001package org.apache.commons.ssl.org.bouncycastle.asn1.eac;
002
003import java.io.IOException;
004import java.util.Hashtable;
005
006import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1EncodableVector;
007import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1InputStream;
008import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1Object;
009import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1ObjectIdentifier;
010import org.apache.commons.ssl.org.bouncycastle.asn1.ASN1Primitive;
011import org.apache.commons.ssl.org.bouncycastle.asn1.DERApplicationSpecific;
012import org.bouncycastle.util.Integers;
013
014/**
015 * an Iso7816CertificateHolderAuthorization structure.
016 * <pre>
017 *  Certificate Holder Authorization ::= SEQUENCE {
018 *      // specifies the format and the rules for the evaluation of the authorization
019 *      // level
020 *      ASN1ObjectIdentifier        oid,
021 *      // access rights
022 *      DERApplicationSpecific    accessRights,
023 *  }
024 * </pre>
025 */
026public class CertificateHolderAuthorization
027    extends ASN1Object
028{
029    ASN1ObjectIdentifier oid;
030    DERApplicationSpecific accessRights;
031    public static final ASN1ObjectIdentifier id_role_EAC = EACObjectIdentifiers.bsi_de.branch("3.1.2.1");
032    public static final int CVCA = 0xC0;
033    public static final int DV_DOMESTIC = 0x80;
034    public static final int DV_FOREIGN = 0x40;
035    public static final int IS = 0;
036    public static final int RADG4 = 0x02;//Read Access to DG4 (Iris)
037    public static final int RADG3 = 0x01;//Read Access to DG3 (fingerprint)
038
039    static Hashtable RightsDecodeMap = new Hashtable();
040    static BidirectionalMap AuthorizationRole = new BidirectionalMap();
041    static Hashtable ReverseMap = new Hashtable();
042
043    static
044    {
045        RightsDecodeMap.put(Integers.valueOf(RADG4), "RADG4");
046        RightsDecodeMap.put(Integers.valueOf(RADG3), "RADG3");
047
048        AuthorizationRole.put(Integers.valueOf(CVCA), "CVCA");
049        AuthorizationRole.put(Integers.valueOf(DV_DOMESTIC), "DV_DOMESTIC");
050        AuthorizationRole.put(Integers.valueOf(DV_FOREIGN), "DV_FOREIGN");
051        AuthorizationRole.put(Integers.valueOf(IS), "IS");
052
053        /*
054          for (int i : RightsDecodeMap.keySet())
055              ReverseMap.put(RightsDecodeMap.get(i), i);
056
057          for (int i : AuthorizationRole.keySet())
058              ReverseMap.put(AuthorizationRole.get(i), i);
059          */
060    }
061
062    public static String GetRoleDescription(int i)
063    {
064        return (String)AuthorizationRole.get(Integers.valueOf(i));
065    }
066
067    public static int GetFlag(String description)
068    {
069        Integer i = (Integer)AuthorizationRole.getReverse(description);
070        if (i == null)
071        {
072            throw new IllegalArgumentException("Unknown value " + description);
073        }
074
075        return i.intValue();
076    }
077
078    private void setPrivateData(ASN1InputStream cha)
079        throws IOException
080    {
081        ASN1Primitive obj;
082        obj = cha.readObject();
083        if (obj instanceof ASN1ObjectIdentifier)
084        {
085            this.oid = (ASN1ObjectIdentifier)obj;
086        }
087        else
088        {
089            throw new IllegalArgumentException("no Oid in CerticateHolderAuthorization");
090        }
091        obj = cha.readObject();
092        if (obj instanceof DERApplicationSpecific)
093        {
094            this.accessRights = (DERApplicationSpecific)obj;
095        }
096        else
097        {
098            throw new IllegalArgumentException("No access rights in CerticateHolderAuthorization");
099        }
100    }
101
102
103    /**
104     * create an Iso7816CertificateHolderAuthorization according to the parameters
105     *
106     * @param oid    Object Identifier : specifies the format and the rules for the
107     *               evaluatioin of the authorization level.
108     * @param rights specifies the access rights
109     * @throws IOException
110     */
111    public CertificateHolderAuthorization(ASN1ObjectIdentifier oid, int rights)
112        throws IOException
113    {
114        setOid(oid);
115        setAccessRights((byte)rights);
116    }
117
118    /**
119     * create an Iso7816CertificateHolderAuthorization according to the {@link DERApplicationSpecific}
120     *
121     * @param aSpe the DERApplicationSpecific containing the data
122     * @throws IOException
123     */
124    public CertificateHolderAuthorization(DERApplicationSpecific aSpe)
125        throws IOException
126    {
127        if (aSpe.getApplicationTag() == EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE)
128        {
129            setPrivateData(new ASN1InputStream(aSpe.getContents()));
130        }
131    }
132
133    /**
134     * @return containing the access rights
135     */
136    public int getAccessRights()
137    {
138        return accessRights.getContents()[0] & 0xff;
139    }
140
141    /**
142     * create a DERApplicationSpecific and set the access rights to "rights"
143     *
144     * @param rights byte containing the rights.
145     */
146    private void setAccessRights(byte rights)
147    {
148        byte[] accessRights = new byte[1];
149        accessRights[0] = rights;
150        this.accessRights = new DERApplicationSpecific(
151            EACTags.getTag(EACTags.DISCRETIONARY_DATA), accessRights);
152    }
153
154    /**
155     * @return the Object identifier
156     */
157    public ASN1ObjectIdentifier getOid()
158    {
159        return oid;
160    }
161
162    /**
163     * set the Object Identifier
164     *
165     * @param oid {@link ASN1ObjectIdentifier} containing the Object Identifier
166     */
167    private void setOid(ASN1ObjectIdentifier oid)
168    {
169        this.oid = oid;
170    }
171
172    /**
173     * return the Certificate Holder Authorization as a DERApplicationSpecific Object
174     */
175    public ASN1Primitive toASN1Primitive()
176    {
177        ASN1EncodableVector v = new ASN1EncodableVector();
178
179        v.add(oid);
180        v.add(accessRights);
181
182        return new DERApplicationSpecific(EACTags.CERTIFICATE_HOLDER_AUTHORIZATION_TEMPLATE, v);
183    }
184}