use of oasis.names.tc.dss._1_0.core.schema.Result in project open-ecard by ecsec.
the class AndroidMarshallerTest method testConversionOfDIDAuthenticateResponseCA.
@Test
public void testConversionOfDIDAuthenticateResponseCA() throws Exception {
WSMarshaller m = new AndroidMarshaller();
DIDAuthenticateResponse didAuthResponse = new DIDAuthenticateResponse();
Result r = new Result();
r.setResultMajor("major");
r.setResultMinor("minor");
InternationalStringType internationalStringType = new InternationalStringType();
internationalStringType.setLang("en");
internationalStringType.setValue("message");
r.setResultMessage(internationalStringType);
didAuthResponse.setResult(r);
EAC2OutputType didAuthenticationDataType = new EAC2OutputType();
didAuthenticationDataType.setProtocol("urn:....");
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document d = builder.newDocument();
Element e = d.createElementNS("urn:iso:std:iso-iec:24727:tech:schema", "Signature");
e.setTextContent("7117D7BF95D8D6BD437A0D43DE48F42528273A98F2605758D6A3A2BFC38141E7577CABB4F8FBC8DF152E3A097D1B3A703597331842425FE4A9D0F1C9067AC4A9");
didAuthenticationDataType.getAny().add(e);
didAuthResponse.setAuthenticationProtocolData(didAuthenticationDataType);
marshalLog(didAuthResponse);
Document doc = m.marshal(didAuthResponse);
String s = m.doc2str(doc);
LOG.debug(s);
StringReader sr = new StringReader(s);
DIDAuthenticateResponse didaresp = JAXB.unmarshal(sr, DIDAuthenticateResponse.class);
marshalLog(didaresp);
}
use of oasis.names.tc.dss._1_0.core.schema.Result in project open-ecard by ecsec.
the class MiddlewareSAL method didAuthenticate.
@Override
public DIDAuthenticateResponse didAuthenticate(DIDAuthenticate request) {
DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
connectionHandle = cardStateEntry.handleCopy();
byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
byte[] slotHandle = connectionHandle.getSlotHandle();
DIDAuthenticationDataType didAuthenticationData = request.getAuthenticationProtocolData();
Assert.assertIncorrectParameter(didAuthenticationData, "The parameter AuthenticationProtocolData is empty.");
String didName = SALUtils.getDIDName(request);
DIDStructureType didStruct = cardStateEntry.getDIDStructure(didName, application);
if (didStruct == null) {
String msg = String.format("DID %s does not exist.", didName);
throw new NamedEntityNotFoundException(msg);
}
PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStruct.getDIDMarker());
String protocolURI = didAuthenticationData.getProtocol();
if (!"urn:oid:1.3.162.15480.3.0.9".equals(protocolURI)) {
String msg = String.format("Protocol %s is not supported by this SAL.", protocolURI);
throw new UnknownProtocolException(msg);
}
PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(didAuthenticationData);
PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
// extract pin value from auth data
char[] pinValue = pinCompareInput.getPIN();
pinCompareInput.setPIN(null);
MwSession session = managedSessions.get(slotHandle);
boolean protectedAuthPath = connectionHandle.getSlotInfo().isProtectedAuthPath();
boolean pinAuthenticated;
boolean pinBlocked = false;
if (!(pinValue == null || pinValue.length == 0) && !protectedAuthPath) {
// we don't need a GUI if the PIN is known
try {
session.login(UserType.User, pinValue);
} finally {
Arrays.fill(pinValue, ' ');
}
pinAuthenticated = true;
// TODO: display error GUI if the PIN entry failed
} else {
// omit GUI when Middleware has its own PIN dialog for class 2 readers
if (protectedAuthPath && builtinPinDialog) {
session.loginExternal(UserType.User);
pinAuthenticated = true;
} else {
PinEntryDialog dialog = new PinEntryDialog(gui, protectedAuthPath, pinCompareMarker, session);
dialog.show();
pinAuthenticated = dialog.isPinAuthenticated();
pinBlocked = dialog.isPinBlocked();
}
}
if (pinAuthenticated) {
cardStateEntry.addAuthenticated(didName, application);
} else if (pinBlocked) {
String msg = "PIN is blocked.";
Result r = WSHelper.makeResultError(ECardConstants.Minor.IFD.PASSWORD_BLOCKED, msg);
response.setResult(r);
} else {
String msg = "Failed to enter PIN.";
Result r = WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, msg);
response.setResult(r);
}
// create did authenticate response
response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
} catch (PinBlockedException ex) {
// TODO: set retry counter
String minor = ECardConstants.Minor.IFD.PASSWORD_BLOCKED;
Result r = WSHelper.makeResultError(minor, ex.getMessage());
response.setResult(r);
} catch (PinIncorrectException ex) {
// TODO: set retry counter
String minor = ECardConstants.Minor.SAL.SECURITY_CONDITION_NOT_SATISFIED;
Result r = WSHelper.makeResultError(minor, ex.getMessage());
response.setResult(r);
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of oasis.names.tc.dss._1_0.core.schema.Result in project open-ecard by ecsec.
the class IFD method controlIFD.
