Search in sources :

Example 36 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method dataSetList.

/**
 * The DataSetList function returns the list of the data sets in the card application addressed with the
 * ConnectionHandle.
 * See BSI-TR-03112-4, version 1.1.2, section 3.4.1.
 *
 * @param request DataSetList
 * @return DataSetListResponse
 */
@Publish
@Override
public DataSetListResponse dataSetList(DataSetList request) {
    DataSetListResponse response = WSHelper.makeResponse(DataSetListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        byte[] cardApplicationID = connectionHandle.getCardApplication();
        Assert.securityConditionApplication(cardStateEntry, cardApplicationID, NamedDataServiceActionName.DATA_SET_LIST);
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        DataSetNameListType dataSetNameList = cardInfoWrapper.getDataSetNameList(cardApplicationID);
        response.setDataSetNameList(dataSetNameList);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) ECardException(org.openecard.common.ECardException) DataSetListResponse(iso.std.iso_iec._24727.tech.schema.DataSetListResponse) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) CardInfoWrapper(org.openecard.common.sal.state.cif.CardInfoWrapper) DataSetNameListType(iso.std.iso_iec._24727.tech.schema.DataSetNameListType) PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException) NameExistsException(org.openecard.common.sal.exception.NameExistsException) AddonNotFoundException(org.openecard.addon.AddonNotFoundException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) ECardException(org.openecard.common.ECardException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) TLVException(org.openecard.common.tlv.TLVException) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) UnknownConnectionHandleException(org.openecard.common.sal.exception.UnknownConnectionHandleException) Publish(org.openecard.common.interfaces.Publish)

Example 37 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method dsiCreate.

/**
 * The DSICreate function creates a DSI (Data Structure for Interoperability) in the currently selected data set.
 * See BSI-TR-03112-4, version 1.1.2, section 3.4.6.
 * <br>
 * <br>
 * Preconditions: <br>
 * - Connection to a card application established via CardApplicationConnect <br>
 * - A data set has been selected with DataSetSelect <br>
 * - The DSI does not exist in the data set. <br>
 *
 * @param request DSICreate
 * @return DSICreateResponse
 */
@Override
public DSICreateResponse dsiCreate(DSICreate request) {
    DSICreateResponse response = WSHelper.makeResponse(DSICreateResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        byte[] cardApplicationID = connectionHandle.getCardApplication();
        byte[] dsiContent = request.getDSIContent();
        Assert.assertIncorrectParameter(dsiContent, "The parameter DSIContent is empty.");
        String dsiName = request.getDSIName();
        Assert.assertIncorrectParameter(dsiName, "The parameter DSIName is empty.");
        DSIType dsi = cardInfoWrapper.getDSIbyName(dsiName);
        if (dsi != null) {
            throw new NameExistsException("There is already an DSI with the name " + dsiName + " in the current EF.");
        }
        byte[] slotHandle = connectionHandle.getSlotHandle();
        if (cardStateEntry.getFCPOfSelectedEF() == null) {
            throw new PrerequisitesNotSatisfiedException("No data set for writing selected.");
        } else {
            DataSetInfoType dataSet = cardInfoWrapper.getDataSetByFid(cardStateEntry.getFCPOfSelectedEF().getFileIdentifiers().get(0));
            Assert.securityConditionDataSet(cardStateEntry, cardApplicationID, dataSet.getDataSetName(), NamedDataServiceActionName.DSI_CREATE);
            DataElements dElements = cardStateEntry.getFCPOfSelectedEF().getDataElements();
            if (dElements.isTransparent()) {
                WriteBinary writeBin = new WriteBinary(WriteBinary.INS_WRITE_BINARY_DATA, (byte) 0x00, (byte) 0x00, dsiContent);
                writeBin.transmit(env.getDispatcher(), slotHandle);
            } else if (dElements.isCyclic()) {
                WriteRecord writeRec = new WriteRecord((byte) 0x00, WriteRecord.WRITE_PREVIOUS, dsiContent);
                writeRec.transmit(env.getDispatcher(), slotHandle);
            } else {
                WriteRecord writeRec = new WriteRecord((byte) 0x00, WriteRecord.WRITE_LAST, dsiContent);
                writeRec.transmit(env.getDispatcher(), slotHandle);
            }
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) DSICreateResponse(iso.std.iso_iec._24727.tech.schema.DSICreateResponse) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) DSIType(iso.std.iso_iec._24727.tech.schema.DSIType) CardInfoWrapper(org.openecard.common.sal.state.cif.CardInfoWrapper) DataElements(org.openecard.common.tlv.iso7816.DataElements) PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException) NameExistsException(org.openecard.common.sal.exception.NameExistsException) AddonNotFoundException(org.openecard.addon.AddonNotFoundException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) ECardException(org.openecard.common.ECardException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) TLVException(org.openecard.common.tlv.TLVException) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) UnknownConnectionHandleException(org.openecard.common.sal.exception.UnknownConnectionHandleException) ECardException(org.openecard.common.ECardException) PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException) DataSetInfoType(iso.std.iso_iec._24727.tech.schema.DataSetInfoType) WriteBinary(org.openecard.common.apdu.WriteBinary) WriteRecord(org.openecard.common.apdu.WriteRecord) NameExistsException(org.openecard.common.sal.exception.NameExistsException)

