1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.credential.criteria;
18
19 import java.math.BigInteger;
20 import java.security.cert.X509Certificate;
21
22 import javax.security.auth.x500.X500Principal;
23
24 import org.opensaml.xml.security.credential.Credential;
25 import org.opensaml.xml.security.x509.X509Credential;
26 import org.opensaml.xml.security.x509.X509IssuerSerialCriteria;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
29
30
31
32
33
34 public class EvaluableX509IssuerSerialCredentialCriteria implements EvaluableCredentialCriteria {
35
36
37 private final Logger log = LoggerFactory.getLogger(EvaluableX509IssuerSerialCredentialCriteria.class);
38
39
40 private X500Principal issuer;
41
42
43 private BigInteger serialNumber;
44
45
46
47
48
49
50 public EvaluableX509IssuerSerialCredentialCriteria(X509IssuerSerialCriteria criteria) {
51 if (criteria == null) {
52 throw new NullPointerException("Criteria instance may not be null");
53 }
54 issuer = criteria.getIssuerName();
55 serialNumber = criteria.getSerialNumber();
56 }
57
58
59
60
61
62
63
64 public EvaluableX509IssuerSerialCredentialCriteria(X500Principal newIssuer, BigInteger newSerialNumber) {
65 if (newIssuer == null || newSerialNumber == null) {
66 throw new IllegalArgumentException("Issuer and serial number may not be null");
67 }
68 issuer = newIssuer;
69 serialNumber = newSerialNumber;
70 }
71
72
73 public Boolean evaluate(Credential target) {
74 if (target == null) {
75 log.error("Credential target was null");
76 return null;
77 }
78 if (!(target instanceof X509Credential)) {
79 log.info("Credential is not an X509Credential, does not satisfy issuer name and serial number criteria");
80 return Boolean.FALSE;
81 }
82 X509Credential x509Cred = (X509Credential) target;
83
84 X509Certificate entityCert = x509Cred.getEntityCertificate();
85 if (entityCert == null) {
86 log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
87 return Boolean.FALSE;
88 }
89
90 if (!entityCert.getIssuerX500Principal().equals(issuer)) {
91 return false;
92 }
93 Boolean result = entityCert.getSerialNumber().equals(serialNumber);
94 return result;
95 }
96
97 }