Search in sources :

Example 1 with QcStatements

use of org.xipki.ca.certprofile.xijson.conf.QcStatements in project xipki by xipki.

the class O2tChecker method checkExtnQcStatements.

// method checkExtnPrivateKeyUsagePeriod
void checkExtnQcStatements(StringBuilder failureMsg, byte[] extnValue, Extensions requestedExtns, ExtensionControl extnControl) {
    QcStatements qcStatements = caller.getQcStatements();
    if (qcStatements == null) {
        caller.checkConstantExtnValue(Extension.qCStatements, failureMsg, extnValue, requestedExtns, extnControl);
        return;
    }
    final int expSize = qcStatements.getQcStatements().size();
    ASN1Sequence extValue = ASN1Sequence.getInstance(extnValue);
    final int isSize = extValue.size();
    if (isSize != expSize) {
        addViolation(failureMsg, "number of statements", isSize, expSize);
        return;
    }
    // extract the euLimit and pdsLocations data from request
    Map<String, int[]> reqQcEuLimits = new HashMap<>();
    Extension reqExtension = (requestedExtns == null) ? null : requestedExtns.getExtension(Extension.qCStatements);
    if (reqExtension != null) {
        ASN1Sequence seq = ASN1Sequence.getInstance(reqExtension.getParsedValue());
        final int n = seq.size();
        for (int j = 0; j < n; j++) {
            QCStatement stmt = QCStatement.getInstance(seq.getObjectAt(j));
            if (Extn.id_etsi_qcs_QcLimitValue.equals(stmt.getStatementId())) {
                MonetaryValue monetaryValue = MonetaryValue.getInstance(stmt.getStatementInfo());
                int amount = monetaryValue.getAmount().intValue();
                int exponent = monetaryValue.getExponent().intValue();
                Iso4217CurrencyCode currency = monetaryValue.getCurrency();
                String currencyS = currency.isAlphabetic() ? currency.getAlphabetic().toUpperCase() : Integer.toString(currency.getNumeric());
                reqQcEuLimits.put(currencyS, new int[] { amount, exponent });
            }
        }
    }
    for (int i = 0; i < expSize; i++) {
        QCStatement is = QCStatement.getInstance(extValue.getObjectAt(i));
        QcStatementType exp = qcStatements.getQcStatements().get(i);
        if (!is.getStatementId().getId().equals(exp.getStatementId().getOid())) {
            addViolation(failureMsg, "statmentId[" + i + "]", is.getStatementId().getId(), exp.getStatementId().getOid());
            continue;
        }
        if (exp.getStatementValue() == null) {
            if (is.getStatementInfo() != null) {
                addViolation(failureMsg, "statmentInfo[" + i + "]", "present", "absent");
            }
            continue;
        }
        if (is.getStatementInfo() == null) {
            addViolation(failureMsg, "statmentInfo[" + i + "]", "absent", "present");
            continue;
        }
        QcStatementValueType expStatementValue = exp.getStatementValue();
        try {
            if (expStatementValue.getConstant() != null) {
                byte[] expValue = expStatementValue.getConstant().getValue();
                byte[] isValue = is.getStatementInfo().toASN1Primitive().getEncoded();
                if (!Arrays.equals(isValue, expValue)) {
                    addViolation(failureMsg, "statementInfo[" + i + "]", hex(isValue), hex(expValue));
                }
            } else if (expStatementValue.getQcRetentionPeriod() != null) {
                String isValue = ASN1Integer.getInstance(is.getStatementInfo()).toString();
                String expValue = expStatementValue.getQcRetentionPeriod().toString();
                if (!isValue.equals(expValue)) {
                    addViolation(failureMsg, "statementInfo[" + i + "]", isValue, expValue);
                }
            } else if (expStatementValue.getPdsLocations() != null) {
                Set<String> pdsLocations = new HashSet<>();
                ASN1Sequence pdsLocsSeq = ASN1Sequence.getInstance(is.getStatementInfo());
                int size = pdsLocsSeq.size();
                for (int k = 0; k < size; k++) {
                    ASN1Sequence pdsLocSeq = ASN1Sequence.getInstance(pdsLocsSeq.getObjectAt(k));
                    int size2 = pdsLocSeq.size();
                    if (size2 != 2) {
