All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.jcajce.PKIXCertStoreSelector Maven / Gradle / Ivy

Go to download

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

There is a newer version: 1.79
Show newest version
package org.bouncycastle.jcajce;

import java.io.IOException;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509CertSelector;
import java.util.Collection;

import org.bouncycastle.util.Selector;

/**
 * This class is a Selector implementation for certificates.
 * 
 * @see org.bouncycastle.util.Selector
 */
public class PKIXCertStoreSelector
    implements Selector
{
    /**
     * Builder for a PKIXCertStoreSelector.
     */
    public static class Builder
    {
        private final CertSelector baseSelector;

        /**
         * Constructor initializing a builder with a CertSelector.
         *
         * @param certSelector the CertSelector to copy the match details from.
         */
        public Builder(CertSelector certSelector)
        {
            this.baseSelector = (CertSelector)certSelector.clone();
        }

        /**
         * Build a selector.
         *
         * @return a new PKIXCertStoreSelector
         */
        public PKIXCertStoreSelector build()
        {
            return new PKIXCertStoreSelector(baseSelector);
        }
    }

    private final CertSelector baseSelector;

    private PKIXCertStoreSelector(CertSelector baseSelector)
    {
        this.baseSelector = baseSelector;
    }

    public boolean match(Certificate cert)
    {
        return baseSelector.match(cert);
    }

    public Object clone()
    {
        return new PKIXCertStoreSelector(baseSelector);
    }

    public static Collection getCertificates(final PKIXCertStoreSelector selector, CertStore certStore)
        throws CertStoreException
    {
        return certStore.getCertificates(new SelectorClone(selector));
    }

    private static class SelectorClone
        extends X509CertSelector
    {
        private final PKIXCertStoreSelector selector;

        SelectorClone(PKIXCertStoreSelector selector)
        {
            this.selector = selector;

            if (selector.baseSelector instanceof X509CertSelector)
            {
                X509CertSelector baseSelector = (X509CertSelector)selector.baseSelector;

                this.setAuthorityKeyIdentifier(baseSelector.getAuthorityKeyIdentifier());
                this.setBasicConstraints(baseSelector.getBasicConstraints());
                this.setCertificate(baseSelector.getCertificate());
                this.setCertificateValid(baseSelector.getCertificateValid());
                this.setKeyUsage(baseSelector.getKeyUsage());
                this.setMatchAllSubjectAltNames(baseSelector.getMatchAllSubjectAltNames());
                this.setPrivateKeyValid(baseSelector.getPrivateKeyValid());
                this.setSerialNumber(baseSelector.getSerialNumber());
                this.setSubjectKeyIdentifier(baseSelector.getSubjectKeyIdentifier());
                this.setSubjectPublicKey(baseSelector.getSubjectPublicKey());

                try
                {
                    this.setExtendedKeyUsage(baseSelector.getExtendedKeyUsage());
                    this.setIssuer(baseSelector.getIssuerAsBytes());
                    this.setNameConstraints(baseSelector.getNameConstraints());
                    this.setPathToNames(baseSelector.getPathToNames());
                    this.setPolicy(baseSelector.getPolicy());
                    this.setSubject(baseSelector.getSubjectAsBytes());
                    this.setSubjectAlternativeNames(baseSelector.getSubjectAlternativeNames());
                    this.setSubjectPublicKeyAlgID(baseSelector.getSubjectPublicKeyAlgID());
                }
                catch (IOException e)
                {
                    throw new IllegalStateException("base selector invalid: " + e.getMessage(), e);
                }
            }
        }

        public boolean match(Certificate certificate)
        {
            return (selector == null) ? (certificate != null) : selector.match(certificate);
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy