package org.bouncycastle.asn1.eac;
import java.io.IOException;
import java.util.Hashtable;
import org.bouncycastle.asn1.ASN1ApplicationSpecific;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERApplicationSpecific;
import org.bouncycastle.util.Integers;
an Iso7816CertificateHolderAuthorization structure.
Certificate Holder Authorization ::= SEQUENCE {
// specifies the format and the rules for the evaluation of the authorization
// level
ASN1ObjectIdentifier oid,
// access rights
DERApplicationSpecific accessRights,
}
/**
* an Iso7816CertificateHolderAuthorization structure.
* <pre>
* Certificate Holder Authorization ::= SEQUENCE {
* // specifies the format and the rules for the evaluation of the authorization
* // level
* ASN1ObjectIdentifier oid,
* // access rights
* DERApplicationSpecific accessRights,
* }
* </pre>
*/
public class CertificateHolderAuthorization
extends ASN1Object
{
ASN1ObjectIdentifier oid;
ASN1ApplicationSpecific accessRights;
public static final ASN1ObjectIdentifier id_role_EAC = EACObjectIdentifiers.bsi_de.branch("3.1.2.1");
public static final int CVCA = 0xC0;
public static final int DV_DOMESTIC = 0x80;
public static final int DV_FOREIGN = 0x40;
public static final int IS = 0;
public static final int RADG4 = 0x02;//Read Access to DG4 (Iris)
public static final int RADG3 = 0x01;//Read Access to DG3 (fingerprint)
static Hashtable RightsDecodeMap = new Hashtable();
static BidirectionalMap AuthorizationRole = new BidirectionalMap();
static Hashtable ReverseMap = new Hashtable();
static
{
RightsDecodeMap.put(Integers.valueOf(RADG4), "RADG4");
RightsDecodeMap.put(Integers.valueOf(RADG3), "RADG3");
AuthorizationRole.put(Integers.valueOf(CVCA), "CVCA");
AuthorizationRole.put(Integers.valueOf(DV_DOMESTIC), "DV_DOMESTIC");
AuthorizationRole.put(Integers.valueOf(DV_FOREIGN), "DV_FOREIGN");
AuthorizationRole.put(Integers.valueOf(IS), "IS");
/*
for (int i : RightsDecodeMap.keySet())
ReverseMap.put(RightsDecodeMap.get(i), i);
for (int i : AuthorizationRole.keySet())
ReverseMap.put(AuthorizationRole.get(i), i);
*/
}
public static String getRoleDescription(int i)
{
return (String)AuthorizationRole.get(Integers.valueOf(i));
}
public static int getFlag(String description)
{
Integer i = (Integer)AuthorizationRole.getReverse(description);
if (i == null)
{
throw new IllegalArgumentException("Unknown value " + description);
}
return i.intValue();
}
private void setPrivateData(ASN1InputStream cha)
throws IOException
{
ASN1Primitive obj;
obj = cha.readObject();
if (obj instanceof ASN1ObjectIdentifier)
{
this.oid = (ASN1ObjectIdentifier)obj;
}
else
{
throw new IllegalArgumentException("no Oid in CerticateHolderAuthorization");
}
obj = cha.readObject();
if (obj instanceof ASN1ApplicationSpecific)
{
this.accessRights = (ASN1ApplicationSpecific)obj;
}
else
{
throw new IllegalArgumentException("No access rights in CerticateHolderAuthorization");
}
}
create an Iso7816CertificateHolderAuthorization according to the parameters
Params: - oid – Object Identifier : specifies the format and the rules for the
evaluatioin of the authorization level.
- rights – specifies the access rights
Throws:
/**
* create an Iso7816CertificateHolderAuthorization according to the parameters
*
* @param oid Object Identifier : specifies the format and the rules for the
* evaluatioin of the authorization level.
* @param rights specifies the access rights
* @throws IOException
*/
public CertificateHolderAuthorization(ASN1ObjectIdentifier oid, int rights)
throws IOException
{
setOid(oid);
setAccessRights((byte)rights);
}
create an Iso7816CertificateHolderAuthorization according to the ASN1ApplicationSpecific
Params: - aSpe – the DERApplicationSpecific containing the data
Throws:
/**
* create an Iso7816CertificateHolderAuthorization according to the {@link ASN1ApplicationSpecific}
*
* @param aSpe the DERApplicationSpecific containing the data
* @throws IOException
*/
public CertificateHolderAuthorization(ASN1ApplicationSpecific aSpe)
throws IOException
{
if (aSpe.getApplicationTag() == EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE)
{
setPrivateData(new ASN1InputStream(aSpe.getContents()));
}
}
Returns: containing the access rights
/**
* @return containing the access rights
*/
public int getAccessRights()
{
return accessRights.getContents()[0] & 0xff;
}
create a DERApplicationSpecific and set the access rights to "rights"
Params: - rights – byte containing the rights.
/**
* create a DERApplicationSpecific and set the access rights to "rights"
*
* @param rights byte containing the rights.
*/
private void setAccessRights(byte rights)
{
byte[] accessRights = new byte[1];
accessRights[0] = rights;
this.accessRights = new DERApplicationSpecific(EACTags.DISCRETIONARY_DATA, accessRights);
}
Returns: the Object identifier
/**
* @return the Object identifier
*/
public ASN1ObjectIdentifier getOid()
{
return oid;
}
set the Object Identifier
Params: - oid –
ASN1ObjectIdentifier
containing the Object Identifier
/**
* set the Object Identifier
*
* @param oid {@link ASN1ObjectIdentifier} containing the Object Identifier
*/
private void setOid(ASN1ObjectIdentifier oid)
{
this.oid = oid;
}
return the Certificate Holder Authorization as a DERApplicationSpecific Object
/**
* return the Certificate Holder Authorization as a DERApplicationSpecific Object
*/
public ASN1Primitive toASN1Primitive()
{
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(oid);
v.add(accessRights);
return new DERApplicationSpecific(EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE, v);
}
}