Search in sources :

Example 1 with AuthDataMap

use of org.openecard.common.anytype.AuthDataMap in project open-ecard by ecsec.

the class PACEStep method perform.

@Override
public DIDAuthenticateResponse perform(DIDAuthenticate request, Map<String, Object> internalData) {
    // get context to save values in
    DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
    DIDAuthenticate didAuthenticate = request;
    DIDAuthenticateResponse response = new DIDAuthenticateResponse();
    ConnectionHandleType conHandle = (ConnectionHandleType) dynCtx.get(TR03112Keys.CONNECTION_HANDLE);
    try {
        ObjectSchemaValidator valid = (ObjectSchemaValidator) dynCtx.getPromise(EACProtocol.SCHEMA_VALIDATOR).deref();
        boolean messageValid = valid.validateObject(request);
        if (!messageValid) {
            String msg = "Validation of the EAC1InputType message failed.";
            LOG.error(msg);
            dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
            response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg));
            return response;
        }
    } catch (ObjectValidatorException ex) {
        String msg = "Validation of the EAC1InputType message failed due to invalid input data.";
        LOG.error(msg, ex);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        return response;
    } catch (InterruptedException ex) {
        String msg = "Thread interrupted while waiting for schema validator instance.";
        LOG.error(msg, ex);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        return response;
    }
    if (!ByteUtils.compare(conHandle.getSlotHandle(), didAuthenticate.getConnectionHandle().getSlotHandle())) {
        String msg = "Invalid connection handle given in DIDAuthenticate message.";
        Result r = WSHelper.makeResultError(ECardConstants.Minor.SAL.UNKNOWN_HANDLE, msg);
        response.setResult(r);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        return response;
    }
    byte[] slotHandle = conHandle.getSlotHandle();
    dynCtx.put(EACProtocol.SLOT_HANDLE, slotHandle);
    dynCtx.put(EACProtocol.DISPATCHER, dispatcher);
    try {
        EAC1InputType eac1Input = new EAC1InputType(didAuthenticate.getAuthenticationProtocolData());
        EAC1OutputType eac1Output = eac1Input.getOutputType();
        AuthenticatedAuxiliaryData aad = new AuthenticatedAuxiliaryData(eac1Input.getAuthenticatedAuxiliaryData());
        byte pinID = PasswordID.valueOf(didAuthenticate.getDIDName()).getByte();
        final String passwordType = PasswordID.parse(pinID).getString();
        // determine PACE capabilities of the terminal
        boolean nativePace = genericPACESupport(conHandle);
        dynCtx.put(EACProtocol.IS_NATIVE_PACE, nativePace);
        // Certificate chain
        CardVerifiableCertificateChain certChain = new CardVerifiableCertificateChain(eac1Input.getCertificates());
        byte[] rawCertificateDescription = eac1Input.getCertificateDescription();
        CertificateDescription certDescription = CertificateDescription.getInstance(rawCertificateDescription);
        // put CertificateDescription into DynamicContext which is needed for later checks
        dynCtx.put(TR03112Keys.ESERVICE_CERTIFICATE_DESC, certDescription);
        // according to BSI-INSTANCE_KEY-7 we MUST perform some checks immediately after receiving the eService cert
        Result activationChecksResult = performChecks(certDescription, dynCtx);
        if (!ECardConstants.Major.OK.equals(activationChecksResult.getResultMajor())) {
            response.setResult(activationChecksResult);
            dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
            return response;
        }
        CHAT requiredCHAT = new CHAT(eac1Input.getRequiredCHAT());
        CHAT optionalCHAT = new CHAT(eac1Input.getOptionalCHAT());
        // get the PACEMarker
