001package org.apache.commons.ssl.org.bouncycastle.asn1.eac; 002 003import java.io.IOException; 004import java.util.Hashtable; 005 006import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1EncodableVector; 007import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1InputStream; 008import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1Object; 009import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1ObjectIdentifier; 010import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1Primitive; 011import org.apache.commons.ssl.org.bouncycastle.asn1.DERApplicationSpecific; 012import org.bouncycastle.util.Integers; 013 014/** 015 * an Iso7816CertificateHolderAuthorization structure. 016 * <pre> 017 * Certificate Holder Authorization ::= SEQUENCE { 018 * // specifies the format and the rules for the evaluation of the authorization 019 * // level 020 * ASN1ObjectIdentifier oid, 021 * // access rights 022 * DERApplicationSpecific accessRights, 023 * } 024 * </pre> 025 */ 026public class CertificateHolderAuthorization 027 extends ASN1Object 028{ 029 ASN1ObjectIdentifier oid; 030 DERApplicationSpecific accessRights; 031 public static final ASN1ObjectIdentifier id_role_EAC = EACObjectIdentifiers.bsi_de.branch("3.1.2.1"); 032 public static final int CVCA = 0xC0; 033 public static final int DV_DOMESTIC = 0x80; 034 public static final int DV_FOREIGN = 0x40; 035 public static final int IS = 0; 036 public static final int RADG4 = 0x02;//Read Access to DG4 (Iris) 037 public static final int RADG3 = 0x01;//Read Access to DG3 (fingerprint) 038 039 static Hashtable RightsDecodeMap = new Hashtable(); 040 static BidirectionalMap AuthorizationRole = new BidirectionalMap(); 041 static Hashtable ReverseMap = new Hashtable(); 042 043 static 044 { 045 RightsDecodeMap.put(Integers.valueOf(RADG4), "RADG4"); 046 RightsDecodeMap.put(Integers.valueOf(RADG3), "RADG3"); 047 048 AuthorizationRole.put(Integers.valueOf(CVCA), "CVCA"); 049 AuthorizationRole.put(Integers.valueOf(DV_DOMESTIC), "DV_DOMESTIC"); 050 AuthorizationRole.put(Integers.valueOf(DV_FOREIGN), "DV_FOREIGN"); 051 AuthorizationRole.put(Integers.valueOf(IS), "IS"); 052 053 /* 054 for (int i : RightsDecodeMap.keySet()) 055 ReverseMap.put(RightsDecodeMap.get(i), i); 056 057 for (int i : AuthorizationRole.keySet()) 058 ReverseMap.put(AuthorizationRole.get(i), i); 059 */ 060 } 061 062 public static String GetRoleDescription(int i) 063 { 064 return (String)AuthorizationRole.get(Integers.valueOf(i)); 065 } 066 067 public static int GetFlag(String description) 068 { 069 Integer i = (Integer)AuthorizationRole.getReverse(description); 070 if (i == null) 071 { 072 throw new IllegalArgumentException("Unknown value " + description); 073 } 074 075 return i.intValue(); 076 } 077 078 private void setPrivateData(ASN1InputStream cha) 079 throws IOException 080 { 081 ASN1Primitive obj; 082 obj = cha.readObject(); 083 if (obj instanceof ASN1ObjectIdentifier) 084 { 085 this.oid = (ASN1ObjectIdentifier)obj; 086 } 087 else 088 { 089 throw new IllegalArgumentException("no Oid in CerticateHolderAuthorization"); 090 } 091 obj = cha.readObject(); 092 if (obj instanceof DERApplicationSpecific) 093 { 094 this.accessRights = (DERApplicationSpecific)obj; 095 } 096 else 097 { 098 throw new IllegalArgumentException("No access rights in CerticateHolderAuthorization"); 099 } 100 } 101 102 103 /** 104 * create an Iso7816CertificateHolderAuthorization according to the parameters 105 * 106 * @param oid Object Identifier : specifies the format and the rules for the 107 * evaluatioin of the authorization level. 108 * @param rights specifies the access rights 109 * @throws IOException 110 */ 111 public CertificateHolderAuthorization(ASN1ObjectIdentifier oid, int rights) 112 throws IOException 113 { 114 setOid(oid); 115 setAccessRights((byte)rights); 116 } 117 118 /** 119 * create an Iso7816CertificateHolderAuthorization according to the {@link DERApplicationSpecific} 120 * 121 * @param aSpe the DERApplicationSpecific containing the data 122 * @throws IOException 123 */ 124 public CertificateHolderAuthorization(DERApplicationSpecific aSpe) 125 throws IOException 126 { 127 if (aSpe.getApplicationTag() == EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE) 128 { 129 setPrivateData(new ASN1InputStream(aSpe.getContents())); 130 } 131 } 132 133 /** 134 * @return containing the access rights 135 */ 136 public int getAccessRights() 137 { 138 return accessRights.getContents()[0] & 0xff; 139 } 140 141 /** 142 * create a DERApplicationSpecific and set the access rights to "rights" 143 * 144 * @param rights byte containing the rights. 145 */ 146 private void setAccessRights(byte rights) 147 { 148 byte[] accessRights = new byte[1]; 149 accessRights[0] = rights; 150 this.accessRights = new DERApplicationSpecific( 151 EACTags.getTag(EACTags.DISCRETIONARY_DATA), accessRights); 152 } 153 154 /** 155 * @return the Object identifier 156 */ 157 public ASN1ObjectIdentifier getOid() 158 { 159 return oid; 160 } 161 162 /** 163 * set the Object Identifier 164 * 165 * @param oid {@link ASN1ObjectIdentifier} containing the Object Identifier 166 */ 167 private void setOid(ASN1ObjectIdentifier oid) 168 { 169 this.oid = oid; 170 } 171 172 /** 173 * return the Certificate Holder Authorization as a DERApplicationSpecific Object 174 */ 175 public ASN1Primitive toASN1Primitive() 176 { 177 ASN1EncodableVector v = new ASN1EncodableVector(); 178 179 v.add(oid); 180 v.add(accessRights); 181 182 return new DERApplicationSpecific(EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE, v); 183 } 184}