use of iso.std.iso_iec._24727.tech.schema.ConnectionHandleType in project open-ecard by ecsec.
the class TinySAL method sign.
/**
* The Sign function signs a transmitted message.
* See BSI-TR-03112-4, version 1.1.2, section 3.5.5.
*
* @param request Sign
* @return SignResponse
*/
@Override
public SignResponse sign(Sign request) {
SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
CardStateEntry cardStateEntry = null;
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
String didName = SALUtils.getDIDName(request);
byte[] message = request.getMessage();
Assert.assertIncorrectParameter(message, "The parameter Message is empty.");
DIDScopeType didScope = request.getDIDScope();
if (didScope == null) {
didScope = DIDScopeType.LOCAL;
}
if (didScope.equals(DIDScopeType.LOCAL)) {
byte[] necessarySelectedApp = cardStateEntry.getInfo().getApplicationIdByDidName(didName, didScope);
if (!Arrays.equals(necessarySelectedApp, applicationID)) {
String msg = "Wrong application selected for the execution of Sign with the DID " + didName + ".";
throw new SecurityConditionNotSatisfiedException(msg);
}
}
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, didScope);
Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
String protocolURI = didStructure.getDIDMarker().getProtocol();
SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
if (protocol.hasNextStep(FunctionType.Sign)) {
response = protocol.sign(request);
removeFinishedProtocol(connectionHandle, protocolURI, protocol);
} else {
throw new InappropriateProtocolForActionException("Sign", protocol.toString());
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
// TODO: remove when PIN state tracking is implemented
setPinNotAuth(cardStateEntry);
return response;
}
use of iso.std.iso_iec._24727.tech.schema.ConnectionHandleType in project open-ecard by ecsec.
the class TinySAL method didAuthenticate.
/**
* The DIDAuthenticate function can be used to execute an authentication protocol using a DID addressed by DIDName.
* See BSI-TR-03112-4, version 1.1.2, section 3.6.6.
*
* @param request DIDAuthenticate
* @return DIDAuthenticateResponse
*/
@Publish
@Override
public DIDAuthenticateResponse didAuthenticate(DIDAuthenticate request) {
DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
DIDAuthenticationDataType didAuthenticationData = request.getAuthenticationProtocolData();
Assert.assertIncorrectParameter(didAuthenticationData, "The parameter AuthenticationProtocolData is empty.");
String protocolURI = didAuthenticationData.getProtocol();
// FIXME: workaround for missing protocol URI from eID-Servers
if (protocolURI == null) {
LOG.warn("ProtocolURI was null");
protocolURI = ECardConstants.Protocol.EAC_GENERIC;
} else if (protocolURI.equals("urn:oid:1.0.24727.3.0.0.7.2")) {
LOG.warn("ProtocolURI was urn:oid:1.0.24727.3.0.0.7.2");
protocolURI = ECardConstants.Protocol.EAC_GENERIC;
}
didAuthenticationData.setProtocol(protocolURI);
SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
if (protocol.hasNextStep(FunctionType.DIDAuthenticate)) {
response = protocol.didAuthenticate(request);
removeFinishedProtocol(connectionHandle, protocolURI, protocol);
} else {
throw new InappropriateProtocolForActionException("DIDAuthenticate", protocol.toString());
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.ConnectionHandleType in project open-ecard by ecsec.
the class TinySAL method hash.
/**
* The Hash function calculates the hash value of a transmitted message.
* See BSI-TR-03112-4, version 1.1.2, section 3.5.4.
*
* @param request Hash
* @return HashResponse
*/
@Publish
@Override
public HashResponse hash(Hash request) {
HashResponse response = WSHelper.makeResponse(HashResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
String didName = SALUtils.getDIDName(request);
byte[] message = request.getMessage();
Assert.assertIncorrectParameter(message, "The parameter Message is empty.");
DIDScopeType didScope = request.getDIDScope();
if (didScope == null) {
didScope = DIDScopeType.LOCAL;
}
if (didScope.equals(DIDScopeType.LOCAL)) {
byte[] necesssaryApp = cardStateEntry.getInfo().getApplicationIdByDidName(didName, didScope);
if (!Arrays.equals(necesssaryApp, applicationID)) {
String msg = "Wrong application for executing Hash with the specified DID " + didName + ".";
throw new SecurityConditionNotSatisfiedException(msg);
}
}
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, didScope);
Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
String protocolURI = didStructure.getDIDMarker().getProtocol();
SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
if (protocol.hasNextStep(FunctionType.Hash)) {
response = protocol.hash(request);
removeFinishedProtocol(connectionHandle, protocolURI, protocol);
} else {
throw new InappropriateProtocolForActionException("Hash", protocol.toString());
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.ConnectionHandleType in project open-ecard by ecsec.
the class TinySAL method getRandom.
