Search in sources :

Example 21 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method cardApplicationConnect.

/**
 * The CardApplicationConnect function establishes an unauthenticated connection between the client
 * application and the card application.
 * See BSI-TR-03112-4, version 1.1.2, section 3.2.1.
 *
 * @param request CardApplicationConnect
 * @return CardApplicationConnectResponse
 */
@Override
public CardApplicationConnectResponse cardApplicationConnect(CardApplicationConnect request) {
    CardApplicationConnectResponse response = WSHelper.makeResponse(CardApplicationConnectResponse.class, WSHelper.makeResultOK());
    try {
        CardApplicationPathType cardAppPath = request.getCardApplicationPath();
        Assert.assertIncorrectParameter(cardAppPath, "The parameter CardAppPathRequest is empty.");
        Set<CardStateEntry> cardStateEntrySet = states.getMatchingEntries(cardAppPath, false);
        Assert.assertIncorrectParameter(cardStateEntrySet, "The given ConnectionHandle is invalid.");
        /*
	     * [TR-03112-4] If the provided path fragments are valid for more than one card application
	     * the eCard-API-Framework SHALL return any of the possible choices.
	     */
        CardStateEntry cardStateEntry = cardStateEntrySet.iterator().next();
        byte[] applicationID = cardAppPath.getCardApplication();
        if (applicationID == null) {
            if (cardStateEntry.getImplicitlySelectedApplicationIdentifier() != null) {
                applicationID = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
            } else {
                applicationID = MF;
            }
        }
        Assert.securityConditionApplication(cardStateEntry, applicationID, ConnectionServiceActionName.CARD_APPLICATION_CONNECT);
        // Connect to the card
        ConnectionHandleType handle = cardStateEntry.handleCopy();
        cardStateEntry = cardStateEntry.derive(handle);
        Connect connect = new Connect();
        connect.setContextHandle(handle.getContextHandle());
        connect.setIFDName(handle.getIFDName());
        connect.setSlot(handle.getSlotIndex());
        ConnectResponse connectResponse = (ConnectResponse) env.getDispatcher().safeDeliver(connect);
        WSHelper.checkResult(connectResponse);
        // Select the card application
        CardCommandAPDU select;
        // TODO: proper determination of path, file and app id
        if (applicationID.length == 2) {
            select = new Select.File(applicationID);
            List<byte[]> responses = new ArrayList<>();
            responses.add(TrailerConstants.Success.OK());
            responses.add(TrailerConstants.Error.WRONG_P1_P2());
            CardResponseAPDU resp = select.transmit(env.getDispatcher(), connectResponse.getSlotHandle(), responses);
            if (Arrays.equals(resp.getTrailer(), TrailerConstants.Error.WRONG_P1_P2())) {
                select = new Select.AbsolutePath(applicationID);
                select.transmit(env.getDispatcher(), connectResponse.getSlotHandle());
            }
        } else {
            select = new Select.Application(applicationID);
            select.transmit(env.getDispatcher(), connectResponse.getSlotHandle());
        }
        cardStateEntry.setCurrentCardApplication(applicationID);
        cardStateEntry.setSlotHandle(connectResponse.getSlotHandle());
        // reset the ef FCP
        cardStateEntry.unsetFCPOfSelectedEF();
        states.addEntry(cardStateEntry);
        response.setConnectionHandle(cardStateEntry.handleCopy());
        response.getConnectionHandle().setCardApplication(applicationID);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) CardCommandAPDU(org.openecard.common.apdu.common.CardCommandAPDU) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) ConnectResponse(iso.std.iso_iec._24727.tech.schema.ConnectResponse) CardApplicationConnectResponse(iso.std.iso_iec._24727.tech.schema.CardApplicationConnectResponse) CardApplicationConnect(iso.std.iso_iec._24727.tech.schema.CardApplicationConnect) Connect(iso.std.iso_iec._24727.tech.schema.Connect) ArrayList(java.util.ArrayList) CardApplicationConnectResponse(iso.std.iso_iec._24727.tech.schema.CardApplicationConnectResponse) CardApplicationPathType(iso.std.iso_iec._24727.tech.schema.CardApplicationPathType) ECardException(org.openecard.common.ECardException) Select(org.openecard.common.apdu.Select) CardApplicationSelect(iso.std.iso_iec._24727.tech.schema.CardApplicationSelect) DataSetSelect(iso.std.iso_iec._24727.tech.schema.DataSetSelect) CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU)

Example 22 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method cardApplicationList.

