package org.bouncycastle.cert;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Set;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AttCertValidityPeriod;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.asn1.x509.AttributeCertificate;
import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.operator.ContentVerifier;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.util.Encodable;

Holding class for an X.509 AttributeCertificate structure.
/** * Holding class for an X.509 AttributeCertificate structure. */
public class X509AttributeCertificateHolder implements Encodable, Serializable { private static final long serialVersionUID = 20170722001L; private static Attribute[] EMPTY_ARRAY = new Attribute[0]; private transient AttributeCertificate attrCert; private transient Extensions extensions; private static AttributeCertificate parseBytes(byte[] certEncoding) throws IOException { try { return AttributeCertificate.getInstance(CertUtils.parseNonEmptyASN1(certEncoding)); } catch (ClassCastException e) { throw new CertIOException("malformed data: " + e.getMessage(), e); } catch (IllegalArgumentException e) { throw new CertIOException("malformed data: " + e.getMessage(), e); } }
Create a X509AttributeCertificateHolder from the passed in bytes.
Params:
  • certEncoding – BER/DER encoding of the certificate.
Throws:
  • IOException – in the event of corrupted data, or an incorrect structure.
/** * Create a X509AttributeCertificateHolder from the passed in bytes. * * @param certEncoding BER/DER encoding of the certificate. * @throws IOException in the event of corrupted data, or an incorrect structure. */
public X509AttributeCertificateHolder(byte[] certEncoding) throws IOException { this(parseBytes(certEncoding)); }
Create a X509AttributeCertificateHolder from the passed in ASN.1 structure.
Params:
  • attrCert – an ASN.1 AttributeCertificate structure.
/** * Create a X509AttributeCertificateHolder from the passed in ASN.1 structure. * * @param attrCert an ASN.1 AttributeCertificate structure. */
public X509AttributeCertificateHolder(AttributeCertificate attrCert) { init(attrCert); } private void init(AttributeCertificate attrCert) { this.attrCert = attrCert; this.extensions = attrCert.getAcinfo().getExtensions(); }
Return the ASN.1 encoding of this holder's attribute certificate.
Throws:
Returns:a DER encoded byte array.
/** * Return the ASN.1 encoding of this holder's attribute certificate. * * @return a DER encoded byte array. * @throws IOException if an encoding cannot be generated. */
public byte[] getEncoded() throws IOException { return attrCert.getEncoded(); } public int getVersion() { return attrCert.getAcinfo().getVersion().getValue().intValue() + 1; }
Return the serial number of this attribute certificate.
Returns:the serial number.
/** * Return the serial number of this attribute certificate. * * @return the serial number. */
public BigInteger getSerialNumber() { return attrCert.getAcinfo().getSerialNumber().getValue(); }
Return the holder details for this attribute certificate.
Returns:this attribute certificate's holder structure.
/** * Return the holder details for this attribute certificate. * * @return this attribute certificate's holder structure. */
public AttributeCertificateHolder getHolder() { return new AttributeCertificateHolder((ASN1Sequence)attrCert.getAcinfo().getHolder().toASN1Primitive()); }
Return the issuer details for this attribute certificate.
Returns:this attribute certificate's issuer structure,
/** * Return the issuer details for this attribute certificate. * * @return this attribute certificate's issuer structure, */
public AttributeCertificateIssuer getIssuer() { return new AttributeCertificateIssuer(attrCert.getAcinfo().getIssuer()); }
Return the date before which this attribute certificate is not valid.
Returns:the start date for the attribute certificate's validity period.
/** * Return the date before which this attribute certificate is not valid. * * @return the start date for the attribute certificate's validity period. */
public Date getNotBefore() { return CertUtils.recoverDate(attrCert.getAcinfo().getAttrCertValidityPeriod().getNotBeforeTime()); }
Return the date after which this attribute certificate is not valid.
Returns:the final date for the attribute certificate's validity period.
/** * Return the date after which this attribute certificate is not valid. * * @return the final date for the attribute certificate's validity period. */
public Date getNotAfter() { return CertUtils.recoverDate(attrCert.getAcinfo().getAttrCertValidityPeriod().getNotAfterTime()); }
Return the attributes, if any associated with this request.
Returns:an array of Attribute, zero length if none present.
/** * Return the attributes, if any associated with this request. * * @return an array of Attribute, zero length if none present. */
public Attribute[] getAttributes() { ASN1Sequence seq = attrCert.getAcinfo().getAttributes(); Attribute[] attrs = new Attribute[seq.size()]; for (int i = 0; i != seq.size(); i++) { attrs[i] = Attribute.getInstance(seq.getObjectAt(i)); } return attrs; }
Return an array of attributes matching the passed in type OID.
Params:
  • type – the type of the attribute being looked for.
Returns:an array of Attribute of the requested type, zero length if none present.
/** * Return an array of attributes matching the passed in type OID. * * @param type the type of the attribute being looked for. * @return an array of Attribute of the requested type, zero length if none present. */
public Attribute[] getAttributes(ASN1ObjectIdentifier type) { ASN1Sequence seq = attrCert.getAcinfo().getAttributes(); List list = new ArrayList(); for (int i = 0; i != seq.size(); i++) { Attribute attr = Attribute.getInstance(seq.getObjectAt(i)); if (attr.getAttrType().equals(type)) { list.add(attr); } } if (list.size() == 0) { return EMPTY_ARRAY; } return (Attribute[])list.toArray(new Attribute[list.size()]); }
Return whether or not the holder's attribute certificate contains extensions.
Returns:true if extension are present, false otherwise.