                        throw new IllegalArgumentException("sequence size is " + size2 + " but expected 2");
                    }
                    String url = DERIA5String.getInstance(pdsLocSeq.getObjectAt(0)).getString();
                    String lang = DERPrintableString.getInstance(pdsLocSeq.getObjectAt(1)).getString();
                    pdsLocations.add("url=" + url + ",lang=" + lang);
                }
                Set<String> expectedPdsLocations = new HashSet<>();
                for (PdsLocationType m : expStatementValue.getPdsLocations()) {
                    expectedPdsLocations.add("url=" + m.getUrl() + ",lang=" + m.getLanguage());
                }
                Set<String> diffs = CheckerUtil.strInBnotInA(expectedPdsLocations, pdsLocations);
                if (isNotEmpty(diffs)) {
                    failureMsg.append("statementInfo[").append(i).append("]: ").append(diffs).append(" are present but not expected; ");
                }
                diffs = CheckerUtil.strInBnotInA(pdsLocations, expectedPdsLocations);
                if (isNotEmpty(diffs)) {
                    failureMsg.append("statementInfo[").append(i).append("]: ").append(diffs).append(" are absent but are required; ");
                }
            } else if (expStatementValue.getQcEuLimitValue() != null) {
                QcEuLimitValueType euLimitConf = expStatementValue.getQcEuLimitValue();
                String expCurrency = euLimitConf.getCurrency().toUpperCase();
                int[] expAmountExp = reqQcEuLimits.get(expCurrency);
                Range2Type range = euLimitConf.getAmount();
                int value;
                if (range.getMin() == range.getMax()) {
                    value = range.getMin();
                } else if (expAmountExp != null) {
                    value = expAmountExp[0];
                } else {
                    failureMsg.append("found no QcEuLimit for currency '").append(expCurrency).append("'; ");
                    return;
                }
                String expAmount = Integer.toString(value);
                range = euLimitConf.getExponent();
                if (range.getMin() == range.getMax()) {
                    value = range.getMin();
                } else if (expAmountExp != null) {
                    value = expAmountExp[1];
                } else {
                    failureMsg.append("found no QcEuLimit for currency '").append(expCurrency).append("'; ");
                    return;
                }
                String expExponent = Integer.toString(value);
                MonetaryValue monterayValue = MonetaryValue.getInstance(is.getStatementInfo());
                Iso4217CurrencyCode currency = monterayValue.getCurrency();
                String isCurrency = currency.isAlphabetic() ? currency.getAlphabetic() : Integer.toString(currency.getNumeric());
                String isAmount = monterayValue.getAmount().toString();
                String isExponent = monterayValue.getExponent().toString();
                if (!isCurrency.equals(expCurrency)) {
                    addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.currency", isCurrency, expCurrency);
                }
                if (!isAmount.equals(expAmount)) {
                    addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.amount", isAmount, expAmount);
                }
                if (!isExponent.equals(expExponent)) {
                    addViolation(failureMsg, "statementInfo[" + i + "].qcEuLimit.exponent", isExponent, expExponent);
                }
            } else {
                throw new IllegalStateException("statementInfo[" + i + "]should not reach here");
            }
        } catch (IOException ex) {
            failureMsg.append("statementInfo[").append(i).append("] has incorrect syntax; ");
        }
    }
}
Also used : QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement) MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue) DirectoryString(org.bouncycastle.asn1.x500.DirectoryString) IOException(java.io.IOException) Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode) QcStatements(org.xipki.ca.certprofile.xijson.conf.QcStatements)