        CardStateEntry cardState = (CardStateEntry) internalData.get(EACConstants.IDATA_CARD_STATE_ENTRY);
        PACEMarkerType paceMarker = getPaceMarker(cardState, passwordType);
        dynCtx.put(EACProtocol.PACE_MARKER, paceMarker);
        // Verify that the certificate description matches the terminal certificate
        CardVerifiableCertificate taCert = certChain.getTerminalCertificate();
        CardVerifiableCertificateVerifier.verify(taCert, certDescription);
        // Verify that the required CHAT matches the terminal certificate's CHAT
        CHAT taCHAT = taCert.getCHAT();
        // an other role.
        if (taCHAT.getRole() != CHAT.Role.AUTHENTICATION_TERMINAL) {
            String msg = "Unsupported terminal type in Terminal Certificate referenced. Refernced terminal type is " + taCHAT.getRole().toString() + ".";
            response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg));
            dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
            return response;
        }
        CHATVerifier.verfiy(taCHAT, requiredCHAT);
        // remove overlapping values from optional chat
        optionalCHAT.restrictAccessRights(taCHAT);
        // Prepare data in DIDAuthenticate for GUI
        final EACData eacData = new EACData();
        eacData.didRequest = didAuthenticate;
        eacData.certificate = certChain.getTerminalCertificate();
        eacData.certificateDescription = certDescription;
        eacData.rawCertificateDescription = rawCertificateDescription;
        eacData.transactionInfo = eac1Input.getTransactionInfo();
        eacData.requiredCHAT = requiredCHAT;
        eacData.optionalCHAT = optionalCHAT;
        eacData.selectedCHAT = requiredCHAT;
        eacData.aad = aad;
        eacData.pinID = pinID;
        eacData.passwordType = passwordType;
        dynCtx.put(EACProtocol.EAC_DATA, eacData);
        // get initial pin status
        InputAPDUInfoType input = new InputAPDUInfoType();
        input.setInputAPDU(new byte[] { (byte) 0x00, (byte) 0x22, (byte) 0xC1, (byte) 0xA4, (byte) 0x0F, (byte) 0x80, (byte) 0x0A, (byte) 0x04, (byte) 0x00, (byte) 0x7F, (byte) 0x00, (byte) 0x07, (byte) 0x02, (byte) 0x02, (byte) 0x04, (byte) 0x02, (byte) 0x02, (byte) 0x83, (byte) 0x01, (byte) 0x03 });
        input.getAcceptableStatusCode().addAll(EacPinStatus.getCodes());
        Transmit transmit = new Transmit();
        transmit.setSlotHandle(slotHandle);
        transmit.getInputAPDUInfo().add(input);
        TransmitResponse pinCheckResponse = (TransmitResponse) dispatcher.safeDeliver(transmit);
        WSHelper.checkResult(pinCheckResponse);
        byte[] output = pinCheckResponse.getOutputAPDU().get(0);
        CardResponseAPDU outputApdu = new CardResponseAPDU(output);
        byte[] status = outputApdu.getStatusBytes();
        dynCtx.put(EACProtocol.PIN_STATUS, EacPinStatus.fromCode(status));
        // define GUI depending on the PIN status
        final UserConsentDescription uc = new UserConsentDescription(LANG.translationForKey(TITLE));
        final CardMonitor cardMon;
        uc.setDialogType("EAC");
        // create GUI and init executor
        cardMon = new CardMonitor();
        CardRemovedFilter filter = new CardRemovedFilter(conHandle.getIFDName(), conHandle.getSlotIndex());
        eventDispatcher.add(cardMon, filter);
        CVCStep cvcStep = new CVCStep(eacData);
        cvcStep.setBackgroundTask(cardMon);
        CVCStepAction cvcStepAction = new CVCStepAction(cvcStep);
        cvcStep.setAction(cvcStepAction);
        uc.getSteps().add(cvcStep);
        uc.getSteps().add(CHATStep.createDummy());
        uc.getSteps().add(PINStep.createDummy(passwordType));
        ProcessingStep procStep = new ProcessingStep();
        ProcessingStepAction procStepAction = new ProcessingStepAction(procStep);
        procStep.setAction(procStepAction);
        uc.getSteps().add(procStep);
        Thread guiThread = new Thread(new Runnable() {

