Search in sources :

Example 1 with QaAuthorizationTemplate

use of org.xipki.ca.qa.internal.QaAuthorizationTemplate in project xipki by xipki.

the class ExtensionsChecker method checkExtensionAuthorizationTemplate.

// method checkExtensionBiometricInfo
private void checkExtensionAuthorizationTemplate(StringBuilder failureMsg, byte[] extensionValue, Extensions requestedExtensions, ExtensionControl extControl) {
    QaAuthorizationTemplate conf = authorizationTemplate;
    if (conf == null) {
        byte[] expected = getExpectedExtValue(ObjectIdentifiers.id_xipki_ext_authorizationTemplate, requestedExtensions, extControl);
        if (!Arrays.equals(expected, extensionValue)) {
            addViolation(failureMsg, "extension values", hex(extensionValue), (expected == null) ? "not present" : hex(expected));
        }
        return;
    }
    ASN1Sequence seq = ASN1Sequence.getInstance(extensionValue);
    ASN1ObjectIdentifier type = ASN1ObjectIdentifier.getInstance(seq.getObjectAt(0));
    ASN1OctetString accessRights = DEROctetString.getInstance(seq.getObjectAt(1));
    if (!conf.getType().equals(type.getId())) {
        addViolation(failureMsg, "type", type.getId(), conf.getType());
    }
    byte[] isRights = accessRights.getOctets();
    if (!Arrays.equals(conf.getAccessRights(), isRights)) {
        addViolation(failureMsg, "accessRights", hex(isRights), hex(conf.getAccessRights()));
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence) QaAuthorizationTemplate(org.xipki.ca.qa.internal.QaAuthorizationTemplate) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Aggregations

ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)1 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)1 QaAuthorizationTemplate (org.xipki.ca.qa.internal.QaAuthorizationTemplate)1