use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class TinySAL method dataSetList.
/**
* The DataSetList function returns the list of the data sets in the card application addressed with the
* ConnectionHandle.
* See BSI-TR-03112-4, version 1.1.2, section 3.4.1.
*
* @param request DataSetList
* @return DataSetListResponse
*/
@Publish
@Override
public DataSetListResponse dataSetList(DataSetList request) {
DataSetListResponse response = WSHelper.makeResponse(DataSetListResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
byte[] cardApplicationID = connectionHandle.getCardApplication();
Assert.securityConditionApplication(cardStateEntry, cardApplicationID, NamedDataServiceActionName.DATA_SET_LIST);
CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
DataSetNameListType dataSetNameList = cardInfoWrapper.getDataSetNameList(cardApplicationID);
response.setDataSetNameList(dataSetNameList);
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class TinySAL method dsiCreate.
/**
* The DSICreate function creates a DSI (Data Structure for Interoperability) in the currently selected data set.
* See BSI-TR-03112-4, version 1.1.2, section 3.4.6.
* <br>
* <br>
* Preconditions: <br>
* - Connection to a card application established via CardApplicationConnect <br>
* - A data set has been selected with DataSetSelect <br>
* - The DSI does not exist in the data set. <br>
*
* @param request DSICreate
* @return DSICreateResponse
*/
@Override
public DSICreateResponse dsiCreate(DSICreate request) {
DSICreateResponse response = WSHelper.makeResponse(DSICreateResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
byte[] cardApplicationID = connectionHandle.getCardApplication();
byte[] dsiContent = request.getDSIContent();
Assert.assertIncorrectParameter(dsiContent, "The parameter DSIContent is empty.");
String dsiName = request.getDSIName();
Assert.assertIncorrectParameter(dsiName, "The parameter DSIName is empty.");
DSIType dsi = cardInfoWrapper.getDSIbyName(dsiName);
if (dsi != null) {
throw new NameExistsException("There is already an DSI with the name " + dsiName + " in the current EF.");
}
byte[] slotHandle = connectionHandle.getSlotHandle();
if (cardStateEntry.getFCPOfSelectedEF() == null) {
throw new PrerequisitesNotSatisfiedException("No data set for writing selected.");
} else {
DataSetInfoType dataSet = cardInfoWrapper.getDataSetByFid(cardStateEntry.getFCPOfSelectedEF().getFileIdentifiers().get(0));
Assert.securityConditionDataSet(cardStateEntry, cardApplicationID, dataSet.getDataSetName(), NamedDataServiceActionName.DSI_CREATE);
DataElements dElements = cardStateEntry.getFCPOfSelectedEF().getDataElements();
if (dElements.isTransparent()) {
WriteBinary writeBin = new WriteBinary(WriteBinary.INS_WRITE_BINARY_DATA, (byte) 0x00, (byte) 0x00, dsiContent);
writeBin.transmit(env.getDispatcher(), slotHandle);
} else if (dElements.isCyclic()) {
WriteRecord writeRec = new WriteRecord((byte) 0x00, WriteRecord.WRITE_PREVIOUS, dsiContent);
writeRec.transmit(env.getDispatcher(), slotHandle);
} else {
WriteRecord writeRec = new WriteRecord((byte) 0x00, WriteRecord.WRITE_LAST, dsiContent);
writeRec.transmit(env.getDispatcher(), slotHandle);
}
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class TinySAL method verifyCertificate.
/**
* The VerifyCertificate function validates a given certificate.
* See BSI-TR-03112-4, version 1.1.2, section 3.5.7.
*
* @param request VerifyCertificate
* @return VerifyCertificateResponse
*/
@Override
public VerifyCertificateResponse verifyCertificate(VerifyCertificate request) {
VerifyCertificateResponse response = WSHelper.makeResponse(VerifyCertificateResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
String didName = SALUtils.getDIDName(request);
byte[] certificate = request.getCertificate();
Assert.assertIncorrectParameter(certificate, "The parameter Certificate is empty.");
String certificateType = request.getCertificateType();
Assert.assertIncorrectParameter(certificateType, "The parameter CertificateType is empty.");
String rootCert = request.getRootCert();
Assert.assertIncorrectParameter(rootCert, "The parameter RootCert is empty.");
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, applicationID);
Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
DIDScopeType didScope = request.getDIDScope();
if (didScope == null) {
didScope = DIDScopeType.LOCAL;
}
if (didScope.equals(DIDScopeType.LOCAL)) {
byte[] necessarySelectedApp = cardStateEntry.getInfo().getApplicationIdByDidName(didName, didScope);
if (!Arrays.equals(necessarySelectedApp, applicationID)) {
String msg = "Wrong application selected for the execution of VerifyCertificate with the DID " + didName + ".";
throw new SecurityConditionNotSatisfiedException(msg);
}
}
String protocolURI = didStructure.getDIDMarker().getProtocol();
SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
if (protocol.hasNextStep(FunctionType.VerifyCertificate)) {
response = protocol.verifyCertificate(request);
removeFinishedProtocol(connectionHandle, protocolURI, protocol);
} else {
throw new InappropriateProtocolForActionException("VerifyCertificate", protocol.toString());
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class TinySAL method didList.
