Examples with DIDAuthenticate iso.std.iso_iec._24727.tech.schema.DIDAuthenticate used on opensource projects

Example 6 with DIDAuthenticate

use of iso.std.iso_iec._24727.tech.schema.DIDAuthenticate in project open-ecard by ecsec.

the class DIDAuthenticateStep method perform.

@Override
public DIDAuthenticateResponse perform(DIDAuthenticate request, Map<String, Object> internalData) {
    DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
    char[] rawPIN = null;
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        String didName = SALUtils.getDIDName(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(request.getAuthenticationProtocolData());
        PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
        byte[] cardApplication;
        if (request.getDIDScope() != null && request.getDIDScope().equals(DIDScopeType.GLOBAL)) {
            cardApplication = cardStateEntry.getInfo().getApplicationIdByDidName(request.getDIDName(), request.getDIDScope());
        } else {
            cardApplication = connectionHandle.getCardApplication();
        }
        Assert.securityConditionDID(cardStateEntry, cardApplication, didName, DifferentialIdentityServiceActionName.DID_AUTHENTICATE);
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplication);
        PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStructure.getDIDMarker());
        byte keyRef = pinCompareMarker.getPINRef().getKeyRef()[0];
        byte[] slotHandle = connectionHandle.getSlotHandle();
        PasswordAttributesType attributes = pinCompareMarker.getPasswordAttributes();
        rawPIN = pinCompareInput.getPIN();
        // delete pin from memory of the structure
        pinCompareInput.setPIN(null);
        byte[] template = new byte[] { 0x00, 0x20, 0x00, keyRef };
        byte[] responseCode;
        // with [ISO7816-4] (Section 7.5.6).
        if (rawPIN == null || rawPIN.length == 0) {
            VerifyUser verify = new VerifyUser();
            verify.setSlotHandle(slotHandle);
            InputUnitType inputUnit = new InputUnitType();
            verify.setInputUnit(inputUnit);
            PinInputType pinInput = new PinInputType();
            inputUnit.setPinInput(pinInput);
            pinInput.setIndex(BigInteger.ZERO);
            pinInput.setPasswordAttributes(attributes);
            verify.setTemplate(template);
            VerifyUserResponse verifyR = (VerifyUserResponse) dispatcher.safeDeliver(verify);
            WSHelper.checkResult(verifyR);
            responseCode = verifyR.getResponse();
        } else {
            Transmit verifyTransmit = PINUtils.buildVerifyTransmit(rawPIN, attributes, template, slotHandle);
            try {
                TransmitResponse transResp = (TransmitResponse) dispatcher.safeDeliver(verifyTransmit);
                WSHelper.checkResult(transResp);
                responseCode = transResp.getOutputAPDU().get(0);
            } finally {
                // blank PIN APDU
                for (InputAPDUInfoType apdu : verifyTransmit.getInputAPDUInfo()) {
                    byte[] rawApdu = apdu.getInputAPDU();
                    if (rawApdu != null) {
                        java.util.Arrays.fill(rawApdu, (byte) 0);
                    }
                }
            }
        }
        CardResponseAPDU verifyResponseAPDU = new CardResponseAPDU(responseCode);
        if (verifyResponseAPDU.isWarningProcessed()) {
            pinCompareOutput.setRetryCounter(new BigInteger(Integer.toString((verifyResponseAPDU.getSW2() & 0x0F))));
        }
        cardStateEntry.addAuthenticated(didName, cardApplication);
        response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
    } catch (ECardException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        if (e instanceof RuntimeException) {
            throw (RuntimeException) e;
        }
        LOG.error(e.getMessage(), e);
        response.setResult(WSHelper.makeResult(e));
    } finally {
        if (rawPIN != null) {
            Arrays.fill(rawPIN, ' ');
        }
    }
    return response;
}

Example 7 with DIDAuthenticate

use of iso.std.iso_iec._24727.tech.schema.DIDAuthenticate in project open-ecard by ecsec.

the class PINCompareProtocolTest method testDIDAuthenticate.