            @Override
            public void run() {
                try {
                    // get context here because it is thread local
                    DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
                    if (!uc.getSteps().isEmpty()) {
                        UserConsentNavigator navigator = gui.obtainNavigator(uc);
                        dynCtx.put(TR03112Keys.OPEN_USER_CONSENT_NAVIGATOR, navigator);
                        ExecutionEngine exec = new ExecutionEngine(navigator);
                        ResultStatus guiResult = exec.process();
                        dynCtx.put(EACProtocol.GUI_RESULT, guiResult);
                        if (guiResult == ResultStatus.CANCEL) {
                            Promise<Object> pPaceSuccessful = dynCtx.getPromise(EACProtocol.PACE_EXCEPTION);
                            if (!pPaceSuccessful.isDelivered()) {
                                pPaceSuccessful.deliver(WSHelper.createException(WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, "User canceled the PACE dialog.")));
                            }
                        }
                    }
                } finally {
                    if (cardMon != null) {
                        eventDispatcher.del(cardMon);
                    }
                }
            }
        }, "EAC-GUI");
        guiThread.start();
        // wait for PACE to finish
        Promise<Object> pPaceException = dynCtx.getPromise(EACProtocol.PACE_EXCEPTION);
        Object pPaceError = pPaceException.deref();
        if (pPaceError != null) {
            if (pPaceError instanceof WSHelper.WSException) {
                response.setResult(((WSHelper.WSException) pPaceError).getResult());
                return response;
            } else if (pPaceError instanceof DispatcherException | pPaceError instanceof InvocationTargetException) {
                String msg = "Internal error while PACE authentication.";
                Result r = WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg);
                response.setResult(r);
                return response;
            } else {
                String msg = "Unknown error while PACE authentication.";
                Result r = WSHelper.makeResultError(ECardConstants.Minor.App.UNKNOWN_ERROR, msg);
                response.setResult(r);
                return response;
            }
        }
        // get challenge from card
        TerminalAuthentication ta = new TerminalAuthentication(dispatcher, slotHandle);
        byte[] challenge = ta.getChallenge();
        // prepare DIDAuthenticationResponse
        DIDAuthenticationDataType data = eacData.paceResponse.getAuthenticationProtocolData();
        AuthDataMap paceOutputMap = new AuthDataMap(data);
        // int retryCounter = Integer.valueOf(paceOutputMap.getContentAsString(PACEOutputType.RETRY_COUNTER));
        byte[] efCardAccess = paceOutputMap.getContentAsBytes(PACEOutputType.EF_CARD_ACCESS);
        byte[] currentCAR = paceOutputMap.getContentAsBytes(PACEOutputType.CURRENT_CAR);
        byte[] previousCAR = paceOutputMap.getContentAsBytes(PACEOutputType.PREVIOUS_CAR);
        byte[] idpicc = paceOutputMap.getContentAsBytes(PACEOutputType.ID_PICC);
        // Store SecurityInfos
        SecurityInfos securityInfos = SecurityInfos.getInstance(efCardAccess);
        internalData.put(EACConstants.IDATA_SECURITY_INFOS, securityInfos);
        // Store additional data
        internalData.put(EACConstants.IDATA_AUTHENTICATED_AUXILIARY_DATA, aad);
        internalData.put(EACConstants.IDATA_CERTIFICATES, certChain);
        internalData.put(EACConstants.IDATA_CURRENT_CAR, currentCAR);
        internalData.put(EACConstants.IDATA_PREVIOUS_CAR, previousCAR);
        internalData.put(EACConstants.IDATA_CHALLENGE, challenge);
        // Create response
        // eac1Output.setRetryCounter(retryCounter);
        eac1Output.setCHAT(eacData.selectedCHAT.toByteArray());
        eac1Output.setCurrentCAR(currentCAR);
