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throw new CertException("signature invalid - algorithm identifier mismatch"); 321e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 322e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 323e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom ContentVerifier verifier; 324e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 325e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom try 326e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 327e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom verifier = verifierProvider.get((acinfo.getSignature())); 328e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 329e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom OutputStream sOut = verifier.getOutputStream(); 330e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom DEROutputStream dOut = new DEROutputStream(sOut); 331e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 332e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom dOut.writeObject(acinfo); 333e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 334e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom sOut.close(); 335e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 336e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom catch (Exception e) 337e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 338e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom throw new CertException("unable to process signature: " + e.getMessage(), e); 339e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 340e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 341e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return verifier.verify(attrCert.getSignatureValue().getBytes()); 342e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 343e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 344e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public boolean equals( 345e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom Object o) 346e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 347e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom if (o == this) 348e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 349e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return true; 350e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 351e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 352e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom if (!(o instanceof X509AttributeCertificateHolder)) 353e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 354e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return false; 355e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 356e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 357e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom X509AttributeCertificateHolder other = (X509AttributeCertificateHolder)o; 358e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 359e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return this.attrCert.equals(other.attrCert); 360e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 361e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom 362e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom public int hashCode() 363e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom { 364e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom return this.attrCert.hashCode(); 365e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom } 366e6bf3e8dfa2804891a82075cb469b736321b4827Brian Carlstrom} 367