Example 2 with QcStatements

use of org.xipki.ca.certprofile.xijson.conf.QcStatements in project xipki by xipki.

the class ExtensionConfBuilder method createQcStatements.

public static QcStatements createQcStatements(boolean requireRequestExt) {
    QcStatements extValue = new QcStatements();
    QcStatementType statement = new QcStatementType();
    // QcCompliance
    statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcCompliance));
    extValue.getQcStatements().add(statement);
    // QC SCD
    statement = new QcStatementType();
    statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcSSCD));
    extValue.getQcStatements().add(statement);
    // QC RetentionPeriod
    statement = new QcStatementType();
    statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcRetentionPeriod));
    QcStatementValueType statementValue = new QcStatementValueType();
    statementValue.setQcRetentionPeriod(10);
    statement.setStatementValue(statementValue);
    extValue.getQcStatements().add(statement);
    // QC LimitValue
    statement = new QcStatementType();
    statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcLimitValue));
    statementValue = new QcStatementValueType();
    QcEuLimitValueType euLimit = new QcEuLimitValueType();
    euLimit.setCurrency("EUR");
    Range2Type rangeAmount = new Range2Type();
    int min = 100;
    rangeAmount.setMin(min);
    rangeAmount.setMax(requireRequestExt ? 200 : min);
    euLimit.setAmount(rangeAmount);
    Range2Type rangeExponent = new Range2Type();
    min = 10;
    rangeExponent.setMin(min);
    rangeExponent.setMax(requireRequestExt ? 20 : min);
    euLimit.setExponent(rangeExponent);
    statementValue.setQcEuLimitValue(euLimit);
    statement.setStatementValue(statementValue);
    extValue.getQcStatements().add(statement);
    // QC PDS
    statement = new QcStatementType();
    statement.setStatementId(createOidType(Extn.id_etsi_qcs_QcPDS));
    extValue.getQcStatements().add(statement);
    statementValue = new QcStatementValueType();
    statement.setStatementValue(statementValue);
    List<PdsLocationType> pdsLocations = new LinkedList<>();
    statementValue.setPdsLocations(pdsLocations);
    PdsLocationType pdsLocation = new PdsLocationType();
    pdsLocations.add(pdsLocation);
    pdsLocation.setUrl("http://pki.myorg.org/pds/en");
    pdsLocation.setLanguage("en");
    pdsLocation = new PdsLocationType();
    pdsLocations.add(pdsLocation);
    pdsLocation.setUrl("http://pki.myorg.org/pds/de");
    pdsLocation.setLanguage("de");
    // QC Constant value
    statement = new QcStatementType();
    statement.setStatementId(createOidType(new ASN1ObjectIdentifier("1.2.3.4.5"), "dummy"));
    statementValue = new QcStatementValueType();
    DescribableBinary value = new DescribableBinary();
    try {
        value.setValue(DERNull.INSTANCE.getEncoded());
    } catch (IOException ex) {
        throw new IllegalStateException(ex);
    }
    value.setDescription("DER NULL");
    statementValue.setConstant(value);
    statement.setStatementValue(statementValue);
    extValue.getQcStatements().add(statement);
    return extValue;
}
Also used : IOException(java.io.IOException) DescribableBinary(org.xipki.ca.certprofile.xijson.conf.Describable.DescribableBinary) QcStatements(org.xipki.ca.certprofile.xijson.conf.QcStatements) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 3 with QcStatements

use of org.xipki.ca.certprofile.xijson.conf.QcStatements in project xipki by xipki.

the class XijsonExtensions method initQcStatements.

