PageRenderTime 56ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/lib/bouncycastle/x509/store/X509AttrCertStoreSelector.cs

https://bitbucket.org/festevezga/socketex
C# | 376 lines | 211 code | 44 blank | 121 comment | 42 complexity | 04265be0846e5166060afda7114d87bb MD5 | raw file
  1. using System;
  2. using System.Collections;
  3. using System.IO;
  4. using Org.BouncyCastle.Asn1;
  5. using Org.BouncyCastle.Asn1.X509;
  6. using Org.BouncyCastle.Math;
  7. using Org.BouncyCastle.Utilities.Collections;
  8. using Org.BouncyCastle.Utilities.Date;
  9. using Org.BouncyCastle.X509.Extension;
  10. namespace Org.BouncyCastle.X509.Store
  11. {
  12. /**
  13. * This class is an <code>Selector</code> like implementation to select
  14. * attribute certificates from a given set of criteria.
  15. *
  16. * @see org.bouncycastle.x509.X509AttributeCertificate
  17. * @see org.bouncycastle.x509.X509Store
  18. */
  19. public class X509AttrCertStoreSelector
  20. : IX509Selector
  21. {
  22. // TODO: name constraints???
  23. private IX509AttributeCertificate attributeCert;
  24. private DateTimeObject attributeCertificateValid;
  25. private AttributeCertificateHolder holder;
  26. private AttributeCertificateIssuer issuer;
  27. private BigInteger serialNumber;
  28. private ISet targetNames = new HashSet();
  29. private ISet targetGroups = new HashSet();
  30. public X509AttrCertStoreSelector()
  31. {
  32. }
  33. private X509AttrCertStoreSelector(
  34. X509AttrCertStoreSelector o)
  35. {
  36. this.attributeCert = o.attributeCert;
  37. this.attributeCertificateValid = o.attributeCertificateValid;
  38. this.holder = o.holder;
  39. this.issuer = o.issuer;
  40. this.serialNumber = o.serialNumber;
  41. this.targetGroups = new HashSet(o.targetGroups);
  42. this.targetNames = new HashSet(o.targetNames);
  43. }
  44. /// <summary>
  45. /// Decides if the given attribute certificate should be selected.
  46. /// </summary>
  47. /// <param name="obj">The attribute certificate to be checked.</param>
  48. /// <returns><code>true</code> if the object matches this selector.</returns>
  49. public bool Match(
  50. object obj)
  51. {
  52. if (obj == null)
  53. throw new ArgumentNullException("obj");
  54. IX509AttributeCertificate attrCert = obj as IX509AttributeCertificate;
  55. if (attrCert == null)
  56. return false;
  57. if (this.attributeCert != null && !this.attributeCert.Equals(attrCert))
  58. return false;
  59. if (serialNumber != null && !attrCert.SerialNumber.Equals(serialNumber))
  60. return false;
  61. if (holder != null && !attrCert.Holder.Equals(holder))
  62. return false;
  63. if (issuer != null && !attrCert.Issuer.Equals(issuer))
  64. return false;
  65. if (attributeCertificateValid != null && !attrCert.IsValid(attributeCertificateValid.Value))
  66. return false;
  67. if (targetNames.Count > 0 || targetGroups.Count > 0)
  68. {
  69. Asn1OctetString targetInfoExt = attrCert.GetExtensionValue(
  70. X509Extensions.TargetInformation);
  71. if (targetInfoExt != null)
  72. {
  73. TargetInformation targetinfo;
  74. try
  75. {
  76. targetinfo = TargetInformation.GetInstance(
  77. X509ExtensionUtilities.FromExtensionValue(targetInfoExt));
  78. }
  79. catch (Exception)
  80. {
  81. return false;
  82. }
  83. Targets[] targetss = targetinfo.GetTargetsObjects();
  84. if (targetNames.Count > 0)
  85. {
  86. bool found = false;
  87. for (int i = 0; i < targetss.Length && !found; i++)
  88. {
  89. Target[] targets = targetss[i].GetTargets();
  90. for (int j = 0; j < targets.Length; j++)
  91. {
  92. GeneralName targetName = targets[j].TargetName;
  93. if (targetName != null && targetNames.Contains(targetName))
  94. {
  95. found = true;
  96. break;
  97. }
  98. }
  99. }
  100. if (!found)
  101. {
  102. return false;
  103. }
  104. }
  105. if (targetGroups.Count > 0)
  106. {