/**
 * The CardApplicationList function returns a list of the available card applications on an eCard.
 * See BSI-TR-03112-4, version 1.1.2, section 3.3.1.
 *
 * @param request CardApplicationList
 * @return CardApplicationListResponse
 */
@Publish
@Override
public CardApplicationListResponse cardApplicationList(CardApplicationList request) {
    CardApplicationListResponse response = WSHelper.makeResponse(CardApplicationListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        /*
		TR-03112-4 section 3.3.2 states that the alpha application have to be connected with
		CardApplicationConnect.
		In case of using CardInfo file descriptions this is not necessary because we just work on a file.
	    */
        // byte[] cardApplicationID = connectionHandle.getCardApplication();
        // Assert.securityConditionApplication(cardStateEntry, cardApplicationID,
        // CardApplicationServiceActionName.CARD_APPLICATION_LIST);
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        CardApplicationNameList cardApplicationNameList = new CardApplicationNameList();
        cardApplicationNameList.getCardApplicationName().addAll(cardInfoWrapper.getCardApplicationNameList());
        response.setCardApplicationNameList(cardApplicationNameList);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) ECardException(org.openecard.common.ECardException) CardApplicationListResponse(iso.std.iso_iec._24727.tech.schema.CardApplicationListResponse) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) CardApplicationNameList(iso.std.iso_iec._24727.tech.schema.CardApplicationListResponse.CardApplicationNameList) CardInfoWrapper(org.openecard.common.sal.state.cif.CardInfoWrapper) PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException) NameExistsException(org.openecard.common.sal.exception.NameExistsException) AddonNotFoundException(org.openecard.addon.AddonNotFoundException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) ECardException(org.openecard.common.ECardException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) TLVException(org.openecard.common.tlv.TLVException) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) UnknownConnectionHandleException(org.openecard.common.sal.exception.UnknownConnectionHandleException) Publish(org.openecard.common.interfaces.Publish)

Example 23 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method cardApplicationEndSession.

/**
 * The CardApplicationEndSession function closes the session between the client application and the card application.
 * See BSI-TR-03112-4, version 1.1.2, section 3.2.4.
 *
 * @param request CardApplicationEndSession
 * @return CardApplicationEndSessionResponse
 */
@Publish
@Override
public CardApplicationEndSessionResponse cardApplicationEndSession(CardApplicationEndSession request) {
    CardApplicationEndSessionResponse response = WSHelper.makeResponse(CardApplicationEndSessionResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
        byte[] cardApplicationID = connectionHandle.getCardApplication();
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplicationID);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        Assert.securityConditionApplication(cardStateEntry, cardApplicationID, ConnectionServiceActionName.CARD_APPLICATION_END_SESSION);
        String protocolURI = didStructure.getDIDMarker().getProtocol();
        SALProtocol protocol = getProtocol(connectionHandle, null, protocolURI);
        if (protocol.hasNextStep(FunctionType.CardApplicationEndSession)) {
            response = protocol.cardApplicationEndSession(request);
            removeFinishedProtocol(connectionHandle, protocolURI, protocol);
        } else {
            throw new InappropriateProtocolForActionException("CardApplicationEndSession", protocol.toString());
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) ECardException(org.openecard.common.ECardException) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) CardApplicationEndSessionResponse(iso.std.iso_iec._24727.tech.schema.CardApplicationEndSessionResponse) SALProtocol(org.openecard.addon.sal.SALProtocol) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException) NameExistsException(org.openecard.common.sal.exception.NameExistsException) AddonNotFoundException(org.openecard.addon.AddonNotFoundException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) ECardException(org.openecard.common.ECardException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) TLVException(org.openecard.common.tlv.TLVException) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) UnknownConnectionHandleException(org.openecard.common.sal.exception.UnknownConnectionHandleException) Publish(org.openecard.common.interfaces.Publish)

Example 24 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class DIDAuthenticateStep method perform.

