use of iso.std.iso_iec._24727.tech.schema.DIDQualifierType in project open-ecard by ecsec.
the class TinySALTest method testDidList.
/**
* Test of didList method, of class TinySAL.
*/
@Test(enabled = TESTS_ENABLED)
public void testDidList() {
System.out.println("didList");
// get path to esign
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(appIdentifier_ESIGN);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
// connect to esign
CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
cardApplicationConnect.setCardApplicationPath(cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(cardApplicationConnect);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
DIDList didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
DIDQualifierType didQualifier = new DIDQualifierType();
didQualifier.setApplicationIdentifier(appIdentifier_ESIGN);
didQualifier.setObjectIdentifier("urn:oid:1.3.162.15480.3.0.25");
didQualifier.setApplicationFunction("Compute-signature");
didList.setFilter(didQualifier);
DIDListResponse didListResponse = instance.didList(didList);
Assert.assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
// get path to root
cardApplicationPath = new CardApplicationPath();
cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(appIdentifier_ROOT);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
// connect to root
cardApplicationConnect = new CardApplicationConnect();
cardApplicationConnect.setCardApplicationPath(cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0));
cardApplicationConnect.getCardApplicationPath().setCardApplication(appIdentifier_ROOT);
result = instance.cardApplicationConnect(cardApplicationConnect);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
didQualifier = new DIDQualifierType();
didQualifier.setApplicationIdentifier(appIdentifier_ROOT);
didQualifier.setObjectIdentifier("urn:oid:1.3.162.15480.3.0.25");
didQualifier.setApplicationFunction("Compute-signature");
didList.setFilter(didQualifier);
didListResponse = instance.didList(didList);
// we expect 0 because of the filter
Assert.assertEquals(didListResponse.getDIDNameList().getDIDName().size(), 0);
assertEquals(ECardConstants.Major.OK, didListResponse.getResult().getResultMajor());
// test null connectionhandle
didList = new DIDList();
didList.setConnectionHandle(null);
didListResponse = instance.didList(didList);
assertEquals(ECardConstants.Major.ERROR, didListResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, didListResponse.getResult().getResultMinor());
// test invalid connectionhandle
didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
didList.getConnectionHandle().setIFDName("invalid");
didListResponse = instance.didList(didList);
assertEquals(ECardConstants.Major.ERROR, didListResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, didListResponse.getResult().getResultMinor());
}
use of iso.std.iso_iec._24727.tech.schema.DIDQualifierType in project open-ecard by ecsec.
the class GenericCryptographyProtocolTest method testDIDGet.
@Test(enabled = TESTS_ENABLED)
public void testDIDGet() throws ParserConfigurationException {
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(cardApplication);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
CardApplicationConnect parameters = new CardApplicationConnect();
CardAppPathResultSet cardAppPathResultSet = cardApplicationPathResponse.getCardAppPathResultSet();
parameters.setCardApplicationPath(cardAppPathResultSet.getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(parameters);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
DIDList didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
DIDQualifierType didQualifier = new DIDQualifierType();
didQualifier.setApplicationIdentifier(cardApplication);
didQualifier.setObjectIdentifier(ECardConstants.Protocol.GENERIC_CRYPTO);
didQualifier.setApplicationFunction("Compute-signature");
didList.setFilter(didQualifier);
DIDListResponse didListResponse = instance.didList(didList);
assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
DIDGet didGet = new DIDGet();
didGet.setConnectionHandle(result.getConnectionHandle());
didGet.setDIDName(didListResponse.getDIDNameList().getDIDName().get(0));
didGet.setDIDScope(DIDScopeType.LOCAL);
DIDGetResponse didGetResponse = instance.didGet(didGet);
assertEquals(ECardConstants.Major.OK, didGetResponse.getResult().getResultMajor());
org.openecard.crypto.common.sal.did.CryptoMarkerType cryptoMarker = new org.openecard.crypto.common.sal.did.CryptoMarkerType((CryptoMarkerType) didGetResponse.getDIDStructure().getDIDMarker());
assertEquals(cryptoMarker.getCertificateRefs().get(0).getDataSetName(), "EF.C.CH.AUT");
}
use of iso.std.iso_iec._24727.tech.schema.DIDQualifierType in project open-ecard by ecsec.
the class GenericCryptographyProtocolTest method testDecipher.
/**
* Test for the Decipher Step of the Generic Cryptography protocol. After we connected to the ESIGN application
* of the eGK, we use DIDList to get a List of DIDs that support the Decipher function. We then authenticate with
* PIN.home and read the contents of the DIDs certificate. With it's public key we encrypt the contents of
* plaintext.txt and finally let the card decrypt it through a call to Decipher. In the end we match the result with
* the original plaintext.
