use of iso.std.iso_iec._24727.tech.schema.DSIRead in project open-ecard by ecsec.
the class MiddlewareSAL method dsiRead.
@Override
public DSIReadResponse dsiRead(DSIRead request) {
DSIReadResponse response = WSHelper.makeResponse(DSIReadResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
String dsiName = request.getDSIName();
byte[] slotHandle = connectionHandle.getSlotHandle();
Assert.assertIncorrectParameter(dsiName, "The parameter DSIName is empty.");
Assert.securityConditionDataSet(cardStateEntry, applicationID, dsiName, NamedDataServiceActionName.DSI_READ);
MwSession session = managedSessions.get(slotHandle);
for (MwCertificate cert : session.getCertificates()) {
try {
String label = cert.getLabel();
if (label.equals(dsiName)) {
// read certificate
byte[] certificate = cert.getValue();
response.setDSIContent(certificate);
return response;
}
} catch (CryptokiException ex) {
LOG.warn("Skipping certificate due to error.", ex);
}
}
String msg = "The given DSIName does not related to any know DSI or DataSet.";
throw new IncorrectParameterException(msg);
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.DSIRead in project open-ecard by ecsec.
the class GenericCryptographyProtocolTest method testDecipher.
/**
* Test for the Decipher Step of the Generic Cryptography protocol. After we connected to the ESIGN application
* of the eGK, we use DIDList to get a List of DIDs that support the Decipher function. We then authenticate with
* PIN.home and read the contents of the DIDs certificate. With it's public key we encrypt the contents of
* plaintext.txt and finally let the card decrypt it through a call to Decipher. In the end we match the result with
* the original plaintext.
*
* @throws Exception when something in this test went unexpectedly wrong
*/
@Test(enabled = TESTS_ENABLED)
public void testDecipher() throws Exception {
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(cardApplication);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
WSHelper.checkResult(cardApplicationPathResponse);
CardApplicationConnect parameters = new CardApplicationConnect();
CardAppPathResultSet cardAppPathResultSet = cardApplicationPathResponse.getCardAppPathResultSet();
parameters.setCardApplicationPath(cardAppPathResultSet.getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(parameters);
WSHelper.checkResult(result);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
DIDList didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
DIDQualifierType didQualifier = new DIDQualifierType();
didQualifier.setApplicationIdentifier(cardApplication);
didQualifier.setObjectIdentifier(ECardConstants.Protocol.GENERIC_CRYPTO);
didQualifier.setApplicationFunction("Decipher");
didList.setFilter(didQualifier);
DIDListResponse didListResponse = instance.didList(didList);
assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
WSHelper.checkResult(didListResponse);
DIDAuthenticate didAthenticate = new DIDAuthenticate();
didAthenticate.setDIDName("PIN.home");
PinCompareDIDAuthenticateInputType didAuthenticationData = new PinCompareDIDAuthenticateInputType();
didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
didAthenticate.setConnectionHandle(result.getConnectionHandle());
didAthenticate.getConnectionHandle().setCardApplication(cardApplication_ROOT);
didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
DIDAuthenticateResponse didAuthenticateResult = instance.didAuthenticate(didAthenticate);
WSHelper.checkResult(didAuthenticateResult);
assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getAny().size(), 0);
assertEquals(ECardConstants.Major.OK, didAuthenticateResult.getResult().getResultMajor());
byte[] plaintextBytes = plaintext.getBytes();
for (int numOfDIDs = 0; numOfDIDs < didListResponse.getDIDNameList().getDIDName().size(); numOfDIDs++) {
String didName = didListResponse.getDIDNameList().getDIDName().get(numOfDIDs);
DIDGet didGet = new DIDGet();
didGet.setDIDName(didName);
didGet.setDIDScope(DIDScopeType.LOCAL);
didGet.setConnectionHandle(result.getConnectionHandle());
didGet.getConnectionHandle().setCardApplication(cardApplication);
DIDGetResponse didGetResponse = instance.didGet(didGet);
org.openecard.crypto.common.sal.did.CryptoMarkerType cryptoMarker = new org.openecard.crypto.common.sal.did.CryptoMarkerType((CryptoMarkerType) didGetResponse.getDIDStructure().getDIDMarker());
ByteArrayOutputStream ciphertext = new ByteArrayOutputStream();
// read the certificate
DSIRead dsiRead = new DSIRead();
dsiRead.setConnectionHandle(result.getConnectionHandle());
dsiRead.getConnectionHandle().setCardApplication(cardApplication);
