Examples with ECardException org.openecard.common.ECardException used on opensource projects

Example 21 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method cardApplicationConnect.

/**
 * The CardApplicationConnect function establishes an unauthenticated connection between the client
 * application and the card application.
 * See BSI-TR-03112-4, version 1.1.2, section 3.2.1.
 *
 * @param request CardApplicationConnect
 * @return CardApplicationConnectResponse
 */
@Override
public CardApplicationConnectResponse cardApplicationConnect(CardApplicationConnect request) {
    CardApplicationConnectResponse response = WSHelper.makeResponse(CardApplicationConnectResponse.class, WSHelper.makeResultOK());
    try {
        CardApplicationPathType cardAppPath = request.getCardApplicationPath();
        Assert.assertIncorrectParameter(cardAppPath, "The parameter CardAppPathRequest is empty.");
        Set<CardStateEntry> cardStateEntrySet = states.getMatchingEntries(cardAppPath, false);
        Assert.assertIncorrectParameter(cardStateEntrySet, "The given ConnectionHandle is invalid.");
        /*
	     * [TR-03112-4] If the provided path fragments are valid for more than one card application
	     * the eCard-API-Framework SHALL return any of the possible choices.
	     */
        CardStateEntry cardStateEntry = cardStateEntrySet.iterator().next();
        byte[] applicationID = cardAppPath.getCardApplication();
        if (applicationID == null) {
            if (cardStateEntry.getImplicitlySelectedApplicationIdentifier() != null) {
                applicationID = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
            } else {
                applicationID = MF;
            }
        }
        Assert.securityConditionApplication(cardStateEntry, applicationID, ConnectionServiceActionName.CARD_APPLICATION_CONNECT);
        // Connect to the card
        ConnectionHandleType handle = cardStateEntry.handleCopy();
        cardStateEntry = cardStateEntry.derive(handle);
        Connect connect = new Connect();
        connect.setContextHandle(handle.getContextHandle());
        connect.setIFDName(handle.getIFDName());
        connect.setSlot(handle.getSlotIndex());
        ConnectResponse connectResponse = (ConnectResponse) env.getDispatcher().safeDeliver(connect);
        WSHelper.checkResult(connectResponse);
        // Select the card application
        CardCommandAPDU select;
        // TODO: proper determination of path, file and app id
        if (applicationID.length == 2) {
            select = new Select.File(applicationID);
            List<byte[]> responses = new ArrayList<>();
            responses.add(TrailerConstants.Success.OK());
            responses.add(TrailerConstants.Error.WRONG_P1_P2());
            CardResponseAPDU resp = select.transmit(env.getDispatcher(), connectResponse.getSlotHandle(), responses);
            if (Arrays.equals(resp.getTrailer(), TrailerConstants.Error.WRONG_P1_P2())) {
                select = new Select.AbsolutePath(applicationID);
                select.transmit(env.getDispatcher(), connectResponse.getSlotHandle());
            }
        } else {
            select = new Select.Application(applicationID);
            select.transmit(env.getDispatcher(), connectResponse.getSlotHandle());
        }
        cardStateEntry.setCurrentCardApplication(applicationID);
        cardStateEntry.setSlotHandle(connectResponse.getSlotHandle());
        // reset the ef FCP
        cardStateEntry.unsetFCPOfSelectedEF();
        states.addEntry(cardStateEntry);
        response.setConnectionHandle(cardStateEntry.handleCopy());
        response.getConnectionHandle().setCardApplication(applicationID);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    }
    return response;
}

Example 22 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method cardApplicationList.

/**
 * The CardApplicationList function returns a list of the available card applications on an eCard.
 * See BSI-TR-03112-4, version 1.1.2, section 3.3.1.
 *
 * @param request CardApplicationList
 * @return CardApplicationListResponse
 */
@Publish
@Override
public CardApplicationListResponse cardApplicationList(CardApplicationList request) {
    CardApplicationListResponse response = WSHelper.makeResponse(CardApplicationListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        /*
		TR-03112-4 section 3.3.2 states that the alpha application have to be connected with
		CardApplicationConnect.
		In case of using CardInfo file descriptions this is not necessary because we just work on a file.
	    */
        // byte[] cardApplicationID = connectionHandle.getCardApplication();
        // Assert.securityConditionApplication(cardStateEntry, cardApplicationID,
        // CardApplicationServiceActionName.CARD_APPLICATION_LIST);
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        CardApplicationNameList cardApplicationNameList = new CardApplicationNameList();
        cardApplicationNameList.getCardApplicationName().addAll(cardInfoWrapper.getCardApplicationNameList());
        response.setCardApplicationNameList(cardApplicationNameList);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 23 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method cardApplicationEndSession.

/**
 * The CardApplicationEndSession function closes the session between the client application and the card application.
 * See BSI-TR-03112-4, version 1.1.2, section 3.2.4.
 *
 * @param request CardApplicationEndSession
 * @return CardApplicationEndSessionResponse
 */
@Publish
@Override
public CardApplicationEndSessionResponse cardApplicationEndSession(CardApplicationEndSession request) {
    CardApplicationEndSessionResponse response = WSHelper.makeResponse(CardApplicationEndSessionResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
        byte[] cardApplicationID = connectionHandle.getCardApplication();
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplicationID);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        Assert.securityConditionApplication(cardStateEntry, cardApplicationID, ConnectionServiceActionName.CARD_APPLICATION_END_SESSION);
        String protocolURI = didStructure.getDIDMarker().getProtocol();
        SALProtocol protocol = getProtocol(connectionHandle, null, protocolURI);
        if (protocol.hasNextStep(FunctionType.CardApplicationEndSession)) {
            response = protocol.cardApplicationEndSession(request);
            removeFinishedProtocol(connectionHandle, protocolURI, protocol);
        } else {
            throw new InappropriateProtocolForActionException("CardApplicationEndSession", protocol.toString());
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 24 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class DIDAuthenticateStep method perform.