*
* @throws Exception when something in this test went unexpectedly wrong
*/
@Test(enabled = TESTS_ENABLED)
public void testDecipher() throws Exception {
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(cardApplication);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
WSHelper.checkResult(cardApplicationPathResponse);
CardApplicationConnect parameters = new CardApplicationConnect();
CardAppPathResultSet cardAppPathResultSet = cardApplicationPathResponse.getCardAppPathResultSet();
parameters.setCardApplicationPath(cardAppPathResultSet.getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(parameters);
WSHelper.checkResult(result);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
DIDList didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
DIDQualifierType didQualifier = new DIDQualifierType();
didQualifier.setApplicationIdentifier(cardApplication);
didQualifier.setObjectIdentifier(ECardConstants.Protocol.GENERIC_CRYPTO);
didQualifier.setApplicationFunction("Decipher");
didList.setFilter(didQualifier);
DIDListResponse didListResponse = instance.didList(didList);
assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
WSHelper.checkResult(didListResponse);
DIDAuthenticate didAthenticate = new DIDAuthenticate();
didAthenticate.setDIDName("PIN.home");
PinCompareDIDAuthenticateInputType didAuthenticationData = new PinCompareDIDAuthenticateInputType();
didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
didAthenticate.setConnectionHandle(result.getConnectionHandle());
didAthenticate.getConnectionHandle().setCardApplication(cardApplication_ROOT);
didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
DIDAuthenticateResponse didAuthenticateResult = instance.didAuthenticate(didAthenticate);
WSHelper.checkResult(didAuthenticateResult);
assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getAny().size(), 0);
assertEquals(ECardConstants.Major.OK, didAuthenticateResult.getResult().getResultMajor());
byte[] plaintextBytes = plaintext.getBytes();
for (int numOfDIDs = 0; numOfDIDs < didListResponse.getDIDNameList().getDIDName().size(); numOfDIDs++) {
String didName = didListResponse.getDIDNameList().getDIDName().get(numOfDIDs);
DIDGet didGet = new DIDGet();
didGet.setDIDName(didName);
didGet.setDIDScope(DIDScopeType.LOCAL);
didGet.setConnectionHandle(result.getConnectionHandle());
didGet.getConnectionHandle().setCardApplication(cardApplication);
DIDGetResponse didGetResponse = instance.didGet(didGet);
org.openecard.crypto.common.sal.did.CryptoMarkerType cryptoMarker = new org.openecard.crypto.common.sal.did.CryptoMarkerType((CryptoMarkerType) didGetResponse.getDIDStructure().getDIDMarker());
ByteArrayOutputStream ciphertext = new ByteArrayOutputStream();
// read the certificate
DSIRead dsiRead = new DSIRead();
dsiRead.setConnectionHandle(result.getConnectionHandle());
dsiRead.getConnectionHandle().setCardApplication(cardApplication);
dsiRead.setDSIName(cryptoMarker.getCertificateRefs().get(0).getDataSetName());
DSIReadResponse dsiReadResponse = instance.dsiRead(dsiRead);
assertEquals(ECardConstants.Major.OK, dsiReadResponse.getResult().getResultMajor());
assertTrue(dsiReadResponse.getDSIContent().length > 0);
// convert the contents to a certificate
Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
Cipher cipher;
int blocksize;
String algorithmUri = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
if (algorithmUri.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, cert);
// keysize/8-pkcspadding = (2048)/8-11
blocksize = 245;
} else if (algorithmUri.equals(GenericCryptoUris.RSAES_OAEP)) {
cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", new BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, cert);
blocksize = cipher.getBlockSize();
} else {
LOG.warn("Skipping decipher for the unsupported algorithmOID: {}", algorithmUri);
continue;
}
int rest = plaintextBytes.length % blocksize;
// encrypt block for block
for (int offset = 0; offset < plaintextBytes.length; offset += blocksize) {
if ((offset + blocksize) > plaintextBytes.length) {
ciphertext.write(cipher.doFinal(plaintextBytes, offset, rest));
} else {
ciphertext.write(cipher.doFinal(plaintextBytes, offset, blocksize));
}
}
Decipher decipher = new Decipher();
decipher.setCipherText(ciphertext.toByteArray());
decipher.setConnectionHandle(result.getConnectionHandle());
decipher.getConnectionHandle().setCardApplication(cardApplication);
decipher.setDIDName(didName);
decipher.setDIDScope(DIDScopeType.LOCAL);
DecipherResponse decipherResponse = instance.decipher(decipher);
assertEquals(decipherResponse.getPlainText(), plaintextBytes);
// test invalid ciphertext length (not divisible through blocksize without rest)
decipher = new Decipher();
decipher.setCipherText(ByteUtils.concatenate((byte) 0x00, ciphertext.toByteArray()));
decipher.setConnectionHandle(result.getConnectionHandle());
decipher.getConnectionHandle().setCardApplication(cardApplication);
decipher.setDIDName(didName);
decipher.setDIDScope(DIDScopeType.LOCAL);
decipherResponse = instance.decipher(decipher);
Result res = decipherResponse.getResult();
assertEquals(res.getResultMajor(), ECardConstants.Major.ERROR);
assertEquals(res.getResultMinor(), ECardConstants.Minor.App.INCORRECT_PARM);
}
}
use of iso.std.iso_iec._24727.tech.schema.DIDQualifierType in project open-ecard by ecsec.
the class TinySAL method didList.
