Search in sources :

Example 6 with QCStatement

use of org.bouncycastle.asn1.x509.qualified.QCStatement in project xipki by xipki.

the class ExtensionsChecker method checkExtensionQcStatements.

// method checkExtensionPrivateKeyUsagePeriod
private void checkExtensionQcStatements(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    QcStatements conf = qcStatements;
    if (conf == null) {
        byte[] expected = getExpectedExtValue(Extension.qCStatements, requestedExtensions, extControl);
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension values", extensionValue, (expected == null) ? "not present" : hex(expected));
        }
        return;
    }
    final int expSize = conf.getQcStatement().size();
    ASN1Sequence extValue = ASN1Sequence.getInstance(extensionValue);
    final int isSize = extValue.size();
    if (isSize != expSize) {
        addViolation(failureMsg, "number of statements", isSize, expSize);
        return;
    }
    // extract the euLimit and pdsLocations data from request
    Map<String, int[]> reqQcEuLimits = new HashMap<>();
    Extension reqExtension = (requestedExtensions == null) ? null : requestedExtensions.getExtension(Extension.qCStatements);
    if (reqExtension != null) {
        ASN1Sequence seq = ASN1Sequence.getInstance(reqExtension.getParsedValue());
        final int n = seq.size();
        for (int j = 0; j < n; j++) {
            QCStatement stmt = QCStatement.getInstance(seq.getObjectAt(j));
            if (ObjectIdentifiers.id_etsi_qcs_QcLimitValue.equals(stmt.getStatementId())) {
                MonetaryValue monetaryValue = MonetaryValue.getInstance(stmt.getStatementInfo());
                int amount = monetaryValue.getAmount().intValue();
                int exponent = monetaryValue.getExponent().intValue();
                Iso4217CurrencyCode currency = monetaryValue.getCurrency();
                String currencyS = currency.isAlphabetic() ? currency.getAlphabetic().toUpperCase() : Integer.toString(currency.getNumeric());
                reqQcEuLimits.put(currencyS, new int[] { amount, exponent });
            }
        }
    }
    for (int i = 0; i < expSize; i++) {
        QCStatement is = QCStatement.getInstance(extValue.getObjectAt(i));
        QcStatementType exp = conf.getQcStatement().get(i);
        if (!is.getStatementId().getId().equals(exp.getStatementId().getValue())) {
            addViolation(failureMsg, "statmentId[" + i + "]", is.getStatementId().getId(), exp.getStatementId().getValue());
            continue;
        }
        if (exp.getStatementValue() == null) {
            if (is.getStatementInfo() != null) {
                addViolation(failureMsg, "statmentInfo[" + i + "]", "present", "absent");
            }
            continue;
        }
        if (is.getStatementInfo() == null) {
            addViolation(failureMsg, "statmentInfo[" + i + "]", "absent", "present");
            continue;
        }
        QcStatementValueType expStatementValue = exp.getStatementValue();
        try {
            if (expStatementValue.getConstant() != null) {
                byte[] expValue = expStatementValue.getConstant().getValue();
                byte[] isValue = is.getStatementInfo().toASN1Primitive().getEncoded();
                if (!Arrays.equals(isValue, expValue)) {
                    addViolation(failureMsg, "statementInfo[" + i + "]", hex(isValue), hex(expValue));
                }
            } else if (expStatementValue.getQcRetentionPeriod() != null) {
                String isValue = ASN1Integer.getInstance(is.getStatementInfo()).toString();
                String expValue = expStatementValue.getQcRetentionPeriod().toString();
                if (!isValue.equals(expValue)) {
                    addViolation(failureMsg, "statementInfo[" + i + "]", isValue, expValue);
                }
            } else if (expStatementValue.getPdsLocations() != null) {
                Set<String> pdsLocations = new HashSet<>();
                ASN1Sequence pdsLocsSeq = ASN1Sequence.getInstance(is.getStatementInfo());
                int size = pdsLocsSeq.size();
                for (int k = 0; k < size; k++) {
                    ASN1Sequence pdsLocSeq = ASN1Sequence.getInstance(pdsLocsSeq.getObjectAt(k));
                    int size2 = pdsLocSeq.size();
                    if (size2 != 2) {
                        throw new IllegalArgumentException("sequence size is " + size2 + " but expected 2");
                    }
                    String url = DERIA5String.getInstance(pdsLocSeq.getObjectAt(0)).getString();
                    String lang = DERPrintableString.getInstance(pdsLocSeq.getObjectAt(1)).getString();
                    pdsLocations.add("url=" + url + ",lang=" + lang);
                }
                PdsLocationsType pdsLocationsConf = expStatementValue.getPdsLocations();
                Set<String> expectedPdsLocations = new HashSet<>();
                for (PdsLocationType m : pdsLocationsConf.getPdsLocation()) {
                    expectedPdsLocations.add("url=" + m.getUrl() + ",lang=" + m.getLanguage());
