Search in sources :

Example 1 with VerifySignatureResponse

use of iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse in project open-ecard by ecsec.

the class TinySALTest method testVerifySignature.

/**
 * Test of verifySignature method, of class TinySAL.
 */
@Test(enabled = TESTS_ENABLED)
public void testVerifySignature() {
    System.out.println("verifySignature");
    VerifySignature parameters = new VerifySignature();
    VerifySignatureResponse result = instance.verifySignature(parameters);
    assertEquals(ECardConstants.Major.ERROR, result.getResult().getResultMajor());
}
Also used : VerifySignatureResponse(iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse) VerifySignature(iso.std.iso_iec._24727.tech.schema.VerifySignature) Test(org.testng.annotations.Test)

Example 2 with VerifySignatureResponse

use of iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse in project open-ecard by ecsec.

the class VerifySignatureStep method perform.

@Override
public VerifySignatureResponse perform(VerifySignature request, Map<String, Object> internalData) {
    VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
        // required
        byte[] signature = request.getSignature();
        // optional
        byte[] message = request.getMessage();
        CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
        String dataSetNameCertificate = cryptoMarker.getCertificateRefs().get(0).getDataSetName();
        String algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
        DSIRead dsiRead = new DSIRead();
        dsiRead.setConnectionHandle(connectionHandle);
        dsiRead.setDSIName(dataSetNameCertificate);
        DSIReadResponse dsiReadResponse = (DSIReadResponse) dispatcher.safeDeliver(dsiRead);
        WSHelper.checkResult(dsiReadResponse);
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
        Signature signatureAlgorithm;
        if (algorithmIdentifier.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
            signatureAlgorithm = Signature.getInstance("RSA", new BouncyCastleProvider());
        } else if (algorithmIdentifier.equals(GenericCryptoUris.RSASSA_PSS_SHA256)) {
            signatureAlgorithm = Signature.getInstance("RAWRSASSA-PSS", new BouncyCastleProvider());
            signatureAlgorithm.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
        } else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2)) {
            return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
        } else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2rnd)) {
            return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
        } else {
            throw new IncorrectParameterException("Unknown signature algorithm.");
        }
        signatureAlgorithm.initVerify(cert);
        if (message != null) {
            signatureAlgorithm.update(message);
        }
        if (!signatureAlgorithm.verify(signature)) {
            throw new InvalidSignatureException();
        }
    } catch (ECardException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) InvalidSignatureException(org.openecard.common.sal.exception.InvalidSignatureException) DSIRead(iso.std.iso_iec._24727.tech.schema.DSIRead) CryptoMarkerType(org.openecard.crypto.common.sal.did.CryptoMarkerType) VerifySignatureResponse(iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) ECardException(org.openecard.common.ECardException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) InvalidSignatureException(org.openecard.common.sal.exception.InvalidSignatureException) ECardException(org.openecard.common.ECardException) ByteArrayInputStream(java.io.ByteArrayInputStream) PSSParameterSpec(java.security.spec.PSSParameterSpec) Signature(java.security.Signature) VerifySignature(iso.std.iso_iec._24727.tech.schema.VerifySignature) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) DSIReadResponse(iso.std.iso_iec._24727.tech.schema.DSIReadResponse) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) BouncyCastleProvider(org.openecard.bouncycastle.jce.provider.BouncyCastleProvider) MGF1ParameterSpec(java.security.spec.MGF1ParameterSpec)

Example 3 with VerifySignatureResponse

use of iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse in project open-ecard by ecsec.

the class TinySAL method verifySignature.

/**
 * The VerifySignature function verifies a digital signature.
 * See BSI-TR-03112-4, version 1.1.2, section 3.5.6.
 *
 * @param request VerifySignature
 * @return VerifySignatureResponse
 */
@Override
public VerifySignatureResponse verifySignature(VerifySignature request) {
    VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
        String didName = SALUtils.getDIDName(request);
        byte[] signature = request.getSignature();
        Assert.assertIncorrectParameter(signature, "The parameter Signature is empty.");
        DIDScopeType didScope = request.getDIDScope();
        if (didScope == null) {
            didScope = DIDScopeType.LOCAL;
        }
        if (didScope.equals(DIDScopeType.LOCAL)) {
            byte[] necessarySelectedApp = cardStateEntry.getInfo().getApplicationIdByDidName(didName, didScope);
            if (!Arrays.equals(necessarySelectedApp, applicationID)) {
                String msg = "Wrong application selected for the execution of VerifySignature with the DID " + didName + ".";
                throw new SecurityConditionNotSatisfiedException(msg);
            }
        }
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, didScope);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        String protocolURI = didStructure.getDIDMarker().getProtocol();
        SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
        if (protocol.hasNextStep(FunctionType.VerifySignature)) {
            response = protocol.verifySignature(request);
            removeFinishedProtocol(connectionHandle, protocolURI, protocol);
        } else {
            throw new InappropriateProtocolForActionException("VerifySignature", protocol.toString());
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) ECardException(org.openecard.common.ECardException) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) SALProtocol(org.openecard.addon.sal.SALProtocol) DIDScopeType(iso.std.iso_iec._24727.tech.schema.DIDScopeType) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) VerifySignatureResponse(iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse) PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException) NameExistsException(org.openecard.common.sal.exception.NameExistsException) AddonNotFoundException(org.openecard.addon.AddonNotFoundException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) ECardException(org.openecard.common.ECardException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) TLVException(org.openecard.common.tlv.TLVException) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) UnknownConnectionHandleException(org.openecard.common.sal.exception.UnknownConnectionHandleException)

