Example 1 with GetResponse
use of org.openecard.common.apdu.GetResponse in project open-ecard by ecsec.
the class SignStep method performSignature.
/**
* This method performs the signature creation according to BSI TR-03112 part 7.
*
* @param cryptoMarker The {@link CryptoMarkerType} containing the SignatureCreationInfo for creating the signature.
* @param keyReference A byte array containing the reference of the key to use.
* @param algorithmIdentifier A byte array containing the identifier of the signing algorithm.
* @param message The message to sign.
* @param slotHandle The slotHandle identifying the card.
* @param hashRef The variable contains the reference for the hash algorithm which have to be used.
* @param hashInfo A HashGenerationInfo object which indicates how the hash computation is to perform.
* @return A {@link SignResponse} object containing the signature of the <b>message</b>.
* @throws TLVException Thrown if the TLV creation for the key identifier or algorithm identifier failed.
* @throws IncorrectParameterException Thrown if the SignatureGenerationInfo does not contain PSO_CDS or INT_AUTH
* after an MSE_KEY command.
* @throws APDUException Thrown if one of the command to create the signature failed.
* @throws org.openecard.common.WSHelper.WSException Thrown if the checkResults method of WSHelper failed.
*/
private SignResponse performSignature(CryptoMarkerType cryptoMarker, byte[] keyReference, byte[] algorithmIdentifier, byte[] message, byte[] slotHandle, byte[] hashRef, HashGenerationInfoType hashInfo) throws TLVException, IncorrectParameterException, APDUException, WSHelper.WSException {
SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
TLV tagAlgorithmIdentifier = new TLV();
tagAlgorithmIdentifier.setTagNumWithClass(CARD_ALG_REF);
tagAlgorithmIdentifier.setValue(algorithmIdentifier);
TLV tagKeyReference = new TLV();
tagKeyReference.setTagNumWithClass(KEY_REFERENCE_PRIVATE_KEY);
tagKeyReference.setValue(keyReference);
CardCommandAPDU cmdAPDU = null;
CardResponseAPDU responseAPDU = null;
String[] signatureGenerationInfo = cryptoMarker.getSignatureGenerationInfo();
for (String command : signatureGenerationInfo) {
HashSet<String> signGenInfo = new HashSet<>(java.util.Arrays.asList(signatureGenerationInfo));
if (command.equals("MSE_KEY")) {
byte[] mseData = tagKeyReference.toBER();
if (signGenInfo.contains("PSO_CDS")) {
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
} else if (signGenInfo.contains("INT_AUTH") && !signGenInfo.contains("PSO_CDS")) {
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
} else {
String msg = "The command 'MSE_KEY' followed by 'INT_AUTH' and 'PSO_CDS' is currently not supported.";
LOG.error(msg);
throw new IncorrectParameterException(msg);
}
} else if (command.equals("PSO_CDS")) {
cmdAPDU = new PSOComputeDigitalSignature(message, BLOCKSIZE);
} else if (command.equals("INT_AUTH")) {
cmdAPDU = new InternalAuthenticate(message, BLOCKSIZE);
} else if (command.equals("MSE_RESTORE")) {
cmdAPDU = new ManageSecurityEnvironment.Restore(ManageSecurityEnvironment.DST);
} else if (command.equals("MSE_HASH")) {
cmdAPDU = new ManageSecurityEnvironment.Set(SET_COMPUTATION, ManageSecurityEnvironment.HT);
TLV mseDataTLV = new TLV();
mseDataTLV.setTagNumWithClass((byte) 0x80);
mseDataTLV.setValue(hashRef);
cmdAPDU.setData(mseDataTLV.toBER());
} else if (command.equals("PSO_HASH")) {
if (hashInfo == HashGenerationInfoType.LAST_ROUND_ON_CARD || hashInfo == HashGenerationInfoType.NOT_ON_CARD) {
cmdAPDU = new PSOHash(PSOHash.P2_SET_HASH_OR_PART, message);
} else {
cmdAPDU = new PSOHash(PSOHash.P2_HASH_MESSAGE, message);
}
} else if (command.equals("MSE_DS")) {
byte[] mseData = tagAlgorithmIdentifier.toBER();
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