// method initPolicyMappings
private void initQcStatements(Set<ASN1ObjectIdentifier> extnIds, Map<String, ExtensionType> extensions) throws CertprofileException {
    ASN1ObjectIdentifier type = Extension.qCStatements;
    if (!extensionControls.containsKey(type)) {
        return;
    }
    extnIds.remove(type);
    QcStatements extConf = getExtension(type, extensions).getQcStatements();
    if (extConf == null) {
        return;
    }
    List<QcStatementType> qcStatementTypes = extConf.getQcStatements();
    this.qcStatementsOption = new ArrayList<>(qcStatementTypes.size());
    Set<String> currencyCodes = new HashSet<>();
    boolean requireInfoFromReq = false;
    for (QcStatementType m : qcStatementTypes) {
        ASN1ObjectIdentifier qcStatementId = new ASN1ObjectIdentifier(m.getStatementId().getOid());
        QcStatementOption qcStatementOption;
        QcStatementValueType statementValue = m.getStatementValue();
        if (statementValue == null) {
            QCStatement qcStatment = new QCStatement(qcStatementId);
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getQcRetentionPeriod() != null) {
            QCStatement qcStatment = new QCStatement(qcStatementId, new ASN1Integer(statementValue.getQcRetentionPeriod()));
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getConstant() != null) {
            ASN1Encodable constantStatementValue;
            try {
                constantStatementValue = new ASN1StreamParser(statementValue.getConstant().getValue()).readObject();
            } catch (IOException ex) {
                throw new CertprofileException("can not parse the constant value of QcStatement");
            }
            QCStatement qcStatment = new QCStatement(qcStatementId, constantStatementValue);
            qcStatementOption = new QcStatementOption(qcStatment);
        } else if (statementValue.getQcEuLimitValue() != null) {
            QcEuLimitValueType euLimitType = statementValue.getQcEuLimitValue();
            String tmpCurrency = euLimitType.getCurrency().toUpperCase();
            if (currencyCodes.contains(tmpCurrency)) {
                throw new CertprofileException("Duplicated definition of qcStatments with QCEuLimitValue" + " for the currency " + tmpCurrency);
            }
            Iso4217CurrencyCode currency = StringUtil.isNumber(tmpCurrency) ? new Iso4217CurrencyCode(Integer.parseInt(tmpCurrency)) : new Iso4217CurrencyCode(tmpCurrency);
            Range2Type r1 = euLimitType.getAmount();
            Range2Type r2 = euLimitType.getExponent();
            if (r1.getMin() == r1.getMax() && r2.getMin() == r2.getMax()) {
                MonetaryValue monetaryValue = new MonetaryValue(currency, r1.getMin(), r2.getMin());
                QCStatement qcStatement = new QCStatement(qcStatementId, monetaryValue);
                qcStatementOption = new QcStatementOption(qcStatement);
            } else {
                MonetaryValueOption monetaryValueOption = new MonetaryValueOption(currency, r1, r2);
                qcStatementOption = new QcStatementOption(qcStatementId, monetaryValueOption);
                requireInfoFromReq = true;
            }
            currencyCodes.add(tmpCurrency);
        } else if (statementValue.getPdsLocations() != null) {
            ASN1EncodableVector vec = new ASN1EncodableVector();
            for (PdsLocationType pl : statementValue.getPdsLocations()) {
                ASN1EncodableVector vec2 = new ASN1EncodableVector();
                vec2.add(new DERIA5String(pl.getUrl()));
                String lang = pl.getLanguage();
                if (lang.length() != 2) {
                    throw new CertprofileException("invalid language '" + lang + "'");
                }
                vec2.add(new DERPrintableString(lang));
                DERSequence seq = new DERSequence(vec2);
                vec.add(seq);
            }
            QCStatement qcStatement = new QCStatement(qcStatementId, new DERSequence(vec));
            qcStatementOption = new QcStatementOption(qcStatement);
        } else {
            throw new CertprofileException("unknown value of qcStatment");
        }
        this.qcStatementsOption.add(qcStatementOption);
    }
    if (requireInfoFromReq) {
        return;
    }
    ASN1EncodableVector vec = new ASN1EncodableVector();
    for (QcStatementOption m : qcStatementsOption) {
        if (m.getStatement() == null) {
            throw new IllegalStateException("should not reach here");
        }
        vec.add(m.getStatement());
    }
    ASN1Sequence seq = new DERSequence(vec);
    qcStatments = new ExtensionValue(extensionControls.get(type).isCritical(), seq);
    qcStatementsOption = null;
}
Also used : QCStatement(org.bouncycastle.asn1.x509.qualified.QCStatement) Iso4217CurrencyCode(org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode) QcStatements(org.xipki.ca.certprofile.xijson.conf.QcStatements) ExtensionValue(org.xipki.ca.api.profile.ExtensionValue) CertprofileException(org.xipki.ca.api.profile.CertprofileException) MonetaryValue(org.bouncycastle.asn1.x509.qualified.MonetaryValue) IOException(java.io.IOException)

Aggregations

IOException (java.io.IOException)3 QcStatements (org.xipki.ca.certprofile.xijson.conf.QcStatements)3 Iso4217CurrencyCode (org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode)2 MonetaryValue (org.bouncycastle.asn1.x509.qualified.MonetaryValue)2 QCStatement (org.bouncycastle.asn1.x509.qualified.QCStatement)2 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1 DirectoryString (org.bouncycastle.asn1.x500.DirectoryString)1 CertprofileException (org.xipki.ca.api.profile.CertprofileException)1 ExtensionValue (org.xipki.ca.api.profile.ExtensionValue)1 DescribableBinary (org.xipki.ca.certprofile.xijson.conf.Describable.DescribableBinary)1