Examples with DIDStructureType iso.std.iso_iec._24727.tech.schema.DIDStructureType used on opensource projects

Example 21 with DIDStructureType

use of iso.std.iso_iec._24727.tech.schema.DIDStructureType in project open-ecard by ecsec.

the class MiddlewareSAL method updatePin.

private Result updatePin(DIDUpdateDataType didUpdateData, CardStateEntry cardStateEntry, DIDStructureType didStruct) {
    // make sure the pin is not entered already
    setPinNotAuth(cardStateEntry);
    ConnectionHandleType connectionHandle = cardStateEntry.handleCopy();
    MwSession session = managedSessions.get(connectionHandle.getSlotHandle());
    boolean protectedAuthPath = connectionHandle.getSlotInfo().isProtectedAuthPath();
    try {
        PinChangeDialog dialog = new PinChangeDialog(gui, protectedAuthPath, session);
        dialog.show();
    } catch (CryptokiException ex) {
        return WSHelper.makeResultUnknownError(ex.getMessage());
    }
    return WSHelper.makeResultOK();
}

Example 22 with DIDStructureType

use of iso.std.iso_iec._24727.tech.schema.DIDStructureType in project open-ecard by ecsec.

the class MiddlewareSAL method sign.

@Override
public SignResponse sign(Sign request) {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
        byte[] slotHandle = connectionHandle.getSlotHandle();
        String didName = SALUtils.getDIDName(request);
        byte[] message = request.getMessage();
        Assert.assertIncorrectParameter(message, "The parameter Message is empty.");
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, application);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        CryptoMarkerType marker = new CryptoMarkerType(didStructure.getDIDMarker());
        String keyLabel = marker.getLegacyKeyName();
        MwSession session = managedSessions.get(slotHandle);
        for (MwPrivateKey key : session.getPrivateKeys()) {
            String nextLabel = "";
            try {
                nextLabel = key.getKeyLabel();
            } catch (CryptokiException ex) {
                LOG.warn("Error reading key label.", ex);
            }
            LOG.debug("Try to match keys '{}' == '{}'", keyLabel, nextLabel);
            if (keyLabel.equals(nextLabel)) {
                long sigAlg = getPKCS11Alg(marker.getAlgorithmInfo());
                byte[] sig = key.sign(sigAlg, message);
                response.setSignature(sig);
                // set PIN to unauthenticated
                setPinNotAuth(cardStateEntry);
                return response;
            }
        }
        // TODO: use other exception
        String msg = String.format("The given DIDName %s references an unknown key.", didName);
        throw new IncorrectParameterException(msg);
    } catch (ECardException e) {
        LOG.debug(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 23 with DIDStructureType

use of iso.std.iso_iec._24727.tech.schema.DIDStructureType in project open-ecard by ecsec.

the class MiddlewareSAL method didAuthenticate.