        eac1Output.setPreviousCAR(previousCAR);
        eac1Output.setEFCardAccess(efCardAccess);
        eac1Output.setIDPICC(idpicc);
        eac1Output.setChallenge(challenge);
        response.setResult(WSHelper.makeResultOK());
        response.setAuthenticationProtocolData(eac1Output.getAuthDataType());
    } catch (CertificateException ex) {
        LOG.error(ex.getMessage(), ex);
        String msg = ex.getMessage();
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.SAL.EAC.DOC_VALID_FAILED, msg));
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    } catch (WSHelper.WSException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    } catch (ElementParsingException ex) {
        LOG.error(ex.getMessage(), ex);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, ex.getMessage()));
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        response.setResult(WSHelper.makeResultUnknownError(e.getMessage()));
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) PACEMarkerType(org.openecard.sal.protocol.eac.anytype.PACEMarkerType) ProcessingStepAction(org.openecard.sal.protocol.eac.gui.ProcessingStepAction) CertificateException(java.security.cert.CertificateException) CardMonitor(org.openecard.sal.protocol.eac.gui.CardMonitor) UserConsentNavigator(org.openecard.gui.UserConsentNavigator) Result(oasis.names.tc.dss._1_0.core.schema.Result) ObjectValidatorException(org.openecard.common.interfaces.ObjectValidatorException) ObjectSchemaValidator(org.openecard.common.interfaces.ObjectSchemaValidator) UserConsentDescription(org.openecard.gui.definition.UserConsentDescription) DispatcherException(org.openecard.common.interfaces.DispatcherException) DIDAuthenticationDataType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType) InvocationTargetException(java.lang.reflect.InvocationTargetException) Promise(org.openecard.common.util.Promise) ExecutionEngine(org.openecard.gui.executor.ExecutionEngine) AuthenticatedAuxiliaryData(org.openecard.crypto.common.asn1.eac.AuthenticatedAuxiliaryData) CardVerifiableCertificate(org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificate) AuthDataMap(org.openecard.common.anytype.AuthDataMap) CVCStepAction(org.openecard.sal.protocol.eac.gui.CVCStepAction) DynamicContext(org.openecard.common.DynamicContext) CardRemovedFilter(org.openecard.sal.protocol.eac.gui.CardRemovedFilter) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) CVCStep(org.openecard.sal.protocol.eac.gui.CVCStep) CHAT(org.openecard.crypto.common.asn1.cvc.CHAT) InputAPDUInfoType(iso.std.iso_iec._24727.tech.schema.InputAPDUInfoType) ElementParsingException(org.openecard.sal.protocol.eac.anytype.ElementParsingException) EAC1OutputType(org.openecard.sal.protocol.eac.anytype.EAC1OutputType) CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU) CardVerifiableCertificateChain(org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificateChain) EAC1InputType(org.openecard.sal.protocol.eac.anytype.EAC1InputType) WSHelper(org.openecard.common.WSHelper) DIDAuthenticate(iso.std.iso_iec._24727.tech.schema.DIDAuthenticate) Transmit(iso.std.iso_iec._24727.tech.schema.Transmit) ResultStatus(org.openecard.gui.ResultStatus) SecurityInfos(org.openecard.crypto.common.asn1.eac.SecurityInfos) CertificateDescription(org.openecard.crypto.common.asn1.cvc.CertificateDescription) ProcessingStep(org.openecard.sal.protocol.eac.gui.ProcessingStep) DispatcherException(org.openecard.common.interfaces.DispatcherException) ObjectValidatorException(org.openecard.common.interfaces.ObjectValidatorException) InvocationTargetException(java.lang.reflect.InvocationTargetException) ElementParsingException(org.openecard.sal.protocol.eac.anytype.ElementParsingException) MalformedURLException(java.net.MalformedURLException) CertificateException(java.security.cert.CertificateException) DIDAuthenticateResponse(iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse) TransmitResponse(iso.std.iso_iec._24727.tech.schema.TransmitResponse)

