use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class TinySAL method cardApplicationConnect.
/**
* The CardApplicationConnect function establishes an unauthenticated connection between the client
* application and the card application.
* See BSI-TR-03112-4, version 1.1.2, section 3.2.1.
*
* @param request CardApplicationConnect
* @return CardApplicationConnectResponse
*/
@Override
public CardApplicationConnectResponse cardApplicationConnect(CardApplicationConnect request) {
CardApplicationConnectResponse response = WSHelper.makeResponse(CardApplicationConnectResponse.class, WSHelper.makeResultOK());
try {
CardApplicationPathType cardAppPath = request.getCardApplicationPath();
Assert.assertIncorrectParameter(cardAppPath, "The parameter CardAppPathRequest is empty.");
Set<CardStateEntry> cardStateEntrySet = states.getMatchingEntries(cardAppPath, false);
Assert.assertIncorrectParameter(cardStateEntrySet, "The given ConnectionHandle is invalid.");
/*
* [TR-03112-4] If the provided path fragments are valid for more than one card application
* the eCard-API-Framework SHALL return any of the possible choices.
*/
CardStateEntry cardStateEntry = cardStateEntrySet.iterator().next();
byte[] applicationID = cardAppPath.getCardApplication();
if (applicationID == null) {
if (cardStateEntry.getImplicitlySelectedApplicationIdentifier() != null) {
applicationID = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
} else {
applicationID = MF;
}
}
Assert.securityConditionApplication(cardStateEntry, applicationID, ConnectionServiceActionName.CARD_APPLICATION_CONNECT);
// Connect to the card
ConnectionHandleType handle = cardStateEntry.handleCopy();
cardStateEntry = cardStateEntry.derive(handle);
Connect connect = new Connect();
connect.setContextHandle(handle.getContextHandle());
connect.setIFDName(handle.getIFDName());
connect.setSlot(handle.getSlotIndex());
ConnectResponse connectResponse = (ConnectResponse) env.getDispatcher().safeDeliver(connect);
WSHelper.checkResult(connectResponse);
// Select the card application
CardCommandAPDU select;
// TODO: proper determination of path, file and app id
if (applicationID.length == 2) {
select = new Select.File(applicationID);
List<byte[]> responses = new ArrayList<>();
responses.add(TrailerConstants.Success.OK());
responses.add(TrailerConstants.Error.WRONG_P1_P2());
CardResponseAPDU resp = select.transmit(env.getDispatcher(), connectResponse.getSlotHandle(), responses);
if (Arrays.equals(resp.getTrailer(), TrailerConstants.Error.WRONG_P1_P2())) {
select = new Select.AbsolutePath(applicationID);
select.transmit(env.getDispatcher(), connectResponse.getSlotHandle());
}
} else {
select = new Select.Application(applicationID);
select.transmit(env.getDispatcher(), connectResponse.getSlotHandle());
}
cardStateEntry.setCurrentCardApplication(applicationID);
cardStateEntry.setSlotHandle(connectResponse.getSlotHandle());
// reset the ef FCP
cardStateEntry.unsetFCPOfSelectedEF();
states.addEntry(cardStateEntry);
response.setConnectionHandle(cardStateEntry.handleCopy());
response.getConnectionHandle().setCardApplication(applicationID);
} catch (ECardException e) {
response.setResult(e.getResult());
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class TinySAL method cardApplicationList.
/**
* The CardApplicationList function returns a list of the available card applications on an eCard.
* See BSI-TR-03112-4, version 1.1.2, section 3.3.1.
*
* @param request CardApplicationList
* @return CardApplicationListResponse
*/
@Publish
@Override
public CardApplicationListResponse cardApplicationList(CardApplicationList request) {
CardApplicationListResponse response = WSHelper.makeResponse(CardApplicationListResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
/*
TR-03112-4 section 3.3.2 states that the alpha application have to be connected with
CardApplicationConnect.
In case of using CardInfo file descriptions this is not necessary because we just work on a file.
*/
// byte[] cardApplicationID = connectionHandle.getCardApplication();
// Assert.securityConditionApplication(cardStateEntry, cardApplicationID,
// CardApplicationServiceActionName.CARD_APPLICATION_LIST);
CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
CardApplicationNameList cardApplicationNameList = new CardApplicationNameList();
cardApplicationNameList.getCardApplicationName().addAll(cardInfoWrapper.getCardApplicationNameList());
response.setCardApplicationNameList(cardApplicationNameList);
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class TinySAL method cardApplicationEndSession.
/**
* The CardApplicationEndSession function closes the session between the client application and the card application.
* See BSI-TR-03112-4, version 1.1.2, section 3.2.4.
*
* @param request CardApplicationEndSession
* @return CardApplicationEndSessionResponse
*/
@Publish
@Override
public CardApplicationEndSessionResponse cardApplicationEndSession(CardApplicationEndSession request) {
CardApplicationEndSessionResponse response = WSHelper.makeResponse(CardApplicationEndSessionResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
byte[] cardApplicationID = connectionHandle.getCardApplication();
String didName = SALUtils.getDIDName(request);
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplicationID);
Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
Assert.securityConditionApplication(cardStateEntry, cardApplicationID, ConnectionServiceActionName.CARD_APPLICATION_END_SESSION);
String protocolURI = didStructure.getDIDMarker().getProtocol();
SALProtocol protocol = getProtocol(connectionHandle, null, protocolURI);
if (protocol.hasNextStep(FunctionType.CardApplicationEndSession)) {
response = protocol.cardApplicationEndSession(request);
removeFinishedProtocol(connectionHandle, protocolURI, protocol);
} else {
throw new InappropriateProtocolForActionException("CardApplicationEndSession", protocol.toString());
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class DIDAuthenticateStep method perform.