  107. bool found = false;
  108. for (int i = 0; i < targetss.Length && !found; i++)
  109. {
  110. Target[] targets = targetss[i].GetTargets();
  111. for (int j = 0; j < targets.Length; j++)
  112. {
  113. GeneralName targetGroup = targets[j].TargetGroup;
  114. if (targetGroup != null && targetGroups.Contains(targetGroup))
  115. {
  116. found = true;
  117. break;
  118. }
  119. }
  120. }
  121. if (!found)
  122. {
  123. return false;
  124. }
  125. }
  126. }
  127. }
  128. return true;
  129. }
  130. public object Clone()
  131. {
  132. return new X509AttrCertStoreSelector(this);
  133. }
  134. /// <summary>The attribute certificate which must be matched.</summary>
  135. /// <remarks>If <c>null</c> is given, any will do.</remarks>
  136. public IX509AttributeCertificate AttributeCert
  137. {
  138. get { return attributeCert; }
  139. set { this.attributeCert = value; }
  140. }
  141. [Obsolete("Use AttributeCertificateValid instead")]
  142. public DateTimeObject AttribueCertificateValid
  143. {
  144. get { return attributeCertificateValid; }
  145. set { this.attributeCertificateValid = value; }
  146. }
  147. /// <summary>The criteria for validity</summary>
  148. /// <remarks>If <c>null</c> is given any will do.</remarks>
  149. public DateTimeObject AttributeCertificateValid
  150. {
  151. get { return attributeCertificateValid; }
  152. set { this.attributeCertificateValid = value; }
  153. }
  154. /// <summary>The holder.</summary>
  155. /// <remarks>If <c>null</c> is given any will do.</remarks>
  156. public AttributeCertificateHolder Holder
  157. {
  158. get { return holder; }
  159. set { this.holder = value; }
  160. }
  161. /// <summary>The issuer.</summary>
  162. /// <remarks>If <c>null</c> is given any will do.</remarks>
  163. public AttributeCertificateIssuer Issuer
  164. {
  165. get { return issuer; }
  166. set { this.issuer = value; }
  167. }
  168. /// <summary>The serial number.</summary>
  169. /// <remarks>If <c>null</c> is given any will do.</remarks>
  170. public BigInteger SerialNumber
  171. {
  172. get { return serialNumber; }
  173. set { this.serialNumber = value; }
  174. }
  175. /**
  176. * Adds a target name criterion for the attribute certificate to the target
  177. * information extension criteria. The <code>X509AttributeCertificate</code>
  178. * must contain at least one of the specified target names.
  179. * <p>
  180. * Each attribute certificate may contain a target information extension
  181. * limiting the servers where this attribute certificate can be used. If
  182. * this extension is not present, the attribute certificate is not targeted
  183. * and may be accepted by any server.
  184. * </p>
  185. *
  186. * @param name The name as a GeneralName (not <code>null</code>)
  187. */
  188. public void AddTargetName(
  189. GeneralName name)
  190. {
  191. targetNames.Add(name);
  192. }
  193. /**
  194. * Adds a target name criterion for the attribute certificate to the target
  195. * information extension criteria. The <code>X509AttributeCertificate</code>
  196. * must contain at least one of the specified target names.
  197. * <p>
  198. * Each attribute certificate may contain a target information extension
  199. * limiting the servers where this attribute certificate can be used. If
  200. * this extension is not present, the attribute certificate is not targeted
  201. * and may be accepted by any server.
  202. * </p>
  203. *
  204. * @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName
  205. * @throws IOException if a parsing error occurs.
  206. */
  207. public void AddTargetName(
  208. byte[] name)
  209. {
  210. AddTargetName(GeneralName.GetInstance(Asn1Object.FromByteArray(name)));
  211. }
  212. /**
  213. * Adds a collection with target names criteria. If <code>null</code> is
  214. * given any will do.
