Examples with AlgorithmInfoType iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType used on opensource projects

Example 1 with AlgorithmInfoType

use of iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType in project open-ecard by ecsec.

the class ListCertificates method getCertificates.

public List<CertificateInfoType> getCertificates() throws WSHelper.WSException, NoSuchDid, CertificateException, CertificateEncodingException, SecurityConditionUnsatisfiable, ParameterInvalid, SlotHandleInvalid {
    try {
        ArrayList<CertificateInfoType> result = new ArrayList<>();
        // get crypto dids
        DidInfos didInfos = tokenCache.getInfo(pin, handle);
        List<DidInfo> cryptoDids = didInfos.getCryptoDidInfos();
        // get certificates for each crypto did
        for (DidInfo nextDid : cryptoDids) {
            LOG.debug("Reading certificates from DID={}.", nextDid.getDidName());
            List<X509Certificate> certChain = getCertChain(nextDid);
            if (!certChain.isEmpty() && matchesFilter(certChain)) {
                AlgorithmInfoType algInfo = nextDid.getGenericCryptoMarker().getAlgorithmInfo();
                try {
                    String jcaAlg = convertAlgInfo(algInfo);
                    X509Certificate cert = certChain.get(0);
                    CertificateInfoType certInfo = new CertificateInfoType();
                    for (X509Certificate nextCert : certChain) {
                        certInfo.getCertificate().add(nextCert.getEncoded());
                    }
                    certInfo.setUniqueSSN(getUniqueIdentifier(cert));
                    certInfo.setAlgorithm(jcaAlg);
                    certInfo.setDIDName(nextDid.getDidName());
                    result.add(certInfo);
                } catch (UnsupportedAlgorithmException ex) {
                    // ignore this DID
                    String algId = algInfo.getAlgorithmIdentifier().getAlgorithm();
                    LOG.warn("Ignoring DID with unsupported algorithm ({}).", algId);
                }
            }
        }
        return result;
    } catch (WSHelper.WSException ex) {
        String minor = StringUtils.nullToEmpty(ex.getResultMinor());
        switch(minor) {
            case ECardConstants.Minor.App.INCORRECT_PARM:
                throw new ParameterInvalid(ex.getMessage(), ex);
            case ECardConstants.Minor.IFD.INVALID_SLOT_HANDLE:
                throw new SlotHandleInvalid(ex.getMessage(), ex);
            case ECardConstants.Minor.SAL.SECURITY_CONDITION_NOT_SATISFIED:
                throw new SecurityConditionUnsatisfiable(ex.getMessage(), ex);
            case ECardConstants.Minor.IFD.CANCELLATION_BY_USER:
            case ECardConstants.Minor.SAL.CANCELLATION_BY_USER:
                throw new ThreadTerminateException("Certificate retrieval interrupted.", ex);
            default:
                throw ex;
        }
    } catch (InvocationTargetExceptionUnchecked ex) {
        if (ex.getCause() instanceof InterruptedException || ex.getCause() instanceof ThreadTerminateException) {
            String msg = "Certificate retrieval interrupted.";
            LOG.debug(msg, ex);
            throw new ThreadTerminateException(msg);
        } else {
            String msg = ex.getCause().getMessage();
            throw WSHelper.createException(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        }
    } finally {
        tokenCache.clearPins();
    }
}

Example 2 with AlgorithmInfoType

use of iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType in project open-ecard by ecsec.

the class ListTokens method determineTokenFeatures.