} else if (command.equals("MSE_KEY_DS")) {
byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
} else if (command.equals("MSE_INT_AUTH")) {
byte[] mseData = tagKeyReference.toBER();
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
} else if (command.equals("MSE_KEY_INT_AUTH")) {
byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
} else {
String msg = "The signature generation command '" + command + "' is unknown.";
throw new IncorrectParameterException(msg);
}
responseAPDU = cmdAPDU.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
}
byte[] signedMessage = responseAPDU.getData();
// check if further response data is available
while (responseAPDU.getTrailer()[0] == (byte) 0x61) {
GetResponse getResponseData = new GetResponse();
responseAPDU = getResponseData.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
signedMessage = Arrays.concatenate(signedMessage, responseAPDU.getData());
}
if (!Arrays.areEqual(responseAPDU.getTrailer(), new byte[] { (byte) 0x90, (byte) 0x00 })) {
String minor = SALErrorUtils.getMinor(responseAPDU.getTrailer());
response.setResult(WSHelper.makeResultError(minor, responseAPDU.getStatusMessage()));
return response;
}
response.setSignature(signedMessage);
return response;
}
Also used :
CardCommandAPDU(org.openecard.common.apdu.common.CardCommandAPDU)
PSOHash(org.openecard.sal.protocol.genericcryptography.apdu.PSOHash)
GetResponse(org.openecard.common.apdu.GetResponse)
PSOComputeDigitalSignature(org.openecard.sal.protocol.genericcryptography.apdu.PSOComputeDigitalSignature)
SignResponse(iso.std.iso_iec._24727.tech.schema.SignResponse)
IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException)
InternalAuthenticate(org.openecard.common.apdu.InternalAuthenticate)
CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU)
ManageSecurityEnvironment(org.openecard.common.apdu.ManageSecurityEnvironment)
TLV(org.openecard.common.tlv.TLV)
HashSet(java.util.HashSet)
Example 2 with GetResponse
use of org.openecard.common.apdu.GetResponse in project open-ecard by ecsec.
the class TinySAL method dsiRead.
/**
* The DSIRead function reads out the content of a specific DSI (Data Structure for Interoperability).
* See BSI-TR-03112-4, version 1.1.2, section 3.4.9.
*
* @param request DSIRead
* @return DSIReadResponse
*/
@Publish
@Override
public DSIReadResponse dsiRead(DSIRead request) {
DSIReadResponse response = WSHelper.makeResponse(DSIReadResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
String dsiName = request.getDSIName();
byte[] slotHandle = connectionHandle.getSlotHandle();
Assert.assertIncorrectParameter(dsiName, "The parameter DSIName is empty.");
Assert.securityConditionDataSet(cardStateEntry, applicationID, dsiName, NamedDataServiceActionName.DSI_READ);
if (cardStateEntry.getFCPOfSelectedEF() == null) {
throw new PrerequisitesNotSatisfiedException("No DataSet to read selected.");
}
CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
DataSetInfoType dataSetInfo = cardInfoWrapper.getDataSetByDsiName(dsiName);
if (dataSetInfo == null) {
// there is no data set which contains the given dsi name so the name should be an data set name
dataSetInfo = cardInfoWrapper.getDataSetByName(dsiName);
if (dataSetInfo != null) {
if (!cardStateEntry.getFCPOfSelectedEF().getFileIdentifiers().isEmpty()) {
byte[] path = dataSetInfo.getDataSetPath().getEfIdOrPath();
byte[] fid = Arrays.copyOfRange(path, path.length - 2, path.length);
if (!Arrays.equals(fid, cardStateEntry.getFCPOfSelectedEF().getFileIdentifiers().get(0))) {
String msg = "Wrong DataSet for reading the DSI " + dsiName + " is selected.";
throw new PrerequisitesNotSatisfiedException(msg);
}
}
byte[] fileContent = CardUtils.readFile(cardStateEntry.getFCPOfSelectedEF(), env.getDispatcher(), slotHandle);
response.setDSIContent(fileContent);
} else {