@Override
public DIDAuthenticateResponse perform(DIDAuthenticate request, Map<String, Object> internalData) {
    DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
    char[] rawPIN = null;
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        String didName = SALUtils.getDIDName(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(request.getAuthenticationProtocolData());
        PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
        byte[] cardApplication;
        if (request.getDIDScope() != null && request.getDIDScope().equals(DIDScopeType.GLOBAL)) {
            cardApplication = cardStateEntry.getInfo().getApplicationIdByDidName(request.getDIDName(), request.getDIDScope());
        } else {
            cardApplication = connectionHandle.getCardApplication();
        }
        Assert.securityConditionDID(cardStateEntry, cardApplication, didName, DifferentialIdentityServiceActionName.DID_AUTHENTICATE);
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplication);
        PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStructure.getDIDMarker());
        byte keyRef = pinCompareMarker.getPINRef().getKeyRef()[0];
        byte[] slotHandle = connectionHandle.getSlotHandle();
        PasswordAttributesType attributes = pinCompareMarker.getPasswordAttributes();
        rawPIN = pinCompareInput.getPIN();
        // delete pin from memory of the structure
        pinCompareInput.setPIN(null);
        byte[] template = new byte[] { 0x00, 0x20, 0x00, keyRef };
        byte[] responseCode;
        // with [ISO7816-4] (Section 7.5.6).
        if (rawPIN == null || rawPIN.length == 0) {
            VerifyUser verify = new VerifyUser();
            verify.setSlotHandle(slotHandle);
            InputUnitType inputUnit = new InputUnitType();
            verify.setInputUnit(inputUnit);
            PinInputType pinInput = new PinInputType();
            inputUnit.setPinInput(pinInput);
            pinInput.setIndex(BigInteger.ZERO);
            pinInput.setPasswordAttributes(attributes);
            verify.setTemplate(template);
            VerifyUserResponse verifyR = (VerifyUserResponse) dispatcher.safeDeliver(verify);
            WSHelper.checkResult(verifyR);
            responseCode = verifyR.getResponse();
        } else {
            Transmit verifyTransmit = PINUtils.buildVerifyTransmit(rawPIN, attributes, template, slotHandle);
            try {
                TransmitResponse transResp = (TransmitResponse) dispatcher.safeDeliver(verifyTransmit);
                WSHelper.checkResult(transResp);
                responseCode = transResp.getOutputAPDU().get(0);
            } finally {
                // blank PIN APDU
                for (InputAPDUInfoType apdu : verifyTransmit.getInputAPDUInfo()) {
                    byte[] rawApdu = apdu.getInputAPDU();
                    if (rawApdu != null) {
                        java.util.Arrays.fill(rawApdu, (byte) 0);
                    }
                }
            }
        }
        CardResponseAPDU verifyResponseAPDU = new CardResponseAPDU(responseCode);
        if (verifyResponseAPDU.isWarningProcessed()) {
            pinCompareOutput.setRetryCounter(new BigInteger(Integer.toString((verifyResponseAPDU.getSW2() & 0x0F))));
        }
        cardStateEntry.addAuthenticated(didName, cardApplication);
        response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
    } catch (ECardException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        if (e instanceof RuntimeException) {
            throw (RuntimeException) e;
        }
        LOG.error(e.getMessage(), e);
        response.setResult(WSHelper.makeResult(e));
    } finally {
        if (rawPIN != null) {
            Arrays.fill(rawPIN, ' ');
        }
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) Transmit(iso.std.iso_iec._24727.tech.schema.Transmit) PasswordAttributesType(iso.std.iso_iec._24727.tech.schema.PasswordAttributesType) VerifyUserResponse(iso.std.iso_iec._24727.tech.schema.VerifyUserResponse) PINCompareMarkerType(org.openecard.common.anytype.pin.PINCompareMarkerType) InputAPDUInfoType(iso.std.iso_iec._24727.tech.schema.InputAPDUInfoType) PINCompareDIDAuthenticateInputType(org.openecard.common.anytype.pin.PINCompareDIDAuthenticateInputType) ECardException(org.openecard.common.ECardException) ECardException(org.openecard.common.ECardException) DIDAuthenticateResponse(iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse) InputUnitType(iso.std.iso_iec._24727.tech.schema.InputUnitType) TransmitResponse(iso.std.iso_iec._24727.tech.schema.TransmitResponse) BigInteger(java.math.BigInteger) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) VerifyUser(iso.std.iso_iec._24727.tech.schema.VerifyUser) CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU) PINCompareDIDAuthenticateOutputType(org.openecard.common.anytype.pin.PINCompareDIDAuthenticateOutputType) PinInputType(iso.std.iso_iec._24727.tech.schema.PinInputType)

Example 25 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class SignStep method perform.