/**
* Note: the first byte of the command data is the control code.
*/
@Override
public ControlIFDResponse controlIFD(ControlIFD parameters) {
ControlIFDResponse response;
if (!hasContext()) {
String msg = "Context not initialized.";
Result r = WSHelper.makeResultError(ECardConstants.Minor.IFD.INVALID_SLOT_HANDLE, msg);
response = WSHelper.makeResponse(ControlIFDResponse.class, r);
return response;
}
byte[] handle = parameters.getSlotHandle();
byte[] command = parameters.getCommand();
if (handle == null || command == null) {
String msg = "Missing parameter.";
Result r = WSHelper.makeResultUnknownError(msg);
response = WSHelper.makeResponse(ControlIFDResponse.class, r);
return response;
}
byte ctrlCode = command[0];
command = Arrays.copyOfRange(command, 1, command.length);
try {
SingleThreadChannel ch = cm.getSlaveChannel(handle);
TerminalInfo info = new TerminalInfo(cm, ch);
Integer featureCode = info.getFeatureCodes().get(Integer.valueOf(ctrlCode));
// see if the terminal can deal with that
if (featureCode != null) {
byte[] resultCommand = ch.transmitControlCommand(featureCode, command);
// evaluate result
Result result = evaluateControlIFDRAPDU(resultCommand);
response = WSHelper.makeResponse(ControlIFDResponse.class, result);
response.setResponse(resultCommand);
return response;
} else {
String msg = "The terminal is not capable of performing the requested action.";
Result r = WSHelper.makeResultUnknownError(msg);
response = WSHelper.makeResponse(ControlIFDResponse.class, r);
return response;
}
} catch (NoSuchChannel | IllegalStateException ex) {
String msg = "The card or the terminal is not available anymore.";
Result r = WSHelper.makeResultError(ECardConstants.Minor.IFD.Terminal.UNKNOWN_IFD, msg);
response = WSHelper.makeResponse(ControlIFDResponse.class, r);
LOG.warn(msg, ex);
return response;
} catch (SCIOException ex) {
String msg = "Unknown error while sending transmit control command.";
Result r = WSHelper.makeResultUnknownError(msg);
response = WSHelper.makeResponse(ControlIFDResponse.class, r);
LOG.warn(msg, ex);
return response;
}
}
use of oasis.names.tc.dss._1_0.core.schema.Result in project open-ecard by ecsec.
the class IFD method establishChannel.
@Override
public EstablishChannelResponse establishChannel(EstablishChannel parameters) {
byte[] slotHandle = parameters.getSlotHandle();
try {
SingleThreadChannel channel = cm.getSlaveChannel(slotHandle);
TerminalInfo termInfo = new TerminalInfo(cm, channel);
DIDAuthenticationDataType protoParam = parameters.getAuthenticationProtocolData();
String protocol = protoParam.getProtocol();
// check if it is PACE and try to perform native implementation
// get pace capabilities
List<PACECapabilities.PACECapability> paceCapabilities = termInfo.getPACECapabilities();
List<String> supportedProtos = TerminalInfo.buildPACEProtocolList(paceCapabilities);
// i don't care which type is supported, i try it anyways
if (!supportedProtos.isEmpty() && supportedProtos.get(0).startsWith(protocol)) {
// yeah, PACE seems to be supported by the reader, big win
PACEInputType paceParam = new PACEInputType(protoParam);
// extract variables needed for pace
byte pinID = paceParam.getPINID();
// optional elements
byte[] chat = paceParam.getCHAT();
String pin = paceParam.getPIN();
byte[] certDesc = paceParam.getCertificateDescription();
// prepare pace data structures
// TODO: add supplied PIN
EstablishPACERequest estPaceReq = new EstablishPACERequest(pinID, chat, null, certDesc);
ExecutePACERequest execPaceReq = new ExecutePACERequest(ExecutePACERequest.Function.EstablishPACEChannel, estPaceReq.toBytes());
// TODO: check if this additional check is really necessary
if (estPaceReq.isSupportedType(paceCapabilities)) {
byte[] reqData = execPaceReq.toBytes();
LOG.debug("executeCtrlCode request: {}", ByteUtils.toHexString(reqData));
// execute pace
Map<Integer, Integer> features = termInfo.getFeatureCodes();
byte[] resData = channel.transmitControlCommand(features.get(PCSCFeatures.EXECUTE_PACE), reqData);
LOG.debug("Response of executeCtrlCode: {}", ByteUtils.toHexString(resData));
// evaluate response
ExecutePACEResponse execPaceRes = new ExecutePACEResponse(resData);
if (execPaceRes.isError()) {
return WSHelper.makeResponse(EstablishChannelResponse.class, execPaceRes.getResult());
}
EstablishPACEResponse estPaceRes = new EstablishPACEResponse(execPaceRes.getData());