String msg = "The given DSIName does not related to any know DSI or DataSet.";
throw new IncorrectParameterException(msg);
}
} else {
// There exists a data set with the given dsi name
// check whether the correct file is selected
byte[] dataSetPath = dataSetInfo.getDataSetPath().getEfIdOrPath();
byte[] dataSetFID = new byte[] { dataSetPath[dataSetPath.length - 2], dataSetPath[dataSetPath.length - 1] };
if (Arrays.equals(dataSetFID, cardStateEntry.getFCPOfSelectedEF().getFileIdentifiers().get(0))) {
DSIType dsi = cardInfoWrapper.getDSIbyName(dsiName);
PathType dsiPath = dsi.getDSIPath();
if (dsiPath.getTagRef() != null) {
TagRef tagReference = dsiPath.getTagRef();
byte[] tag = tagReference.getTag();
GetData getDataRequest;
if (tag.length == 2) {
getDataRequest = new GetData(GetData.INS_DATA, tag[0], tag[1]);
CardResponseAPDU cardResponse = getDataRequest.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
byte[] responseData = cardResponse.getData();
while (cardResponse.getTrailer()[0] == (byte) 0x61) {
GetResponse allData = new GetResponse();
cardResponse = allData.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
responseData = ByteUtils.concatenate(responseData, cardResponse.getData());
}
response.setDSIContent(responseData);
} else if (tag.length == 1) {
// how to determine Simple- or BER-TLV in this case correctly?
// Now try Simple-TLV first and if it fail try BER-TLV
getDataRequest = new GetData(GetData.INS_DATA, GetData.SIMPLE_TLV, tag[0]);
CardResponseAPDU cardResponse = getDataRequest.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
byte[] responseData = cardResponse.getData();
// just an assumption
if (Arrays.equals(cardResponse.getTrailer(), new byte[] { (byte) 0x6A, (byte) 0x88 })) {
getDataRequest = new GetData(GetData.INS_DATA, GetData.BER_TLV_ONE_BYTE, tag[0]);
cardResponse = getDataRequest.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
responseData = cardResponse.getData();
}
while (cardResponse.getTrailer()[0] == (byte) 0x61) {
GetResponse allData = new GetResponse();
cardResponse = allData.transmit(env.getDispatcher(), slotHandle, Collections.EMPTY_LIST);
responseData = ByteUtils.concatenate(responseData, cardResponse.getData());
}
response.setDSIContent(responseData);
}
} else if (dsiPath.getIndex() != null) {
byte[] index = dsiPath.getIndex();
byte[] length = dsiPath.getLength();
List<byte[]> allowedResponse = new ArrayList<>();
allowedResponse.add(new byte[] { (byte) 0x90, (byte) 0x00 });
allowedResponse.add(new byte[] { (byte) 0x62, (byte) 0x82 });
if (cardStateEntry.getFCPOfSelectedEF().getDataElements().isLinear()) {
// in this case we use the index as record number and the length as length of record
ReadRecord readRecord = new ReadRecord(index[0]);
// NOTE: For record based files TR-0312-4 states to ignore the length field in case of records
CardResponseAPDU cardResponse = readRecord.transmit(env.getDispatcher(), slotHandle, allowedResponse);
response.setDSIContent(cardResponse.getData());
} else {
// in this case we use index as offset and length as the expected length
ReadBinary readBinary = new ReadBinary(ByteUtils.toShort(index), ByteUtils.toShort(length));
CardResponseAPDU cardResponse = readBinary.transmit(env.getDispatcher(), slotHandle, allowedResponse);
response.setDSIContent(cardResponse.getData());
}
} else {
String msg = "The currently selected data set does not contain the DSI with the name " + dsiName;
throw new PrerequisitesNotSatisfiedException(msg);
}
}
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
Also used :
ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)
CardStateEntry(org.openecard.common.sal.state.CardStateEntry)
DSIType(iso.std.iso_iec._24727.tech.schema.DSIType)
CardInfoWrapper(org.openecard.common.sal.state.cif.CardInfoWrapper)
