View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.credential.criteria;
18  
19  import java.math.BigInteger;
20  import java.security.cert.X509Certificate;
21  
22  import javax.security.auth.x500.X500Principal;
23  
24  import org.opensaml.xml.security.credential.Credential;
25  import org.opensaml.xml.security.x509.X509Credential;
26  import org.opensaml.xml.security.x509.X509IssuerSerialCriteria;
27  import org.slf4j.Logger;
28  import org.slf4j.LoggerFactory;
29  
30  /**
31   * Instance of evaluable credential criteria for evaluating whether a credential's certificate contains a particular
32   * issuer name and serial number.
33   */
34  public class EvaluableX509IssuerSerialCredentialCriteria implements EvaluableCredentialCriteria {
35  
36      /** Logger. */
37      private final Logger log = LoggerFactory.getLogger(EvaluableX509IssuerSerialCredentialCriteria.class);
38  
39      /** Base criteria. */
40      private X500Principal issuer;
41  
42      /** Base criteria. */
43      private BigInteger serialNumber;
44  
45      /**
46       * Constructor.
47       * 
48       * @param criteria the criteria which is the basis for evaluation
49       */
50      public EvaluableX509IssuerSerialCredentialCriteria(X509IssuerSerialCriteria criteria) {
51          if (criteria == null) {
52              throw new NullPointerException("Criteria instance may not be null");
53          }
54          issuer = criteria.getIssuerName();
55          serialNumber = criteria.getSerialNumber();
56      }
57  
58      /**
59       * Constructor.
60       * 
61       * @param newIssuer the issuer name criteria value which is the basis for evaluation
62       * @param newSerialNumber the serial number criteria value which is the basis for evaluation
63       */
64      public EvaluableX509IssuerSerialCredentialCriteria(X500Principal newIssuer, BigInteger newSerialNumber) {
65          if (newIssuer == null || newSerialNumber == null) {
66              throw new IllegalArgumentException("Issuer and serial number may not be null");
67          }
68          issuer = newIssuer;
69          serialNumber = newSerialNumber;
70      }
71  
72      /** {@inheritDoc} */
73      public Boolean evaluate(Credential target) {
74          if (target == null) {
75              log.error("Credential target was null");
76              return null;
77          }
78          if (!(target instanceof X509Credential)) {
79              log.info("Credential is not an X509Credential, does not satisfy issuer name and serial number criteria");
80              return Boolean.FALSE;
81          }
82          X509Credential x509Cred = (X509Credential) target;
83  
84          X509Certificate entityCert = x509Cred.getEntityCertificate();
85          if (entityCert == null) {
86              log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
87              return Boolean.FALSE;
88          }
89  
90          if (!entityCert.getIssuerX500Principal().equals(issuer)) {
91              return false;
92          }
93          Boolean result = entityCert.getSerialNumber().equals(serialNumber);
94          return result;
95      }
96  
97  }