Example 38 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method verifyCertificate.

/**
 * The VerifyCertificate function validates a given certificate.
 * See BSI-TR-03112-4, version 1.1.2, section 3.5.7.
 *
 * @param request VerifyCertificate
 * @return VerifyCertificateResponse
 */
@Override
public VerifyCertificateResponse verifyCertificate(VerifyCertificate request) {
    VerifyCertificateResponse response = WSHelper.makeResponse(VerifyCertificateResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
        String didName = SALUtils.getDIDName(request);
        byte[] certificate = request.getCertificate();
        Assert.assertIncorrectParameter(certificate, "The parameter Certificate is empty.");
        String certificateType = request.getCertificateType();
        Assert.assertIncorrectParameter(certificateType, "The parameter CertificateType is empty.");
        String rootCert = request.getRootCert();
        Assert.assertIncorrectParameter(rootCert, "The parameter RootCert is empty.");
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, applicationID);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        DIDScopeType didScope = request.getDIDScope();
        if (didScope == null) {
            didScope = DIDScopeType.LOCAL;
        }
        if (didScope.equals(DIDScopeType.LOCAL)) {
            byte[] necessarySelectedApp = cardStateEntry.getInfo().getApplicationIdByDidName(didName, didScope);
            if (!Arrays.equals(necessarySelectedApp, applicationID)) {
                String msg = "Wrong application selected for the execution of VerifyCertificate with the DID " + didName + ".";
                throw new SecurityConditionNotSatisfiedException(msg);
            }
        }
        String protocolURI = didStructure.getDIDMarker().getProtocol();
        SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
        if (protocol.hasNextStep(FunctionType.VerifyCertificate)) {
            response = protocol.verifyCertificate(request);
            removeFinishedProtocol(connectionHandle, protocolURI, protocol);
        } else {
            throw new InappropriateProtocolForActionException("VerifyCertificate", protocol.toString());
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) ECardException(org.openecard.common.ECardException) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) VerifyCertificateResponse(iso.std.iso_iec._24727.tech.schema.VerifyCertificateResponse) SALProtocol(org.openecard.addon.sal.SALProtocol) DIDScopeType(iso.std.iso_iec._24727.tech.schema.DIDScopeType) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException) NameExistsException(org.openecard.common.sal.exception.NameExistsException) AddonNotFoundException(org.openecard.addon.AddonNotFoundException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) ECardException(org.openecard.common.ECardException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) TLVException(org.openecard.common.tlv.TLVException) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) UnknownConnectionHandleException(org.openecard.common.sal.exception.UnknownConnectionHandleException)

Example 39 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method didList.