Example 2 with AuthDataMap

use of org.openecard.common.anytype.AuthDataMap in project open-ecard by ecsec.

the class GenericPINAction method performPACEWithCAN.

private EstablishChannelResponse performPACEWithCAN(Map<String, ExecutionResults> oldResults) throws ParserConfigurationException {
    DIDAuthenticationDataType paceInput = new DIDAuthenticationDataType();
    paceInput.setProtocol(ECardConstants.Protocol.PACE);
    AuthDataMap tmp = new AuthDataMap(paceInput);
    AuthDataResponse paceInputMap = tmp.createResponse(paceInput);
    if (capturePin) {
        ExecutionResults executionResults = oldResults.get(getStepID());
        PasswordField canField = (PasswordField) executionResults.getResult(GenericPINStep.CAN_FIELD);
        String canValue = new String(canField.getValue());
        if (canValue.length() != 6) {
            // let the user enter the can again, when input verification failed
            return null;
        } else {
            paceInputMap.addElement(PACEInputType.PIN, canValue);
        }
    }
    paceInputMap.addElement(PACEInputType.PIN_ID, PIN_ID_CAN);
    // perform PACE by EstablishChannelCommand
    EstablishChannel eChannel = createEstablishChannelStructure(paceInputMap);
    return (EstablishChannelResponse) dispatcher.safeDeliver(eChannel);
}
Also used : EstablishChannel(iso.std.iso_iec._24727.tech.schema.EstablishChannel) AuthDataMap(org.openecard.common.anytype.AuthDataMap) ExecutionResults(org.openecard.gui.executor.ExecutionResults) EstablishChannelResponse(iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse) DIDAuthenticationDataType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType) AuthDataResponse(org.openecard.common.anytype.AuthDataResponse) PasswordField(org.openecard.gui.definition.PasswordField)

Example 3 with AuthDataMap

use of org.openecard.common.anytype.AuthDataMap in project open-ecard by ecsec.

the class GenericPINAction method performPACEWithPUK.

private EstablishChannelResponse performPACEWithPUK(Map<String, ExecutionResults> oldResults) throws ParserConfigurationException {
    DIDAuthenticationDataType paceInput = new DIDAuthenticationDataType();
    paceInput.setProtocol(ECardConstants.Protocol.PACE);
    AuthDataMap tmp = new AuthDataMap(paceInput);
    AuthDataResponse paceInputMap = tmp.createResponse(paceInput);
    if (capturePin) {
        ExecutionResults executionResults = oldResults.get(getStepID());
        PasswordField pukField = (PasswordField) executionResults.getResult(GenericPINStep.PUK_FIELD);
        String pukValue = new String(pukField.getValue());
        if (pukValue.length() != 10) {
            // TODO inform user that something with his input is wrong
            return null;
        } else {
            paceInputMap.addElement(PACEInputType.PIN, pukValue);
        }
    }
    paceInputMap.addElement(PACEInputType.PIN_ID, PIN_ID_PUK);
    EstablishChannel eChannel = createEstablishChannelStructure(paceInputMap);
    return (EstablishChannelResponse) dispatcher.safeDeliver(eChannel);
}
Also used : EstablishChannel(iso.std.iso_iec._24727.tech.schema.EstablishChannel) AuthDataMap(org.openecard.common.anytype.AuthDataMap) ExecutionResults(org.openecard.gui.executor.ExecutionResults) EstablishChannelResponse(iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse) DIDAuthenticationDataType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType) AuthDataResponse(org.openecard.common.anytype.AuthDataResponse) PasswordField(org.openecard.gui.definition.PasswordField)

Example 4 with AuthDataMap

use of org.openecard.common.anytype.AuthDataMap in project open-ecard by ecsec.

the class PINStepAction method performPACEWithPIN.

private EstablishChannelResponse performPACEWithPIN(Map<String, ExecutionResults> oldResults) {
    DIDAuthenticationDataType protoData = eacData.didRequest.getAuthenticationProtocolData();
    AuthDataMap paceAuthMap;
    try {
        paceAuthMap = new AuthDataMap(protoData);
    } catch (ParserConfigurationException ex) {
        LOG.error("Failed to read EAC Protocol data.", ex);
        return null;
    }
    AuthDataResponse paceInputMap = paceAuthMap.createResponse(protoData);
    if (capturePin) {
        ExecutionResults executionResults = oldResults.get(getStepID());
        PasswordField p = (PasswordField) executionResults.getResult(PINStep.PIN_FIELD);
        char[] pinIn = p.getValue();
        // TODO: check pin length and possibly allowed charset with CardInfo file
        if (pinIn.length == 0) {
            return null;
        } else {
            // NOTE: saving pin as string prevents later removal of the value from memory !!!
            paceInputMap.addElement(PACEInputType.PIN, new String(pinIn));
        }
    }
    // perform PACE
    paceInputMap.addElement(PACEInputType.PIN_ID, PasswordID.parse(eacData.pinID).getByteAsString());
    paceInputMap.addElement(PACEInputType.CHAT, eacData.selectedCHAT.toString());
    String certDesc = ByteUtils.toHexString(eacData.rawCertificateDescription);
    paceInputMap.addElement(PACEInputType.CERTIFICATE_DESCRIPTION, certDesc);
    EstablishChannel eChannel = createEstablishChannelStructure(paceInputMap);
    return (EstablishChannelResponse) dispatcher.safeDeliver(eChannel);
}
Also used : EstablishChannel(iso.std.iso_iec._24727.tech.schema.EstablishChannel) AuthDataMap(org.openecard.common.anytype.AuthDataMap) ExecutionResults(org.openecard.gui.executor.ExecutionResults) EstablishChannelResponse(iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse) DIDAuthenticationDataType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType) AuthDataResponse(org.openecard.common.anytype.AuthDataResponse) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) PasswordField(org.openecard.gui.definition.PasswordField)