dsiRead.setDSIName(cryptoMarker.getCertificateRefs().get(0).getDataSetName());
DSIReadResponse dsiReadResponse = instance.dsiRead(dsiRead);
assertEquals(ECardConstants.Major.OK, dsiReadResponse.getResult().getResultMajor());
assertTrue(dsiReadResponse.getDSIContent().length > 0);
// convert the contents to a certificate
Certificate cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
Cipher cipher;
int blocksize;
String algorithmUri = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
if (algorithmUri.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, cert);
// keysize/8-pkcspadding = (2048)/8-11
blocksize = 245;
} else if (algorithmUri.equals(GenericCryptoUris.RSAES_OAEP)) {
cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", new BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, cert);
blocksize = cipher.getBlockSize();
} else {
LOG.warn("Skipping decipher for the unsupported algorithmOID: {}", algorithmUri);
continue;
}
int rest = plaintextBytes.length % blocksize;
// encrypt block for block
for (int offset = 0; offset < plaintextBytes.length; offset += blocksize) {
if ((offset + blocksize) > plaintextBytes.length) {
ciphertext.write(cipher.doFinal(plaintextBytes, offset, rest));
} else {
ciphertext.write(cipher.doFinal(plaintextBytes, offset, blocksize));
}
}
Decipher decipher = new Decipher();
decipher.setCipherText(ciphertext.toByteArray());
decipher.setConnectionHandle(result.getConnectionHandle());
decipher.getConnectionHandle().setCardApplication(cardApplication);
decipher.setDIDName(didName);
decipher.setDIDScope(DIDScopeType.LOCAL);
DecipherResponse decipherResponse = instance.decipher(decipher);
assertEquals(decipherResponse.getPlainText(), plaintextBytes);
// test invalid ciphertext length (not divisible through blocksize without rest)
decipher = new Decipher();
decipher.setCipherText(ByteUtils.concatenate((byte) 0x00, ciphertext.toByteArray()));
decipher.setConnectionHandle(result.getConnectionHandle());
decipher.getConnectionHandle().setCardApplication(cardApplication);
decipher.setDIDName(didName);
decipher.setDIDScope(DIDScopeType.LOCAL);
decipherResponse = instance.decipher(decipher);
Result res = decipherResponse.getResult();
assertEquals(res.getResultMajor(), ECardConstants.Major.ERROR);
assertEquals(res.getResultMinor(), ECardConstants.Minor.App.INCORRECT_PARM);
}
}
use of iso.std.iso_iec._24727.tech.schema.DSIRead in project open-ecard by ecsec.
the class VerifySignatureStep method perform.
@Override
public VerifySignatureResponse perform(VerifySignature request, Map<String, Object> internalData) {
VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
String didName = SALUtils.getDIDName(request);
DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
// required
byte[] signature = request.getSignature();
// optional
byte[] message = request.getMessage();
CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
String dataSetNameCertificate = cryptoMarker.getCertificateRefs().get(0).getDataSetName();
String algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
DSIRead dsiRead = new DSIRead();
dsiRead.setConnectionHandle(connectionHandle);
dsiRead.setDSIName(dataSetNameCertificate);
DSIReadResponse dsiReadResponse = (DSIReadResponse) dispatcher.safeDeliver(dsiRead);
WSHelper.checkResult(dsiReadResponse);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
Signature signatureAlgorithm;
if (algorithmIdentifier.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
signatureAlgorithm = Signature.getInstance("RSA", new BouncyCastleProvider());
} else if (algorithmIdentifier.equals(GenericCryptoUris.RSASSA_PSS_SHA256)) {
signatureAlgorithm = Signature.getInstance("RAWRSASSA-PSS", new BouncyCastleProvider());
signatureAlgorithm.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
} else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2)) {
return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
} else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2rnd)) {
return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
} else {
throw new IncorrectParameterException("Unknown signature algorithm.");
}
signatureAlgorithm.initVerify(cert);
if (message != null) {
signatureAlgorithm.update(message);
}
if (!signatureAlgorithm.verify(signature)) {
throw new InvalidSignatureException();
}
} catch (ECardException e) {
LOG.error(e.getMessage(), e);
response.setResult(e.getResult());
} catch (Exception e) {
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.DSIRead in project open-ecard by ecsec.
the class TinySAL method dsiRead.
