Examples with CryptoMarkerType iso.std.iso_iec._24727.tech.schema.CryptoMarkerType used on opensource projects

Example 6 with CryptoMarkerType

use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.

the class SignStep method performLegacySignature.

/**
 * The method performs the SignatureCreation if no standard commands are possible.
 * This method creates a signature with APDUs which are not covered by the methods defined in TR-03112 part 7.
 *
 * @param cryptoMarker A {@link CryptoMarkerType} object containing the information about the creation of a signature
 *   in a legacy way.
 * @param slotHandle A slotHandle identifying the current card.
 * @param templateCTX A Map containing the context data for the evaluation of the template variables. This object
 *   contains per default the message to sign and the {@link TLVFunction}.
 * @return A {@link SignResponse} object containing the signature of the <b>message</b>.
 * @throws APDUTemplateException Thrown if the evaluation of the {@link CardCommandTemplate} failed.
 * @throws APDUException Thrown if one of the commands to execute failed.
 * @throws WSHelper.WSException Thrown if the checkResult method of WSHelper failed.
 */
private SignResponse performLegacySignature(CryptoMarkerType cryptoMarker, ConnectionHandleType connectionHandle, BaseTemplateContext templateCTX) throws APDUTemplateException, APDUException, WSHelper.WSException {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    List<Object> legacyCommands = cryptoMarker.getLegacySignatureGenerationInfo();
    CardCommandAPDU cmdAPDU;
    CardResponseAPDU responseAPDU = null;
    byte[] slotHandle = connectionHandle.getSlotHandle();
    byte[] signedMessage;
    for (Object next : legacyCommands) {
        if (next instanceof CardCallTemplateType) {
            CardCallTemplateType cctt = (CardCallTemplateType) next;
            CardCommandTemplate template = new CardCommandTemplate(cctt);
            cmdAPDU = template.evaluate(templateCTX);
            responseAPDU = cmdAPDU.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
        } else if (next instanceof APICommand) {
            sendAPICommand(connectionHandle, (APICommand) next);
        }
    }
    signedMessage = responseAPDU.getData();
    // check if further response data is available
    while (responseAPDU.getTrailer()[0] == (byte) 0x61) {
        CardCommandAPDU getResponseData = new CardCommandAPDU((byte) 0x00, (byte) 0xC0, (byte) 0x00, (byte) 0x00, responseAPDU.getTrailer()[1]);
        responseAPDU = getResponseData.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
        signedMessage = Arrays.concatenate(signedMessage, responseAPDU.getData());
    }
    if (!Arrays.areEqual(responseAPDU.getTrailer(), new byte[] { (byte) 0x90, (byte) 0x00 })) {
        String minor = SALErrorUtils.getMinor(responseAPDU.getTrailer());
        response.setResult(WSHelper.makeResultError(minor, responseAPDU.getStatusMessage()));
        return response;
    }
    // fix output format
    String outForm = cryptoMarker.getLegacyOutputFormat();
    if (outForm != null) {
        switch(outForm) {
            case "rawRS":
                signedMessage = encodeRawRS(signedMessage);
                break;
            default:
                LOG.warn("Unsupport outputFormat={} specified in LegacySignatureGenerationInfo.", outForm);
        }
    }
    response.setSignature(signedMessage);
    return response;
}

Example 7 with CryptoMarkerType

use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.

the class VerifySignatureStep method perform.

@Override
public VerifySignatureResponse perform(VerifySignature request, Map<String, Object> internalData) {
    VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
        // required
        byte[] signature = request.getSignature();
        // optional
        byte[] message = request.getMessage();
        CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
        String dataSetNameCertificate = cryptoMarker.getCertificateRefs().get(0).getDataSetName();
        String algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
        DSIRead dsiRead = new DSIRead();
        dsiRead.setConnectionHandle(connectionHandle);
        dsiRead.setDSIName(dataSetNameCertificate);
        DSIReadResponse dsiReadResponse = (DSIReadResponse) dispatcher.safeDeliver(dsiRead);
        WSHelper.checkResult(dsiReadResponse);
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
        Signature signatureAlgorithm;
        if (algorithmIdentifier.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
            signatureAlgorithm = Signature.getInstance("RSA", new BouncyCastleProvider());
        } else if (algorithmIdentifier.equals(GenericCryptoUris.RSASSA_PSS_SHA256)) {
            signatureAlgorithm = Signature.getInstance("RAWRSASSA-PSS", new BouncyCastleProvider());
            signatureAlgorithm.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
        } else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2)) {
            return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
        } else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2rnd)) {
            return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
        } else {
            throw new IncorrectParameterException("Unknown signature algorithm.");
        }
        signatureAlgorithm.initVerify(cert);
        if (message != null) {
            signatureAlgorithm.update(message);
        }
        if (!signatureAlgorithm.verify(signature)) {
            throw new InvalidSignatureException();
        }
    } catch (ECardException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 8 with CryptoMarkerType

use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.

