use of org.openecard.common.anytype.pin.PINCompareDIDAuthenticateInputType in project open-ecard by ecsec.
the class DIDAuthenticateStep method perform.
@Override
public DIDAuthenticateResponse perform(DIDAuthenticate request, Map<String, Object> internalData) {
DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
char[] rawPIN = null;
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
String didName = SALUtils.getDIDName(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(request.getAuthenticationProtocolData());
PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
byte[] cardApplication;
if (request.getDIDScope() != null && request.getDIDScope().equals(DIDScopeType.GLOBAL)) {
cardApplication = cardStateEntry.getInfo().getApplicationIdByDidName(request.getDIDName(), request.getDIDScope());
} else {
cardApplication = connectionHandle.getCardApplication();
}
Assert.securityConditionDID(cardStateEntry, cardApplication, didName, DifferentialIdentityServiceActionName.DID_AUTHENTICATE);
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplication);
PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStructure.getDIDMarker());
byte keyRef = pinCompareMarker.getPINRef().getKeyRef()[0];
byte[] slotHandle = connectionHandle.getSlotHandle();
PasswordAttributesType attributes = pinCompareMarker.getPasswordAttributes();
rawPIN = pinCompareInput.getPIN();
// delete pin from memory of the structure
pinCompareInput.setPIN(null);
byte[] template = new byte[] { 0x00, 0x20, 0x00, keyRef };
byte[] responseCode;
// with [ISO7816-4] (Section 7.5.6).
if (rawPIN == null || rawPIN.length == 0) {
VerifyUser verify = new VerifyUser();
verify.setSlotHandle(slotHandle);
InputUnitType inputUnit = new InputUnitType();
verify.setInputUnit(inputUnit);
PinInputType pinInput = new PinInputType();
inputUnit.setPinInput(pinInput);
pinInput.setIndex(BigInteger.ZERO);
pinInput.setPasswordAttributes(attributes);
verify.setTemplate(template);
VerifyUserResponse verifyR = (VerifyUserResponse) dispatcher.safeDeliver(verify);
WSHelper.checkResult(verifyR);
responseCode = verifyR.getResponse();
} else {
Transmit verifyTransmit = PINUtils.buildVerifyTransmit(rawPIN, attributes, template, slotHandle);
try {
TransmitResponse transResp = (TransmitResponse) dispatcher.safeDeliver(verifyTransmit);
WSHelper.checkResult(transResp);
responseCode = transResp.getOutputAPDU().get(0);
} finally {
// blank PIN APDU
for (InputAPDUInfoType apdu : verifyTransmit.getInputAPDUInfo()) {
byte[] rawApdu = apdu.getInputAPDU();
if (rawApdu != null) {
java.util.Arrays.fill(rawApdu, (byte) 0);
}
}
}
}
CardResponseAPDU verifyResponseAPDU = new CardResponseAPDU(responseCode);
if (verifyResponseAPDU.isWarningProcessed()) {
pinCompareOutput.setRetryCounter(new BigInteger(Integer.toString((verifyResponseAPDU.getSW2() & 0x0F))));
}
cardStateEntry.addAuthenticated(didName, cardApplication);
response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
} catch (ECardException e) {
LOG.error(e.getMessage(), e);
response.setResult(e.getResult());
} catch (Exception e) {
if (e instanceof RuntimeException) {
throw (RuntimeException) e;
}
LOG.error(e.getMessage(), e);
response.setResult(WSHelper.makeResult(e));
} finally {
if (rawPIN != null) {
Arrays.fill(rawPIN, ' ');
}
}
return response;
}
use of org.openecard.common.anytype.pin.PINCompareDIDAuthenticateInputType in project open-ecard by ecsec.
the class PINCompareProtocolTest method testDIDAuthenticate.
@Test(enabled = TESTS_ENABLED)
public void testDIDAuthenticate() throws ParserConfigurationException {
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(this.appIdentifier_ROOT);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
cardApplicationPathType = cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0);
cardApplicationConnect.setCardApplicationPath(cardApplicationPathType);
CardApplicationConnectResponse result1 = instance.cardApplicationConnect(cardApplicationConnect);
// /
// / Test with a pin set.
// /
DIDAuthenticate parameters = new DIDAuthenticate();
parameters.setDIDName("PIN.home");
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
Document d = builder.newDocument();
Element elemPin = d.createElementNS("urn:iso:std:iso-iec:24727:tech:schema", "Pin");
elemPin.setTextContent("123456");
DIDAuthenticationDataType didAuthenticationData = new DIDAuthenticationDataType();
didAuthenticationData.getAny().add(elemPin);
PINCompareDIDAuthenticateInputType pinCompareDIDAuthenticateInputType = new PINCompareDIDAuthenticateInputType(didAuthenticationData);
parameters.setAuthenticationProtocolData(didAuthenticationData);
parameters.setConnectionHandle(result1.getConnectionHandle());
didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
parameters.setAuthenticationProtocolData(didAuthenticationData);
DIDAuthenticateResponse result = instance.didAuthenticate(parameters);
assertEquals(result.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
assertEquals(result.getAuthenticationProtocolData().getAny().size(), 0);
// /
// / Test without a pin set.
