org.bouncycastle.cert.dane.DANECertificateFetcher Maven / Gradle / Ivy
package org.bouncycastle.cert.dane;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.operator.DigestCalculator;
/**
* A single shot fetcher for a certificate which will only request the specific DNS record if the
* DANEEntryFetcher used on construction supports it.
*/
public class DANECertificateFetcher
{
private final DANEEntryFetcherFactory fetcherFactory;
private final DANEEntrySelectorFactory selectorFactory;
/**
* Base constructor.
*
* @param fetcherFactory the fetcher to use for resolving requests.
* @param digestCalculator the digest calculator to use for calculating sub-domains.
*/
public DANECertificateFetcher(DANEEntryFetcherFactory fetcherFactory, DigestCalculator digestCalculator)
{
this.fetcherFactory = fetcherFactory;
this.selectorFactory= new DANEEntrySelectorFactory(digestCalculator);
}
/**
* Fetch the certificates associated with the passed in email address if any exists.
*
* @param emailAddress the email address of interest.
* @return a list of X509CertificateHolder objects, or an empty list if none present.
* @throws DANEException in case of an underlying DNS or record parsing problem.
*/
public List fetch(String emailAddress)
throws DANEException
{
DANEEntrySelector daneSelector = selectorFactory.createSelector(emailAddress);
List matches = fetcherFactory.build(daneSelector.getDomainName()).getEntries();
List certs = new ArrayList(matches.size());
for (Iterator it = matches.iterator(); it.hasNext();)
{
DANEEntry next = (DANEEntry)it.next();
if (daneSelector.match(next))
{
certs.add(next.getCertificate());
}
}
return Collections.unmodifiableList(certs);
}
}