/**
* The GetRandom function returns a random number which is suitable for authentication with the DID addressed with
* DIDName.
* See BSI-TR-03112-4, version 1.1.2, section 3.5.3.
*
* @param request GetRandom
* @return GetRandomResponse
*/
@Publish
@Override
public GetRandomResponse getRandom(GetRandom request) {
GetRandomResponse response = WSHelper.makeResponse(GetRandomResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
String didName = SALUtils.getDIDName(request);
DIDScopeType didScope = request.getDIDScope();
if (didScope == null) {
didScope = DIDScopeType.LOCAL;
}
if (didScope.equals(DIDScopeType.LOCAL)) {
byte[] necessaryApp = cardStateEntry.getInfo().getApplicationIdByDidName(didName, didScope);
if (!Arrays.equals(necessaryApp, applicationID)) {
throw new SecurityConditionNotSatisfiedException("The wrong application is selected for getRandom()");
}
}
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, didScope);
Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
String protocolURI = didStructure.getDIDMarker().getProtocol();
SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
if (protocol.hasNextStep(FunctionType.GetRandom)) {
response = protocol.getRandom(request);
removeFinishedProtocol(connectionHandle, protocolURI, protocol);
} else {
throw new InappropriateProtocolForActionException("GetRandom", protocol.toString());
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.ConnectionHandleType in project open-ecard by ecsec.
the class TinySAL method cardApplicationConnect.
/**
* The CardApplicationConnect function establishes an unauthenticated connection between the client
* application and the card application.
* See BSI-TR-03112-4, version 1.1.2, section 3.2.1.
*
* @param request CardApplicationConnect
* @return CardApplicationConnectResponse
*/
@Override
public CardApplicationConnectResponse cardApplicationConnect(CardApplicationConnect request) {
CardApplicationConnectResponse response = WSHelper.makeResponse(CardApplicationConnectResponse.class, WSHelper.makeResultOK());
try {
CardApplicationPathType cardAppPath = request.getCardApplicationPath();
Assert.assertIncorrectParameter(cardAppPath, "The parameter CardAppPathRequest is empty.");
Set<CardStateEntry> cardStateEntrySet = states.getMatchingEntries(cardAppPath, false);
Assert.assertIncorrectParameter(cardStateEntrySet, "The given ConnectionHandle is invalid.");
/*
* [TR-03112-4] If the provided path fragments are valid for more than one card application
* the eCard-API-Framework SHALL return any of the possible choices.
*/
CardStateEntry cardStateEntry = cardStateEntrySet.iterator().next();
byte[] applicationID = cardAppPath.getCardApplication();
if (applicationID == null) {
if (cardStateEntry.getImplicitlySelectedApplicationIdentifier() != null) {
applicationID = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
} else {
applicationID = MF;
}
}
Assert.securityConditionApplication(cardStateEntry, applicationID, ConnectionServiceActionName.CARD_APPLICATION_CONNECT);
// Connect to the card
ConnectionHandleType handle = cardStateEntry.handleCopy();
cardStateEntry = cardStateEntry.derive(handle);
Connect connect = new Connect();
connect.setContextHandle(handle.getContextHandle());
connect.setIFDName(handle.getIFDName());
connect.setSlot(handle.getSlotIndex());
ConnectResponse connectResponse = (ConnectResponse) env.getDispatcher().safeDeliver(connect);
WSHelper.checkResult(connectResponse);
// Select the card application
CardCommandAPDU select;
// TODO: proper determination of path, file and app id
if (applicationID.length == 2) {
select = new Select.File(applicationID);
List<byte[]> responses = new ArrayList<>();
responses.add(TrailerConstants.Success.OK());
responses.add(TrailerConstants.Error.WRONG_P1_P2());
CardResponseAPDU resp = select.transmit(env.getDispatcher(), connectResponse.getSlotHandle(), responses);
if (Arrays.equals(resp.getTrailer(), TrailerConstants.Error.WRONG_P1_P2())) {
select = new Select.AbsolutePath(applicationID);
select.transmit(env.getDispatcher(), connectResponse.getSlotHandle());
}
} else {
select = new Select.Application(applicationID);
select.transmit(env.getDispatcher(), connectResponse.getSlotHandle());
}
cardStateEntry.setCurrentCardApplication(applicationID);
cardStateEntry.setSlotHandle(connectResponse.getSlotHandle());
// reset the ef FCP
cardStateEntry.unsetFCPOfSelectedEF();
states.addEntry(cardStateEntry);
response.setConnectionHandle(cardStateEntry.handleCopy());
response.getConnectionHandle().setCardApplication(applicationID);
} catch (ECardException e) {
response.setResult(e.getResult());
}
return response;
}
Aggregations