@Test(enabled = TESTS_ENABLED)
public void testDIDAuthenticate() throws ParserConfigurationException {
    CardApplicationPath cardApplicationPath = new CardApplicationPath();
    CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
    cardApplicationPathType.setCardApplication(this.appIdentifier_ROOT);
    cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
    CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
    CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
    cardApplicationPathType = cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0);
    cardApplicationConnect.setCardApplicationPath(cardApplicationPathType);
    CardApplicationConnectResponse result1 = instance.cardApplicationConnect(cardApplicationConnect);
    // /
    // / Test with a pin set.
    // /
    DIDAuthenticate parameters = new DIDAuthenticate();
    parameters.setDIDName("PIN.home");
    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    factory.setNamespaceAware(true);
    DocumentBuilder builder = factory.newDocumentBuilder();
    Document d = builder.newDocument();
    Element elemPin = d.createElementNS("urn:iso:std:iso-iec:24727:tech:schema", "Pin");
    elemPin.setTextContent("123456");
    DIDAuthenticationDataType didAuthenticationData = new DIDAuthenticationDataType();
    didAuthenticationData.getAny().add(elemPin);
    PINCompareDIDAuthenticateInputType pinCompareDIDAuthenticateInputType = new PINCompareDIDAuthenticateInputType(didAuthenticationData);
    parameters.setAuthenticationProtocolData(didAuthenticationData);
    parameters.setConnectionHandle(result1.getConnectionHandle());
    didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
    parameters.setAuthenticationProtocolData(didAuthenticationData);
    DIDAuthenticateResponse result = instance.didAuthenticate(parameters);
    assertEquals(result.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
    assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
    assertEquals(result.getAuthenticationProtocolData().getAny().size(), 0);
    // /
    // / Test without a pin set.
    // /
    parameters = new DIDAuthenticate();
    parameters.setDIDName("PIN.home");
    didAuthenticationData = new DIDAuthenticationDataType();
    parameters.setAuthenticationProtocolData(didAuthenticationData);
    parameters.setConnectionHandle(result1.getConnectionHandle());
    didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
    parameters.setAuthenticationProtocolData(didAuthenticationData);
    result = instance.didAuthenticate(parameters);
    assertEquals(result.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
    assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
    assertEquals(result.getAuthenticationProtocolData().getAny().size(), 0);
}

Example 8 with DIDAuthenticate

use of iso.std.iso_iec._24727.tech.schema.DIDAuthenticate in project open-ecard by ecsec.

the class ChipAuthenticationStep method perform.

@Override
public DIDAuthenticateResponse perform(DIDAuthenticate didAuthenticate, Map<String, Object> internalData) {
    DIDAuthenticateResponse response = new DIDAuthenticateResponse();
    byte[] slotHandle = didAuthenticate.getConnectionHandle().getSlotHandle();
    DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
    try {
        ObjectSchemaValidator valid = (ObjectSchemaValidator) dynCtx.getPromise(EACProtocol.SCHEMA_VALIDATOR).deref();
        boolean messageValid = valid.validateObject(didAuthenticate);
        if (!messageValid) {
            String msg = "Validation of the EACAdditionalInputType message failed.";
            logger.error(msg);
            dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
            response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg));
            return response;
        }
    } catch (ObjectValidatorException ex) {
        String msg = "Validation of the EACAdditionalInputType message failed due to invalid input data.";
        logger.error(msg, ex);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        return response;
    } catch (InterruptedException ex) {
        String msg = "Thread interrupted while waiting for schema validator instance.";
        logger.error(msg, ex);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        return response;
    }
    try {
        EACAdditionalInputType eacAdditionalInput = new EACAdditionalInputType(didAuthenticate.getAuthenticationProtocolData());
        EAC2OutputType eac2Output = eacAdditionalInput.getOutputType();
        TerminalAuthentication ta = new TerminalAuthentication(dispatcher, slotHandle);
        ChipAuthentication ca = new ChipAuthentication(dispatcher, slotHandle);
        // save signature, it is needed in the authentication step
        byte[] signature = eacAdditionalInput.getSignature();
        internalData.put(EACConstants.IDATA_SIGNATURE, signature);
        // perform TA and CA authentication
        AuthenticationHelper auth = new AuthenticationHelper(ta, ca);
        eac2Output = auth.performAuth(eac2Output, internalData);
        response.setResult(WSHelper.makeResultOK());
        response.setAuthenticationProtocolData(eac2Output.getAuthDataType());
    } catch (ParserConfigurationException | ProtocolException | TLVException e) {
        logger.error(e.getMessage(), e);
        response.setResult(WSHelper.makeResultUnknownError(e.getMessage()));
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    }
    Promise<Object> p = (Promise<Object>) dynCtx.getPromise(TR03112Keys.PROCESSING_CANCELLATION);
    if (p.derefNonblocking() == null) {
        // authentication finished, notify GUI
        dynCtx.put(EACProtocol.AUTHENTICATION_DONE, true);
        return response;
    } else {
        // authentication finished, notify GUI
        dynCtx.put(EACProtocol.AUTHENTICATION_DONE, false);
        response = new DIDAuthenticateResponse();
        String msg = "Authentication canceled by the user.";
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, msg));
        return response;
    }
}