/**
* The DIDList function returns a list of the existing DIDs in the card application addressed by the
* ConnectionHandle or the ApplicationIdentifier element within the Filter.
* See BSI-TR-03112-4, version 1.1.2, section 3.6.1.
*
* @param request DIDList
* @return DIDListResponse
*/
@Publish
@Override
public DIDListResponse didList(DIDList request) {
DIDListResponse response = WSHelper.makeResponse(DIDListResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
byte[] appId = connectionHandle.getCardApplication();
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
Assert.securityConditionApplication(cardStateEntry, appId, DifferentialIdentityServiceActionName.DID_LIST);
byte[] applicationIDFilter = null;
String objectIDFilter = null;
String applicationFunctionFilter = null;
DIDQualifierType didQualifier = request.getFilter();
if (didQualifier != null) {
applicationIDFilter = didQualifier.getApplicationIdentifier();
objectIDFilter = didQualifier.getObjectIdentifier();
applicationFunctionFilter = didQualifier.getApplicationFunction();
}
/*
* Filter by ApplicationIdentifier.
* [TR-03112-4] Allows specifying an application identifier. If this element is present all
* DIDs within the specified card application are returned no matter which card application
* is currently selected.
*/
CardApplicationWrapper cardApplication;
if (applicationIDFilter != null) {
cardApplication = cardStateEntry.getInfo().getCardApplication(applicationIDFilter);
Assert.assertIncorrectParameter(cardApplication, "The given CardApplication cannot be found.");
} else {
cardApplication = cardStateEntry.getCurrentCardApplication();
}
List<DIDInfoType> didInfos = new ArrayList<>(cardApplication.getDIDInfoList());
/*
* Filter by ObjectIdentifier.
* [TR-03112-4] Allows specifying a protocol OID (cf. [TR-03112-7]) such that only DIDs
* which support a given protocol are listed.
*/
if (objectIDFilter != null) {
Iterator<DIDInfoType> it = didInfos.iterator();
while (it.hasNext()) {
DIDInfoType next = it.next();
if (!next.getDifferentialIdentity().getDIDProtocol().equals(objectIDFilter)) {
it.remove();
}
}
}
/*
* Filter by ApplicationFunction.
* [TR-03112-4] Allows filtering for DIDs, which support a specific cryptographic operation.
* The bit string is coded as the SupportedOperations-element in [ISO7816-15].
*/
if (applicationFunctionFilter != null) {
Iterator<DIDInfoType> it = didInfos.iterator();
while (it.hasNext()) {
DIDInfoType next = it.next();
if (next.getDifferentialIdentity().getDIDMarker().getCryptoMarker() == null) {
it.remove();
} else {
iso.std.iso_iec._24727.tech.schema.CryptoMarkerType rawMarker;
rawMarker = next.getDifferentialIdentity().getDIDMarker().getCryptoMarker();
CryptoMarkerType cryptoMarker = new CryptoMarkerType(rawMarker);
AlgorithmInfoType algInfo = cryptoMarker.getAlgorithmInfo();
if (!algInfo.getSupportedOperations().contains(applicationFunctionFilter)) {
it.remove();
}
}
}
}
DIDNameListType didNameList = new DIDNameListType();
for (DIDInfoType didInfo : didInfos) {
didNameList.getDIDName().add(didInfo.getDifferentialIdentity().getDIDName());
}
response.setDIDNameList(didNameList);
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class MiddlewareSAL method sign.
@Override
public SignResponse sign(Sign request) {
SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
byte[] slotHandle = connectionHandle.getSlotHandle();
String didName = SALUtils.getDIDName(request);
byte[] message = request.getMessage();
Assert.assertIncorrectParameter(message, "The parameter Message is empty.");
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, application);
Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
CryptoMarkerType marker = new CryptoMarkerType(didStructure.getDIDMarker());
String keyLabel = marker.getLegacyKeyName();
MwSession session = managedSessions.get(slotHandle);
for (MwPrivateKey key : session.getPrivateKeys()) {
String nextLabel = "";
try {
nextLabel = key.getKeyLabel();
} catch (CryptokiException ex) {
LOG.warn("Error reading key label.", ex);
}
LOG.debug("Try to match keys '{}' == '{}'", keyLabel, nextLabel);
if (keyLabel.equals(nextLabel)) {
long sigAlg = getPKCS11Alg(marker.getAlgorithmInfo());
byte[] sig = key.sign(sigAlg, message);
response.setSignature(sig);
// set PIN to unauthenticated
setPinNotAuth(cardStateEntry);
return response;
}
}
// TODO: use other exception
String msg = String.format("The given DIDName %s references an unknown key.", didName);
throw new IncorrectParameterException(msg);
} catch (ECardException e) {
LOG.debug(e.getMessage(), e);
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
Aggregations