Search in sources :

Example 41 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class MiddlewareSAL method didAuthenticate.

@Override
public DIDAuthenticateResponse didAuthenticate(DIDAuthenticate request) {
    DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        connectionHandle = cardStateEntry.handleCopy();
        byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
        byte[] slotHandle = connectionHandle.getSlotHandle();
        DIDAuthenticationDataType didAuthenticationData = request.getAuthenticationProtocolData();
        Assert.assertIncorrectParameter(didAuthenticationData, "The parameter AuthenticationProtocolData is empty.");
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStruct = cardStateEntry.getDIDStructure(didName, application);
        if (didStruct == null) {
            String msg = String.format("DID %s does not exist.", didName);
            throw new NamedEntityNotFoundException(msg);
        }
        PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStruct.getDIDMarker());
        String protocolURI = didAuthenticationData.getProtocol();
        if (!"urn:oid:1.3.162.15480.3.0.9".equals(protocolURI)) {
            String msg = String.format("Protocol %s is not supported by this SAL.", protocolURI);
            throw new UnknownProtocolException(msg);
        }
        PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(didAuthenticationData);
        PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
        // extract pin value from auth data
        char[] pinValue = pinCompareInput.getPIN();
        pinCompareInput.setPIN(null);
        MwSession session = managedSessions.get(slotHandle);
        boolean protectedAuthPath = connectionHandle.getSlotInfo().isProtectedAuthPath();
        boolean pinAuthenticated;
        boolean pinBlocked = false;
        if (!(pinValue == null || pinValue.length == 0) && !protectedAuthPath) {
            // we don't need a GUI if the PIN is known
            try {
                session.login(UserType.User, pinValue);
            } finally {
                Arrays.fill(pinValue, ' ');
            }
            pinAuthenticated = true;
        // TODO: display error GUI if the PIN entry failed
        } else {
            // omit GUI when Middleware has its own PIN dialog for class 2 readers
            if (protectedAuthPath && builtinPinDialog) {
                session.loginExternal(UserType.User);
                pinAuthenticated = true;
            } else {
                PinEntryDialog dialog = new PinEntryDialog(gui, protectedAuthPath, pinCompareMarker, session);
                dialog.show();
                pinAuthenticated = dialog.isPinAuthenticated();
                pinBlocked = dialog.isPinBlocked();
            }
        }
        if (pinAuthenticated) {
            cardStateEntry.addAuthenticated(didName, application);
        } else if (pinBlocked) {
            String msg = "PIN is blocked.";
            Result r = WSHelper.makeResultError(ECardConstants.Minor.IFD.PASSWORD_BLOCKED, msg);
            response.setResult(r);
        } else {
            String msg = "Failed to enter PIN.";
            Result r = WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, msg);
            response.setResult(r);
        }
        // create did authenticate response
        response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
    } catch (PinBlockedException ex) {
        // TODO: set retry counter
        String minor = ECardConstants.Minor.IFD.PASSWORD_BLOCKED;
        Result r = WSHelper.makeResultError(minor, ex.getMessage());
        response.setResult(r);
    } catch (PinIncorrectException ex) {
        // TODO: set retry counter
        String minor = ECardConstants.Minor.SAL.SECURITY_CONDITION_NOT_SATISFIED;
        Result r = WSHelper.makeResultError(minor, ex.getMessage());
        response.setResult(r);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) DIDAuthenticationDataType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType) PINCompareMarkerType(org.openecard.common.anytype.pin.PINCompareMarkerType) PINCompareDIDAuthenticateInputType(org.openecard.common.anytype.pin.PINCompareDIDAuthenticateInputType) PinIncorrectException(org.openecard.mdlw.sal.exceptions.PinIncorrectException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) InitializationException(org.openecard.mdlw.sal.exceptions.InitializationException) ECardException(org.openecard.common.ECardException) FinalizationException(org.openecard.mdlw.sal.exceptions.FinalizationException) PinBlockedException(org.openecard.mdlw.sal.exceptions.PinBlockedException) CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) TokenException(org.openecard.mdlw.sal.exceptions.TokenException) WSMarshallerException(org.openecard.ws.marshal.WSMarshallerException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) PinIncorrectException(org.openecard.mdlw.sal.exceptions.PinIncorrectException) Result(oasis.names.tc.dss._1_0.core.schema.Result) ECardException(org.openecard.common.ECardException) DIDAuthenticateResponse(iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) PinBlockedException(org.openecard.mdlw.sal.exceptions.PinBlockedException) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) PINCompareDIDAuthenticateOutputType(org.openecard.common.anytype.pin.PINCompareDIDAuthenticateOutputType)