Example 5 with AuthDataMap

use of org.openecard.common.anytype.AuthDataMap in project open-ecard by ecsec.

the class AndroidMarshallerTest method testConversionOfDIDAutheticate.

@Test
public void testConversionOfDIDAutheticate() throws Exception {
    WSMarshaller m = new AndroidMarshaller();
    Document d = m.str2doc(DID_AUTHENTICATE_PACE);
    Object o = m.unmarshal(d);
    if (!(o instanceof DIDAuthenticate)) {
        throw new Exception("Object should be an instace of DIDAuthenticate");
    }
    DIDAuthenticate didAuthenticate = (DIDAuthenticate) o;
    assertEquals(didAuthenticate.getDIDName(), "PIN");
    assertEquals(didAuthenticate.getConnectionHandle().getSlotHandle(), StringUtils.toByteArray("93F25BA574EF3F94F8AE42796DAF7C05"));
    assertEquals(EAC1InputType.class, didAuthenticate.getAuthenticationProtocolData().getClass());
    for (int i = 0; i < didAuthenticate.getAuthenticationProtocolData().getAny().size(); i++) {
        if (didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getLocalName().equals("Certificate")) {
            assertEquals("7F218201487F4E8201005F2901004210444544566549444454523130313430317F494F060A04007F000702020202038641041994E6E55DD1F021180CC705C001FECB4BF5B7E978E8F148002D2D4FDBC1E57A159592681039A041E0036C007E784C36A372528C89365AAB77402E07EED6D4115F200E44453030303030303330303542387F4C12060904007F0007030102025305000100D8005F25060102000102065F2406010200010207655E732D060904007F0007030103028020B90F0EB18F30BCB878EE68924E413A2F5D5DE2F844030141EDB64383C3958C56732D060904007F00070301030180207B0E75C3F613B50011CCB5CF95704B91A6B4AC6EC100377C60BC312A2CE6BE1E5F3740A9A8B9829D2820F96FDB96D09303B01A61F09BC10C766581CAB2BBD2609EC32217C8FEB73F7CAB52CC3A0D16DC1B02F348A3049A246F3790B9687F1F72ACE722", didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getTextContent());
        } else if (didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getLocalName().equals("CertificateDescription")) {
            assertEquals("3082032D060A04007F00070301030101A10E0C0C442D547275737420476D6248A2181316687474703A2F2F7777772E642D74727573742E6E6574A32F0C2D436F736D6F73204C6562656E73766572736963686572756E677320416B7469656E676573656C6C736368616674A41513137777772E636F736D6F73646972656B742E6465A58202410C82023D4E616D652C20416E7363687269667420756E6420452D4D61696C2D4164726573736520646573204469656E737465616E626965746572733A0D0A436F736D6F73204C6562656E73766572736963686572756E677320416B7469656E676573656C6C7363686166740D0A48616C6265726773747261C39F652035302D36300D0A363631303120536161726272C3BC636B656E0D0A696E666F40636F736D6F73646972656B742E64650D0A0D0A4765736368C3A46674737A7765636B3A0D0A2D2052656769737472696572756E67202F204C6F67696E2066C3BC7220226D65696E436F736D6F73446972656B7422202D0D0A0D0A48696E7765697320617566206469652066C3BC722064656E204469656E737465616E626965746572207A757374C3A46E646967656E205374656C6C656E2C20646965206469652045696E68616C74756E672064657220566F7273636872696674656E207A756D20446174656E73636875747A206B6F6E74726F6C6C696572656E3A0D0A4D696E697374657269756D2066C3BC7220496E6E6572657320756E64204575726F7061616E67656C6567656E68656974656E0D0A4D61696E7A65722053747261C39F65203133360D0A363631323120536161726272C3BC636B656E0D0A303638312035303120E280932030300D0A706F73747374656C6C6540696E6E656E2E736161726C616E642E64650D0A687474703A2F2F7777772E696E6E656E2E736161726C616E642E64650D0A416E737072656368706172746E65723A20526F6C616E64204C6F72656E7AA768316604202E15788858E56A91A459BB7086943A5A3AB879F88F72EEE72D5B8202B035943D04206D26166C2748B08BFC3AC0A37109C406A8D35317140F6C69C27C4AB77FDD21F80420805AD754568E472C4761D52D410FB99128AB4CE2D750FDA3A8DA8FBA67BB14EB", didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getTextContent());