Example 9 with DIDAuthenticate

use of iso.std.iso_iec._24727.tech.schema.DIDAuthenticate in project open-ecard by ecsec.

the class GenericCryptographyProtocolTest method testDecipher.

/**
 * Test for the Decipher Step of the Generic Cryptography protocol. After we connected to the ESIGN application
 * of the eGK, we use DIDList to get a List of DIDs that support the Decipher function. We then authenticate with
 * PIN.home and read the contents of the DIDs certificate. With it's public key we encrypt the contents of
 * plaintext.txt and finally let the card decrypt it through a call to Decipher. In the end we match the result with
 * the original plaintext.
 *
 * @throws Exception when something in this test went unexpectedly wrong
 */
@Test(enabled = TESTS_ENABLED)
public void testDecipher() throws Exception {
    CardApplicationPath cardApplicationPath = new CardApplicationPath();
    CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
    cardApplicationPathType.setCardApplication(cardApplication);
    cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
    CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
    WSHelper.checkResult(cardApplicationPathResponse);
    CardApplicationConnect parameters = new CardApplicationConnect();
    CardAppPathResultSet cardAppPathResultSet = cardApplicationPathResponse.getCardAppPathResultSet();
    parameters.setCardApplicationPath(cardAppPathResultSet.getCardApplicationPathResult().get(0));
    CardApplicationConnectResponse result = instance.cardApplicationConnect(parameters);
    WSHelper.checkResult(result);
    assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
    DIDList didList = new DIDList();
    didList.setConnectionHandle(result.getConnectionHandle());
    DIDQualifierType didQualifier = new DIDQualifierType();
    didQualifier.setApplicationIdentifier(cardApplication);
    didQualifier.setObjectIdentifier(ECardConstants.Protocol.GENERIC_CRYPTO);
    didQualifier.setApplicationFunction("Decipher");
    didList.setFilter(didQualifier);
    DIDListResponse didListResponse = instance.didList(didList);
    assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
    WSHelper.checkResult(didListResponse);
    DIDAuthenticate didAthenticate = new DIDAuthenticate();
    didAthenticate.setDIDName("PIN.home");
    PinCompareDIDAuthenticateInputType didAuthenticationData = new PinCompareDIDAuthenticateInputType();
    didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
    didAthenticate.setConnectionHandle(result.getConnectionHandle());
    didAthenticate.getConnectionHandle().setCardApplication(cardApplication_ROOT);
    didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
    didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
    DIDAuthenticateResponse didAuthenticateResult = instance.didAuthenticate(didAthenticate);
    WSHelper.checkResult(didAuthenticateResult);
    assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
    assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getAny().size(), 0);
    assertEquals(ECardConstants.Major.OK, didAuthenticateResult.getResult().getResultMajor());
    byte[] plaintextBytes = plaintext.getBytes();
    for (int numOfDIDs = 0; numOfDIDs < didListResponse.getDIDNameList().getDIDName().size(); numOfDIDs++) {
        String didName = didListResponse.getDIDNameList().getDIDName().get(numOfDIDs);
        DIDGet didGet = new DIDGet();
        didGet.setDIDName(didName);
        didGet.setDIDScope(DIDScopeType.LOCAL);
        didGet.setConnectionHandle(result.getConnectionHandle());
        didGet.getConnectionHandle().setCardApplication(cardApplication);
        DIDGetResponse didGetResponse = instance.didGet(didGet);
