/lib/bouncycastle/x509/store/X509AttrCertStoreSelector.cs

  1using System;
  2using System.Collections;
  3using System.IO;
  4
  5using Org.BouncyCastle.Asn1;
  6using Org.BouncyCastle.Asn1.X509;
  7using Org.BouncyCastle.Math;
  8using Org.BouncyCastle.Utilities.Collections;
  9using Org.BouncyCastle.Utilities.Date;
 10using Org.BouncyCastle.X509.Extension;
 11
 12namespace Org.BouncyCastle.X509.Store
 13{
 14	/**
 15	* This class is an <code>Selector</code> like implementation to select
 16	* attribute certificates from a given set of criteria.
 17	*
 18	* @see org.bouncycastle.x509.X509AttributeCertificate
 19	* @see org.bouncycastle.x509.X509Store
 20	*/
 21	public class X509AttrCertStoreSelector
 22		: IX509Selector
 23	{
 24		// TODO: name constraints???
 25
 26		private IX509AttributeCertificate attributeCert;
 27		private DateTimeObject attributeCertificateValid;
 28		private AttributeCertificateHolder holder;
 29		private AttributeCertificateIssuer issuer;
 30		private BigInteger serialNumber;
 31		private ISet targetNames = new HashSet();
 32		private ISet targetGroups = new HashSet();
 33
 34		public X509AttrCertStoreSelector()
 35		{
 36		}
 37
 38		private X509AttrCertStoreSelector(
 39			X509AttrCertStoreSelector o)
 40		{
 41			this.attributeCert = o.attributeCert;
 42			this.attributeCertificateValid = o.attributeCertificateValid;
 43			this.holder = o.holder;
 44			this.issuer = o.issuer;
 45			this.serialNumber = o.serialNumber;
 46			this.targetGroups = new HashSet(o.targetGroups);
 47			this.targetNames = new HashSet(o.targetNames);
 48		}
 49
 50		/// <summary>
 51		/// Decides if the given attribute certificate should be selected.
 52		/// </summary>
 53		/// <param name="obj">The attribute certificate to be checked.</param>
 54		/// <returns><code>true</code> if the object matches this selector.</returns>
 55		public bool Match(
 56			object obj)
 57		{
 58			if (obj == null)
 59				throw new ArgumentNullException("obj");
 60
 61			IX509AttributeCertificate attrCert = obj as IX509AttributeCertificate;
 62
 63			if (attrCert == null)
 64				return false;
 65
 66			if (this.attributeCert != null && !this.attributeCert.Equals(attrCert))
 67				return false;
 68
 69			if (serialNumber != null && !attrCert.SerialNumber.Equals(serialNumber))
 70				return false;
 71
 72			if (holder != null && !attrCert.Holder.Equals(holder))
 73				return false;
 74
 75			if (issuer != null && !attrCert.Issuer.Equals(issuer))
 76				return false;
 77
 78			if (attributeCertificateValid != null && !attrCert.IsValid(attributeCertificateValid.Value))
 79				return false;
 80
 81			if (targetNames.Count > 0 || targetGroups.Count > 0)
 82			{
 83				Asn1OctetString targetInfoExt = attrCert.GetExtensionValue(
 84					X509Extensions.TargetInformation);
 85
 86				if (targetInfoExt != null)
 87				{
 88					TargetInformation targetinfo;
 89					try
 90					{
 91						targetinfo = TargetInformation.GetInstance(
 92							X509ExtensionUtilities.FromExtensionValue(targetInfoExt));
 93					}
 94					catch (Exception)
 95					{
 96						return false;
 97					}
 98
 99					Targets[] targetss = targetinfo.GetTargetsObjects();
100
101					if (targetNames.Count > 0)
102					{
103						bool found = false;
104
105						for (int i = 0; i < targetss.Length && !found; i++)
106						{
107							Target[] targets = targetss[i].GetTargets();
108
109							for (int j = 0; j < targets.Length; j++)
110							{
111								GeneralName targetName = targets[j].TargetName;
112
113								if (targetName != null && targetNames.Contains(targetName))
114								{
115									found = true;
116									break;
117								}
118							}
119						}
120						if (!found)
121						{
122							return false;
123						}
124					}
125
126					if (targetGroups.Count > 0)
127					{
128						bool found = false;
