Examples with AlgorithmIdentifierType iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType used on opensource projects

Example 1 with AlgorithmIdentifierType

use of iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType in project open-ecard by ecsec.

the class ListTokens method determineTokenFeatures.

private boolean determineTokenFeatures(TokenInfoType next) {
    try {
        // request the missing information
        ConnectionHandleType h = new ConnectionHandleType();
        h.setSlotHandle(next.getConnectionHandle().getSlotHandle());
        DidInfos dids = new DidInfos(dispatcher, null, h);
        List<DidInfo> didInfos = dids.getDidInfos();
        boolean needsDidPin = false;
        boolean needsCertPin = false;
        TreeSet<String> algorithms = new TreeSet<>();
        // find out everything about the token
        for (DidInfo didInfo : didInfos) {
            if (didInfo.isCryptoDid()) {
                // only evaluate if we have no positive match yet
                if (!needsDidPin) {
                    needsDidPin |= didInfo.needsPin();
                }
                // only evaluate if we have no positive match yet
                if (!needsCertPin) {
                    for (DataSetInfo dataSetinfo : didInfo.getRelatedDataSets()) {
                        needsCertPin |= dataSetinfo.needsPin();
                    }
                }
                // get the algorithm of the did
                AlgorithmInfoType algInfo = didInfo.getGenericCryptoMarker().getAlgorithmInfo();
                AlgorithmIdentifierType algId = algInfo.getAlgorithmIdentifier();
                String alg = algInfo.getAlgorithm();
                try {
                    if (algId != null && algId.getAlgorithm() != null) {
                        String jcaName = AllowedSignatureAlgorithms.algIdtoJcaName(algId.getAlgorithm());
                        algorithms.add(jcaName);
                    }
                } catch (UnsupportedAlgorithmException ex) {
                    // ignore and fall back to Algorithm field
                    if (alg != null && !alg.isEmpty() && AllowedSignatureAlgorithms.isKnownJcaAlgorithm(alg)) {
                        algorithms.add(alg);
                    }
                }
            }
        }
        next.setNeedsPinForCertAccess(needsCertPin);
        next.setNeedsPinForPrivateKeyAccess(needsDidPin);
        next.getAlgorithm().addAll(algorithms);
        // finished evaluation everything successfully
        return true;
    } catch (NoSuchDid | WSHelper.WSException | SecurityConditionUnsatisfiable ex) {
        LOG.error("Failed to evaluate DID.", ex);
    }
    // there has been an error
    return false;
}

Example 2 with AlgorithmIdentifierType

use of iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType in project open-ecard by ecsec.

the class CIFCreator method createCryptoDID.

private DIDInfoType createCryptoDID(List<MwCertificate> mwCerts, SignatureAlgorithms sigalg) throws WSMarshallerException, CryptokiException {
    LOG.debug("Creating Crypto DID object.");
    DIDInfoType di = new DIDInfoType();
    String keyLabel = mwCerts.get(0).getLabel();
    // create differential identity
    DifferentialIdentityType did = new DifferentialIdentityType();
    di.setDifferentialIdentity(did);
    String didName = keyLabel + "_" + mwCerts.get(0).getLabel() + "_" + sigalg.getJcaAlg();
    LOG.debug("DIDName: {}", didName);
    did.setDIDName(didName);
    did.setDIDProtocol("urn:oid:1.3.162.15480.3.0.25");
    did.setDIDScope(DIDScopeType.LOCAL);
    // create crypto marker
    CryptoMarkerBuilder markerBuilder = new CryptoMarkerBuilder();
    // add AlgorithmInfo
    AlgorithmInfoType algInfo = new AlgorithmInfoType();
    algInfo.setAlgorithm(sigalg.getJcaAlg());
    AlgorithmIdentifierType algIdentifier = new AlgorithmIdentifierType();
    algIdentifier.setAlgorithm(sigalg.getAlgId());
    algInfo.setAlgorithmIdentifier(algIdentifier);
    algInfo.getSupportedOperations().add("Compute-signature");
    markerBuilder.setAlgInfo(algInfo);
    markerBuilder.setLegacyKeyname(keyLabel);
    // add certificates
    for (MwCertificate nextCert : mwCerts) {
        try {
            CertificateRefType certRef = new CertificateRefType();
            certRef.setDataSetName(nextCert.getLabel());
            markerBuilder.getCertRefs().add(certRef);
        } catch (CryptokiException ex) {
            LOG.warn("Certificate chain is not complete.");
            break;
        }
    }
    // wrap crypto marker and add to parent
    CryptoMarkerType marker = markerBuilder.build();
    DIDMarkerType markerWrapper = new DIDMarkerType();
    markerWrapper.setCryptoMarker(marker);
    did.setDIDMarker(markerWrapper);
    // create acl
    AccessControlListType acl = new AccessControlListType();
    di.setDIDACL(acl);
    List<AccessRuleType> rules = acl.getAccessRule();
    rules.add(createRuleTrue(AuthorizationServiceActionName.ACL_LIST));
    rules.add(createRuleTrue(DifferentialIdentityServiceActionName.DID_GET));
    // create sign rule with PIN reference
    AccessRuleType signRule = createRuleTrue(CryptographicServiceActionName.SIGN);
    signRule.setSecurityCondition(createDidCond(PIN_NAME));
    rules.add(signRule);
    return di;
}

Example 3 with AlgorithmIdentifierType

use of iso.std.iso_iec._24727.tech.schema.AlgorithmIdentifierType in project open-ecard by ecsec.

the class CryptoMarkerTypeTest method testCryptoMarkerType.