@Override
public SignResponse perform(Sign sign, Map<String, Object> internalData) {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(sign);
        String didName = SALUtils.getDIDName(sign);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        DIDStructureType didStructure = SALUtils.getDIDStructure(sign, didName, cardStateEntry, connectionHandle);
        CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
        byte[] slotHandle = connectionHandle.getSlotHandle();
        byte[] applicationID = connectionHandle.getCardApplication();
        Assert.securityConditionDID(cardStateEntry, applicationID, didName, CryptographicServiceActionName.SIGN);
        byte[] message = sign.getMessage();
        byte[] keyReference = cryptoMarker.getCryptoKeyInfo().getKeyRef().getKeyRef();
        byte[] algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getCardAlgRef();
        byte[] hashRef = cryptoMarker.getAlgorithmInfo().getHashAlgRef();
        HashGenerationInfoType hashInfo = cryptoMarker.getHashGenerationInfo();
        if (didStructure.getDIDScope() == DIDScopeType.LOCAL) {
            keyReference[0] = (byte) (0x80 | keyReference[0]);
        }
        if (cryptoMarker.getSignatureGenerationInfo() != null) {
            response = performSignature(cryptoMarker, keyReference, algorithmIdentifier, message, slotHandle, hashRef, hashInfo);
        } else {
            // assuming that legacySignatureInformation exists
            BaseTemplateContext templateContext = new BaseTemplateContext();
            templateContext.put(HASH_TO_SIGN, message);
            templateContext.put(KEY_REFERENCE, keyReference);
            templateContext.put(ALGORITHM_IDENTIFIER, algorithmIdentifier);
            templateContext.put(HASHALGORITHM_REFERENCE, hashRef);
            response = performLegacySignature(cryptoMarker, connectionHandle, templateContext);
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.warn(e.getMessage(), e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) ECardException(org.openecard.common.ECardException) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) SignResponse(iso.std.iso_iec._24727.tech.schema.SignResponse) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) CryptoMarkerType(org.openecard.crypto.common.sal.did.CryptoMarkerType) BaseTemplateContext(org.openecard.common.apdu.common.BaseTemplateContext) HashGenerationInfoType(iso.std.iso_iec._24727.tech.schema.HashGenerationInfoType) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) APDUException(org.openecard.common.apdu.exception.APDUException) InvocationTargetException(java.lang.reflect.InvocationTargetException) ECardException(org.openecard.common.ECardException) TLVException(org.openecard.common.tlv.TLVException) IOException(java.io.IOException) APDUTemplateException(org.openecard.common.apdu.common.APDUTemplateException)

Aggregations

ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)43 ECardException (org.openecard.common.ECardException)43 CardStateEntry (org.openecard.common.sal.state.CardStateEntry)40 IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)37 ThreadTerminateException (org.openecard.common.ThreadTerminateException)34 NamedEntityNotFoundException (org.openecard.common.sal.exception.NamedEntityNotFoundException)34 UnknownProtocolException (org.openecard.common.sal.exception.UnknownProtocolException)34 TLVException (org.openecard.common.tlv.TLVException)29 AddonNotFoundException (org.openecard.addon.AddonNotFoundException)28 InappropriateProtocolForActionException (org.openecard.common.sal.exception.InappropriateProtocolForActionException)28 NameExistsException (org.openecard.common.sal.exception.NameExistsException)28 PrerequisitesNotSatisfiedException (org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException)28 SecurityConditionNotSatisfiedException (org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException)28 UnknownConnectionHandleException (org.openecard.common.sal.exception.UnknownConnectionHandleException)28 DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)20 Publish (org.openecard.common.interfaces.Publish)17 CardInfoWrapper (org.openecard.common.sal.state.cif.CardInfoWrapper)14 SALProtocol (org.openecard.addon.sal.SALProtocol)12 DataSetInfoType (iso.std.iso_iec._24727.tech.schema.DataSetInfoType)9 DIDScopeType (iso.std.iso_iec._24727.tech.schema.DIDScopeType)7