Examples with BiometricInfoOption - org.xipki.ca.certprofile.xijson.BiometricInfoOption

Example 1 with BiometricInfoOption

use of org.xipki.ca.certprofile.xijson.BiometricInfoOption in project xipki by xipki.

the class A2gChecker method checkExtnBiometricInfo.

// method checkExtnBasicConstraints
void checkExtnBiometricInfo(StringBuilder failureMsg, byte[] extnValue, Extensions requestedExtns) {
    BiometricInfoOption conf = getCertprofile().extensions().getBiometricInfo();
    if (conf == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Encodable extInRequest = null;
    if (requestedExtns != null) {
        extInRequest = requestedExtns.getExtensionParsedValue(Extension.biometricInfo);
    }
    if (extInRequest == null) {
        failureMsg.append("extension is present but not expected; ");
        return;
    }
    ASN1Sequence extValueInReq = ASN1Sequence.getInstance(extInRequest);
    final int expSize = extValueInReq.size();
    ASN1Sequence extValue = ASN1Sequence.getInstance(extnValue);
    final int isSize = extValue.size();
    if (isSize != expSize) {
        addViolation(failureMsg, "number of biometricData", isSize, expSize);
        return;
    }
    for (int i = 0; i < expSize; i++) {
        BiometricData isData = BiometricData.getInstance(extValue.getObjectAt(i));
        BiometricData expData = BiometricData.getInstance(extValueInReq.getObjectAt(i));
        TypeOfBiometricData isType = isData.getTypeOfBiometricData();
        TypeOfBiometricData expType = expData.getTypeOfBiometricData();
        if (!isType.equals(expType)) {
            String isStr = isType.isPredefined() ? Integer.toString(isType.getPredefinedBiometricType()) : isType.getBiometricDataOid().getId();
            String expStr = expType.isPredefined() ? Integer.toString(expType.getPredefinedBiometricType()) : expType.getBiometricDataOid().getId();
            addViolation(failureMsg, "biometricData[" + i + "].typeOfBiometricData", isStr, expStr);
        }
        HashAlgo hashAlgo;
        try {
            hashAlgo = HashAlgo.getInstance(expData.getHashAlgorithm());
        } catch (NoSuchAlgorithmException e) {
            hashAlgo = null;
            failureMsg.append("biometricData[").append(i).append("].biometricDataHash of the request has incorrect syntax; ");
        }
        if (hashAlgo != null) {
            if (!hashAlgo.getAlgorithmIdentifier().equals(isData.getHashAlgorithm())) {
                try {
                    addViolation(failureMsg, "biometricData[" + i + "].hashAlgorithm", Hex.encode(isData.getHashAlgorithm().getEncoded()), Hex.encode(hashAlgo.getAlgorithmIdentifier().getEncoded()));
                } catch (Exception ex) {
                    failureMsg.append("biometricData[").append(i).append("].biometricDataHash: could not encode; ");
                }
            }
        }
        byte[] isBytes = isData.getBiometricDataHash().getOctets();
        byte[] expBytes = expData.getBiometricDataHash().getOctets();
        if (!Arrays.equals(isBytes, expBytes)) {
            addViolation(failureMsg, "biometricData[" + i + "].biometricDataHash", hex(isBytes), hex(expBytes));
        }
        DERIA5String str = isData.getSourceDataUri();
        String isSourceDataUri = (str == null) ? null : str.getString();
        String expSourceDataUri = null;
        if (conf.getSourceDataUriOccurrence() != TripleState.forbidden) {
            str = expData.getSourceDataUri();
            expSourceDataUri = (str == null) ? null : str.getString();
        }
        if (expSourceDataUri == null) {
            if (isSourceDataUri != null) {
                addViolation(failureMsg, "biometricData[" + i + "].sourceDataUri", "present", "absent");
            }
        } else {
            if (isSourceDataUri == null) {
                failureMsg.append("biometricData[").append(i).append("].sourceDataUri is 'absent'");
                failureMsg.append(" but expected 'present'; ");
            } else if (!isSourceDataUri.equals(expSourceDataUri)) {
                addViolation(failureMsg, "biometricData[" + i + "].sourceDataUri", isSourceDataUri, expSourceDataUri);
            }
        }
    }
}

Also used : TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) BiometricData(org.bouncycastle.asn1.x509.qualified.BiometricData) HashAlgo(org.xipki.security.HashAlgo) BiometricInfoOption(org.xipki.ca.certprofile.xijson.BiometricInfoOption) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) TypeOfBiometricData(org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData) BadCertTemplateException(org.xipki.ca.api.BadCertTemplateException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Aggregations

IOException (java.io.IOException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 BiometricData (org.bouncycastle.asn1.x509.qualified.BiometricData)1 TypeOfBiometricData (org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData)1 BadCertTemplateException (org.xipki.ca.api.BadCertTemplateException)1 BiometricInfoOption (org.xipki.ca.certprofile.xijson.BiometricInfoOption)1 HashAlgo (org.xipki.security.HashAlgo)1