@Override
public DIDAuthenticateResponse didAuthenticate(DIDAuthenticate request) {
    DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        connectionHandle = cardStateEntry.handleCopy();
        byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
        byte[] slotHandle = connectionHandle.getSlotHandle();
        DIDAuthenticationDataType didAuthenticationData = request.getAuthenticationProtocolData();
        Assert.assertIncorrectParameter(didAuthenticationData, "The parameter AuthenticationProtocolData is empty.");
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStruct = cardStateEntry.getDIDStructure(didName, application);
        if (didStruct == null) {
            String msg = String.format("DID %s does not exist.", didName);
            throw new NamedEntityNotFoundException(msg);
        }
        PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStruct.getDIDMarker());
        String protocolURI = didAuthenticationData.getProtocol();
        if (!"urn:oid:1.3.162.15480.3.0.9".equals(protocolURI)) {
            String msg = String.format("Protocol %s is not supported by this SAL.", protocolURI);
            throw new UnknownProtocolException(msg);
        }
        PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(didAuthenticationData);
        PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
        // extract pin value from auth data
        char[] pinValue = pinCompareInput.getPIN();
        pinCompareInput.setPIN(null);
        MwSession session = managedSessions.get(slotHandle);
        boolean protectedAuthPath = connectionHandle.getSlotInfo().isProtectedAuthPath();
        boolean pinAuthenticated;
        boolean pinBlocked = false;
        if (!(pinValue == null || pinValue.length == 0) && !protectedAuthPath) {
            // we don't need a GUI if the PIN is known
            try {
                session.login(UserType.User, pinValue);
            } finally {
                Arrays.fill(pinValue, ' ');
            }
            pinAuthenticated = true;
        // TODO: display error GUI if the PIN entry failed
        } else {
            // omit GUI when Middleware has its own PIN dialog for class 2 readers
            if (protectedAuthPath && builtinPinDialog) {
                session.loginExternal(UserType.User);
                pinAuthenticated = true;
            } else {
                PinEntryDialog dialog = new PinEntryDialog(gui, protectedAuthPath, pinCompareMarker, session);
                dialog.show();
                pinAuthenticated = dialog.isPinAuthenticated();
                pinBlocked = dialog.isPinBlocked();
            }
        }
        if (pinAuthenticated) {
            cardStateEntry.addAuthenticated(didName, application);
        } else if (pinBlocked) {
            String msg = "PIN is blocked.";
            Result r = WSHelper.makeResultError(ECardConstants.Minor.IFD.PASSWORD_BLOCKED, msg);
            response.setResult(r);
        } else {
            String msg = "Failed to enter PIN.";
            Result r = WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, msg);
            response.setResult(r);
        }
        // create did authenticate response
        response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
    } catch (PinBlockedException ex) {
        // TODO: set retry counter
        String minor = ECardConstants.Minor.IFD.PASSWORD_BLOCKED;
        Result r = WSHelper.makeResultError(minor, ex.getMessage());
        response.setResult(r);
    } catch (PinIncorrectException ex) {
        // TODO: set retry counter
        String minor = ECardConstants.Minor.SAL.SECURITY_CONDITION_NOT_SATISFIED;
        Result r = WSHelper.makeResultError(minor, ex.getMessage());
        response.setResult(r);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 24 with DIDStructureType

use of iso.std.iso_iec._24727.tech.schema.DIDStructureType in project open-ecard by ecsec.

the class ACLResolver method getUnsatisfiedDIDs.

public List<DIDStructureType> getUnsatisfiedDIDs(TargetNameType target) throws WSException, SecurityConditionUnsatisfiable {
    // get the ACL first
    ACLList aclReq = new ACLList();
    aclReq.setConnectionHandle(handle);
    aclReq.setTargetName(target);
    ACLListResponse aclRes = (ACLListResponse) dispatcher.safeDeliver(aclReq);
    WSHelper.checkResult(aclRes);
    List<AccessRuleType> acls = aclRes.getTargetACL().getAccessRule();
    List<DIDStructureType> dids = getMissingDids(acls, target);
    return dids;
}

Example 25 with DIDStructureType

use of iso.std.iso_iec._24727.tech.schema.DIDStructureType in project open-ecard by ecsec.

the class ACLResolver method filterSatisfiedDIDs.

private List<DIDStructureType> filterSatisfiedDIDs(List<DIDAuthenticationStateType> states) throws WSException {
    ArrayList<DIDStructureType> result = new ArrayList<>(states.size());
    for (DIDAuthenticationStateType state : states) {
        if (state.isDIDState()) {
            // perform DIDGet to see if the DID is authenticated
            DIDGet req = new DIDGet();
            req.setConnectionHandle(handle);
            req.setDIDName(state.getDIDName());
            // search everywhere
            req.setDIDScope(DIDScopeType.GLOBAL);
            DIDGetResponse res = (DIDGetResponse) dispatcher.safeDeliver(req);
            WSHelper.checkResult(res);
            // add it if not authenticated
            if (!res.getDIDStructure().isAuthenticated()) {
                result.add(res.getDIDStructure());
            }
        }
    }
    return result;
}