        org.openecard.crypto.common.sal.did.CryptoMarkerType cryptoMarker = new org.openecard.crypto.common.sal.did.CryptoMarkerType((CryptoMarkerType) didGetResponse.getDIDStructure().getDIDMarker());
        ByteArrayOutputStream ciphertext = new ByteArrayOutputStream();
        // read the certificate
        DSIRead dsiRead = new DSIRead();
        dsiRead.setConnectionHandle(result.getConnectionHandle());
        dsiRead.getConnectionHandle().setCardApplication(cardApplication);
        dsiRead.setDSIName(cryptoMarker.getCertificateRefs().get(0).getDataSetName());
        DSIReadResponse dsiReadResponse = instance.dsiRead(dsiRead);
        assertEquals(ECardConstants.Major.OK, dsiReadResponse.getResult().getResultMajor());
        assertTrue(dsiReadResponse.getDSIContent().length > 0);
        // convert the contents to a certificate
        Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
        Cipher cipher;
        int blocksize;
        String algorithmUri = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
        if (algorithmUri.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
            cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(Cipher.ENCRYPT_MODE, cert);
            // keysize/8-pkcspadding = (2048)/8-11
            blocksize = 245;
        } else if (algorithmUri.equals(GenericCryptoUris.RSAES_OAEP)) {
            cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", new BouncyCastleProvider());
            cipher.init(Cipher.ENCRYPT_MODE, cert);
            blocksize = cipher.getBlockSize();
        } else {
            LOG.warn("Skipping decipher for the unsupported algorithmOID: {}", algorithmUri);
            continue;
        }
        int rest = plaintextBytes.length % blocksize;
        // encrypt block for block
        for (int offset = 0; offset < plaintextBytes.length; offset += blocksize) {
            if ((offset + blocksize) > plaintextBytes.length) {
                ciphertext.write(cipher.doFinal(plaintextBytes, offset, rest));
            } else {
                ciphertext.write(cipher.doFinal(plaintextBytes, offset, blocksize));
            }
        }
        Decipher decipher = new Decipher();
        decipher.setCipherText(ciphertext.toByteArray());
        decipher.setConnectionHandle(result.getConnectionHandle());
        decipher.getConnectionHandle().setCardApplication(cardApplication);
        decipher.setDIDName(didName);
        decipher.setDIDScope(DIDScopeType.LOCAL);
        DecipherResponse decipherResponse = instance.decipher(decipher);
        assertEquals(decipherResponse.getPlainText(), plaintextBytes);
        // test invalid ciphertext length (not divisible through blocksize without rest)
        decipher = new Decipher();
        decipher.setCipherText(ByteUtils.concatenate((byte) 0x00, ciphertext.toByteArray()));
        decipher.setConnectionHandle(result.getConnectionHandle());
        decipher.getConnectionHandle().setCardApplication(cardApplication);
        decipher.setDIDName(didName);
        decipher.setDIDScope(DIDScopeType.LOCAL);
        decipherResponse = instance.decipher(decipher);
        Result res = decipherResponse.getResult();
        assertEquals(res.getResultMajor(), ECardConstants.Major.ERROR);
        assertEquals(res.getResultMinor(), ECardConstants.Minor.App.INCORRECT_PARM);
    }
}

Example 10 with DIDAuthenticate

use of iso.std.iso_iec._24727.tech.schema.DIDAuthenticate in project open-ecard by ecsec.

the class GenericCryptographyProtocolTest method testDIDAuthenticate.

@Test(enabled = TESTS_ENABLED)
public void testDIDAuthenticate() {
    // TODO write test as soon as implemented
    DIDAuthenticateResponse resp = instance.didAuthenticate(new DIDAuthenticate());
    assertEquals(resp.getResult().getResultMajor(), ECardConstants.Major.ERROR);
}