private boolean determineTokenFeatures(TokenInfoType next) {
    try {
        // request the missing information
        ConnectionHandleType h = new ConnectionHandleType();
        h.setSlotHandle(next.getConnectionHandle().getSlotHandle());
        DidInfos dids = new DidInfos(dispatcher, null, h);
        List<DidInfo> didInfos = dids.getDidInfos();
        boolean needsDidPin = false;
        boolean needsCertPin = false;
        TreeSet<String> algorithms = new TreeSet<>();
        // find out everything about the token
        for (DidInfo didInfo : didInfos) {
            if (didInfo.isCryptoDid()) {
                // only evaluate if we have no positive match yet
                if (!needsDidPin) {
                    needsDidPin |= didInfo.needsPin();
                }
                // only evaluate if we have no positive match yet
                if (!needsCertPin) {
                    for (DataSetInfo dataSetinfo : didInfo.getRelatedDataSets()) {
                        needsCertPin |= dataSetinfo.needsPin();
                    }
                }
                // get the algorithm of the did
                AlgorithmInfoType algInfo = didInfo.getGenericCryptoMarker().getAlgorithmInfo();
                AlgorithmIdentifierType algId = algInfo.getAlgorithmIdentifier();
                String alg = algInfo.getAlgorithm();
                try {
                    if (algId != null && algId.getAlgorithm() != null) {
                        String jcaName = AllowedSignatureAlgorithms.algIdtoJcaName(algId.getAlgorithm());
                        algorithms.add(jcaName);
                    }
                } catch (UnsupportedAlgorithmException ex) {
                    // ignore and fall back to Algorithm field
                    if (alg != null && !alg.isEmpty() && AllowedSignatureAlgorithms.isKnownJcaAlgorithm(alg)) {
                        algorithms.add(alg);
                    }
                }
            }
        }
        next.setNeedsPinForCertAccess(needsCertPin);
        next.setNeedsPinForPrivateKeyAccess(needsDidPin);
        next.getAlgorithm().addAll(algorithms);
        // finished evaluation everything successfully
        return true;
    } catch (NoSuchDid | WSHelper.WSException | SecurityConditionUnsatisfiable ex) {
        LOG.error("Failed to evaluate DID.", ex);
    }
    // there has been an error
    return false;
}

Example 3 with AlgorithmInfoType

use of iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType in project open-ecard by ecsec.

the class SmartCardCredentialFactory method isRawRSA.

private boolean isRawRSA(DidInfo info) throws WSHelper.WSException, UnsupportedAlgorithmException {
    AlgorithmInfoType algInfo = info.getGenericCryptoMarker().getAlgorithmInfo();
    SignatureAlgorithms alg = SignatureAlgorithms.fromAlgId(algInfo.getAlgorithmIdentifier().getAlgorithm());
    return SignatureAlgorithms.CKM_RSA_PKCS == alg;
}

Example 4 with AlgorithmInfoType

use of iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType in project open-ecard by ecsec.

the class TinySAL method didList.

/**
 * The DIDList function returns a list of the existing DIDs in the card application addressed by the
 * ConnectionHandle or the ApplicationIdentifier element within the Filter.
 * See BSI-TR-03112-4, version 1.1.2, section 3.6.1.
 *
 * @param request DIDList
 * @return DIDListResponse
 */
@Publish
@Override
public DIDListResponse didList(DIDList request) {
    DIDListResponse response = WSHelper.makeResponse(DIDListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        byte[] appId = connectionHandle.getCardApplication();
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        Assert.securityConditionApplication(cardStateEntry, appId, DifferentialIdentityServiceActionName.DID_LIST);
        byte[] applicationIDFilter = null;
        String objectIDFilter = null;
        String applicationFunctionFilter = null;
        DIDQualifierType didQualifier = request.getFilter();
        if (didQualifier != null) {
            applicationIDFilter = didQualifier.getApplicationIdentifier();
            objectIDFilter = didQualifier.getObjectIdentifier();
            applicationFunctionFilter = didQualifier.getApplicationFunction();
        }
        /*
	     * Filter by ApplicationIdentifier.
	     * [TR-03112-4] Allows specifying an application identifier. If this element is present all
	     * DIDs within the specified card application are returned no matter which card application
	     * is currently selected.
	     */
        CardApplicationWrapper cardApplication;
        if (applicationIDFilter != null) {
            cardApplication = cardStateEntry.getInfo().getCardApplication(applicationIDFilter);
            Assert.assertIncorrectParameter(cardApplication, "The given CardApplication cannot be found.");
        } else {
            cardApplication = cardStateEntry.getCurrentCardApplication();
        }
        List<DIDInfoType> didInfos = new ArrayList<>(cardApplication.getDIDInfoList());
        /*
	     * Filter by ObjectIdentifier.
	     * [TR-03112-4] Allows specifying a protocol OID (cf. [TR-03112-7]) such that only DIDs
	     * which support a given protocol are listed.
	     */
        if (objectIDFilter != null) {
            Iterator<DIDInfoType> it = didInfos.iterator();
            while (it.hasNext()) {
                DIDInfoType next = it.next();
                if (!next.getDifferentialIdentity().getDIDProtocol().equals(objectIDFilter)) {
                    it.remove();
                }
            }
        }
        /*
	     * Filter by ApplicationFunction.
	     * [TR-03112-4] Allows filtering for DIDs, which support a specific cryptographic operation.
	     * The bit string is coded as the SupportedOperations-element in [ISO7816-15].
	     */
        if (applicationFunctionFilter != null) {
            Iterator<DIDInfoType> it = didInfos.iterator();
            while (it.hasNext()) {
                DIDInfoType next = it.next();
                if (next.getDifferentialIdentity().getDIDMarker().getCryptoMarker() == null) {
                    it.remove();
                } else {
                    iso.std.iso_iec._24727.tech.schema.CryptoMarkerType rawMarker;
                    rawMarker = next.getDifferentialIdentity().getDIDMarker().getCryptoMarker();
                    CryptoMarkerType cryptoMarker = new CryptoMarkerType(rawMarker);
                    AlgorithmInfoType algInfo = cryptoMarker.getAlgorithmInfo();
                    if (!algInfo.getSupportedOperations().contains(applicationFunctionFilter)) {
                        it.remove();
                    }
                }
            }
        }
        DIDNameListType didNameList = new DIDNameListType();
        for (DIDInfoType didInfo : didInfos) {
            didNameList.getDIDName().add(didInfo.getDifferentialIdentity().getDIDName());
        }
        response.setDIDNameList(didNameList);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 5 with AlgorithmInfoType