/**
 * The DIDList function returns a list of the existing DIDs in the card application addressed by the
 * ConnectionHandle or the ApplicationIdentifier element within the Filter.
 * See BSI-TR-03112-4, version 1.1.2, section 3.6.1.
 *
 * @param request DIDList
 * @return DIDListResponse
 */
@Publish
@Override
public DIDListResponse didList(DIDList request) {
    DIDListResponse response = WSHelper.makeResponse(DIDListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        byte[] appId = connectionHandle.getCardApplication();
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        Assert.securityConditionApplication(cardStateEntry, appId, DifferentialIdentityServiceActionName.DID_LIST);
        byte[] applicationIDFilter = null;
        String objectIDFilter = null;
        String applicationFunctionFilter = null;
        DIDQualifierType didQualifier = request.getFilter();
        if (didQualifier != null) {
            applicationIDFilter = didQualifier.getApplicationIdentifier();
            objectIDFilter = didQualifier.getObjectIdentifier();
            applicationFunctionFilter = didQualifier.getApplicationFunction();
        }
        /*
	     * Filter by ApplicationIdentifier.
	     * [TR-03112-4] Allows specifying an application identifier. If this element is present all
	     * DIDs within the specified card application are returned no matter which card application
	     * is currently selected.
	     */
        CardApplicationWrapper cardApplication;
        if (applicationIDFilter != null) {
            cardApplication = cardStateEntry.getInfo().getCardApplication(applicationIDFilter);
            Assert.assertIncorrectParameter(cardApplication, "The given CardApplication cannot be found.");
        } else {
            cardApplication = cardStateEntry.getCurrentCardApplication();
        }
        List<DIDInfoType> didInfos = new ArrayList<>(cardApplication.getDIDInfoList());
        /*
	     * Filter by ObjectIdentifier.
	     * [TR-03112-4] Allows specifying a protocol OID (cf. [TR-03112-7]) such that only DIDs
	     * which support a given protocol are listed.
	     */
        if (objectIDFilter != null) {
            Iterator<DIDInfoType> it = didInfos.iterator();
            while (it.hasNext()) {
                DIDInfoType next = it.next();
                if (!next.getDifferentialIdentity().getDIDProtocol().equals(objectIDFilter)) {
                    it.remove();
                }
            }
        }
        /*
	     * Filter by ApplicationFunction.
	     * [TR-03112-4] Allows filtering for DIDs, which support a specific cryptographic operation.
	     * The bit string is coded as the SupportedOperations-element in [ISO7816-15].
	     */
        if (applicationFunctionFilter != null) {
            Iterator<DIDInfoType> it = didInfos.iterator();
            while (it.hasNext()) {
                DIDInfoType next = it.next();
                if (next.getDifferentialIdentity().getDIDMarker().getCryptoMarker() == null) {
                    it.remove();
                } else {
                    iso.std.iso_iec._24727.tech.schema.CryptoMarkerType rawMarker;
                    rawMarker = next.getDifferentialIdentity().getDIDMarker().getCryptoMarker();
                    CryptoMarkerType cryptoMarker = new CryptoMarkerType(rawMarker);
                    AlgorithmInfoType algInfo = cryptoMarker.getAlgorithmInfo();
                    if (!algInfo.getSupportedOperations().contains(applicationFunctionFilter)) {
                        it.remove();
                    }
                }
            }
        }
        DIDNameListType didNameList = new DIDNameListType();
        for (DIDInfoType didInfo : didInfos) {
            didNameList.getDIDName().add(didInfo.getDifferentialIdentity().getDIDName());
        }
        response.setDIDNameList(didNameList);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) DIDQualifierType(iso.std.iso_iec._24727.tech.schema.DIDQualifierType) ArrayList(java.util.ArrayList) CryptoMarkerType(org.openecard.crypto.common.sal.did.CryptoMarkerType) DIDListResponse(iso.std.iso_iec._24727.tech.schema.DIDListResponse) PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException) NameExistsException(org.openecard.common.sal.exception.NameExistsException) AddonNotFoundException(org.openecard.addon.AddonNotFoundException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) ECardException(org.openecard.common.ECardException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) TLVException(org.openecard.common.tlv.TLVException) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) UnknownConnectionHandleException(org.openecard.common.sal.exception.UnknownConnectionHandleException) ECardException(org.openecard.common.ECardException) DIDNameListType(iso.std.iso_iec._24727.tech.schema.DIDNameListType) DIDInfoType(iso.std.iso_iec._24727.tech.schema.DIDInfoType) AlgorithmInfoType(iso.std.iso_iec._24727.tech.schema.AlgorithmInfoType) CardApplicationWrapper(org.openecard.common.sal.state.cif.CardApplicationWrapper) Publish(org.openecard.common.interfaces.Publish)

Example 40 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class MiddlewareSAL method sign.