@Override
public DIDAuthenticateResponse perform(DIDAuthenticate request, Map<String, Object> internalData) {
DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
char[] rawPIN = null;
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
String didName = SALUtils.getDIDName(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(request.getAuthenticationProtocolData());
PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
byte[] cardApplication;
if (request.getDIDScope() != null && request.getDIDScope().equals(DIDScopeType.GLOBAL)) {
cardApplication = cardStateEntry.getInfo().getApplicationIdByDidName(request.getDIDName(), request.getDIDScope());
} else {
cardApplication = connectionHandle.getCardApplication();
}
Assert.securityConditionDID(cardStateEntry, cardApplication, didName, DifferentialIdentityServiceActionName.DID_AUTHENTICATE);
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplication);
PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStructure.getDIDMarker());
byte keyRef = pinCompareMarker.getPINRef().getKeyRef()[0];
byte[] slotHandle = connectionHandle.getSlotHandle();
PasswordAttributesType attributes = pinCompareMarker.getPasswordAttributes();
rawPIN = pinCompareInput.getPIN();
// delete pin from memory of the structure
pinCompareInput.setPIN(null);
byte[] template = new byte[] { 0x00, 0x20, 0x00, keyRef };
byte[] responseCode;
// with [ISO7816-4] (Section 7.5.6).
if (rawPIN == null || rawPIN.length == 0) {
VerifyUser verify = new VerifyUser();
verify.setSlotHandle(slotHandle);
InputUnitType inputUnit = new InputUnitType();
verify.setInputUnit(inputUnit);
PinInputType pinInput = new PinInputType();
inputUnit.setPinInput(pinInput);
pinInput.setIndex(BigInteger.ZERO);
pinInput.setPasswordAttributes(attributes);
verify.setTemplate(template);
VerifyUserResponse verifyR = (VerifyUserResponse) dispatcher.safeDeliver(verify);
WSHelper.checkResult(verifyR);
responseCode = verifyR.getResponse();
} else {
Transmit verifyTransmit = PINUtils.buildVerifyTransmit(rawPIN, attributes, template, slotHandle);
try {
TransmitResponse transResp = (TransmitResponse) dispatcher.safeDeliver(verifyTransmit);
WSHelper.checkResult(transResp);
responseCode = transResp.getOutputAPDU().get(0);
} finally {
// blank PIN APDU
for (InputAPDUInfoType apdu : verifyTransmit.getInputAPDUInfo()) {
byte[] rawApdu = apdu.getInputAPDU();
if (rawApdu != null) {
java.util.Arrays.fill(rawApdu, (byte) 0);
}
}
}
}
CardResponseAPDU verifyResponseAPDU = new CardResponseAPDU(responseCode);
if (verifyResponseAPDU.isWarningProcessed()) {
pinCompareOutput.setRetryCounter(new BigInteger(Integer.toString((verifyResponseAPDU.getSW2() & 0x0F))));
}
cardStateEntry.addAuthenticated(didName, cardApplication);
response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
} catch (ECardException e) {
LOG.error(e.getMessage(), e);
response.setResult(e.getResult());
} catch (Exception e) {
if (e instanceof RuntimeException) {
throw (RuntimeException) e;
}
LOG.error(e.getMessage(), e);
response.setResult(WSHelper.makeResult(e));
} finally {
if (rawPIN != null) {
Arrays.fill(rawPIN, ' ');
}
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class SignStep method perform.
@Override
public SignResponse perform(Sign sign, Map<String, Object> internalData) {
SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(sign);
String didName = SALUtils.getDIDName(sign);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
DIDStructureType didStructure = SALUtils.getDIDStructure(sign, didName, cardStateEntry, connectionHandle);
CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
byte[] slotHandle = connectionHandle.getSlotHandle();
byte[] applicationID = connectionHandle.getCardApplication();
Assert.securityConditionDID(cardStateEntry, applicationID, didName, CryptographicServiceActionName.SIGN);
byte[] message = sign.getMessage();
byte[] keyReference = cryptoMarker.getCryptoKeyInfo().getKeyRef().getKeyRef();
byte[] algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getCardAlgRef();
byte[] hashRef = cryptoMarker.getAlgorithmInfo().getHashAlgRef();
HashGenerationInfoType hashInfo = cryptoMarker.getHashGenerationInfo();
if (didStructure.getDIDScope() == DIDScopeType.LOCAL) {
keyReference[0] = (byte) (0x80 | keyReference[0]);
}
if (cryptoMarker.getSignatureGenerationInfo() != null) {
response = performSignature(cryptoMarker, keyReference, algorithmIdentifier, message, slotHandle, hashRef, hashInfo);
} else {
// assuming that legacySignatureInformation exists
BaseTemplateContext templateContext = new BaseTemplateContext();
templateContext.put(HASH_TO_SIGN, message);
templateContext.put(KEY_REFERENCE, keyReference);
templateContext.put(ALGORITHM_IDENTIFIER, algorithmIdentifier);
templateContext.put(HASHALGORITHM_REFERENCE, hashRef);
response = performLegacySignature(cryptoMarker, connectionHandle, templateContext);
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.warn(e.getMessage(), e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
Aggregations