Examples with SecurityConditionType iso.std.iso_iec._24727.tech.schema.SecurityConditionType used on opensource projects

Example 6 with SecurityConditionType

use of iso.std.iso_iec._24727.tech.schema.SecurityConditionType in project open-ecard by ecsec.

the class CIFCreator method createDidCond.

private SecurityConditionType createDidCond(String didName) {
    SecurityConditionType cond = new SecurityConditionType();
    DIDAuthenticationStateType authState = new DIDAuthenticationStateType();
    authState.setDIDName(didName);
    authState.setDIDState(true);
    cond.setDIDAuthentication(authState);
    return cond;
}

Example 7 with SecurityConditionType

use of iso.std.iso_iec._24727.tech.schema.SecurityConditionType in project open-ecard by ecsec.

the class ACLResolver method normalize.

private static SecurityConditionType normalize(SecurityConditionType cond) {
    // in some cases the acl is super flat, make it disjunct
    if (cond.getOr() == null) {
        SecurityConditionType result = new SecurityConditionType();
        SecurityConditionType.Or or = new SecurityConditionType.Or();
        result.setOr(or);
        or.getSecurityCondition().add(cond);
        return result;
    }
    // TODO: implement correctly, for now we cross fingers and assume it is in disjunctive form
    return cond;
}

Example 8 with SecurityConditionType

use of iso.std.iso_iec._24727.tech.schema.SecurityConditionType in project open-ecard by ecsec.

the class ACLResolver method getMissingDids.

private List<DIDStructureType> getMissingDids(List<AccessRuleType> acls, TargetNameType target) throws WSException, SecurityConditionUnsatisfiable {
    // find the sign acl
    ArrayList<AccessRuleType> tmpAcls = new ArrayList<>();
    for (AccessRuleType next : acls) {
        if (target.getDIDName() != null) {
            CryptographicServiceActionName action = next.getAction().getCryptographicServiceAction();
            if (CryptographicServiceActionName.SIGN.equals(action)) {
                tmpAcls.add(next);
                // there can be only one
                break;
            }
        }
        if (target.getDataSetName() != null) {
            NamedDataServiceActionName action = next.getAction().getNamedDataServiceAction();
            if (NamedDataServiceActionName.DATA_SET_SELECT.equals(action)) {
                tmpAcls.add(next);
                continue;
            }
            if (NamedDataServiceActionName.DSI_READ.equals(action)) {
                tmpAcls.add(next);
                continue;
            }
        }
    }
    ArrayList<DIDStructureType> result = new ArrayList<>();
    for (AccessRuleType acl : tmpAcls) {
        // get the most suitable DID in the tree
        SecurityConditionType cond = normalize(acl.getSecurityCondition());
        cond = getBestSecurityCondition(cond);
        // flatten condition to list of unsatisfied dids
        List<DIDAuthenticationStateType> authStates = flattenCondition(cond);
        List<DIDStructureType> missingDIDs = filterSatisfiedDIDs(authStates);
        result.addAll(missingDIDs);
    }
    // remove duplicates
    TreeSet<String> newDids = new TreeSet<>();
    Iterator<DIDStructureType> it = result.iterator();
    while (it.hasNext()) {
        // this code bluntly assumes, that did names are unique per cardinfo file
        DIDStructureType next = it.next();
        if (newDids.contains(next.getDIDName())) {
            it.remove();
        } else {
            newDids.add(next.getDIDName());
        }
    }
    return result;
}

Example 9 with SecurityConditionType

use of iso.std.iso_iec._24727.tech.schema.SecurityConditionType in project open-ecard by ecsec.

the class CardStateEntry method checkDIDSecurityCondition.

public boolean checkDIDSecurityCondition(byte[] cardApplication, String didName, Enum<?> serviceAction) {
    CardApplicationWrapper application = this.infoObject.getCardApplications().get(new ByteArrayWrapper(cardApplication));
    DIDInfoWrapper dataSetInfo = application.getDIDInfo(didName);
    SecurityConditionType securityCondition = dataSetInfo.getSecurityCondition(serviceAction);
    if (securityCondition != null) {
        return checkSecurityCondition(securityCondition);
    } else {
        return false;
    }
}

Example 10 with SecurityConditionType

use of iso.std.iso_iec._24727.tech.schema.SecurityConditionType in project open-ecard by ecsec.

the class CardStateEntry method checkSecurityCondition.

private boolean checkSecurityCondition(SecurityConditionType securityCondition) {
    byte[] cardApplication;
    try {
        if (securityCondition.isAlways()) {
            return true;
        }
    } catch (NullPointerException e) {
    // ignore
    }
    if (securityCondition.getDIDAuthentication() != null) {
        DIDAuthenticationStateType didAuthenticationState = securityCondition.getDIDAuthentication();
        cardApplication = getInfo().getApplicationIdByDidName(didAuthenticationState.getDIDName(), null);
        if (didAuthenticationState.isDIDState()) {
            return isAuthenticated(didAuthenticationState.getDIDName(), cardApplication);
        } else {
            return !isAuthenticated(didAuthenticationState.getDIDName(), cardApplication);
        }
    } else if (securityCondition.getOr() != null) {
        for (SecurityConditionType securityConditionOR : securityCondition.getOr().getSecurityCondition()) {
            if (checkSecurityCondition(securityConditionOR)) {
                return true;
            }
        }
    } else if (securityCondition.getAnd() != null) {
        for (SecurityConditionType securityConditionAND : securityCondition.getAnd().getSecurityCondition()) {
            if (!checkSecurityCondition(securityConditionAND)) {
                return false;
            }
        }
        return true;
    } else if (securityCondition.getNot() != null) {
        return !checkSecurityCondition(securityCondition.getNot());
    }
    return false;
}