// /
parameters = new DIDAuthenticate();
parameters.setDIDName("PIN.home");
didAuthenticationData = new DIDAuthenticationDataType();
parameters.setAuthenticationProtocolData(didAuthenticationData);
parameters.setConnectionHandle(result1.getConnectionHandle());
didAuthenticationData.setProtocol(ECardConstants.Protocol.PIN_COMPARE);
parameters.setAuthenticationProtocolData(didAuthenticationData);
result = instance.didAuthenticate(parameters);
assertEquals(result.getAuthenticationProtocolData().getProtocol(), ECardConstants.Protocol.PIN_COMPARE);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
assertEquals(result.getAuthenticationProtocolData().getAny().size(), 0);
}
use of org.openecard.common.anytype.pin.PINCompareDIDAuthenticateInputType in project open-ecard by ecsec.
the class DidInfo method enterPin.
@Nullable
public BigInteger enterPin(@Nullable char[] pin) throws WSHelper.WSException {
if (!isPinDid()) {
throw new IllegalStateException("Enter PIN called for a DID which is not a PIN DID.");
}
try {
PinCompareDIDAuthenticateInputType data = new PinCompareDIDAuthenticateInputType();
data.setProtocol(getProtocol());
// add PIN
if (pin != null && pin.length != 0) {
PINCompareDIDAuthenticateInputType builder = new PINCompareDIDAuthenticateInputType(data);
builder.setPIN(pin);
data = builder.getAuthDataType();
builder.setPIN(null);
}
DIDAuthenticate req = new DIDAuthenticate();
req.setConnectionHandle(didInfos.getHandle(application));
req.setDIDName(didTarget.getDIDName());
req.setDIDScope(this.didScope);
req.setAuthenticationProtocolData(data);
DIDAuthenticateResponse res = (DIDAuthenticateResponse) didInfos.getDispatcher().safeDeliver(req);
WSHelper.checkResult(res);
// check retry counter
PINCompareDIDAuthenticateOutputType protoData;
protoData = new PINCompareDIDAuthenticateOutputType(res.getAuthenticationProtocolData());
BigInteger retryCounter = protoData.getRetryCounter();
return retryCounter;
} catch (ParserConfigurationException ex) {
String msg = "Unexpected protocol data received in PIN Compare output.";
LOG.error(msg, ex);
throw new IllegalStateException(msg);
}
}
use of org.openecard.common.anytype.pin.PINCompareDIDAuthenticateInputType in project open-ecard by ecsec.
the class MiddlewareSAL method didAuthenticate.
@Override
public DIDAuthenticateResponse didAuthenticate(DIDAuthenticate request) {
DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
connectionHandle = cardStateEntry.handleCopy();
byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
byte[] slotHandle = connectionHandle.getSlotHandle();
DIDAuthenticationDataType didAuthenticationData = request.getAuthenticationProtocolData();
Assert.assertIncorrectParameter(didAuthenticationData, "The parameter AuthenticationProtocolData is empty.");
String didName = SALUtils.getDIDName(request);
DIDStructureType didStruct = cardStateEntry.getDIDStructure(didName, application);
if (didStruct == null) {
String msg = String.format("DID %s does not exist.", didName);
throw new NamedEntityNotFoundException(msg);
}
PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStruct.getDIDMarker());
String protocolURI = didAuthenticationData.getProtocol();
if (!"urn:oid:1.3.162.15480.3.0.9".equals(protocolURI)) {
String msg = String.format("Protocol %s is not supported by this SAL.", protocolURI);
throw new UnknownProtocolException(msg);
}
PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(didAuthenticationData);
PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
// extract pin value from auth data
char[] pinValue = pinCompareInput.getPIN();
pinCompareInput.setPIN(null);
MwSession session = managedSessions.get(slotHandle);
boolean protectedAuthPath = connectionHandle.getSlotInfo().isProtectedAuthPath();
boolean pinAuthenticated;
boolean pinBlocked = false;
if (!(pinValue == null || pinValue.length == 0) && !protectedAuthPath) {
// we don't need a GUI if the PIN is known
try {
session.login(UserType.User, pinValue);
} finally {
Arrays.fill(pinValue, ' ');
}
pinAuthenticated = true;
// TODO: display error GUI if the PIN entry failed
} else {
// omit GUI when Middleware has its own PIN dialog for class 2 readers
if (protectedAuthPath && builtinPinDialog) {
session.loginExternal(UserType.User);
pinAuthenticated = true;
} else {
PinEntryDialog dialog = new PinEntryDialog(gui, protectedAuthPath, pinCompareMarker, session);
dialog.show();
pinAuthenticated = dialog.isPinAuthenticated();
pinBlocked = dialog.isPinBlocked();
}
}
if (pinAuthenticated) {
cardStateEntry.addAuthenticated(didName, application);
} else if (pinBlocked) {
String msg = "PIN is blocked.";
Result r = WSHelper.makeResultError(ECardConstants.Minor.IFD.PASSWORD_BLOCKED, msg);
response.setResult(r);
} else {
String msg = "Failed to enter PIN.";
Result r = WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, msg);
response.setResult(r);
}
// create did authenticate response
response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
} catch (PinBlockedException ex) {
// TODO: set retry counter
String minor = ECardConstants.Minor.IFD.PASSWORD_BLOCKED;
Result r = WSHelper.makeResultError(minor, ex.getMessage());
response.setResult(r);
} catch (PinIncorrectException ex) {
// TODO: set retry counter
String minor = ECardConstants.Minor.SAL.SECURITY_CONDITION_NOT_SATISFIED;
Result r = WSHelper.makeResultError(minor, ex.getMessage());
response.setResult(r);
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
Aggregations