@Override
public SignResponse sign(Sign request) {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
        byte[] slotHandle = connectionHandle.getSlotHandle();
        String didName = SALUtils.getDIDName(request);
        byte[] message = request.getMessage();
        Assert.assertIncorrectParameter(message, "The parameter Message is empty.");
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, application);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        CryptoMarkerType marker = new CryptoMarkerType(didStructure.getDIDMarker());
        String keyLabel = marker.getLegacyKeyName();
        MwSession session = managedSessions.get(slotHandle);
        for (MwPrivateKey key : session.getPrivateKeys()) {
            String nextLabel = "";
            try {
                nextLabel = key.getKeyLabel();
            } catch (CryptokiException ex) {
                LOG.warn("Error reading key label.", ex);
            }
            LOG.debug("Try to match keys '{}' == '{}'", keyLabel, nextLabel);
            if (keyLabel.equals(nextLabel)) {
                long sigAlg = getPKCS11Alg(marker.getAlgorithmInfo());
                byte[] sig = key.sign(sigAlg, message);
                response.setSignature(sig);
                // set PIN to unauthenticated
                setPinNotAuth(cardStateEntry);
                return response;
            }
        }
        // TODO: use other exception
        String msg = String.format("The given DIDName %s references an unknown key.", didName);
        throw new IncorrectParameterException(msg);
    } catch (ECardException e) {
        LOG.debug(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) CryptoMarkerType(org.openecard.crypto.common.sal.did.CryptoMarkerType) ThreadTerminateException(org.openecard.common.ThreadTerminateException) InitializationException(org.openecard.mdlw.sal.exceptions.InitializationException) ECardException(org.openecard.common.ECardException) FinalizationException(org.openecard.mdlw.sal.exceptions.FinalizationException) PinBlockedException(org.openecard.mdlw.sal.exceptions.PinBlockedException) CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) TokenException(org.openecard.mdlw.sal.exceptions.TokenException) WSMarshallerException(org.openecard.ws.marshal.WSMarshallerException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) PinIncorrectException(org.openecard.mdlw.sal.exceptions.PinIncorrectException) ECardException(org.openecard.common.ECardException) SignResponse(iso.std.iso_iec._24727.tech.schema.SignResponse) CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType)

Aggregations

ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)43 ECardException (org.openecard.common.ECardException)43 CardStateEntry (org.openecard.common.sal.state.CardStateEntry)40 IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)37 ThreadTerminateException (org.openecard.common.ThreadTerminateException)34 NamedEntityNotFoundException (org.openecard.common.sal.exception.NamedEntityNotFoundException)34 UnknownProtocolException (org.openecard.common.sal.exception.UnknownProtocolException)34 TLVException (org.openecard.common.tlv.TLVException)29 AddonNotFoundException (org.openecard.addon.AddonNotFoundException)28 InappropriateProtocolForActionException (org.openecard.common.sal.exception.InappropriateProtocolForActionException)28 NameExistsException (org.openecard.common.sal.exception.NameExistsException)28 PrerequisitesNotSatisfiedException (org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException)28 SecurityConditionNotSatisfiedException (org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException)28 UnknownConnectionHandleException (org.openecard.common.sal.exception.UnknownConnectionHandleException)28 DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)20 Publish (org.openecard.common.interfaces.Publish)17 CardInfoWrapper (org.openecard.common.sal.state.cif.CardInfoWrapper)14 SALProtocol (org.openecard.addon.sal.SALProtocol)12 DataSetInfoType (iso.std.iso_iec._24727.tech.schema.DataSetInfoType)9 DIDScopeType (iso.std.iso_iec._24727.tech.schema.DIDScopeType)7