/** * Return whether or not the holder's attribute certificate contains extensions. * * @return true if extension are present, false otherwise. */
public boolean hasExtensions() { return extensions != null; }
Look up the extension associated with the passed in OID.
Params:
  • oid – the OID of the extension of interest.
Returns:the extension if present, null otherwise.
/** * Look up the extension associated with the passed in OID. * * @param oid the OID of the extension of interest. * * @return the extension if present, null otherwise. */
public Extension getExtension(ASN1ObjectIdentifier oid) { if (extensions != null) { return extensions.getExtension(oid); } return null; }
Return the extensions block associated with this certificate if there is one.
Returns:the extensions block, null otherwise.
/** * Return the extensions block associated with this certificate if there is one. * * @return the extensions block, null otherwise. */
public Extensions getExtensions() { return extensions; }
Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the extensions contained in this holder's attribute certificate.
Returns:a list of extension OIDs.
/** * Returns a list of ASN1ObjectIdentifier objects representing the OIDs of the * extensions contained in this holder's attribute certificate. * * @return a list of extension OIDs. */
public List getExtensionOIDs() { return CertUtils.getExtensionOIDs(extensions); }
Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the critical extensions contained in this holder's attribute certificate.
Returns:a set of critical extension OIDs.
/** * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the * critical extensions contained in this holder's attribute certificate. * * @return a set of critical extension OIDs. */
public Set getCriticalExtensionOIDs() { return CertUtils.getCriticalExtensionOIDs(extensions); }
Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the non-critical extensions contained in this holder's attribute certificate.
Returns:a set of non-critical extension OIDs.
/** * Returns a set of ASN1ObjectIdentifier objects representing the OIDs of the * non-critical extensions contained in this holder's attribute certificate. * * @return a set of non-critical extension OIDs. */
public Set getNonCriticalExtensionOIDs() { return CertUtils.getNonCriticalExtensionOIDs(extensions); } public boolean[] getIssuerUniqueID() { return CertUtils.bitStringToBoolean(attrCert.getAcinfo().getIssuerUniqueID()); }
Return the details of the signature algorithm used to create this attribute certificate.
Returns:the AlgorithmIdentifier describing the signature algorithm used to create this attribute certificate.
/** * Return the details of the signature algorithm used to create this attribute certificate. * * @return the AlgorithmIdentifier describing the signature algorithm used to create this attribute certificate. */
public AlgorithmIdentifier getSignatureAlgorithm() { return attrCert.getSignatureAlgorithm(); }
Return the bytes making up the signature associated with this attribute certificate.
Returns:the attribute certificate signature bytes.
/** * Return the bytes making up the signature associated with this attribute certificate. * * @return the attribute certificate signature bytes. */
public byte[] getSignature() { return attrCert.getSignatureValue().getOctets(); }
Return the underlying ASN.1 structure for the attribute certificate in this holder.
Returns:a AttributeCertificate object.
/** * Return the underlying ASN.1 structure for the attribute certificate in this holder. * * @return a AttributeCertificate object. */
public AttributeCertificate toASN1Structure() { return attrCert; }
Return whether or not this attribute certificate is valid on a particular date.
Params:
  • date – the date of interest.
Returns:true if the attribute certificate is valid, false otherwise.
/** * Return whether or not this attribute certificate is valid on a particular date. * * @param date the date of interest. * @return true if the attribute certificate is valid, false otherwise. */
public boolean isValidOn(Date date) { AttCertValidityPeriod certValidityPeriod = attrCert.getAcinfo().getAttrCertValidityPeriod(); return !date.before(CertUtils.recoverDate(certValidityPeriod.getNotBeforeTime())) && !date.after(CertUtils.recoverDate(certValidityPeriod.getNotAfterTime())); }
Validate the signature on the attribute certificate in this holder.
Params:
  • verifierProvider – a ContentVerifierProvider that can generate a verifier for the signature.
Throws:
  • CertException – if the signature cannot be processed or is inappropriate.
Returns:true if the signature is valid, false otherwise.
/** * Validate the signature on the attribute certificate in this holder. * * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. * @return true if the signature is valid, false otherwise. * @throws CertException if the signature cannot be processed or is inappropriate. */
public boolean isSignatureValid(ContentVerifierProvider verifierProvider) throws CertException { AttributeCertificateInfo acinfo = attrCert.getAcinfo(); if (!CertUtils.isAlgIdEqual(acinfo.getSignature(), attrCert.getSignatureAlgorithm())) { throw new CertException("signature invalid - algorithm identifier mismatch"); } ContentVerifier verifier; try { verifier = verifierProvider.get((acinfo.getSignature())); OutputStream sOut = verifier.getOutputStream(); DEROutputStream dOut = new DEROutputStream(sOut); dOut.writeObject(acinfo); sOut.close(); } catch (Exception e) { throw new CertException("unable to process signature: " + e.getMessage(), e); } return verifier.verify(this.getSignature()); } public boolean equals( Object o) { if (o == this) { return true; } if (!(o instanceof X509AttributeCertificateHolder)) { return false; } X509AttributeCertificateHolder other = (X509AttributeCertificateHolder)o; return this.attrCert.equals(other.attrCert); } public int hashCode() { return this.attrCert.hashCode(); } private void readObject( ObjectInputStream in) throws IOException, ClassNotFoundException { in.defaultReadObject(); init(AttributeCertificate.getInstance(in.readObject())); } private void writeObject( ObjectOutputStream out) throws IOException { out.defaultWriteObject(); out.writeObject(this.getEncoded()); } }