diff options
Diffstat (limited to 'core/src/main/java/org/spongycastle/asn1/eac/CVCertificate.java')
-rw-r--r-- | core/src/main/java/org/spongycastle/asn1/eac/CVCertificate.java | 313 |
1 files changed, 313 insertions, 0 deletions
diff --git a/core/src/main/java/org/spongycastle/asn1/eac/CVCertificate.java b/core/src/main/java/org/spongycastle/asn1/eac/CVCertificate.java new file mode 100644 index 00000000..63e02d4e --- /dev/null +++ b/core/src/main/java/org/spongycastle/asn1/eac/CVCertificate.java @@ -0,0 +1,313 @@ +package org.spongycastle.asn1.eac; + + +import java.io.IOException; + +import org.spongycastle.asn1.ASN1EncodableVector; +import org.spongycastle.asn1.ASN1InputStream; +import org.spongycastle.asn1.ASN1Object; +import org.spongycastle.asn1.ASN1ObjectIdentifier; +import org.spongycastle.asn1.ASN1ParsingException; +import org.spongycastle.asn1.ASN1Primitive; +import org.spongycastle.asn1.DERApplicationSpecific; +import org.spongycastle.asn1.DEROctetString; + + +/** + * an iso7816Certificate structure. + * <pre> + * Certificate ::= SEQUENCE { + * CertificateBody Iso7816CertificateBody, + * signature DER Application specific + * } + * </pre> + */ +public class CVCertificate + extends ASN1Object +{ + private CertificateBody certificateBody; + private byte[] signature; + private int valid; + private static int bodyValid = 0x01; + private static int signValid = 0x02; + public static final byte version_1 = 0x0; + + public static String ReferenceEncoding = "ISO-8859-1"; + + /** + * Sets the values of the certificate (body and signature). + * + * @param appSpe is a DERApplicationSpecific object containing body and signature. + * @throws IOException if tags or value are incorrect. + */ + private void setPrivateData(DERApplicationSpecific appSpe) + throws IOException + { + valid = 0; + if (appSpe.getApplicationTag() == EACTags.CARDHOLDER_CERTIFICATE) + { + ASN1InputStream content = new ASN1InputStream(appSpe.getContents()); + ASN1Primitive tmpObj; + while ((tmpObj = content.readObject()) != null) + { + DERApplicationSpecific aSpe; + if (tmpObj instanceof DERApplicationSpecific) + { + aSpe = (DERApplicationSpecific)tmpObj; + switch (aSpe.getApplicationTag()) + { + case EACTags.CERTIFICATE_CONTENT_TEMPLATE: + certificateBody = CertificateBody.getInstance(aSpe); + valid |= bodyValid; + break; + case EACTags.STATIC_INTERNAL_AUTHENTIFICATION_ONE_STEP: + signature = aSpe.getContents(); + valid |= signValid; + break; + default: + throw new IOException("Invalid tag, not an Iso7816CertificateStructure :" + aSpe.getApplicationTag()); + } + } + else + { + throw new IOException("Invalid Object, not an Iso7816CertificateStructure"); + } + } + } + else + { + throw new IOException("not a CARDHOLDER_CERTIFICATE :" + appSpe.getApplicationTag()); + } + } + + /** + * Create an iso7816Certificate structure from an ASN1InputStream. + * + * @param aIS the byte stream to parse. + * @throws IOException if there is a problem parsing the data. + */ + public CVCertificate(ASN1InputStream aIS) + throws IOException + { + initFrom(aIS); + } + + private void initFrom(ASN1InputStream aIS) + throws IOException + { + ASN1Primitive obj; + while ((obj = aIS.readObject()) != null) + { + if (obj instanceof DERApplicationSpecific) + { + setPrivateData((DERApplicationSpecific)obj); + } + else + { + throw new IOException("Invalid Input Stream for creating an Iso7816CertificateStructure"); + } + } + } + + /** + * Create an iso7816Certificate structure from a DERApplicationSpecific. + * + * @param appSpe the DERApplicationSpecific object. + * @return the Iso7816CertificateStructure represented by the DERApplicationSpecific object. + * @throws IOException if there is a problem parsing the data. + */ + private CVCertificate(DERApplicationSpecific appSpe) + throws IOException + { + setPrivateData(appSpe); + } + + /** + * Create an iso7816Certificate structure from a body and its signature. + * + * @param body the Iso7816CertificateBody object containing the body. + * @param signature the byte array containing the signature + * @throws IOException if there is a problem parsing the data. + */ + public CVCertificate(CertificateBody body, byte[] signature) + throws IOException + { + certificateBody = body; + this.signature = signature; + // patch remi + valid |= bodyValid; + valid |= signValid; + } + + /** + * Create an iso7816Certificate structure from an object. + * + * @param obj the Object to extract the certificate from. + * @return the Iso7816CertificateStructure represented by the byte stream. + */ + public static CVCertificate getInstance(Object obj) + { + if (obj instanceof CVCertificate) + { + return (CVCertificate)obj; + } + else if (obj != null) + { + try + { + return new CVCertificate(DERApplicationSpecific.getInstance(obj)); + } + catch (IOException e) + { + throw new ASN1ParsingException("unable to parse data: " + e.getMessage(), e); + } + } + + return null; + } + + /** + * Gives the signature of the whole body. Type of signature is given in + * the Iso7816CertificateBody.Iso7816PublicKey.ASN1ObjectIdentifier + * + * @return the signature of the body. + */ + public byte[] getSignature() + { + return signature; + } + + /** + * Gives the body of the certificate. + * + * @return the body. + */ + public CertificateBody getBody() + { + return certificateBody; + } + + /** + * @see org.spongycastle.asn1.ASN1Object#toASN1Primitive() + */ + public ASN1Primitive toASN1Primitive() + { + ASN1EncodableVector v = new ASN1EncodableVector(); + + if (valid != (signValid | bodyValid)) + { + return null; + } + v.add(certificateBody); + + try + { + v.add(new DERApplicationSpecific(false, EACTags.STATIC_INTERNAL_AUTHENTIFICATION_ONE_STEP, new DEROctetString(signature))); + } + catch (IOException e) + { + throw new IllegalStateException("unable to convert signature!"); + } + + return new DERApplicationSpecific(EACTags.CARDHOLDER_CERTIFICATE, v); + } + + /** + * @return the Holder authorization and role (CVCA, DV, IS). + */ + public ASN1ObjectIdentifier getHolderAuthorization() + throws IOException + { + CertificateHolderAuthorization cha = certificateBody.getCertificateHolderAuthorization(); + return cha.getOid(); + } + + /** + * @return the date of the certificate generation + */ + public PackedDate getEffectiveDate() + throws IOException + { + return certificateBody.getCertificateEffectiveDate(); + } + + + /** + * @return the type of certificate (request or profile) + * value is either Iso7816CertificateBody.profileType + * or Iso7816CertificateBody.requestType. Any other value + * is not valid. + */ + public int getCertificateType() + { + return this.certificateBody.getCertificateType(); + } + + /** + * @return the date of the certificate generation + */ + public PackedDate getExpirationDate() + throws IOException + { + return certificateBody.getCertificateExpirationDate(); + } + + + /** + * return a bits field coded on one byte. For signification of the + * several bit see Iso7816CertificateHolderAuthorization + * + * @return role and access rigth + * @throws IOException + * @see CertificateHolderAuthorization + */ + public int getRole() + throws IOException + { + CertificateHolderAuthorization cha = certificateBody.getCertificateHolderAuthorization(); + return cha.getAccessRights(); + } + + /** + * @return the Authority Reference field of the certificate + * @throws IOException + */ + public CertificationAuthorityReference getAuthorityReference() + throws IOException + { + return certificateBody.getCertificationAuthorityReference(); + } + + /** + * @return the Holder Reference Field of the certificate + * @throws IOException + */ + public CertificateHolderReference getHolderReference() + throws IOException + { + return certificateBody.getCertificateHolderReference(); + } + + /** + * @return the bits corresponding to the role intented for the certificate + * See Iso7816CertificateHolderAuthorization static int for values + * @throws IOException + */ + public int getHolderAuthorizationRole() + throws IOException + { + int rights = certificateBody.getCertificateHolderAuthorization().getAccessRights(); + return rights & 0xC0; + } + + /** + * @return the bits corresponding the authorizations contained in the certificate + * See Iso7816CertificateHolderAuthorization static int for values + * @throws IOException + */ + public Flags getHolderAuthorizationRights() + throws IOException + { + return new Flags(certificateBody.getCertificateHolderAuthorization().getAccessRights() & 0x1F); + } +} |