use of iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse in project open-ecard by ecsec.
the class TinySALTest method testVerifySignature.
/**
* Test of verifySignature method, of class TinySAL.
*/
@Test(enabled = TESTS_ENABLED)
public void testVerifySignature() {
System.out.println("verifySignature");
VerifySignature parameters = new VerifySignature();
VerifySignatureResponse result = instance.verifySignature(parameters);
assertEquals(ECardConstants.Major.ERROR, result.getResult().getResultMajor());
}
use of iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse in project open-ecard by ecsec.
the class VerifySignatureStep method perform.
@Override
public VerifySignatureResponse perform(VerifySignature request, Map<String, Object> internalData) {
VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
String didName = SALUtils.getDIDName(request);
DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
// required
byte[] signature = request.getSignature();
// optional
byte[] message = request.getMessage();
CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
String dataSetNameCertificate = cryptoMarker.getCertificateRefs().get(0).getDataSetName();
String algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
DSIRead dsiRead = new DSIRead();
dsiRead.setConnectionHandle(connectionHandle);
dsiRead.setDSIName(dataSetNameCertificate);
DSIReadResponse dsiReadResponse = (DSIReadResponse) dispatcher.safeDeliver(dsiRead);
WSHelper.checkResult(dsiReadResponse);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
Signature signatureAlgorithm;
if (algorithmIdentifier.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
signatureAlgorithm = Signature.getInstance("RSA", new BouncyCastleProvider());
} else if (algorithmIdentifier.equals(GenericCryptoUris.RSASSA_PSS_SHA256)) {
signatureAlgorithm = Signature.getInstance("RAWRSASSA-PSS", new BouncyCastleProvider());
signatureAlgorithm.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
} else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2)) {
return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
} else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2rnd)) {
return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
} else {
throw new IncorrectParameterException("Unknown signature algorithm.");
}
signatureAlgorithm.initVerify(cert);
if (message != null) {
signatureAlgorithm.update(message);
}
if (!signatureAlgorithm.verify(signature)) {
throw new InvalidSignatureException();
}
} catch (ECardException e) {
LOG.error(e.getMessage(), e);
response.setResult(e.getResult());
} catch (Exception e) {
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse in project open-ecard by ecsec.
the class TinySAL method verifySignature.
/**
* The VerifySignature function verifies a digital signature.
* See BSI-TR-03112-4, version 1.1.2, section 3.5.6.
*
* @param request VerifySignature
* @return VerifySignatureResponse
*/
@Override
public VerifySignatureResponse verifySignature(VerifySignature request) {
VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
String didName = SALUtils.getDIDName(request);
byte[] signature = request.getSignature();
Assert.assertIncorrectParameter(signature, "The parameter Signature is empty.");
DIDScopeType didScope = request.getDIDScope();
if (didScope == null) {
didScope = DIDScopeType.LOCAL;
}
if (didScope.equals(DIDScopeType.LOCAL)) {
byte[] necessarySelectedApp = cardStateEntry.getInfo().getApplicationIdByDidName(didName, didScope);
if (!Arrays.equals(necessarySelectedApp, applicationID)) {
String msg = "Wrong application selected for the execution of VerifySignature with the DID " + didName + ".";
throw new SecurityConditionNotSatisfiedException(msg);
}
}
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, didScope);
Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
String protocolURI = didStructure.getDIDMarker().getProtocol();
SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
if (protocol.hasNextStep(FunctionType.VerifySignature)) {
response = protocol.verifySignature(request);
removeFinishedProtocol(connectionHandle, protocolURI, protocol);
} else {
throw new InappropriateProtocolForActionException("VerifySignature", protocol.toString());
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse in project open-ecard by ecsec.
the class GenericCryptographyProtocolTest method testVerifySignature.
/**
* Test for the VerifySignature Step of the Generic Cryptography protocol. After we connected to the ESIGN
* application of the eGK, we use DIDList to get a List of DIDs that support the compute signature function. We
* then authenticate with PIN.home and let the card sign our message. Afterwards we call VerifySignature for that
* signature which should return OK.