/**
* The DIDList function returns a list of the existing DIDs in the card application addressed by the
* ConnectionHandle or the ApplicationIdentifier element within the Filter.
* See BSI-TR-03112-4, version 1.1.2, section 3.6.1.
*
* @param request DIDList
* @return DIDListResponse
*/
@Publish
@Override
public DIDListResponse didList(DIDList request) {
DIDListResponse response = WSHelper.makeResponse(DIDListResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
byte[] appId = connectionHandle.getCardApplication();
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
Assert.securityConditionApplication(cardStateEntry, appId, DifferentialIdentityServiceActionName.DID_LIST);
byte[] applicationIDFilter = null;
String objectIDFilter = null;
String applicationFunctionFilter = null;
DIDQualifierType didQualifier = request.getFilter();
if (didQualifier != null) {
applicationIDFilter = didQualifier.getApplicationIdentifier();
objectIDFilter = didQualifier.getObjectIdentifier();
applicationFunctionFilter = didQualifier.getApplicationFunction();
}
/*
* Filter by ApplicationIdentifier.
* [TR-03112-4] Allows specifying an application identifier. If this element is present all
* DIDs within the specified card application are returned no matter which card application
* is currently selected.
*/
CardApplicationWrapper cardApplication;
if (applicationIDFilter != null) {
cardApplication = cardStateEntry.getInfo().getCardApplication(applicationIDFilter);
Assert.assertIncorrectParameter(cardApplication, "The given CardApplication cannot be found.");
} else {
cardApplication = cardStateEntry.getCurrentCardApplication();
}
List<DIDInfoType> didInfos = new ArrayList<>(cardApplication.getDIDInfoList());
/*
* Filter by ObjectIdentifier.
* [TR-03112-4] Allows specifying a protocol OID (cf. [TR-03112-7]) such that only DIDs
* which support a given protocol are listed.
*/
if (objectIDFilter != null) {
Iterator<DIDInfoType> it = didInfos.iterator();
while (it.hasNext()) {
DIDInfoType next = it.next();
if (!next.getDifferentialIdentity().getDIDProtocol().equals(objectIDFilter)) {
it.remove();
}
}
}
/*
* Filter by ApplicationFunction.
* [TR-03112-4] Allows filtering for DIDs, which support a specific cryptographic operation.
* The bit string is coded as the SupportedOperations-element in [ISO7816-15].
*/
if (applicationFunctionFilter != null) {
Iterator<DIDInfoType> it = didInfos.iterator();
while (it.hasNext()) {
DIDInfoType next = it.next();
if (next.getDifferentialIdentity().getDIDMarker().getCryptoMarker() == null) {
it.remove();
} else {
iso.std.iso_iec._24727.tech.schema.CryptoMarkerType rawMarker;
rawMarker = next.getDifferentialIdentity().getDIDMarker().getCryptoMarker();
CryptoMarkerType cryptoMarker = new CryptoMarkerType(rawMarker);
AlgorithmInfoType algInfo = cryptoMarker.getAlgorithmInfo();
if (!algInfo.getSupportedOperations().contains(applicationFunctionFilter)) {
it.remove();
}
}
}
}
DIDNameListType didNameList = new DIDNameListType();
for (DIDInfoType didInfo : didInfos) {
didNameList.getDIDName().add(didInfo.getDifferentialIdentity().getDIDName());
}
response.setDIDNameList(didNameList);
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.DIDQualifierType in project open-ecard by ecsec.
the class TinySALTest method testDidGet.
/**
* Test of didGet method, of class TinySAL.
*/
@Test(enabled = TESTS_ENABLED)
public void testDidGet() {
System.out.println("didGet");
// get path to esign
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(appIdentifier_ESIGN);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
// connect to esign
CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
cardApplicationConnect.setCardApplicationPath(cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(cardApplicationConnect);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
DIDList didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
DIDQualifierType didQualifier = new DIDQualifierType();
didQualifier.setApplicationIdentifier(appIdentifier_ESIGN);
didQualifier.setObjectIdentifier("urn:oid:1.3.162.15480.3.0.25");
didQualifier.setApplicationFunction("Compute-signature");
didList.setFilter(didQualifier);
DIDListResponse didListResponse = instance.didList(didList);
Assert.assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
String didName = didListResponse.getDIDNameList().getDIDName().get(0);
DIDGet parameters = new DIDGet();
parameters.setDIDName(didName);
parameters.setConnectionHandle(result.getConnectionHandle());
DIDGetResponse resultDIDGet = instance.didGet(parameters);
assertEquals(ECardConstants.Major.OK, resultDIDGet.getResult().getResultMajor());
assertTrue(resultDIDGet.getDIDStructure() != null);
}
Aggregations