Search in sources :

Example 1 with BiometricInfoOption

use of org.xipki.ca.certprofile.BiometricInfoOption in project xipki by xipki.

the class ExtensionsChecker method checkExtensionBiometricInfo.

// method checkExtensionQcStatements
private void checkExtensionBiometricInfo(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    BiometricInfoOption conf = certProfile.getBiometricInfo();
    if (conf == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Encodable extInRequest = null;
    if (requestedExtensions != null) {
        extInRequest = requestedExtensions.getExtensionParsedValue(Extension.biometricInfo);
    }
    if (extInRequest == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Sequence extValueInReq = ASN1Sequence.getInstance(extInRequest);
    final int expSize = extValueInReq.size();
    ASN1Sequence extValue = ASN1Sequence.getInstance(extensionValue);
    final int isSize = extValue.size();
    if (isSize != expSize) {
        addViolation(failureMsg, "number of biometricData", isSize, expSize);
        return;
    }
    for (int i = 0; i < expSize; i++) {
        BiometricData isData = BiometricData.getInstance(extValue.getObjectAt(i));
        BiometricData expData = BiometricData.getInstance(extValueInReq.getObjectAt(i));
        TypeOfBiometricData isType = isData.getTypeOfBiometricData();
        TypeOfBiometricData expType = expData.getTypeOfBiometricData();
        if (!isType.equals(expType)) {
            String isStr = isType.isPredefined() ? Integer.toString(isType.getPredefinedBiometricType()) : isType.getBiometricDataOid().getId();
            String expStr = expType.isPredefined() ? Integer.toString(expType.getPredefinedBiometricType()) : expType.getBiometricDataOid().getId();
            addViolation(failureMsg, "biometricData[" + i + "].typeOfBiometricData", isStr, expStr);
        }
        ASN1ObjectIdentifier is = isData.getHashAlgorithm().getAlgorithm();
        ASN1ObjectIdentifier exp = expData.getHashAlgorithm().getAlgorithm();
        if (!is.equals(exp)) {
            addViolation(failureMsg, "biometricData[" + i + "].hashAlgorithm", is.getId(), exp.getId());
        }
        ASN1Encodable isHashAlgoParam = isData.getHashAlgorithm().getParameters();
        if (isHashAlgoParam == null) {
            failureMsg.append("biometricData[").append(i).append("].hashAlgorithm.parameters is 'present' but expected 'absent'; ");
        } else {
            try {
                byte[] isBytes = isHashAlgoParam.toASN1Primitive().getEncoded();
                if (!Arrays.equals(isBytes, DER_NULL)) {
                    addViolation(failureMsg, "biometricData[" + i + "].biometricDataHash.parameters", hex(isBytes), hex(DER_NULL));
                }
            } catch (IOException ex) {
                failureMsg.append("biometricData[").append(i).append("].biometricDataHash.parameters has incorrect syntax; ");
            }
        }
        byte[] isBytes = isData.getBiometricDataHash().getOctets();
        byte[] expBytes = expData.getBiometricDataHash().getOctets();
        if (!Arrays.equals(isBytes, expBytes)) {
            addViolation(failureMsg, "biometricData[" + i + "].biometricDataHash", hex(isBytes), hex(expBytes));
        }
        DERIA5String str = isData.getSourceDataUri();
        String isSourceDataUri = (str == null) ? null : str.getString();
        String expSourceDataUri = null;
        if (conf.getSourceDataUriOccurrence() != TripleState.FORBIDDEN) {
            str = expData.getSourceDataUri();
            expSourceDataUri = (str == null) ? null : str.getString();
        }
        if (expSourceDataUri == null) {
            if (isSourceDataUri != null) {
                addViolation(failureMsg, "biometricData[" + i + "].sourceDataUri", "present", "absent");
            }
        } else {
            if (isSourceDataUri == null) {
                failureMsg.append("biometricData[").append(i).append("].sourceDataUri is 'absent'");
                failureMsg.append(" but expected 'present'; ");
            } else if (!isSourceDataUri.equals(expSourceDataUri)) {
                addViolation(failureMsg, "biometricData[" + i + "].sourceDataUri", isSourceDataUri, expSourceDataUri);
            }
        }
    }
}
Also used : BiometricData(org.bouncycastle.asn1.x509.qualified.BiometricData) TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) DERIA5String(org.bouncycastle.asn1.DERIA5String) BiometricInfoOption(org.xipki.ca.certprofile.BiometricInfoOption) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) DERBMPString(org.bouncycastle.asn1.DERBMPString) DERPrintableString(org.bouncycastle.asn1.DERPrintableString) DERUTF8String(org.bouncycastle.asn1.DERUTF8String) ASN1String(org.bouncycastle.asn1.ASN1String) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) QaDirectoryString(org.xipki.ca.qa.internal.QaDirectoryString) DEROctetString(org.bouncycastle.asn1.DEROctetString) DERIA5String(org.bouncycastle.asn1.DERIA5String) DERT61String(org.bouncycastle.asn1.DERT61String) IOException(java.io.IOException) CRLDistPoint(org.bouncycastle.asn1.x509.CRLDistPoint) DistributionPoint(org.bouncycastle.asn1.x509.DistributionPoint) TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

IOException (java.io.IOException)1 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)1 ASN1String (org.bouncycastle.asn1.ASN1String)1 DERBMPString (org.bouncycastle.asn1.DERBMPString)1 DERIA5String (org.bouncycastle.asn1.DERIA5String)1 DEROctetString (org.bouncycastle.asn1.DEROctetString)1 DERPrintableString (org.bouncycastle.asn1.DERPrintableString)1 DERT61String (org.bouncycastle.asn1.DERT61String)1 DERUTF8String (org.bouncycastle.asn1.DERUTF8String)1 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)1 CRLDistPoint (org.bouncycastle.asn1.x509.CRLDistPoint)1 DistributionPoint (org.bouncycastle.asn1.x509.DistributionPoint)1 BiometricData (org.bouncycastle.asn1.x509.qualified.BiometricData)1 TypeOfBiometricData (org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData)1 BiometricInfoOption (org.xipki.ca.certprofile.BiometricInfoOption)1 QaDirectoryString (org.xipki.ca.qa.internal.QaDirectoryString)1