Example 4 with VerifySignatureResponse

use of iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse in project open-ecard by ecsec.

the class GenericCryptographyProtocolTest method testVerifySignature.

/**
 * Test for the VerifySignature Step of the Generic Cryptography protocol. After we connected to the ESIGN
 * application of the eGK, we use DIDList to get a List of DIDs that support the compute signature function. We
 * then authenticate with PIN.home and let the card sign our message. Afterwards we call VerifySignature for that
 * signature which should return OK.
 *
 * @throws Exception
 *             when something in this test went unexpectedly wrong
 */
@Test(enabled = TESTS_ENABLED)
public void testVerifySignature() throws Exception {
    CardApplicationPath cardApplicationPath = new CardApplicationPath();
    CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
    cardApplicationPathType.setCardApplication(cardApplication);
    cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
    CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
    WSHelper.checkResult(cardApplicationPathResponse);
    CardApplicationConnect parameters = new CardApplicationConnect();
    CardAppPathResultSet cardAppPathResultSet = cardApplicationPathResponse.getCardAppPathResultSet();
    parameters.setCardApplicationPath(cardAppPathResultSet.getCardApplicationPathResult().get(0));
    CardApplicationConnectResponse result = instance.cardApplicationConnect(parameters);
    WSHelper.checkResult(result);
    assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
    DIDList didList = new DIDList();
    didList.setConnectionHandle(result.getConnectionHandle());
    DIDQualifierType didQualifier = new DIDQualifierType();
    didQualifier.setApplicationIdentifier(cardApplication);
    didQualifier.setObjectIdentifier(ECardConstants.Protocol.GENERIC_CRYPTO);
    didQualifier.setApplicationFunction("Compute-signature");
    didList.setFilter(didQualifier);
    DIDListResponse didListResponse = instance.didList(didList);
    assertTrue(didListResponse.getDIDNameList().getDIDName().size() > 0);
    WSHelper.checkResult(didListResponse);
    DIDAuthenticate didAthenticate = new DIDAuthenticate();
    didAthenticate.setDIDName("PIN.home");
    PinCompareDIDAuthenticateInputType didAuthenticationData = new PinCompareDIDAuthenticateInputType();
    didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
    didAthenticate.setConnectionHandle(result.getConnectionHandle());
    didAthenticate.getConnectionHandle().setCardApplication(cardApplication_ROOT);
    didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
    didAthenticate.setAuthenticationProtocolData(didAuthenticationData);
    DIDAuthenticateResponse didAuthenticateResult = instance.didAuthenticate(didAthenticate);
    WSHelper.checkResult(didAuthenticateResult);
    assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
    assertEquals(didAuthenticateResult.getAuthenticationProtocolData().getAny().size(), 0);
    assertEquals(ECardConstants.Major.OK, didAuthenticateResult.getResult().getResultMajor());
    for (int numOfDIDs = 0; numOfDIDs < didListResponse.getDIDNameList().getDIDName().size(); numOfDIDs++) {
        String didName = didListResponse.getDIDNameList().getDIDName().get(numOfDIDs);
        DIDGet didGet = new DIDGet();
        didGet.setDIDName(didName);
        didGet.setDIDScope(DIDScopeType.LOCAL);
        didGet.setConnectionHandle(result.getConnectionHandle());
        didGet.getConnectionHandle().setCardApplication(cardApplication);
        DIDGetResponse didGetResponse = instance.didGet(didGet);
        Sign sign = new Sign();
        byte[] message = new byte[] { 0x01, 0x02, 0x03 };
        org.openecard.crypto.common.sal.did.CryptoMarkerType cryptoMarker = new org.openecard.crypto.common.sal.did.CryptoMarkerType((CryptoMarkerType) didGetResponse.getDIDStructure().getDIDMarker());
        String algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
        if (algorithmIdentifier.equals(GenericCryptoUris.RSASSA_PSS_SHA256)) {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            message = messageDigest.digest(message);
        } else if (algorithmIdentifier.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
        // do nothing
        } else {
            LOG.warn("Skipping decipher for the unsupported algorithmIdentifier: {}", algorithmIdentifier);
            continue;
        }
        sign.setMessage(message);
        sign.setConnectionHandle(result.getConnectionHandle());
        sign.getConnectionHandle().setCardApplication(cardApplication);
        sign.setDIDName(didName);
        sign.setDIDScope(DIDScopeType.LOCAL);
        SignResponse signResponse = instance.sign(sign);
        assertEquals(ECardConstants.Major.OK, signResponse.getResult().getResultMajor());
        WSHelper.checkResult(signResponse);
        byte[] signature = signResponse.getSignature();
        VerifySignature verifySignature = new VerifySignature();
        verifySignature.setConnectionHandle(sign.getConnectionHandle());
        verifySignature.setDIDName(didName);
        verifySignature.setDIDScope(DIDScopeType.LOCAL);
        verifySignature.setMessage(message);
        verifySignature.setSignature(signature);
        VerifySignatureResponse verifySignatureResponse = instance.verifySignature(verifySignature);
        WSHelper.checkResult(verifySignatureResponse);
    }
}
Also used : DIDList(iso.std.iso_iec._24727.tech.schema.DIDList) PinCompareDIDAuthenticateInputType(iso.std.iso_iec._24727.tech.schema.PinCompareDIDAuthenticateInputType) CardAppPathResultSet(iso.std.iso_iec._24727.tech.schema.CardApplicationPathResponse.CardAppPathResultSet) DIDListResponse(iso.std.iso_iec._24727.tech.schema.DIDListResponse) CardApplicationPathType(iso.std.iso_iec._24727.tech.schema.CardApplicationPathType) CardApplicationConnect(iso.std.iso_iec._24727.tech.schema.CardApplicationConnect) SignResponse(iso.std.iso_iec._24727.tech.schema.SignResponse) DIDGet(iso.std.iso_iec._24727.tech.schema.DIDGet) MessageDigest(java.security.MessageDigest) DIDAuthenticate(iso.std.iso_iec._24727.tech.schema.DIDAuthenticate) CardApplicationPathResponse(iso.std.iso_iec._24727.tech.schema.CardApplicationPathResponse) DIDQualifierType(iso.std.iso_iec._24727.tech.schema.DIDQualifierType) DIDGetResponse(iso.std.iso_iec._24727.tech.schema.DIDGetResponse) CryptoMarkerType(iso.std.iso_iec._24727.tech.schema.CryptoMarkerType) CardApplicationConnectResponse(iso.std.iso_iec._24727.tech.schema.CardApplicationConnectResponse) VerifySignatureResponse(iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse) VerifySignature(iso.std.iso_iec._24727.tech.schema.VerifySignature) CardApplicationPath(iso.std.iso_iec._24727.tech.schema.CardApplicationPath) DIDAuthenticateResponse(iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse) Sign(iso.std.iso_iec._24727.tech.schema.Sign) Test(org.testng.annotations.Test)