use of iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType in project open-ecard by ecsec.

the class CryptoMarkerBuilder method build.

public CryptoMarkerType build() {
    CryptoMarkerType marker = new CryptoMarkerType();
    marker.setProtocol(PROTOCOL);
    if (algInfo != null) {
        try {
            JAXBElement<AlgorithmInfoType> e;
            e = new JAXBElement<>(new QName(ISONS, "AlgorithmInfo"), AlgorithmInfoType.class, algInfo);
            Document d = m.marshal(e);
            marker.getAny().add(d.getDocumentElement());
        } catch (MarshallingTypeException ex) {
            LOG.error("Failed to marshal AlgorithmInfo element.", ex);
        }
    }
    if (keyInfo != null) {
        try {
            JAXBElement<CryptoKeyInfoType> e;
            e = new JAXBElement<>(new QName(ISONS, "KeyInfo"), CryptoKeyInfoType.class, keyInfo);
            Document d = m.marshal(e);
            marker.getAny().add(d.getDocumentElement());
        } catch (MarshallingTypeException ex) {
            LOG.error("Failed to marshal KeyInfo element.", ex);
        }
    }
    if (sigGenInfo != null) {
        try {
            JAXBElement<String> e;
            e = new JAXBElement(new QName(ISONS, "SignatureGenerationInfo"), String.class, sigGenInfo);
            Document d = m.marshal(e);
            marker.getAny().add(d.getDocumentElement());
        } catch (MarshallingTypeException ex) {
            LOG.error("Failed to marshal SignatureGenerationInfo element.", ex);
        }
    }
    if (legacySignGenInfo != null) {
        try {
            JAXBElement<LegacySignatureGenerationType> e;
            e = new JAXBElement(new QName(ISONS, "LegacySignatureGenerationInfo"), LegacySignatureGenerationType.class, legacySignGenInfo);
            Document d = m.marshal(e);
            marker.getAny().add(d.getDocumentElement());
        } catch (MarshallingTypeException ex) {
            LOG.error("Failed to marshal LegacySignatureGenerationInfo element.", ex);
        }
    }
    if (hashGenInfo != null) {
        try {
            JAXBElement<HashGenerationInfoType> e;
            e = new JAXBElement(new QName(ISONS, "HashGenerationInfo"), HashGenerationInfoType.class, hashGenInfo);
            Document d = m.marshal(e);
            marker.getAny().add(d.getDocumentElement());
        } catch (MarshallingTypeException ex) {
            LOG.error("Failed to marshal HashGenerationInfo element.", ex);
        }
    }
    for (CertificateRefType certRef : getCertRefs()) {
        try {
            JAXBElement<CertificateRefType> e;
            e = new JAXBElement(new QName(ISONS, "CertificateRef"), CertificateRefType.class, certRef);
            Document d = m.marshal(e);
            marker.getAny().add(d.getDocumentElement());
        } catch (MarshallingTypeException ex) {
            LOG.error("Failed to marshal CertificateRef element.", ex);
        }
    }
    if (legacyKeyname != null) {
        try {
            JAXBElement<String> e;
            e = new JAXBElement(new QName(ISONS, "LegacyKeyName"), String.class, legacyKeyname);
            Document d = m.marshal(e);
            marker.getAny().add(d.getDocumentElement());
        } catch (MarshallingTypeException ex) {
            LOG.error("Failed to marshal LegacyKeyName element.", ex);
        }
    }
    return marker;
}