@Override
public DIDAuthenticateResponse perform(DIDAuthenticate request, Map<String, Object> internalData) {
    DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
    char[] rawPIN = null;
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        String didName = SALUtils.getDIDName(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(request.getAuthenticationProtocolData());
        PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
        byte[] cardApplication;
        if (request.getDIDScope() != null && request.getDIDScope().equals(DIDScopeType.GLOBAL)) {
            cardApplication = cardStateEntry.getInfo().getApplicationIdByDidName(request.getDIDName(), request.getDIDScope());
        } else {
            cardApplication = connectionHandle.getCardApplication();
        }
        Assert.securityConditionDID(cardStateEntry, cardApplication, didName, DifferentialIdentityServiceActionName.DID_AUTHENTICATE);
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplication);
        PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStructure.getDIDMarker());
        byte keyRef = pinCompareMarker.getPINRef().getKeyRef()[0];
        byte[] slotHandle = connectionHandle.getSlotHandle();
        PasswordAttributesType attributes = pinCompareMarker.getPasswordAttributes();
        rawPIN = pinCompareInput.getPIN();
        // delete pin from memory of the structure
        pinCompareInput.setPIN(null);
        byte[] template = new byte[] { 0x00, 0x20, 0x00, keyRef };
        byte[] responseCode;
        // with [ISO7816-4] (Section 7.5.6).
        if (rawPIN == null || rawPIN.length == 0) {
            VerifyUser verify = new VerifyUser();
            verify.setSlotHandle(slotHandle);
            InputUnitType inputUnit = new InputUnitType();
            verify.setInputUnit(inputUnit);
            PinInputType pinInput = new PinInputType();
            inputUnit.setPinInput(pinInput);
            pinInput.setIndex(BigInteger.ZERO);
            pinInput.setPasswordAttributes(attributes);
            verify.setTemplate(template);
            VerifyUserResponse verifyR = (VerifyUserResponse) dispatcher.safeDeliver(verify);
            WSHelper.checkResult(verifyR);
            responseCode = verifyR.getResponse();
        } else {
            Transmit verifyTransmit = PINUtils.buildVerifyTransmit(rawPIN, attributes, template, slotHandle);
            try {
                TransmitResponse transResp = (TransmitResponse) dispatcher.safeDeliver(verifyTransmit);
                WSHelper.checkResult(transResp);
                responseCode = transResp.getOutputAPDU().get(0);
            } finally {
                // blank PIN APDU
                for (InputAPDUInfoType apdu : verifyTransmit.getInputAPDUInfo()) {
                    byte[] rawApdu = apdu.getInputAPDU();
                    if (rawApdu != null) {
                        java.util.Arrays.fill(rawApdu, (byte) 0);
                    }
                }
            }
        }
        CardResponseAPDU verifyResponseAPDU = new CardResponseAPDU(responseCode);
        if (verifyResponseAPDU.isWarningProcessed()) {
            pinCompareOutput.setRetryCounter(new BigInteger(Integer.toString((verifyResponseAPDU.getSW2() & 0x0F))));
        }
        cardStateEntry.addAuthenticated(didName, cardApplication);
        response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
    } catch (ECardException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        if (e instanceof RuntimeException) {
            throw (RuntimeException) e;
        }
        LOG.error(e.getMessage(), e);
        response.setResult(WSHelper.makeResult(e));
    } finally {
        if (rawPIN != null) {
            Arrays.fill(rawPIN, ' ');
        }
    }
    return response;
}

Example 25 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class SignStep method perform.

@Override
public SignResponse perform(Sign sign, Map<String, Object> internalData) {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(sign);
        String didName = SALUtils.getDIDName(sign);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        DIDStructureType didStructure = SALUtils.getDIDStructure(sign, didName, cardStateEntry, connectionHandle);
        CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
        byte[] slotHandle = connectionHandle.getSlotHandle();
        byte[] applicationID = connectionHandle.getCardApplication();
        Assert.securityConditionDID(cardStateEntry, applicationID, didName, CryptographicServiceActionName.SIGN);
        byte[] message = sign.getMessage();
        byte[] keyReference = cryptoMarker.getCryptoKeyInfo().getKeyRef().getKeyRef();
        byte[] algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getCardAlgRef();
        byte[] hashRef = cryptoMarker.getAlgorithmInfo().getHashAlgRef();
        HashGenerationInfoType hashInfo = cryptoMarker.getHashGenerationInfo();
        if (didStructure.getDIDScope() == DIDScopeType.LOCAL) {
            keyReference[0] = (byte) (0x80 | keyReference[0]);
        }
        if (cryptoMarker.getSignatureGenerationInfo() != null) {
            response = performSignature(cryptoMarker, keyReference, algorithmIdentifier, message, slotHandle, hashRef, hashInfo);
        } else {
            // assuming that legacySignatureInformation exists
            BaseTemplateContext templateContext = new BaseTemplateContext();
            templateContext.put(HASH_TO_SIGN, message);
            templateContext.put(KEY_REFERENCE, keyReference);
            templateContext.put(ALGORITHM_IDENTIFIER, algorithmIdentifier);
            templateContext.put(HASHALGORITHM_REFERENCE, hashRef);
            response = performLegacySignature(cryptoMarker, connectionHandle, templateContext);
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.warn(e.getMessage(), e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}