129
130						for (int i = 0; i < targetss.Length && !found; i++)
131						{
132							Target[] targets = targetss[i].GetTargets();
133
134							for (int j = 0; j < targets.Length; j++)
135							{
136								GeneralName targetGroup = targets[j].TargetGroup;
137
138								if (targetGroup != null && targetGroups.Contains(targetGroup))
139								{
140									found = true;
141									break;
142								}
143							}
144						}
145
146						if (!found)
147						{
148							return false;
149						}
150					}
151				}
152			}
153
154			return true;
155		}
156
157		public object Clone()
158		{
159			return new X509AttrCertStoreSelector(this);
160		}
161
162		/// <summary>The attribute certificate which must be matched.</summary>
163		/// <remarks>If <c>null</c> is given, any will do.</remarks>
164		public IX509AttributeCertificate AttributeCert
165		{
166			get { return attributeCert; }
167			set { this.attributeCert = value; }
168		}
169
170		[Obsolete("Use AttributeCertificateValid instead")]
171		public DateTimeObject AttribueCertificateValid
172		{
173			get { return attributeCertificateValid; }
174			set { this.attributeCertificateValid = value; }
175		}
176
177		/// <summary>The criteria for validity</summary>
178		/// <remarks>If <c>null</c> is given any will do.</remarks>
179		public DateTimeObject AttributeCertificateValid
180		{
181			get { return attributeCertificateValid; }
182			set { this.attributeCertificateValid = value; }
183		}
184
185		/// <summary>The holder.</summary>
186		/// <remarks>If <c>null</c> is given any will do.</remarks>
187		public AttributeCertificateHolder Holder
188		{
189			get { return holder; }
190			set { this.holder = value; }
191		}
192
193		/// <summary>The issuer.</summary>
194		/// <remarks>If <c>null</c> is given any will do.</remarks>
195		public AttributeCertificateIssuer Issuer
196		{
197			get { return issuer; }
198			set { this.issuer = value; }
199		}
200
201		/// <summary>The serial number.</summary>
202		/// <remarks>If <c>null</c> is given any will do.</remarks>
203		public BigInteger SerialNumber
204		{
205			get { return serialNumber; }
206			set { this.serialNumber = value; }
207		}
208
209		/**
210		* Adds a target name criterion for the attribute certificate to the target
211		* information extension criteria. The <code>X509AttributeCertificate</code>
212		* must contain at least one of the specified target names.
213		* <p>
214		* Each attribute certificate may contain a target information extension
215		* limiting the servers where this attribute certificate can be used. If
216		* this extension is not present, the attribute certificate is not targeted
217		* and may be accepted by any server.
218		* </p>
219		*
220		* @param name The name as a GeneralName (not <code>null</code>)
221		*/
222		public void AddTargetName(
223			GeneralName name)
224		{
225			targetNames.Add(name);
226		}
227
228		/**
229		* Adds a target name criterion for the attribute certificate to the target
230		* information extension criteria. The <code>X509AttributeCertificate</code>
231		* must contain at least one of the specified target names.
232		* <p>
233		* Each attribute certificate may contain a target information extension
234		* limiting the servers where this attribute certificate can be used. If
235		* this extension is not present, the attribute certificate is not targeted
236		* and may be accepted by any server.
237		* </p>
238		*
239		* @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName
240		* @throws IOException if a parsing error occurs.
241		*/
242		public void AddTargetName(
243			byte[] name)
244		{
245			AddTargetName(GeneralName.GetInstance(Asn1Object.FromByteArray(name)));
246		}
247
248		/**
249		* Adds a collection with target names criteria. If <code>null</code> is
250		* given any will do.