/**
 * Simple test for CryptoMarkerType.
 * After creating the CryptoMarker of the PrK.CH.AUT_signPKCS1_V1_5 DID in the the
 * ESIGN application of the EGK we check if the get-methods return the expected values.
 *
 * @throws Exception
 *             when something in this test went unexpectedly wrong
 */
@Test
public void testCryptoMarkerType() throws Exception {
    WSMarshaller marshaller = WSMarshallerFactory.createInstance();
    // setup the iso cryptoMarker type
    iso.std.iso_iec._24727.tech.schema.CryptoMarkerType cryptoMarker = new iso.std.iso_iec._24727.tech.schema.CryptoMarkerType();
    cryptoMarker.setProtocol("urn:oid:1.3.162.15480.3.0.25");
    // algorithm info
    AlgorithmInfoType algType = new AlgorithmInfoType();
    algType.setAlgorithm("signPKCS1_V1_5");
    AlgorithmIdentifierType aIdType = new AlgorithmIdentifierType();
    aIdType.setAlgorithm("http://ws.openecard.org/alg/rsa");
    algType.setAlgorithmIdentifier(aIdType);
    algType.getSupportedOperations().add("Compute-signature");
    algType.setCardAlgRef(new byte[] { (byte) 0x02 });
    QName elemName = new QName("urn:iso:std:iso-iec:24727:tech:schema", "AlgorithmInfo");
    JAXBElement<AlgorithmInfoType> algInfo = new JAXBElement<>(elemName, AlgorithmInfoType.class, algType);
    Element algInfoElem = marshaller.marshal(algInfo).getDocumentElement();
    cryptoMarker.getAny().add(algInfoElem);
    // key info
    elemName = new QName("urn:iso:std:iso-iec:24727:tech:schema", "KeyInfo");
    CryptoKeyInfoType cryptoKey = new CryptoKeyInfoType();
    KeyRefType keyref = new KeyRefType();
    keyref.setKeyRef(new byte[] { (byte) 0x02 });
    cryptoKey.setKeyRef(keyref);
    JAXBElement<CryptoKeyInfoType> keyInfoElem = new JAXBElement<>(elemName, CryptoKeyInfoType.class, cryptoKey);
    Element keyrefElem = marshaller.marshal(keyInfoElem).getDocumentElement();
    cryptoMarker.getAny().add(keyrefElem);
    // signature generation info
    elemName = new QName("urn:iso:std:iso-iec:24727:tech:schema", "SignatureGenerationInfo");
    JAXBElement<String> sigGenInfoElem = new JAXBElement<>(elemName, String.class, "MSE_KEY_DS PSO_CDS");
    Element sigGenElem = marshaller.marshal(sigGenInfoElem).getDocumentElement();
    cryptoMarker.getAny().add(sigGenElem);
    // certificate references if available
    elemName = new QName("urn:iso:std:iso-iec:24727:tech:schema", "CertificateRef");
    CertificateRefType certRef = new CertificateRefType();
    certRef.setDataSetName("EF.C.CH.AUT");
    JAXBElement<CertificateRefType> certRefType = new JAXBElement<>(elemName, CertificateRefType.class, certRef);
    Element certRefElement = marshaller.marshal(certRefType).getDocumentElement();
    cryptoMarker.getAny().add(certRefElement);
    // perform the tests
    CryptoMarkerType cryptoMarkerNew = new CryptoMarkerType(cryptoMarker);
    assertTrue(cryptoMarkerNew.getAlgorithmInfo().getSupportedOperations().size() > 0);
    assertEquals(cryptoMarkerNew.getSignatureGenerationInfo(), new String[] { "MSE_KEY_DS", "PSO_CDS" });
    assertEquals(cryptoMarkerNew.getCryptoKeyInfo().getKeyRef().getKeyRef(), new byte[] { 0x02 });
    assertEquals(cryptoMarkerNew.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm(), "http://ws.openecard.org/alg/rsa");
    assertNull(cryptoMarkerNew.getLegacyKeyName());
    assertNotNull(cryptoMarkerNew.getHashGenerationInfo());
    assertEquals(cryptoMarkerNew.getHashGenerationInfo(), HashGenerationInfoType.NOT_ON_CARD);
    assertEquals(cryptoMarkerNew.getCertificateRefs().get(0).getDataSetName(), "EF.C.CH.AUT");
    // assertEquals(cryptoMarker.getStateInfo(), "");
    assertEquals(cryptoMarker.getProtocol(), ECardConstants.Protocol.GENERIC_CRYPTO);
}