Aggregations

VerifySignatureResponse (iso.std.iso_iec._24727.tech.schema.VerifySignatureResponse)4 VerifySignature (iso.std.iso_iec._24727.tech.schema.VerifySignature)3 ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)2 DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)2 ECardException (org.openecard.common.ECardException)2 IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)2 CardStateEntry (org.openecard.common.sal.state.CardStateEntry)2 Test (org.testng.annotations.Test)2 CardApplicationConnect (iso.std.iso_iec._24727.tech.schema.CardApplicationConnect)1 CardApplicationConnectResponse (iso.std.iso_iec._24727.tech.schema.CardApplicationConnectResponse)1 CardApplicationPath (iso.std.iso_iec._24727.tech.schema.CardApplicationPath)1 CardApplicationPathResponse (iso.std.iso_iec._24727.tech.schema.CardApplicationPathResponse)1 CardAppPathResultSet (iso.std.iso_iec._24727.tech.schema.CardApplicationPathResponse.CardAppPathResultSet)1 CardApplicationPathType (iso.std.iso_iec._24727.tech.schema.CardApplicationPathType)1 CryptoMarkerType (iso.std.iso_iec._24727.tech.schema.CryptoMarkerType)1 DIDAuthenticate (iso.std.iso_iec._24727.tech.schema.DIDAuthenticate)1 DIDAuthenticateResponse (iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse)1 DIDGet (iso.std.iso_iec._24727.tech.schema.DIDGet)1 DIDGetResponse (iso.std.iso_iec._24727.tech.schema.DIDGetResponse)1 DIDList (iso.std.iso_iec._24727.tech.schema.DIDList)1