the class DidInfo method getRelatedDataSets.

public List<DataSetInfo> getRelatedDataSets() throws WSHelper.WSException {
    try {
        ArrayList<DataSetInfo> result = new ArrayList<>();
        Set<String> foundDataSets = new HashSet<>();
        if (isCryptoDid()) {
            CryptoMarkerType m = getGenericCryptoMarker();
            for (CertificateRefType cert : m.getCertificateRefs()) {
                String datasetName = cert.getDataSetName();
                // add if it is not already present in the result list
                if (!foundDataSets.contains(datasetName)) {
                    DataSetInfo ds = didInfos.getDataSetInfo(application, datasetName);
                    result.add(ds);
                    foundDataSets.add(datasetName);
                }
            }
        }
        return Collections.unmodifiableList(result);
    } catch (NoSuchDataSet ex) {
        String msg = "DataSet referenced in CIF could not be resolved.";
        LOG.error(msg, ex);
        throw WSHelper.createException(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
    }
}

Example 9 with CryptoMarkerType

use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.

the class TinySAL method didList.

/**
 * The DIDList function returns a list of the existing DIDs in the card application addressed by the
 * ConnectionHandle or the ApplicationIdentifier element within the Filter.
 * See BSI-TR-03112-4, version 1.1.2, section 3.6.1.
 *
 * @param request DIDList
 * @return DIDListResponse
 */
@Publish
@Override
public DIDListResponse didList(DIDList request) {
    DIDListResponse response = WSHelper.makeResponse(DIDListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        byte[] appId = connectionHandle.getCardApplication();
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        Assert.securityConditionApplication(cardStateEntry, appId, DifferentialIdentityServiceActionName.DID_LIST);
        byte[] applicationIDFilter = null;
        String objectIDFilter = null;
        String applicationFunctionFilter = null;
        DIDQualifierType didQualifier = request.getFilter();
        if (didQualifier != null) {
            applicationIDFilter = didQualifier.getApplicationIdentifier();
            objectIDFilter = didQualifier.getObjectIdentifier();
            applicationFunctionFilter = didQualifier.getApplicationFunction();
        }
        /*
	     * Filter by ApplicationIdentifier.
	     * [TR-03112-4] Allows specifying an application identifier. If this element is present all
	     * DIDs within the specified card application are returned no matter which card application
	     * is currently selected.
	     */
        CardApplicationWrapper cardApplication;
        if (applicationIDFilter != null) {
            cardApplication = cardStateEntry.getInfo().getCardApplication(applicationIDFilter);
            Assert.assertIncorrectParameter(cardApplication, "The given CardApplication cannot be found.");
        } else {
            cardApplication = cardStateEntry.getCurrentCardApplication();
        }
        List<DIDInfoType> didInfos = new ArrayList<>(cardApplication.getDIDInfoList());
        /*
	     * Filter by ObjectIdentifier.
	     * [TR-03112-4] Allows specifying a protocol OID (cf. [TR-03112-7]) such that only DIDs
	     * which support a given protocol are listed.
	     */
        if (objectIDFilter != null) {
            Iterator<DIDInfoType> it = didInfos.iterator();
            while (it.hasNext()) {
                DIDInfoType next = it.next();
                if (!next.getDifferentialIdentity().getDIDProtocol().equals(objectIDFilter)) {
                    it.remove();
                }
            }
        }
        /*
	     * Filter by ApplicationFunction.
	     * [TR-03112-4] Allows filtering for DIDs, which support a specific cryptographic operation.
	     * The bit string is coded as the SupportedOperations-element in [ISO7816-15].
	     */
        if (applicationFunctionFilter != null) {
            Iterator<DIDInfoType> it = didInfos.iterator();
            while (it.hasNext()) {
                DIDInfoType next = it.next();
                if (next.getDifferentialIdentity().getDIDMarker().getCryptoMarker() == null) {
                    it.remove();
                } else {
                    iso.std.iso_iec._24727.tech.schema.CryptoMarkerType rawMarker;
                    rawMarker = next.getDifferentialIdentity().getDIDMarker().getCryptoMarker();
                    CryptoMarkerType cryptoMarker = new CryptoMarkerType(rawMarker);
                    AlgorithmInfoType algInfo = cryptoMarker.getAlgorithmInfo();
                    if (!algInfo.getSupportedOperations().contains(applicationFunctionFilter)) {
                        it.remove();
                    }
                }
            }
        }
        DIDNameListType didNameList = new DIDNameListType();
        for (DIDInfoType didInfo : didInfos) {
            didNameList.getDIDName().add(didInfo.getDifferentialIdentity().getDIDName());
        }
        response.setDIDNameList(didNameList);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 10 with CryptoMarkerType

use of iso.std.iso_iec._24727.tech.schema.CryptoMarkerType in project open-ecard by ecsec.

the class AndroidMarshallerTest method testConversionOfCardInfo.