Example 42 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class DecipherStep method perform.

@Override
public DecipherResponse perform(Decipher request, Map<String, Object> internalData) {
    DecipherResponse response = WSHelper.makeResponse(DecipherResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        String didName = SALUtils.getDIDName(request);
        byte[] applicationID = connectionHandle.getCardApplication();
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        Assert.securityConditionDID(cardStateEntry, applicationID, didName, CryptographicServiceActionName.DECIPHER);
        DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
        CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
        byte[] keyReference = cryptoMarker.getCryptoKeyInfo().getKeyRef().getKeyRef();
        byte[] algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getCardAlgRef();
        byte[] slotHandle = connectionHandle.getSlotHandle();
        // See eGK specification, part 1, version 2.2.0, section 15.9.6.
        if (didStructure.getDIDScope().equals(DIDScopeType.LOCAL)) {
            keyReference[0] = (byte) (0x80 | keyReference[0]);
        }
        TLV tagKeyReference = new TLV();
        tagKeyReference.setTagNumWithClass(0x84);
        tagKeyReference.setValue(keyReference);
        TLV tagAlgorithmIdentifier = new TLV();
        tagAlgorithmIdentifier.setTagNumWithClass(0x80);
        tagAlgorithmIdentifier.setValue(algorithmIdentifier);
        byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
        CardCommandAPDU apdu = new ManageSecurityEnvironment((byte) 0x41, ManageSecurityEnvironment.CT, mseData);
        apdu.transmit(dispatcher, slotHandle);
        byte[] ciphertext = request.getCipherText();
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        BigInteger bitKeySize = cryptoMarker.getCryptoKeyInfo().getKeySize();
        int blocksize = bitKeySize.divide(new BigInteger("8")).intValue();
        // check if the ciphertext length is divisible by the blocksize without rest
        if ((ciphertext.length % blocksize) != 0) {
            return WSHelper.makeResponse(DecipherResponse.class, WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, "The length of the ciphertext should be a multiple of the blocksize."));
        }
        // decrypt the ciphertext block for block
        for (int offset = 0; offset < ciphertext.length; offset += blocksize) {
            byte[] ciphertextblock = ByteUtils.copy(ciphertext, offset, blocksize);
            apdu = new PSODecipher(ByteUtils.concatenate(PADDING_INDICATOR_BYTE, ciphertextblock), (byte) blocksize);
            CardResponseAPDU responseAPDU = apdu.transmit(dispatcher, slotHandle);
            baos.write(responseAPDU.getData());
        }
        response.setPlainText(baos.toByteArray());
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        logger.error(e.getMessage(), e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) CardCommandAPDU(org.openecard.common.apdu.common.CardCommandAPDU) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) CryptoMarkerType(org.openecard.crypto.common.sal.did.CryptoMarkerType) ByteArrayOutputStream(java.io.ByteArrayOutputStream) PSODecipher(org.openecard.sal.protocol.genericcryptography.apdu.PSODecipher) ECardException(org.openecard.common.ECardException) ECardException(org.openecard.common.ECardException) BigInteger(java.math.BigInteger) DecipherResponse(iso.std.iso_iec._24727.tech.schema.DecipherResponse) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU) ManageSecurityEnvironment(org.openecard.common.apdu.ManageSecurityEnvironment) TLV(org.openecard.common.tlv.TLV)

Example 43 with ECardException

use of org.openecard.common.ECardException in project open-ecard by ecsec.

the class HashStep method perform.