/**
* The DSIRead function reads out the content of a specific DSI (Data Structure for Interoperability).
* See BSI-TR-03112-4, version 1.1.2, section 3.4.9.
*
* @param request DSIRead
* @return DSIReadResponse
*/
@Publish
@Override
public DSIReadResponse dsiRead(DSIRead request) {
DSIReadResponse response = WSHelper.makeResponse(DSIReadResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
String dsiName = request.getDSIName();
byte[] slotHandle = connectionHandle.getSlotHandle();
Assert.assertIncorrectParameter(dsiName, "The parameter DSIName is empty.");
Assert.securityConditionDataSet(cardStateEntry, applicationID, dsiName, NamedDataServiceActionName.DSI_READ);
if (cardStateEntry.getFCPOfSelectedEF() == null) {
throw new PrerequisitesNotSatisfiedException("No DataSet to read selected.");
}
CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
DataSetInfoType dataSetInfo = cardInfoWrapper.getDataSetByDsiName(dsiName);
if (dataSetInfo == null) {
// there is no data set which contains the given dsi name so the name should be an data set name
dataSetInfo = cardInfoWrapper.getDataSetByName(dsiName);
if (dataSetInfo != null) {
if (!cardStateEntry.getFCPOfSelectedEF().getFileIdentifiers().isEmpty()) {
byte[] path = dataSetInfo.getDataSetPath().getEfIdOrPath();
byte[] fid = Arrays.copyOfRange(path, path.length - 2, path.length);
if (!Arrays.equals(fid, cardStateEntry.getFCPOfSelectedEF().getFileIdentifiers().get(0))) {
String msg = "Wrong DataSet for reading the DSI " + dsiName + " is selected.";
throw new PrerequisitesNotSatisfiedException(msg);
}
}
byte[] fileContent = CardUtils.readFile(cardStateEntry.getFCPOfSelectedEF(), env.getDispatcher(), slotHandle);
response.setDSIContent(fileContent);
} else {
String msg = "The given DSIName does not related to any know DSI or DataSet.";
throw new IncorrectParameterException(msg);
}
} else {
// There exists a data set with the given dsi name
// check whether the correct file is selected
byte[] dataSetPath = dataSetInfo.getDataSetPath().getEfIdOrPath();
byte[] dataSetFID = new byte[] { dataSetPath[dataSetPath.length - 2], dataSetPath[dataSetPath.length - 1] };
if (Arrays.equals(dataSetFID, cardStateEntry.getFCPOfSelectedEF().getFileIdentifiers().get(0))) {
DSIType dsi = cardInfoWrapper.getDSIbyName(dsiName);
PathType dsiPath = dsi.getDSIPath();
if (dsiPath.getTagRef() != null) {
TagRef tagReference = dsiPath.getTagRef();
byte[] tag = tagReference.getTag();
GetData getDataRequest;
if (tag.length == 2) {
getDataRequest = new GetData(GetData.INS_DATA, tag[0], tag[1]);
CardResponseAPDU cardResponse = getDataRequest.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
byte[] responseData = cardResponse.getData();
while (cardResponse.getTrailer()[0] == (byte) 0x61) {
GetResponse allData = new GetResponse();
cardResponse = allData.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
responseData = ByteUtils.concatenate(responseData, cardResponse.getData());
}
response.setDSIContent(responseData);
} else if (tag.length == 1) {
// how to determine Simple- or BER-TLV in this case correctly?
