package de.persosim.simulator.cardobjects;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import de.persosim.simulator.exception.AccessDeniedException;
import de.persosim.simulator.protocols.RoleOid;
import de.persosim.simulator.protocols.auxVerification.AuxOid;
import de.persosim.simulator.protocols.ta.AuthenticatedAuxiliaryData;
import de.persosim.simulator.protocols.ta.Authorization;
import de.persosim.simulator.protocols.ta.TerminalAuthenticationMechanism;
import de.persosim.simulator.protocols.ta.TerminalType;
import de.persosim.simulator.secstatus.EffectiveAuthorizationMechanism;
import de.persosim.simulator.secstatus.SecMechanism;
import de.persosim.simulator.secstatus.SecStatus.SecContext;
import de.persosim.simulator.utils.Utils;
public class DateAuxObject extends AuxDataObject {
Date date;
public DateAuxObject(OidIdentifier identifier, Date date) {
super(identifier);
this.date = date;
}
/**
* @return the date
*/
public Date getDate() {
return date;
}
@Override
public boolean verify(AuthenticatedAuxiliaryData current)
throws AccessDeniedException {
// get necessary information stored in TA
//XXX access conditions should be stored separately and evaluated in a more generic (identifier independent) way
Collection<Class<? extends SecMechanism>> previousMechanisms = new HashSet<>();
previousMechanisms.add(TerminalAuthenticationMechanism.class);
previousMechanisms.add(EffectiveAuthorizationMechanism.class);
Collection<SecMechanism> currentMechanisms = securityStatus.getCurrentMechanisms(SecContext.APPLICATION, previousMechanisms);
TerminalAuthenticationMechanism taMechanism = null;
EffectiveAuthorizationMechanism authMechanism = null;
if (currentMechanisms.size() >= 2) {
for(SecMechanism secmechanism:currentMechanisms) {
if(secmechanism instanceof TerminalAuthenticationMechanism) {
taMechanism = (TerminalAuthenticationMechanism) secmechanism;
}
if(secmechanism instanceof EffectiveAuthorizationMechanism) {
authMechanism = (EffectiveAuthorizationMechanism) secmechanism;
}
}
if((taMechanism == null) || (authMechanism == null)) {
throw new AccessDeniedException("Age verification not allowed");
}
if (identifier.getOid().equals(AuxOid.id_DateOfBirth)) {
if (taMechanism.getTerminalType().equals(TerminalType.ST)) {
throw new AccessDeniedException("Age verification not allowed");
}
if (taMechanism.getTerminalType().equals(TerminalType.AT)) {
Authorization auth = authMechanism.getAuthorization(RoleOid.id_AT);
if(!auth.getAuthorization().getBit(0)) {
throw new AccessDeniedException("Age verification not allowed");
}
}
Date dateToCheck = Utils.getDate(new String(current.getDiscretionaryData()));
return !date.after(dateToCheck);
} else if (identifier.getOid().equals(AuxOid.id_DateOfExpiry)) {
Date dateToCheck = Utils.getDate(new String (current.getDiscretionaryData()));
return !date.before(dateToCheck);
}
}
return false;
}
}