use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class MiddlewareSAL method didAuthenticate.
@Override
public DIDAuthenticateResponse didAuthenticate(DIDAuthenticate request) {
DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
connectionHandle = cardStateEntry.handleCopy();
byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
byte[] slotHandle = connectionHandle.getSlotHandle();
DIDAuthenticationDataType didAuthenticationData = request.getAuthenticationProtocolData();
Assert.assertIncorrectParameter(didAuthenticationData, "The parameter AuthenticationProtocolData is empty.");
String didName = SALUtils.getDIDName(request);
DIDStructureType didStruct = cardStateEntry.getDIDStructure(didName, application);
if (didStruct == null) {
String msg = String.format("DID %s does not exist.", didName);
throw new NamedEntityNotFoundException(msg);
}
PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStruct.getDIDMarker());
String protocolURI = didAuthenticationData.getProtocol();
if (!"urn:oid:1.3.162.15480.3.0.9".equals(protocolURI)) {
String msg = String.format("Protocol %s is not supported by this SAL.", protocolURI);
throw new UnknownProtocolException(msg);
}
PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(didAuthenticationData);
PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
// extract pin value from auth data
char[] pinValue = pinCompareInput.getPIN();
pinCompareInput.setPIN(null);
MwSession session = managedSessions.get(slotHandle);
boolean protectedAuthPath = connectionHandle.getSlotInfo().isProtectedAuthPath();
boolean pinAuthenticated;
boolean pinBlocked = false;
if (!(pinValue == null || pinValue.length == 0) && !protectedAuthPath) {
// we don't need a GUI if the PIN is known
try {
session.login(UserType.User, pinValue);
} finally {
Arrays.fill(pinValue, ' ');
}
pinAuthenticated = true;
// TODO: display error GUI if the PIN entry failed
} else {
// omit GUI when Middleware has its own PIN dialog for class 2 readers
if (protectedAuthPath && builtinPinDialog) {
session.loginExternal(UserType.User);
pinAuthenticated = true;
} else {
PinEntryDialog dialog = new PinEntryDialog(gui, protectedAuthPath, pinCompareMarker, session);
dialog.show();
pinAuthenticated = dialog.isPinAuthenticated();
pinBlocked = dialog.isPinBlocked();
}
}
if (pinAuthenticated) {
cardStateEntry.addAuthenticated(didName, application);
} else if (pinBlocked) {
String msg = "PIN is blocked.";
Result r = WSHelper.makeResultError(ECardConstants.Minor.IFD.PASSWORD_BLOCKED, msg);
response.setResult(r);
} else {
String msg = "Failed to enter PIN.";
Result r = WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, msg);
response.setResult(r);
}
// create did authenticate response
response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
} catch (PinBlockedException ex) {
// TODO: set retry counter
String minor = ECardConstants.Minor.IFD.PASSWORD_BLOCKED;
Result r = WSHelper.makeResultError(minor, ex.getMessage());
response.setResult(r);
} catch (PinIncorrectException ex) {
// TODO: set retry counter
String minor = ECardConstants.Minor.SAL.SECURITY_CONDITION_NOT_SATISFIED;
Result r = WSHelper.makeResultError(minor, ex.getMessage());
response.setResult(r);
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class DecipherStep method perform.
@Override
public DecipherResponse perform(Decipher request, Map<String, Object> internalData) {
DecipherResponse response = WSHelper.makeResponse(DecipherResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
String didName = SALUtils.getDIDName(request);
byte[] applicationID = connectionHandle.getCardApplication();
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
Assert.securityConditionDID(cardStateEntry, applicationID, didName, CryptographicServiceActionName.DECIPHER);
DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
byte[] keyReference = cryptoMarker.getCryptoKeyInfo().getKeyRef().getKeyRef();
byte[] algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getCardAlgRef();
byte[] slotHandle = connectionHandle.getSlotHandle();
// See eGK specification, part 1, version 2.2.0, section 15.9.6.
if (didStructure.getDIDScope().equals(DIDScopeType.LOCAL)) {
keyReference[0] = (byte) (0x80 | keyReference[0]);
}
TLV tagKeyReference = new TLV();
tagKeyReference.setTagNumWithClass(0x84);
tagKeyReference.setValue(keyReference);
TLV tagAlgorithmIdentifier = new TLV();
tagAlgorithmIdentifier.setTagNumWithClass(0x80);
tagAlgorithmIdentifier.setValue(algorithmIdentifier);
byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
CardCommandAPDU apdu = new ManageSecurityEnvironment((byte) 0x41, ManageSecurityEnvironment.CT, mseData);
apdu.transmit(dispatcher, slotHandle);
byte[] ciphertext = request.getCipherText();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
BigInteger bitKeySize = cryptoMarker.getCryptoKeyInfo().getKeySize();
int blocksize = bitKeySize.divide(new BigInteger("8")).intValue();
// check if the ciphertext length is divisible by the blocksize without rest
if ((ciphertext.length % blocksize) != 0) {
return WSHelper.makeResponse(DecipherResponse.class, WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, "The length of the ciphertext should be a multiple of the blocksize."));
}
// decrypt the ciphertext block for block
for (int offset = 0; offset < ciphertext.length; offset += blocksize) {
byte[] ciphertextblock = ByteUtils.copy(ciphertext, offset, blocksize);
apdu = new PSODecipher(ByteUtils.concatenate(PADDING_INDICATOR_BYTE, ciphertextblock), (byte) blocksize);
CardResponseAPDU responseAPDU = apdu.transmit(dispatcher, slotHandle);
baos.write(responseAPDU.getData());
}
response.setPlainText(baos.toByteArray());
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
logger.error(e.getMessage(), e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.common.ECardException in project open-ecard by ecsec.
the class HashStep method perform.
@Override
public HashResponse perform(Hash request, Map<String, Object> internalData) {
HashResponse response = WSHelper.makeResponse(HashResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
String didName = SALUtils.getDIDName(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
HashGenerationInfoType hashInfo = cryptoMarker.getHashGenerationInfo();
if (hashInfo != null) {
if (hashInfo == HashGenerationInfoType.NOT_ON_CARD) {
String algId = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
SignatureAlgorithms alg = SignatureAlgorithms.fromAlgId(algId);
HashAlgorithms hashAlg = alg.getHashAlg();
if (hashAlg == null) {
String msg = String.format("Algorithm %s does not specify a Hash algorithm.", algId);
LOG.error(msg);
String minor = ECardConstants.Minor.App.INCORRECT_PARM;
response.setResult(WSHelper.makeResultError(minor, msg));
} else {
// calculate hash
MessageDigest md = MessageDigest.getInstance(hashAlg.getJcaAlg());
md.update(request.getMessage());
byte[] digest = md.digest();
response.setHash(digest);
}
} else {
// TODO: implement hashing on card
String msg = String.format("Unsupported Hash generation type (%s) requested.", hashInfo);
LOG.error(msg);
String minor = ECardConstants.Minor.SAL.INAPPROPRIATE_PROTOCOL_FOR_ACTION;
response.setResult(WSHelper.makeResultError(minor, msg));
}
} else {
// no hash alg specified, this is an error
String msg = String.format("No Hash generation type specified in CIF.");
LOG.error(msg);
String minor = ECardConstants.Minor.SAL.INAPPROPRIATE_PROTOCOL_FOR_ACTION;
response.setResult(WSHelper.makeResultError(minor, msg));
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (UnsupportedAlgorithmException | NoSuchAlgorithmException ex) {
} catch (Exception e) {
LOG.warn(e.getMessage(), e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
Aggregations