public boolean match(Object obj) { if (!(obj instanceof X509CertificateHolder)) { return false; } X509CertificateHolder x509Cert = (X509CertificateHolder)obj; if (holder.getBaseCertificateID() != null) { return holder.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) && matchesDN(x509Cert.getIssuer(), holder.getBaseCertificateID().getIssuer()); } if (holder.getEntityName() != null) { if (matchesDN(x509Cert.getSubject(), holder.getEntityName())) { return true; } } if (holder.getObjectDigestInfo() != null) { try { DigestCalculator digCalc = digestCalculatorProvider.get(holder.getObjectDigestInfo().getDigestAlgorithm()); OutputStream digOut = digCalc.getOutputStream(); switch (getDigestedObjectType()) { case ObjectDigestInfo.publicKey: // TODO: DSA Dss-parms digOut.write(x509Cert.getSubjectPublicKeyInfo().getEncoded()); break; case ObjectDigestInfo.publicKeyCert: digOut.write(x509Cert.getEncoded()); break; } digOut.close(); if (!Arrays.areEqual(digCalc.getDigest(), getObjectDigest())) { return false; } } catch (Exception e) { return false; } } return false; }
/** * Constructs a holder for v2 attribute certificates with a hash value for * some type of object. * <p> * <code>digestedObjectType</code> can be one of the following: * <ul> * <li>0 - publicKey - A hash of the public key of the holder must be * passed. * <li>1 - publicKeyCert - A hash of the public key certificate of the * holder must be passed. * <li>2 - otherObjectDigest - A hash of some other object type must be * passed. <code>otherObjectTypeID</code> must not be empty. * </ul> * <p> * This cannot be used if a v1 attribute certificate is used. * * @param digestedObjectType The digest object type. * @param digestAlgorithm The algorithm identifier for the hash. * @param otherObjectTypeID The object type ID if * <code>digestedObjectType</code> is * <code>otherObjectDigest</code>. * @param objectDigest The hash value. */ public AttributeCertificateHolder(int digestedObjectType, String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest) { holder = new Holder(new ObjectDigestInfo(digestedObjectType, new ASN1ObjectIdentifier(otherObjectTypeID), new AlgorithmIdentifier(digestAlgorithm), Arrays .clone(objectDigest))); }
/** * Constructs a holder for v2 attribute certificates with a hash value for * some type of object. * <p> * <code>digestedObjectType</code> can be one of the following: * <ul> * <li>0 - publicKey - A hash of the public key of the holder must be * passed. * <li>1 - publicKeyCert - A hash of the public key certificate of the * holder must be passed. * <li>2 - otherObjectDigest - A hash of some other object type must be * passed. <code>otherObjectTypeID</code> must not be empty. * </ul> * <p> * This cannot be used if a v1 attribute certificate is used. * * @param digestedObjectType The digest object type. * @param digestAlgorithm The algorithm identifier for the hash. * @param otherObjectTypeID The object type ID if * <code>digestedObjectType</code> is * <code>otherObjectDigest</code>. * @param objectDigest The hash value. */ public AttributeCertificateHolder(int digestedObjectType, ASN1ObjectIdentifier digestAlgorithm, ASN1ObjectIdentifier otherObjectTypeID, byte[] objectDigest) { holder = new Holder(new ObjectDigestInfo(digestedObjectType, otherObjectTypeID, new AlgorithmIdentifier(digestAlgorithm), Arrays .clone(objectDigest))); }
/** * Constructs a holder for v2 attribute certificates with a hash value for * some type of object. * <p> * <code>digestedObjectType</code> can be one of the following: * <ul> * <li>0 - publicKey - A hash of the public key of the holder must be * passed. * <li>1 - publicKeyCert - A hash of the public key certificate of the * holder must be passed. * <li>2 - otherObjectDigest - A hash of some other object type must be * passed. <code>otherObjectTypeID</code> must not be empty. * </ul> * <p> * This cannot be used if a v1 attribute certificate is used. * * @param digestedObjectType The digest object type. * @param digestAlgorithm The algorithm identifier for the hash. * @param otherObjectTypeID The object type ID if * <code>digestedObjectType</code> is * <code>otherObjectDigest</code>. * @param objectDigest The hash value. */ public AttributeCertificateHolder(int digestedObjectType, String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest) { holder = new Holder(new ObjectDigestInfo(digestedObjectType, new ASN1ObjectIdentifier(otherObjectTypeID), new AlgorithmIdentifier(new ASN1ObjectIdentifier(digestAlgorithm)), Arrays .clone(objectDigest))); }
/** * Constructs a holder for v2 attribute certificates with a hash value for * some type of object. * <p> * <code>digestedObjectType</code> can be one of the following: * <ul> * <li>0 - publicKey - A hash of the public key of the holder must be * passed. * <li>1 - publicKeyCert - A hash of the public key certificate of the * holder must be passed. * <li>2 - otherObjectDigest - A hash of some other object type must be * passed. <code>otherObjectTypeID</code> must not be empty. * </ul> * <p> * This cannot be used if a v1 attribute certificate is used. * * @param digestedObjectType The digest object type. * @param digestAlgorithm The algorithm identifier for the hash. * @param otherObjectTypeID The object type ID if * <code>digestedObjectType</code> is * <code>otherObjectDigest</code>. * @param objectDigest The hash value. */ public AttributeCertificateHolder(int digestedObjectType, String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest) { holder = new Holder(new ObjectDigestInfo(digestedObjectType, otherObjectTypeID, new AlgorithmIdentifier(digestAlgorithm), Arrays .clone(objectDigest))); }
