Examples with ECardException org.openecard.common.ECardException used on opensource projects

Example 36 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method dataSetList.

/**
 * The DataSetList function returns the list of the data sets in the card application addressed with the
 * ConnectionHandle.
 * See BSI-TR-03112-4, version 1.1.2, section 3.4.1.
 *
 * @param request DataSetList
 * @return DataSetListResponse
 */
@Publish
@Override
public DataSetListResponse dataSetList(DataSetList request) {
    DataSetListResponse response = WSHelper.makeResponse(DataSetListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        byte[] cardApplicationID = connectionHandle.getCardApplication();
        Assert.securityConditionApplication(cardStateEntry, cardApplicationID, NamedDataServiceActionName.DATA_SET_LIST);
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        DataSetNameListType dataSetNameList = cardInfoWrapper.getDataSetNameList(cardApplicationID);
        response.setDataSetNameList(dataSetNameList);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 37 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method dsiCreate.

/**
 * The DSICreate function creates a DSI (Data Structure for Interoperability) in the currently selected data set.
 * See BSI-TR-03112-4, version 1.1.2, section 3.4.6.
 * <br>
 * <br>
 * Preconditions: <br>
 * - Connection to a card application established via CardApplicationConnect <br>
 * - A data set has been selected with DataSetSelect <br>
 * - The DSI does not exist in the data set. <br>
 *
 * @param request DSICreate
 * @return DSICreateResponse
 */
@Override
public DSICreateResponse dsiCreate(DSICreate request) {
    DSICreateResponse response = WSHelper.makeResponse(DSICreateResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        byte[] cardApplicationID = connectionHandle.getCardApplication();
        byte[] dsiContent = request.getDSIContent();
        Assert.assertIncorrectParameter(dsiContent, "The parameter DSIContent is empty.");
        String dsiName = request.getDSIName();
        Assert.assertIncorrectParameter(dsiName, "The parameter DSIName is empty.");
        DSIType dsi = cardInfoWrapper.getDSIbyName(dsiName);
        if (dsi != null) {
            throw new NameExistsException("There is already an DSI with the name " + dsiName + " in the current EF.");
        }
        byte[] slotHandle = connectionHandle.getSlotHandle();
        if (cardStateEntry.getFCPOfSelectedEF() == null) {
            throw new PrerequisitesNotSatisfiedException("No data set for writing selected.");
        } else {
            DataSetInfoType dataSet = cardInfoWrapper.getDataSetByFid(cardStateEntry.getFCPOfSelectedEF().getFileIdentifiers().get(0));
            Assert.securityConditionDataSet(cardStateEntry, cardApplicationID, dataSet.getDataSetName(), NamedDataServiceActionName.DSI_CREATE);
            DataElements dElements = cardStateEntry.getFCPOfSelectedEF().getDataElements();
            if (dElements.isTransparent()) {
                WriteBinary writeBin = new WriteBinary(WriteBinary.INS_WRITE_BINARY_DATA, (byte) 0x00, (byte) 0x00, dsiContent);
                writeBin.transmit(env.getDispatcher(), slotHandle);
            } else if (dElements.isCyclic()) {
                WriteRecord writeRec = new WriteRecord((byte) 0x00, WriteRecord.WRITE_PREVIOUS, dsiContent);
                writeRec.transmit(env.getDispatcher(), slotHandle);
            } else {
                WriteRecord writeRec = new WriteRecord((byte) 0x00, WriteRecord.WRITE_LAST, dsiContent);
                writeRec.transmit(env.getDispatcher(), slotHandle);
            }
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 38 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method verifyCertificate.

/**
 * The VerifyCertificate function validates a given certificate.
 * See BSI-TR-03112-4, version 1.1.2, section 3.5.7.
 *
 * @param request VerifyCertificate
 * @return VerifyCertificateResponse
 */
@Override
public VerifyCertificateResponse verifyCertificate(VerifyCertificate request) {
    VerifyCertificateResponse response = WSHelper.makeResponse(VerifyCertificateResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
        String didName = SALUtils.getDIDName(request);
        byte[] certificate = request.getCertificate();
        Assert.assertIncorrectParameter(certificate, "The parameter Certificate is empty.");
        String certificateType = request.getCertificateType();
        Assert.assertIncorrectParameter(certificateType, "The parameter CertificateType is empty.");
        String rootCert = request.getRootCert();
        Assert.assertIncorrectParameter(rootCert, "The parameter RootCert is empty.");
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, applicationID);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        DIDScopeType didScope = request.getDIDScope();
        if (didScope == null) {
            didScope = DIDScopeType.LOCAL;
        }
        if (didScope.equals(DIDScopeType.LOCAL)) {
            byte[] necessarySelectedApp = cardStateEntry.getInfo().getApplicationIdByDidName(didName, didScope);
            if (!Arrays.equals(necessarySelectedApp, applicationID)) {
                String msg = "Wrong application selected for the execution of VerifyCertificate with the DID " + didName + ".";
                throw new SecurityConditionNotSatisfiedException(msg);
            }
        }
        String protocolURI = didStructure.getDIDMarker().getProtocol();
        SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
        if (protocol.hasNextStep(FunctionType.VerifyCertificate)) {
            response = protocol.verifyCertificate(request);
            removeFinishedProtocol(connectionHandle, protocolURI, protocol);
        } else {
            throw new InappropriateProtocolForActionException("VerifyCertificate", protocol.toString());
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 39 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class TinySAL method didList.

