1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
package org.bouncycastle.asn1.eac;
import java.io.IOException;
import java.util.Hashtable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERApplicationSpecific;
import org.bouncycastle.util.Integers;
/**
* an Iso7816CertificateHolderAuthorization structure.
* <pre>
* Certificate Holder Authorization ::= SEQUENCE {
* // specifies the format and the rules for the evaluation of the authorization
* // level
* ASN1ObjectIdentifier oid,
* // access rights
* DERApplicationSpecific accessRights,
* }
* </pre>
*/
public class CertificateHolderAuthorization
extends ASN1Object
{
ASN1ObjectIdentifier oid;
DERApplicationSpecific accessRights;
public static final ASN1ObjectIdentifier id_role_EAC = EACObjectIdentifiers.bsi_de.branch("3.1.2.1");
public static final int CVCA = 0xC0;
public static final int DV_DOMESTIC = 0x80;
public static final int DV_FOREIGN = 0x40;
public static final int IS = 0;
public static final int RADG4 = 0x02;//Read Access to DG4 (Iris)
public static final int RADG3 = 0x01;//Read Access to DG3 (fingerprint)
static Hashtable RightsDecodeMap = new Hashtable();
static BidirectionalMap AuthorizationRole = new BidirectionalMap();
static Hashtable ReverseMap = new Hashtable();
static
{
RightsDecodeMap.put(Integers.valueOf(RADG4), "RADG4");
RightsDecodeMap.put(Integers.valueOf(RADG3), "RADG3");
AuthorizationRole.put(Integers.valueOf(CVCA), "CVCA");
AuthorizationRole.put(Integers.valueOf(DV_DOMESTIC), "DV_DOMESTIC");
AuthorizationRole.put(Integers.valueOf(DV_FOREIGN), "DV_FOREIGN");
AuthorizationRole.put(Integers.valueOf(IS), "IS");
/*
for (int i : RightsDecodeMap.keySet())
ReverseMap.put(RightsDecodeMap.get(i), i);
for (int i : AuthorizationRole.keySet())
ReverseMap.put(AuthorizationRole.get(i), i);
*/
}
public static String GetRoleDescription(int i)
{
return (String)AuthorizationRole.get(Integers.valueOf(i));
}
public static int GetFlag(String description)
{
Integer i = (Integer)AuthorizationRole.getReverse(description);
if (i == null)
{
throw new IllegalArgumentException("Unknown value " + description);
}
return i.intValue();
}
private void setPrivateData(ASN1InputStream cha)
throws IOException
{
ASN1Primitive obj;
obj = cha.readObject();
if (obj instanceof ASN1ObjectIdentifier)
{
this.oid = (ASN1ObjectIdentifier)obj;
}
else
{
throw new IllegalArgumentException("no Oid in CerticateHolderAuthorization");
}
obj = cha.readObject();
if (obj instanceof DERApplicationSpecific)
{
this.accessRights = (DERApplicationSpecific)obj;
}
else
{
throw new IllegalArgumentException("No access rights in CerticateHolderAuthorization");
}
}
/**
* create an Iso7816CertificateHolderAuthorization according to the parameters
*
* @param oid Object Identifier : specifies the format and the rules for the
* evaluatioin of the authorization level.
* @param rights specifies the access rights
* @throws IOException
*/
public CertificateHolderAuthorization(ASN1ObjectIdentifier oid, int rights)
throws IOException
{
setOid(oid);
setAccessRights((byte)rights);
}
/**
* create an Iso7816CertificateHolderAuthorization according to the {@link DERApplicationSpecific}
*
* @param aSpe the DERApplicationSpecific containing the data
* @throws IOException
*/
public CertificateHolderAuthorization(DERApplicationSpecific aSpe)
throws IOException
{
if (aSpe.getApplicationTag() == EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE)
{
setPrivateData(new ASN1InputStream(aSpe.getContents()));
}
}
/**
* @return containing the access rights
*/
public int getAccessRights()
{
return accessRights.getContents()[0] & 0xff;
}
/**
* create a DERApplicationSpecific and set the access rights to "rights"
*
* @param rights byte containing the rights.
*/
private void setAccessRights(byte rights)
{
byte[] accessRights = new byte[1];
accessRights[0] = rights;
this.accessRights = new DERApplicationSpecific(
EACTags.getTag(EACTags.DISCRETIONARY_DATA), accessRights);
}
/**
* @return the Object identifier
*/
public ASN1ObjectIdentifier getOid()
{
return oid;
}
/**
* set the Object Identifier
*
* @param oid {@link ASN1ObjectIdentifier} containing the Object Identifier
*/
private void setOid(ASN1ObjectIdentifier oid)
{
this.oid = oid;
}
/**
* return the Certificate Holder Authorization as a DERApplicationSpecific Object
*/
public ASN1Primitive toASN1Primitive()
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(oid);
v.add(accessRights);
return new DERApplicationSpecific(EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE, v);
}
}
|