251		* <p>
252		* The collection consists of either GeneralName objects or byte[] arrays representing
253		* DER encoded GeneralName structures.
254		* </p>
255		* 
256		* @param names A collection of target names.
257		* @throws IOException if a parsing error occurs.
258		* @see #AddTargetName(byte[])
259		* @see #AddTargetName(GeneralName)
260		*/
261		public void SetTargetNames(
262			IEnumerable names)
263		{
264			targetNames = ExtractGeneralNames(names);
265		}
266
267		/**
268		* Gets the target names. The collection consists of <code>List</code>s
269		* made up of an <code>Integer</code> in the first entry and a DER encoded
270		* byte array or a <code>String</code> in the second entry.
271		* <p>The returned collection is immutable.</p>
272		* 
273		* @return The collection of target names
274		* @see #setTargetNames(Collection)
275		*/
276		public IEnumerable GetTargetNames()
277		{
278			return new EnumerableProxy(targetNames);
279		}
280
281		/**
282		* Adds a target group criterion for the attribute certificate to the target
283		* information extension criteria. The <code>X509AttributeCertificate</code>
284		* must contain at least one of the specified target groups.
285		* <p>
286		* Each attribute certificate may contain a target information extension
287		* limiting the servers where this attribute certificate can be used. If
288		* this extension is not present, the attribute certificate is not targeted
289		* and may be accepted by any server.
290		* </p>
291		*
292		* @param group The group as GeneralName form (not <code>null</code>)
293		*/
294		public void AddTargetGroup(
295			GeneralName group)
296		{
297			targetGroups.Add(group);
298		}
299
300		/**
301		* Adds a target group criterion for the attribute certificate to the target
302		* information extension criteria. The <code>X509AttributeCertificate</code>
303		* must contain at least one of the specified target groups.
304		* <p>
305		* Each attribute certificate may contain a target information extension
306		* limiting the servers where this attribute certificate can be used. If
307		* this extension is not present, the attribute certificate is not targeted
308		* and may be accepted by any server.
309		* </p>
310		*
311		* @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
312		* @throws IOException if a parsing error occurs.
313		*/
314		public void AddTargetGroup(
315			byte[] name)
316		{
317			AddTargetGroup(GeneralName.GetInstance(Asn1Object.FromByteArray(name)));
318		}
319
320		/**
321		* Adds a collection with target groups criteria. If <code>null</code> is
322		* given any will do.
323		* <p>
324		* The collection consists of <code>GeneralName</code> objects or <code>byte[]</code>
325		* representing DER encoded GeneralNames.
326		* </p>
327		*
328		* @param names A collection of target groups.
329		* @throws IOException if a parsing error occurs.
330		* @see #AddTargetGroup(byte[])
331		* @see #AddTargetGroup(GeneralName)
332		*/
333		public void SetTargetGroups(
334			IEnumerable names)
335		{
336			targetGroups = ExtractGeneralNames(names);
337		}
338
339		/**
340		* Gets the target groups. The collection consists of <code>List</code>s
341		* made up of an <code>Integer</code> in the first entry and a DER encoded
342		* byte array or a <code>String</code> in the second entry.
343		* <p>The returned collection is immutable.</p>
344		*
345		* @return The collection of target groups.
346		* @see #setTargetGroups(Collection)
347		*/
348		public IEnumerable GetTargetGroups()
349		{
350			return new EnumerableProxy(targetGroups);
351		}
352
353		private ISet ExtractGeneralNames(
354			IEnumerable names)
355		{
356			ISet result = new HashSet();
357
358			if (names != null)
359			{
360				foreach (object o in names)
361				{
362					if (o is GeneralName)
363					{
364						result.Add(o);
365					}
366					else
367					{
368						result.Add(GeneralName.GetInstance(Asn1Object.FromByteArray((byte[]) o)));
369					}
370				}
371			}
372
373			return result;
374		}
375	}
376}