org.bouncycastle.asn1.eac.CertificateHolderAuthorization Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bc-fips Show documentation
Show all versions of bc-fips Show documentation
The FIPS 140-3 Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms certified to FIPS 140-3 level 1. This jar contains JCE provider and low-level API for the BC-FJA version 2.0.0, FIPS Certificate #4743. Please see certificate for certified platform details.
package org.bouncycastle.asn1.eac;
import java.io.IOException;
import java.util.Hashtable;
import org.bouncycastle.asn1.ASN1ApplicationSpecific;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERApplicationSpecific;
import org.bouncycastle.util.Integers;
/**
* an Iso7816CertificateHolderAuthorization structure.
*
* Certificate Holder Authorization ::= SEQUENCE {
* // specifies the format and the rules for the evaluation of the authorization
* // level
* ASN1ObjectIdentifier oid,
* // access rights
* DERApplicationSpecific accessRights,
* }
*
*/
public class CertificateHolderAuthorization
extends ASN1Object
{
ASN1ObjectIdentifier oid;
ASN1ApplicationSpecific accessRights;
public static final ASN1ObjectIdentifier id_role_EAC = EACObjectIdentifiers.bsi_de.branch("3.1.2.1");
public static final int CVCA = 0xC0;
public static final int DV_DOMESTIC = 0x80;
public static final int DV_FOREIGN = 0x40;
public static final int IS = 0;
public static final int RADG4 = 0x02;//Read Access to DG4 (Iris)
public static final int RADG3 = 0x01;//Read Access to DG3 (fingerprint)
static Hashtable RightsDecodeMap = new Hashtable();
static BidirectionalMap AuthorizationRole = new BidirectionalMap();
static
{
RightsDecodeMap.put(Integers.valueOf(RADG4), "RADG4");
RightsDecodeMap.put(Integers.valueOf(RADG3), "RADG3");
AuthorizationRole.put(Integers.valueOf(CVCA), "CVCA");
AuthorizationRole.put(Integers.valueOf(DV_DOMESTIC), "DV_DOMESTIC");
AuthorizationRole.put(Integers.valueOf(DV_FOREIGN), "DV_FOREIGN");
AuthorizationRole.put(Integers.valueOf(IS), "IS");
/*
for (int i : RightsDecodeMap.keySet())
ReverseMap.put(RightsDecodeMap.get(i), i);
for (int i : AuthorizationRole.keySet())
ReverseMap.put(AuthorizationRole.get(i), i);
*/
}
public static String getRoleDescription(int i)
{
return (String)AuthorizationRole.get(Integers.valueOf(i));
}
public static int getFlag(String description)
{
Integer i = (Integer)AuthorizationRole.getReverse(description);
if (i == null)
{
throw new IllegalArgumentException("Unknown value " + description);
}
return i.intValue();
}
private void setPrivateData(ASN1InputStream cha)
throws IOException
{
ASN1Primitive obj;
obj = cha.readObject();
if (obj instanceof ASN1ObjectIdentifier)
{
this.oid = (ASN1ObjectIdentifier)obj;
}
else
{
throw new IllegalArgumentException("no Oid in CerticateHolderAuthorization");
}
obj = cha.readObject();
if (obj instanceof ASN1ApplicationSpecific)
{
this.accessRights = (ASN1ApplicationSpecific)obj;
}
else
{
throw new IllegalArgumentException("No access rights in CerticateHolderAuthorization");
}
}
/**
* create an Iso7816CertificateHolderAuthorization according to the parameters
*
* @param oid Object Identifier : specifies the format and the rules for the
* evaluatioin of the authorization level.
* @param rights specifies the access rights
* @throws IOException
*/
public CertificateHolderAuthorization(ASN1ObjectIdentifier oid, int rights)
throws IOException
{
setOid(oid);
setAccessRights((byte)rights);
}
// compatibility constructor for older APIs.
public CertificateHolderAuthorization(DERApplicationSpecific aSpe)
throws IOException
{
this(ASN1ApplicationSpecific.getInstance(aSpe));
}
/**
* create an Iso7816CertificateHolderAuthorization according to the {@link ASN1ApplicationSpecific}
*
* @param aSpe the DERApplicationSpecific containing the data
* @throws IOException
*/
public CertificateHolderAuthorization(ASN1ApplicationSpecific aSpe)
throws IOException
{
if (aSpe.getApplicationTag() == EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE)
{
setPrivateData(new ASN1InputStream(aSpe.getContents()));
}
}
/**
* @return containing the access rights
*/
public int getAccessRights()
{
return accessRights.getContents()[0] & 0xff;
}
/**
* create a DERApplicationSpecific and set the access rights to "rights"
*
* @param rights byte containing the rights.
*/
private void setAccessRights(byte rights)
{
byte[] accessRights = new byte[1];
accessRights[0] = rights;
this.accessRights = new DERApplicationSpecific(EACTags.DISCRETIONARY_DATA, accessRights);
}
/**
* @return the Object identifier
*/
public ASN1ObjectIdentifier getOid()
{
return oid;
}
/**
* set the Object Identifier
*
* @param oid {@link ASN1ObjectIdentifier} containing the Object Identifier
*/
private void setOid(ASN1ObjectIdentifier oid)
{
this.oid = oid;
}
/**
* return the Certificate Holder Authorization as a DERApplicationSpecific Object
*/
public ASN1Primitive toASN1Primitive()
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(oid);
v.add(accessRights);
return new DERApplicationSpecific(EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE, v);
}
}