        } else if (didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getLocalName().equals("RequiredCHAT")) {
            assertEquals("7F4C12060904007F00070301020253050001009800", didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getTextContent());
        } else if (didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getLocalName().equals("OptionalCHAT")) {
            assertEquals("7F4C12060904007F00070301020253050000004000", didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getTextContent());
        } else if (didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getLocalName().equals("AuthenticatedAuxiliaryData")) {
            assertEquals("67177315060904007F00070301040253083230313230313236", didAuthenticate.getAuthenticationProtocolData().getAny().get(i).getTextContent());
        }
    }
    d = m.str2doc(DID_AUTHENTICATE_TA);
    o = m.unmarshal(d);
    if (!(o instanceof DIDAuthenticate)) {
        throw new Exception("Object should be an instace of DIDAuthenticate");
    }
    didAuthenticate = (DIDAuthenticate) o;
    assertEquals(didAuthenticate.getDIDName(), "PIN");
    assertEquals(didAuthenticate.getConnectionHandle().getSlotHandle(), StringUtils.toByteArray("05D4F40AEBD9919383C22216055EA3DB15056C51"));
    assertEquals(EAC2InputType.class, didAuthenticate.getAuthenticationProtocolData().getClass());
    AuthDataMap eac2input = new AuthDataMap(didAuthenticate.getAuthenticationProtocolData());
    assertEquals(eac2input.getContentAsString("EphemeralPublicKey"), "8D44E99377DA28436D2F7E8620347D7C08B186B179633E3654842E940AB179B498F974970D990D47C61FE5D4D91EBB10831E824EC6F2600D89D6661CDF47F734");
    // assertEquals(eac2input.getContentAsString("Certificate"),
    // "7F2181E47F4E819D5F290100420D5A5A43564341415441303030317F494F060A04007F0007020202020386410452DD32EAFE1FBBB4000CD9CE75F66636CFCF1EDD44F7B1EDAE25B84193DA04A91C77EE87F5C8F959ED276200DE33AB574CE9801135FF4497A37162B7C8548A0C5F200E5A5A4456434141544130303030357F4C12060904007F0007030102025305700301FFB75F25060100000601015F24060100010003015F37406F13AE9A6F4EDDB7839FF3F04D71E0DC377BC4B08FAD295EED241B524328AD0730EB553497B4FB66E9BB7AB90815F04273F09E751D7FD4B861439B4EE65381C3");
    assertEquals(eac2input.getContentAsString("Certificate"), "7F218201427F4E81FB5F290100420E5A5A4456434141544130303030357F494F060A04007F0007020202020386410470C07FAA329E927D961F490F5430B395EECF3D2A538194D8B637DE0F8ACF60A9031816AC51B594097EB211FB8F55FAA8507D5800EF7B94E024F9630314116C755F200B5A5A444B423230303033557F4C12060904007F0007030102025305000301DF045F25060100000601085F2406010000070001655E732D060904007F00070301030280207C1901932DB75D08539F2D4A27C938F79E69E083C442C068B299D185BC8AFA78732D060904007F0007030103018020BFD2A6A2E4237948D7DCCF7975D71D40F15307AA59F580A48777CBEED093F54B5F3740618F584E4293F75DDE8977311694B69A3ED73BBE43FDAFEC11B7ECF054F84ACB1231615338CE8D6EC332480883E14E0664950F85134290DD716B7C153232BC96");