*
* @throws Exception
* when something in this test went unexpectedly wrong
*/
@Test(enabled = TESTS_ENABLED)
public void testVerifySignature() throws Exception {
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(cardApplication);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
WSHelper.checkResult(cardApplicationPathResponse);
CardApplicationConnect parameters = new CardApplicationConnect();
CardAppPathResultSet cardAppPathResultSet = cardApplicationPathResponse.getCardAppPathResultSet();
parameters.setCardApplicationPath(cardAppPathResultSet.getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(parameters);
WSHelper.checkResult(result);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
DIDList didList = new DIDList();
didList.setConnectionHandle(result.getConnectionHandle());
DIDQualifierType didQualifier = new DIDQualifierType();
didQualifier.setApplicationIdentifier(cardApplication);
didQualifier.setObjectIdentifier(ECardConstants.Protocol.GENERIC_CRYPTO);
didQualifier.setApplicationFunction("Compute-signature");
didList.setFilter(didQualifier);
DIDListResponse didListResponse = instance.didList(didList);
assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
WSHelper.checkResult(didListResponse);
DIDAuthenticate didAthenticate = new DIDAuthenticate();
didAthenticate.setDIDName("PIN.home");
PinCompareDIDAuthenticateInputType didAuthenticationData = new PinCompareDIDAuthenticateInputType();
didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
didAthenticate.setConnectionHandle(result.getConnectionHandle());
didAthenticate.getConnectionHandle().setCardApplication(cardApplication_ROOT);
didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
DIDAuthenticateResponse didAuthenticateResult = instance.didAuthenticate(didAthenticate);
WSHelper.checkResult(didAuthenticateResult);
assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getAny().size(), 0);
assertEquals(ECardConstants.Major.OK, didAuthenticateResult.getResult().getResultMajor());
for (int numOfDIDs = 0; numOfDIDs < didListResponse.getDIDNameList().getDIDName().size(); numOfDIDs++) {
String didName = didListResponse.getDIDNameList().getDIDName().get(numOfDIDs);
DIDGet didGet = new DIDGet();
didGet.setDIDName(didName);
didGet.setDIDScope(DIDScopeType.LOCAL);
didGet.setConnectionHandle(result.getConnectionHandle());
didGet.getConnectionHandle().setCardApplication(cardApplication);
DIDGetResponse didGetResponse = instance.didGet(didGet);
Sign sign = new Sign();
byte[] message = new byte[] { 0x01, 0x02, 0x03 };
org.openecard.crypto.common.sal.did.CryptoMarkerType cryptoMarker = new org.openecard.crypto.common.sal.did.CryptoMarkerType((CryptoMarkerType) didGetResponse.getDIDStructure().getDIDMarker());
String algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
if (algorithmIdentifier.equals(GenericCryptoUris.RSASSA_PSS_SHA256)) {
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
message = messageDigest.digest(message);
} else if (algorithmIdentifier.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
// do nothing
} else {
LOG.warn("Skipping decipher for the unsupported algorithmIdentifier: {}", algorithmIdentifier);
continue;
}
sign.setMessage(message);
sign.setConnectionHandle(result.getConnectionHandle());
sign.getConnectionHandle().setCardApplication(cardApplication);
sign.setDIDName(didName);
sign.setDIDScope(DIDScopeType.LOCAL);
SignResponse signResponse = instance.sign(sign);
assertEquals(ECardConstants.Major.OK, signResponse.getResult().getResultMajor());
WSHelper.checkResult(signResponse);
byte[] signature = signResponse.getSignature();
VerifySignature verifySignature = new VerifySignature();
verifySignature.setConnectionHandle(sign.getConnectionHandle());
verifySignature.setDIDName(didName);
verifySignature.setDIDScope(DIDScopeType.LOCAL);
verifySignature.setMessage(message);
verifySignature.setSignature(signature);
VerifySignatureResponse verifySignatureResponse = instance.verifySignature(verifySignature);
WSHelper.checkResult(verifySignatureResponse);
}
}
Aggregations