TagRef(iso.std.iso_iec._24727.tech.schema.PathType.TagRef)
GetResponse(org.openecard.common.apdu.GetResponse)
DIDGetResponse(iso.std.iso_iec._24727.tech.schema.DIDGetResponse)
PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException)
NameExistsException(org.openecard.common.sal.exception.NameExistsException)
AddonNotFoundException(org.openecard.addon.AddonNotFoundException)
ThreadTerminateException(org.openecard.common.ThreadTerminateException)
ECardException(org.openecard.common.ECardException)
NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException)
UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException)
IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException)
InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException)
TLVException(org.openecard.common.tlv.TLVException)
SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException)
UnknownConnectionHandleException(org.openecard.common.sal.exception.UnknownConnectionHandleException)
PathType(iso.std.iso_iec._24727.tech.schema.PathType)
CardApplicationPathType(iso.std.iso_iec._24727.tech.schema.CardApplicationPathType)
ECardException(org.openecard.common.ECardException)
PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException)
ReadRecord(org.openecard.common.apdu.ReadRecord)
ReadBinary(org.openecard.common.apdu.ReadBinary)
GetData(org.openecard.common.apdu.GetData)
DataSetInfoType(iso.std.iso_iec._24727.tech.schema.DataSetInfoType)
IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException)
DataSetList(iso.std.iso_iec._24727.tech.schema.DataSetList)
DSIList(iso.std.iso_iec._24727.tech.schema.DSIList)
CardApplicationList(iso.std.iso_iec._24727.tech.schema.CardApplicationList)
CardApplicationServiceList(iso.std.iso_iec._24727.tech.schema.CardApplicationServiceList)
ArrayList(java.util.ArrayList)
DIDList(iso.std.iso_iec._24727.tech.schema.DIDList)
ACLList(iso.std.iso_iec._24727.tech.schema.ACLList)
List(java.util.List)
CardApplicationServiceNameList(iso.std.iso_iec._24727.tech.schema.CardApplicationServiceListResponse.CardApplicationServiceNameList)
CardApplicationNameList(iso.std.iso_iec._24727.tech.schema.CardApplicationListResponse.CardApplicationNameList)
CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU)
DSIReadResponse(iso.std.iso_iec._24727.tech.schema.DSIReadResponse)
Publish(org.openecard.common.interfaces.Publish)
Aggregations
GetResponse (org.openecard.common.apdu.GetResponse)2
CardResponseAPDU (org.openecard.common.apdu.common.CardResponseAPDU)2
IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)2
ACLList (iso.std.iso_iec._24727.tech.schema.ACLList)1
CardApplicationList (iso.std.iso_iec._24727.tech.schema.CardApplicationList)1
CardApplicationNameList (iso.std.iso_iec._24727.tech.schema.CardApplicationListResponse.CardApplicationNameList)1
CardApplicationPathType (iso.std.iso_iec._24727.tech.schema.CardApplicationPathType)1
CardApplicationServiceList (iso.std.iso_iec._24727.tech.schema.CardApplicationServiceList)1
CardApplicationServiceNameList (iso.std.iso_iec._24727.tech.schema.CardApplicationServiceListResponse.CardApplicationServiceNameList)1
ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)1
DIDGetResponse (iso.std.iso_iec._24727.tech.schema.DIDGetResponse)1
DIDList (iso.std.iso_iec._24727.tech.schema.DIDList)1
DSIList (iso.std.iso_iec._24727.tech.schema.DSIList)1
DSIReadResponse (iso.std.iso_iec._24727.tech.schema.DSIReadResponse)1
DSIType (iso.std.iso_iec._24727.tech.schema.DSIType)1
DataSetInfoType (iso.std.iso_iec._24727.tech.schema.DataSetInfoType)1
DataSetList (iso.std.iso_iec._24727.tech.schema.DataSetList)1
PathType (iso.std.iso_iec._24727.tech.schema.PathType)1
TagRef (iso.std.iso_iec._24727.tech.schema.PathType.TagRef)1
SignResponse (iso.std.iso_iec._24727.tech.schema.SignResponse)1