  215. * <p>
  216. * The collection consists of either GeneralName objects or byte[] arrays representing
  217. * DER encoded GeneralName structures.
  218. * </p>
  219. *
  220. * @param names A collection of target names.
  221. * @throws IOException if a parsing error occurs.
  222. * @see #AddTargetName(byte[])
  223. * @see #AddTargetName(GeneralName)
  224. */
  225. public void SetTargetNames(
  226. IEnumerable names)
  227. {
  228. targetNames = ExtractGeneralNames(names);
  229. }
  230. /**
  231. * Gets the target names. The collection consists of <code>List</code>s
  232. * made up of an <code>Integer</code> in the first entry and a DER encoded
  233. * byte array or a <code>String</code> in the second entry.
  234. * <p>The returned collection is immutable.</p>
  235. *
  236. * @return The collection of target names
  237. * @see #setTargetNames(Collection)
  238. */
  239. public IEnumerable GetTargetNames()
  240. {
  241. return new EnumerableProxy(targetNames);
  242. }
  243. /**
  244. * Adds a target group criterion for the attribute certificate to the target
  245. * information extension criteria. The <code>X509AttributeCertificate</code>
  246. * must contain at least one of the specified target groups.
  247. * <p>
  248. * Each attribute certificate may contain a target information extension
  249. * limiting the servers where this attribute certificate can be used. If
  250. * this extension is not present, the attribute certificate is not targeted
  251. * and may be accepted by any server.
  252. * </p>
  253. *
  254. * @param group The group as GeneralName form (not <code>null</code>)
  255. */
  256. public void AddTargetGroup(
  257. GeneralName group)
  258. {
  259. targetGroups.Add(group);
  260. }
  261. /**
  262. * Adds a target group criterion for the attribute certificate to the target
  263. * information extension criteria. The <code>X509AttributeCertificate</code>
  264. * must contain at least one of the specified target groups.
  265. * <p>
  266. * Each attribute certificate may contain a target information extension
  267. * limiting the servers where this attribute certificate can be used. If
  268. * this extension is not present, the attribute certificate is not targeted
  269. * and may be accepted by any server.
  270. * </p>
  271. *
  272. * @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
  273. * @throws IOException if a parsing error occurs.
  274. */
  275. public void AddTargetGroup(
  276. byte[] name)
  277. {
  278. AddTargetGroup(GeneralName.GetInstance(Asn1Object.FromByteArray(name)));
  279. }
  280. /**
  281. * Adds a collection with target groups criteria. If <code>null</code> is
  282. * given any will do.
  283. * <p>
  284. * The collection consists of <code>GeneralName</code> objects or <code>byte[]</code>
  285. * representing DER encoded GeneralNames.
  286. * </p>
  287. *
  288. * @param names A collection of target groups.
  289. * @throws IOException if a parsing error occurs.
  290. * @see #AddTargetGroup(byte[])
  291. * @see #AddTargetGroup(GeneralName)
  292. */
  293. public void SetTargetGroups(
  294. IEnumerable names)
  295. {
  296. targetGroups = ExtractGeneralNames(names);
  297. }
  298. /**
  299. * Gets the target groups. The collection consists of <code>List</code>s
  300. * made up of an <code>Integer</code> in the first entry and a DER encoded
  301. * byte array or a <code>String</code> in the second entry.
  302. * <p>The returned collection is immutable.</p>
  303. *
  304. * @return The collection of target groups.
  305. * @see #setTargetGroups(Collection)
  306. */
  307. public IEnumerable GetTargetGroups()
  308. {
  309. return new EnumerableProxy(targetGroups);
  310. }
  311. private ISet ExtractGeneralNames(
  312. IEnumerable names)
  313. {
  314. ISet result = new HashSet();
  315. if (names != null)
  316. {
  317. foreach (object o in names)
  318. {
  319. if (o is GeneralName)
  320. {
  321. result.Add(o);
  322. }
  323. else
  324. {
  325. result.Add(GeneralName.GetInstance(Asn1Object.FromByteArray((byte[]) o)));
  326. }
  327. }
  328. }
  329. return result;
  330. }
  331. }
  332. }