// Now try Simple-TLV first and if it fail try BER-TLV
getDataRequest = new GetData(GetData.INS_DATA, GetData.SIMPLE_TLV, tag[0]);
CardResponseAPDU cardResponse = getDataRequest.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
byte[] responseData = cardResponse.getData();
// just an assumption
if (Arrays.equals(cardResponse.getTrailer(), new byte[] { (byte) 0x6A, (byte) 0x88 })) {
getDataRequest = new GetData(GetData.INS_DATA, GetData.BER_TLV_ONE_BYTE, tag[0]);
cardResponse = getDataRequest.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
responseData = cardResponse.getData();
}
while (cardResponse.getTrailer()[0] == (byte) 0x61) {
GetResponse allData = new GetResponse();
cardResponse = allData.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
responseData = ByteUtils.concatenate(responseData, cardResponse.getData());
}
response.setDSIContent(responseData);
}
} else if (dsiPath.getIndex() != null) {
byte[] index = dsiPath.getIndex();
byte[] length = dsiPath.getLength();
List<byte[]> allowedResponse = new ArrayList<>();
allowedResponse.add(new byte[] { (byte) 0x90, (byte) 0x00 });
allowedResponse.add(new byte[] { (byte) 0x62, (byte) 0x82 });
if (cardStateEntry.getFCPOfSelectedEF().getDataElements().isLinear()) {
// in this case we use the index as record number and the length as length of record
ReadRecord readRecord = new ReadRecord(index[0]);
// NOTE: For record based files TR-0312-4 states to ignore the length field in case of records
CardResponseAPDU cardResponse = readRecord.transmit(env.getDispatcher(), slotHandle, allowedResponse);
response.setDSIContent(cardResponse.getData());
} else {
// in this case we use index as offset and length as the expected length
ReadBinary readBinary = new ReadBinary(ByteUtils.toShort(index), ByteUtils.toShort(length));
CardResponseAPDU cardResponse = readBinary.transmit(env.getDispatcher(), slotHandle, allowedResponse);
response.setDSIContent(cardResponse.getData());
}
} else {
String msg = "The currently selected data set does not contain the DSI with the name " + dsiName;
throw new PrerequisitesNotSatisfiedException(msg);
}
}
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.DSIRead in project open-ecard by ecsec.
the class TinySALTest method testDsiRead.
/**
* Test of dsiRead method, of class TinySAL.
*/
@Test(enabled = TESTS_ENABLED)
public void testDsiRead() {
System.out.println("dsiRead");
// test normal case
// get esign path
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(appIdentifier_ESIGN);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
// connect to esign
CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
cardApplicationConnect.setCardApplicationPath(cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(cardApplicationConnect);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
assertEquals(appIdentifier_ESIGN, result.getConnectionHandle().getCardApplication());
// read EF.C.CH.AUT
DSIRead dsiRead = new DSIRead();
dsiRead.setConnectionHandle(result.getConnectionHandle());
dsiRead.setDSIName("EF.C.CH.AUT");
DSIReadResponse dsiReadResponse = instance.dsiRead(dsiRead);
System.out.println(dsiReadResponse.getResult().getResultMinor());
assertEquals(ECardConstants.Major.OK, dsiReadResponse.getResult().getResultMajor());
System.out.println(dsiReadResponse.getResult().getResultMinor());
assertTrue(dsiReadResponse.getDSIContent().length > 0);
// test connectionhandle == null
dsiRead = new DSIRead();
dsiRead.setConnectionHandle(null);
dsiRead.setDSIName("EF.C.CH.AUT");
dsiReadResponse = instance.dsiRead(dsiRead);
assertEquals(ECardConstants.Major.ERROR, dsiReadResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, dsiReadResponse.getResult().getResultMinor());
// test dsiName == null
dsiRead = new DSIRead();
dsiRead.setConnectionHandle(result.getConnectionHandle());
dsiRead.setDSIName(null);
dsiReadResponse = instance.dsiRead(dsiRead);
assertEquals(ECardConstants.Major.ERROR, dsiReadResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, dsiReadResponse.getResult().getResultMinor());
// test dsiName invalid
dsiRead = new DSIRead();
dsiRead.setConnectionHandle(result.getConnectionHandle());
dsiRead.setDSIName("INVALID");
dsiReadResponse = instance.dsiRead(dsiRead);
assertEquals(ECardConstants.Major.ERROR, dsiReadResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.SAL.NAMED_ENTITY_NOT_FOUND, dsiReadResponse.getResult().getResultMinor());
// test security condition not satisfied
dsiRead = new DSIRead();
dsiRead.setConnectionHandle(result.getConnectionHandle());
dsiRead.setDSIName("EF.C.CH.AUTN");
dsiReadResponse = instance.dsiRead(dsiRead);
assertEquals(ECardConstants.Major.ERROR, dsiReadResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.SAL.SECURITY_CONDITION_NOT_SATISFIED, dsiReadResponse.getResult().getResultMinor());
// test invalid connectionhandle
dsiRead = new DSIRead();
dsiRead.setConnectionHandle(result.getConnectionHandle());
dsiRead.getConnectionHandle().setIFDName("invalid");
dsiRead.setDSIName(null);
dsiReadResponse = instance.dsiRead(dsiRead);
assertEquals(ECardConstants.Major.ERROR, dsiReadResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, dsiReadResponse.getResult().getResultMinor());
}
Aggregations