@Override
public HashResponse perform(Hash request, Map<String, Object> internalData) {
    HashResponse response = WSHelper.makeResponse(HashResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        String didName = SALUtils.getDIDName(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
        CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
        HashGenerationInfoType hashInfo = cryptoMarker.getHashGenerationInfo();
        if (hashInfo != null) {
            if (hashInfo == HashGenerationInfoType.NOT_ON_CARD) {
                String algId = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
                SignatureAlgorithms alg = SignatureAlgorithms.fromAlgId(algId);
                HashAlgorithms hashAlg = alg.getHashAlg();
                if (hashAlg == null) {
                    String msg = String.format("Algorithm %s does not specify a Hash algorithm.", algId);
                    LOG.error(msg);
                    String minor = ECardConstants.Minor.App.INCORRECT_PARM;
                    response.setResult(WSHelper.makeResultError(minor, msg));
                } else {
                    // calculate hash
                    MessageDigest md = MessageDigest.getInstance(hashAlg.getJcaAlg());
                    md.update(request.getMessage());
                    byte[] digest = md.digest();
                    response.setHash(digest);
                }
            } else {
                // TODO: implement hashing on card
                String msg = String.format("Unsupported Hash generation type (%s) requested.", hashInfo);
                LOG.error(msg);
                String minor = ECardConstants.Minor.SAL.INAPPROPRIATE_PROTOCOL_FOR_ACTION;
                response.setResult(WSHelper.makeResultError(minor, msg));
            }
        } else {
            // no hash alg specified, this is an error
            String msg = String.format("No Hash generation type specified in CIF.");
            LOG.error(msg);
            String minor = ECardConstants.Minor.SAL.INAPPROPRIATE_PROTOCOL_FOR_ACTION;
            response.setResult(WSHelper.makeResultError(minor, msg));
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (UnsupportedAlgorithmException | NoSuchAlgorithmException ex) {
    } catch (Exception e) {
        LOG.warn(e.getMessage(), e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) HashAlgorithms(org.openecard.crypto.common.HashAlgorithms) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) CryptoMarkerType(org.openecard.crypto.common.sal.did.CryptoMarkerType) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) HashGenerationInfoType(iso.std.iso_iec._24727.tech.schema.HashGenerationInfoType) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) ECardException(org.openecard.common.ECardException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ECardException(org.openecard.common.ECardException) HashResponse(iso.std.iso_iec._24727.tech.schema.HashResponse) SignatureAlgorithms(org.openecard.crypto.common.SignatureAlgorithms) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) MessageDigest(java.security.MessageDigest)

Aggregations

ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)43 ECardException (org.openecard.common.ECardException)43 CardStateEntry (org.openecard.common.sal.state.CardStateEntry)40 IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)37 ThreadTerminateException (org.openecard.common.ThreadTerminateException)34 NamedEntityNotFoundException (org.openecard.common.sal.exception.NamedEntityNotFoundException)34 UnknownProtocolException (org.openecard.common.sal.exception.UnknownProtocolException)34 TLVException (org.openecard.common.tlv.TLVException)29 AddonNotFoundException (org.openecard.addon.AddonNotFoundException)28 InappropriateProtocolForActionException (org.openecard.common.sal.exception.InappropriateProtocolForActionException)28 NameExistsException (org.openecard.common.sal.exception.NameExistsException)28 PrerequisitesNotSatisfiedException (org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException)28 SecurityConditionNotSatisfiedException (org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException)28 UnknownConnectionHandleException (org.openecard.common.sal.exception.UnknownConnectionHandleException)28 DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)20 Publish (org.openecard.common.interfaces.Publish)17 CardInfoWrapper (org.openecard.common.sal.state.cif.CardInfoWrapper)14 SALProtocol (org.openecard.addon.sal.SALProtocol)12 DataSetInfoType (iso.std.iso_iec._24727.tech.schema.DataSetInfoType)9 DIDScopeType (iso.std.iso_iec._24727.tech.schema.DIDScopeType)7