TrustPointCardObject.java example

Explorer
de.persosim.simulator-master
package de.persosim.simulator.cardobjects;

import java.util.Collection;

import de.persosim.simulator.crypto.certificates.CardVerifiableCertificate;
import de.persosim.simulator.exception.CertificateUpdateException;
import de.persosim.simulator.secstatus.SecStatus;

/**
 * This describes a trust point consisting of 2 public keys stored on the card.
 * Implementations will be delivering the root certificates to check chains of
 * certificates.
 * 
 * @author mboonk
 * 
 */
public class TrustPointCardObject extends AbstractCardObject {
	
	CardVerifiableCertificate currentCertificate;
	CardVerifiableCertificate previousCertificate;
	
	TrustPointIdentifier identifier;

	public TrustPointCardObject(TrustPointIdentifier identifier,
			CardVerifiableCertificate currentCertificate) {
		this.identifier = identifier;
		this.currentCertificate = currentCertificate;
	}

	@Override
	public Collection<CardObjectIdentifier> getAllIdentifiers() {
		Collection<CardObjectIdentifier> result = super.getAllIdentifiers();
		result.add(identifier);
		return result;
	}

	/**
	 * @return the current certificate that defines this trustpoint
	 */
	public CardVerifiableCertificate getCurrentCertificate() {
		return currentCertificate;
	}

	/**
	 * @return the previous certificate that defines this trustpoint or null if none set
	 */
	public CardVerifiableCertificate getPreviousCertificate() {
		return previousCertificate;
	}

	/**
	 * Update the trustpoint using a new certificate. This method moves the
	 * current certificate to the previous position and sets the given input as
	 * the new current certificate. Due to the certificate scheduling described
	 * in TR-03110 v2.10 Part 3 2.4 holding two certificates provides for
	 * seamless certificate roll-over.
	 * 
	 * @param newReference
	 * @param newCertificate
	 * @throws CertificateUpdateException
	 */
	public void updateTrustpoint(CardVerifiableCertificate newCertificate) throws CertificateUpdateException {
		//XXX MBK check access rights

		// XXX MBK TR-03105 here should be a test for the CHR (TR-03110 v2.10 Part 2 A.6.2.1)
		//if (previousCertificate != null || !newCertificate.getCertificateHolderReference().equals(currentCertificate.getCertificateHolderReference())){
		//	throw new CertificateUpdateException("The old holder reference does not fit the new one");
		//}
		
		previousCertificate = currentCertificate;
		currentCertificate = newCertificate;
	}
	
	/**
	 * Clears the content of this object, e.g. removes all certificates. This is
	 * only possible if the {@link Iso7816LifeCycleState} allows this
	 * modification.
	 */
	public void clear(){
		if (SecStatus.checkAccessConditions(getLifeCycleState())){
			previousCertificate = null;
			currentCertificate = null;
		}
	}

}