                }
                Set<String> diffs = strInBnotInA(expectedPdsLocations, pdsLocations);
                if (CollectionUtil.isNonEmpty(diffs)) {
                    failureMsg.append("statementInfo[").append(i).append("]: ").append(diffs).append(" are present but not expected; ");
                }
                diffs = strInBnotInA(pdsLocations, expectedPdsLocations);
                if (CollectionUtil.isNonEmpty(diffs)) {
                    failureMsg.append("statementInfo[").append(i).append("]: ").append(diffs).append(" are absent but are required; ");
                }
            } else if (expStatementValue.getQcEuLimitValue() != null) {
                QcEuLimitValueType euLimitConf = expStatementValue.getQcEuLimitValue();
                String expCurrency = euLimitConf.getCurrency().toUpperCase();
                int[] expAmountExp = reqQcEuLimits.get(expCurrency);
                Range2Type range = euLimitConf.getAmount();
                int value;
                if (range.getMin() == range.getMax()) {
                    value = range.getMin();
                } else if (expAmountExp != null) {
                    value = expAmountExp[0];
                } else {
                    failureMsg.append("found no QcEuLimit for currency '").append(expCurrency).append("'; ");
                    return;
                }
                // CHECKSTYLE:SKIP
                String expAmount = Integer.toString(value);
                range = euLimitConf.getExponent();
                if (range.getMin() == range.getMax()) {
                    value = range.getMin();
                } else if (expAmountExp != null) {
                    value = expAmountExp[1];
                } else {
                    failureMsg.append("found no QcEuLimit for currency '").append(expCurrency).append("'; ");
                    return;
                }
                String expExponent = Integer.toString(value);
                MonetaryValue monterayValue = MonetaryValue.getInstance(is.getStatementInfo());
                Iso4217CurrencyCode currency = monterayValue.getCurrency();
                String isCurrency = currency.isAlphabetic() ? currency.getAlphabetic() : Integer.toString(currency.getNumeric());
                String isAmount = monterayValue.getAmount().toString();
                String isExponent = monterayValue.getExponent().toString();
                if (!isCurrency.equals(expCurrency)) {
                    addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.currency", isCurrency, expCurrency);
                }
                if (!isAmount.equals(expAmount)) {
                    addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.amount", isAmount, expAmount);
                }
                if (!isExponent.equals(expExponent)) {
                    addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.exponent", isExponent, expExponent);
                }
            } else {
                throw new RuntimeException("statementInfo[" + i + "]should not reach here");
            }
        } catch (IOException ex) {
            failureMsg.append("statementInfo[").append(i).append("] has incorrect syntax; ");
        }
    }
}
Also used : QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement) HashMap(java.util.HashMap) QcStatementValueType(org.xipki.ca.certprofile.x509.jaxb.QcStatementValueType) MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) IOException(java.io.IOException) Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) PdsLocationType(org.xipki.ca.certprofile.x509.jaxb.PdsLocationType) QcStatements(org.xipki.ca.certprofile.x509.jaxb.QcStatements) Extension(org.bouncycastle.asn1.x509.Extension) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) Range2Type(org.xipki.ca.certprofile.x509.jaxb.Range2Type) QcStatementType(org.xipki.ca.certprofile.x509.jaxb.QcStatementType) PdsLocationsType(org.xipki.ca.certprofile.x509.jaxb.PdsLocationsType) HashSet(java.util.HashSet) QcEuLimitValueType(org.xipki.ca.certprofile.x509.jaxb.QcEuLimitValueType)

Aggregations

ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)6 QCStatement (org.bouncycastle.asn1.x509.qualified.QCStatement)6 HashSet (java.util.HashSet)5 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)5 DERIA5String (org.bouncycastle.asn1.DERIA5String)5 DEROctetString (org.bouncycastle.asn1.DEROctetString)5 Iso4217CurrencyCode (org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode)5 MonetaryValue (org.bouncycastle.asn1.x509.qualified.MonetaryValue)5 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)4 ASN1EncodableVector (org.bouncycastle.asn1.ASN1EncodableVector)4 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)4 DERSequence (org.bouncycastle.asn1.DERSequence)4 Extension (org.bouncycastle.asn1.x509.Extension)4 HashMap (java.util.HashMap)3 LinkedList (java.util.LinkedList)3 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)3 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)3 File (java.io.File)2 IOException (java.io.IOException)2 MessageDigest (java.security.MessageDigest)2