Example 1 with QaAuthorizationTemplate
use of org.xipki.ca.qa.internal.QaAuthorizationTemplate in project xipki by xipki.
the class ExtensionsChecker method checkExtensionAuthorizationTemplate.
// method checkExtensionBiometricInfo
private void checkExtensionAuthorizationTemplate(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
QaAuthorizationTemplate conf = authorizationTemplate;
if (conf == null) {
byte[] expected = getExpectedExtValue(ObjectIdentifiers.id_xipki_ext_authorizationTemplate, requestedExtensions, extControl);
if (!Arrays.equals(expected, extensionValue)) {
addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
}
return;
}
ASN1Sequence seq = ASN1Sequence.getInstance(extensionValue);
ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
ASN1OctetString accessRights = DEROctetString.getInstance(seq.getObjectAt(1));
if (!conf.getType().equals(type.getId())) {
addViolation(failureMsg, "type", type.getId(), conf.getType());
}
byte[] isRights = accessRights.getOctets();
if (!Arrays.equals(conf.getAccessRights(), isRights)) {
addViolation(failureMsg, "accessRights", hex(isRights), hex(conf.getAccessRights()));
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
QaAuthorizationTemplate(org.xipki.ca.qa.internal.QaAuthorizationTemplate)
ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)
Aggregations
ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1
ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)1
QaAuthorizationTemplate (org.xipki.ca.qa.internal.QaAuthorizationTemplate)1