// get values and prepare response
PACEOutputType authDataResponse = paceParam.getOutputType();
// mandatory fields
authDataResponse.setRetryCounter(estPaceRes.getRetryCounter());
authDataResponse.setEFCardAccess(estPaceRes.getEFCardAccess());
// optional fields
if (estPaceRes.hasCurrentCAR()) {
authDataResponse.setCurrentCAR(estPaceRes.getCurrentCAR());
}
if (estPaceRes.hasPreviousCAR()) {
authDataResponse.setPreviousCAR(estPaceRes.getPreviousCAR());
}
if (estPaceRes.hasIDICC()) {
authDataResponse.setIDPICC(estPaceRes.getIDICC());
}
// create response type and return
EstablishChannelResponse response = WSHelper.makeResponse(EstablishChannelResponse.class, WSHelper.makeResultOK());
response.setAuthenticationProtocolData(authDataResponse.getAuthDataType());
return response;
}
}
// check out available software protocols
if (this.protocolFactories.contains(protocol)) {
ProtocolFactory factory = this.protocolFactories.get(protocol);
Protocol protoImpl = factory.createInstance();
EstablishChannelResponse response = protoImpl.establish(parameters, env.getDispatcher(), this.gui);
// register protocol instance for secure messaging when protocol was processed successful
if (response.getResult().getResultMajor().equals(ECardConstants.Major.OK)) {
channel.addSecureMessaging(protoImpl);
}
return response;
}
// if this point is reached a native implementation is not present, try registered protocols
Result r = WSHelper.makeResultUnknownError("No such protocol available in this IFD.");
return WSHelper.makeResponse(EstablishChannelResponse.class, r);
} catch (Throwable t) {
return WSHelper.makeResponse(EstablishChannelResponse.class, WSHelper.makeResult(t));
}
}
use of oasis.names.tc.dss._1_0.core.schema.Result in project open-ecard by ecsec.
the class IFD method getStatus.
@Override
public GetStatusResponse getStatus(GetStatus parameters) {
GetStatusResponse response;
// you thought of a different IFD obviously
if (!ByteUtils.compare(ctxHandle, parameters.getContextHandle())) {
String msg = "Invalid context handle specified.";
Result r = WSHelper.makeResultError(ECardConstants.Minor.IFD.INVALID_CONTEXT_HANDLE, msg);
response = WSHelper.makeResponse(GetStatusResponse.class, r);
return response;
}
// get specific ifd or all if no specific one is requested
List<SCIOTerminal> ifds = new LinkedList<>();
try {
String requestedIfd = parameters.getIFDName();
if (requestedIfd != null) {
try {
SCIOTerminal t = cm.getTerminals().getTerminal(requestedIfd);
ifds.add(t);
} catch (NoSuchTerminal ex) {
String msg = "The requested IFD name does not exist.";
LOG.warn(msg, ex);
String minor = ECardConstants.Minor.IFD.Terminal.UNKNOWN_IFD;
Result r = WSHelper.makeResult(ECardConstants.Major.ERROR, minor, msg);
response = WSHelper.makeResponse(GetStatusResponse.class, r);
return response;
}
} else {
ifds.addAll(cm.getTerminals().list());
}
} catch (SCIOException ex) {
String msg = "Failed to get list with the terminals.";
LOG.warn(msg, ex);
response = WSHelper.makeResponse(GetStatusResponse.class, WSHelper.makeResultUnknownError(msg));
return response;
}
// request status for each ifd
ArrayList<IFDStatusType> status = new ArrayList<>(ifds.size());
for (SCIOTerminal ifd : ifds) {
TerminalInfo info;
try {
SingleThreadChannel channel = cm.openMasterChannel(ifd.getName());
info = new TerminalInfo(cm, channel);
} catch (NoSuchTerminal | SCIOException ex) {
// continue without a channel
info = new TerminalInfo(cm, ifd);
}
try {
IFDStatusType s = info.getStatus();
status.add(s);
} catch (SCIOException ex) {
if (ex.getCode() != SCIOErrorCode.SCARD_W_UNPOWERED_CARD && ex.getCode() != SCIOErrorCode.SCARD_W_UNRESPONSIVE_CARD && ex.getCode() != SCIOErrorCode.SCARD_W_UNSUPPORTED_CARD && ex.getCode() != SCIOErrorCode.SCARD_E_PROTO_MISMATCH) {
String msg = String.format("Failed to determine status of terminal '%s'.", ifd.getName());
LOG.warn(msg, ex);
Result r = WSHelper.makeResultUnknownError(msg);
response = WSHelper.makeResponse(GetStatusResponse.class, r);
return response;
} else {
// fall througth if there is a card which can not be connected
LOG.info("Ignoring failed status request from terminal.", ex);
}
}
}
// everything worked out well
response = WSHelper.makeResponse(GetStatusResponse.class, WSHelper.makeResultOK());
response.getIFDStatus().addAll(status);
return response;
}
Aggregations