@Test
public void testConversionOfCardInfo() throws Exception {
    WSMarshaller m = new AndroidMarshaller();
    Object o = m.unmarshal(m.str2doc(NPA_CIF));
    if (!(o instanceof CardInfo)) {
        throw new Exception("Object should be an instace of CardInfo");
    }
    CardInfo cardInfo = (CardInfo) o;
    assertEquals("http://bsi.bund.de/cif/npa.xml", cardInfo.getCardType().getObjectIdentifier());
    assertEquals(new byte[] { 0x3F, 0x00 }, cardInfo.getApplicationCapabilities().getImplicitlySelectedApplication());
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().size(), 3);
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getApplicationName(), "MF");
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getRequirementLevel(), BasicRequirementsType.PERSONALIZATION_MANDATORY);
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().size(), 40);
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(0).getCardApplicationServiceName(), "CardApplicationServiceAccess");
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(0).getAction().getAPIAccessEntryPoint(), APIAccessEntryPointName.INITIALIZE);
    assertTrue(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(0).getSecurityCondition().isAlways());
    // last accessrule
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(39).getAction().getAuthorizationServiceAction(), AuthorizationServiceActionName.ACL_MODIFY);
    assertFalse(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(39).getSecurityCondition().isNever());
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getDIDInfo().get(0).getRequirementLevel(), BasicRequirementsType.PERSONALIZATION_MANDATORY);
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getDIDInfo().get(0).getDIDACL().getAccessRule().get(0).getCardApplicationServiceName(), "DifferentialIdentityService");
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(1).getDataSetInfo().get(0).getRequirementLevel(), BasicRequirementsType.PERSONALIZATION_MANDATORY);
    assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(1).getDataSetInfo().get(0).getDataSetACL().getAccessRule().get(0).getCardApplicationServiceName(), "NamedDataService");
    for (DataSetInfoType dataSetInfo : cardInfo.getApplicationCapabilities().getCardApplication().get(2).getDataSetInfo()) {
        if (dataSetInfo.getDataSetName().equals("EF.C.ZDA.QES")) {
            assertEquals(dataSetInfo.getLocalDataSetName().get(0).getLang(), "DE");
            assertEquals(dataSetInfo.getLocalDataSetName().get(0).getValue(), "Zertifikat des ZDA für die QES");
        }
    }
    // Test eGK
    o = m.unmarshal(m.str2doc(EGK_CIF));
    if (!(o instanceof CardInfo)) {
        throw new Exception("Object should be an instace of CardInfo");
    }
    cardInfo = (CardInfo) o;
    assertEquals("http://ws.gematik.de/egk/1.0.0", cardInfo.getCardType().getObjectIdentifier());
    CardApplicationType cardApplicationESIGN = cardInfo.getApplicationCapabilities().getCardApplication().get(2);
    DIDInfoType didInfo = cardApplicationESIGN.getDIDInfo().get(2);
    DifferentialIdentityType differentialIdentity = didInfo.getDifferentialIdentity();
    assertEquals(differentialIdentity.getDIDName(), "PrK.CH.AUT_signPKCS1_V1_5");
    assertEquals(differentialIdentity.getDIDProtocol(), "urn:oid:1.3.162.15480.3.0.25");
    CryptoMarkerType cryptoMarkerType = new CryptoMarkerType(differentialIdentity.getDIDMarker().getCryptoMarker());
    assertEquals(cryptoMarkerType.getProtocol(), "urn:oid:1.3.162.15480.3.0.25");
    assertEquals(cryptoMarkerType.getAlgorithmInfo().getSupportedOperations().get(0), "Compute-signature");
    // uncomment to get output files to make a diff
    /*WSMarshaller jaxbMarshaller = new JAXBMarshaller();
	CardInfo cardInfoJM = (CardInfo) jaxbMarshaller.unmarshal(jaxbMarshaller.str2doc(egkCif));
	File f = new File("cifJM.xml");
	FileOutputStream fos = new FileOutputStream(f);
	File f2 = new File("cifAM.xml");
	FileOutputStream fos2 = new FileOutputStream(f2);
	marshalLog(cardInfoJM, fos);
	marshalLog(cardInfo, fos2);*/
    // Test ecard AT 0.9.0
    o = m.unmarshal(m.str2doc(ECARD_AT_CIF));
    if (!(o instanceof CardInfo)) {
        throw new Exception("Object should be an instance of CardInfo");
    }
    cardInfo = (CardInfo) o;
}