    marshalLog(didAuthenticate);
    d = m.str2doc(DID_AUTHENTICATE_CA);
    o = m.unmarshal(d);
    if (!(o instanceof DIDAuthenticate)) {
        throw new Exception("Object should be an instace of DIDAuthenticate");
    }
    didAuthenticate = (DIDAuthenticate) o;
    assertEquals(didAuthenticate.getDIDName(), "PIN");
    assertEquals(didAuthenticate.getConnectionHandle().getSlotHandle(), StringUtils.toByteArray("05D4F40AEBD9919383C22216055EA3DB15056C51"));
    assertEquals(EACAdditionalInputType.class, didAuthenticate.getAuthenticationProtocolData().getClass());
    AuthDataMap eacadditionalinput = new AuthDataMap(didAuthenticate.getAuthenticationProtocolData());
    assertEquals(eacadditionalinput.getContentAsString("Signature"), "7117D7BF95D8D6BD437A0D43DE48F42528273A98F2605758D6A3A2BFC38141E7577CABB4F8FBC8DF152E3A097D1B3A703597331842425FE4A9D0F1C9067AC4A9");
    // assertEquals(eac2input.getContentAsString("Certificate"),
    // "7F2181E47F4E819D5F290100420D5A5A43564341415441303030317F494F060A04007F0007020202020386410452DD32EAFE1FBBB4000CD9CE75F66636CFCF1EDD44F7B1EDAE25B84193DA04A91C77EE87F5C8F959ED276200DE33AB574CE9801135FF4497A37162B7C8548A0C5F200E5A5A4456434141544130303030357F4C12060904007F0007030102025305700301FFB75F25060100000601015F24060100010003015F37406F13AE9A6F4EDDB7839FF3F04D71E0DC377BC4B08FAD295EED241B524328AD0730EB553497B4FB66E9BB7AB90815F04273F09E751D7FD4B861439B4EE65381C3");
    marshalLog(didAuthenticate);
}
Also used : DIDAuthenticate(iso.std.iso_iec._24727.tech.schema.DIDAuthenticate) AuthDataMap(org.openecard.common.anytype.AuthDataMap) WSMarshaller(org.openecard.ws.marshal.WSMarshaller) Document(org.w3c.dom.Document) IOException(java.io.IOException) Test(org.testng.annotations.Test)

Aggregations

AuthDataMap (org.openecard.common.anytype.AuthDataMap)10 DIDAuthenticationDataType (iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType)9 EstablishChannel (iso.std.iso_iec._24727.tech.schema.EstablishChannel)8 EstablishChannelResponse (iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse)8 AuthDataResponse (org.openecard.common.anytype.AuthDataResponse)8 ExecutionResults (org.openecard.gui.executor.ExecutionResults)8 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)5 PasswordField (org.openecard.gui.definition.PasswordField)5 WSException (org.openecard.common.WSHelper.WSException)3 StepActionResult (org.openecard.gui.executor.StepActionResult)3 DIDAuthenticate (iso.std.iso_iec._24727.tech.schema.DIDAuthenticate)2 Step (org.openecard.gui.definition.Step)2 ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)1 DIDAuthenticateResponse (iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse)1 DestroyChannel (iso.std.iso_iec._24727.tech.schema.DestroyChannel)1 InputAPDUInfoType (iso.std.iso_iec._24727.tech.schema.InputAPDUInfoType)1 Transmit (iso.std.iso_iec._24727.tech.schema.Transmit)1 TransmitResponse (iso.std.iso_iec._24727.tech.schema.TransmitResponse)1 IOException (java.io.IOException)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1