/**
 * The DIDList function returns a list of the existing DIDs in the card application addressed by the
 * ConnectionHandle or the ApplicationIdentifier element within the Filter.
 * See BSI-TR-03112-4, version 1.1.2, section 3.6.1.
 *
 * @param request DIDList
 * @return DIDListResponse
 */
@Publish
@Override
public DIDListResponse didList(DIDList request) {
    DIDListResponse response = WSHelper.makeResponse(DIDListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        byte[] appId = connectionHandle.getCardApplication();
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        Assert.securityConditionApplication(cardStateEntry, appId, DifferentialIdentityServiceActionName.DID_LIST);
        byte[] applicationIDFilter = null;
        String objectIDFilter = null;
        String applicationFunctionFilter = null;
        DIDQualifierType didQualifier = request.getFilter();
        if (didQualifier != null) {
            applicationIDFilter = didQualifier.getApplicationIdentifier();
            objectIDFilter = didQualifier.getObjectIdentifier();
            applicationFunctionFilter = didQualifier.getApplicationFunction();
        }
        /*
	     * Filter by ApplicationIdentifier.
	     * [TR-03112-4] Allows specifying an application identifier. If this element is present all
	     * DIDs within the specified card application are returned no matter which card application
	     * is currently selected.
	     */
        CardApplicationWrapper cardApplication;
        if (applicationIDFilter != null) {
            cardApplication = cardStateEntry.getInfo().getCardApplication(applicationIDFilter);
            Assert.assertIncorrectParameter(cardApplication, "The given CardApplication cannot be found.");
        } else {
            cardApplication = cardStateEntry.getCurrentCardApplication();
        }
        List<DIDInfoType> didInfos = new ArrayList<>(cardApplication.getDIDInfoList());
        /*
	     * Filter by ObjectIdentifier.
	     * [TR-03112-4] Allows specifying a protocol OID (cf. [TR-03112-7]) such that only DIDs
	     * which support a given protocol are listed.
	     */
        if (objectIDFilter != null) {
            Iterator<DIDInfoType> it = didInfos.iterator();
            while (it.hasNext()) {
                DIDInfoType next = it.next();
                if (!next.getDifferentialIdentity().getDIDProtocol().equals(objectIDFilter)) {
                    it.remove();
                }
            }
        }
        /*
	     * Filter by ApplicationFunction.
	     * [TR-03112-4] Allows filtering for DIDs, which support a specific cryptographic operation.
	     * The bit string is coded as the SupportedOperations-element in [ISO7816-15].
	     */
        if (applicationFunctionFilter != null) {
            Iterator<DIDInfoType> it = didInfos.iterator();
            while (it.hasNext()) {
                DIDInfoType next = it.next();
                if (next.getDifferentialIdentity().getDIDMarker().getCryptoMarker() == null) {
                    it.remove();
                } else {
                    iso.std.iso_iec._24727.tech.schema.CryptoMarkerType rawMarker;
                    rawMarker = next.getDifferentialIdentity().getDIDMarker().getCryptoMarker();
                    CryptoMarkerType cryptoMarker = new CryptoMarkerType(rawMarker);
                    AlgorithmInfoType algInfo = cryptoMarker.getAlgorithmInfo();
                    if (!algInfo.getSupportedOperations().contains(applicationFunctionFilter)) {
                        it.remove();
                    }
                }
            }
        }
        DIDNameListType didNameList = new DIDNameListType();
        for (DIDInfoType didInfo : didInfos) {
            didNameList.getDIDName().add(didInfo.getDifferentialIdentity().getDIDName());
        }
        response.setDIDNameList(didNameList);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 40 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class MiddlewareSAL method sign.

@Override
public SignResponse sign(Sign request) {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
        byte[] slotHandle = connectionHandle.getSlotHandle();
        String didName = SALUtils.getDIDName(request);
        byte[] message = request.getMessage();
        Assert.assertIncorrectParameter(message, "The parameter Message is empty.");
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, application);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        CryptoMarkerType marker = new CryptoMarkerType(didStructure.getDIDMarker());
        String keyLabel = marker.getLegacyKeyName();
        MwSession session = managedSessions.get(slotHandle);
        for (MwPrivateKey key : session.getPrivateKeys()) {
            String nextLabel = "";
            try {
                nextLabel = key.getKeyLabel();
            } catch (CryptokiException ex) {
                LOG.warn("Error reading key label.", ex);
            }
            LOG.debug("Try to match keys '{}' == '{}'", keyLabel, nextLabel);
            if (keyLabel.equals(nextLabel)) {
                long sigAlg = getPKCS11Alg(marker.getAlgorithmInfo());
                byte[] sig = key.sign(sigAlg, message);
                response.setSignature(sig);
                // set PIN to unauthenticated
                setPinNotAuth(cardStateEntry);
                return response;
            }
        }
        // TODO: use other exception
        String msg = String.format("The given DIDName %s references an unknown key.", didName);
        throw new IncorrectParameterException(msg);
    } catch (ECardException e) {
        LOG.debug(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}