Examples with CardCommandAPDU org.openecard.common.apdu.common.CardCommandAPDU used on opensource projects

Example 6 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class ChipAuthentication method mseSetAT.

/**
 * Initializes the Chip Authentication protocol.
 * Sends an MSE:Set AT APDU. (Protocol step 1)
 * See BSI-TR-03110, version 2.10, part 3, B.11.1.
 *
 * @param oID Chip Authentication object identifier
 * @param keyID Key identifier
 * @throws ProtocolException
 */
public void mseSetAT(byte[] oID, byte[] keyID) throws ProtocolException {
    try {
        CardCommandAPDU mseSetAT = new MSESetATCA(oID, keyID);
        mseSetAT.transmit(dispatcher, slotHandle);
    } catch (APDUException e) {
        throw new ProtocolException(e.getResult());
    }
}

Example 7 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class ChipAuthentication method generalAuthenticate.

/**
 * Performs a General Authenticate.
 * Sends an General Authenticate APDU. (Protocol step 2)
 * See BSI-TR-03110, version 2.10, part 3, B.11.2.
 *
 * @param key Ephemeral Public Key
 * @return Response APDU
 * @throws ProtocolException
 */
public byte[] generalAuthenticate(byte[] key) throws ProtocolException {
    try {
        if (key[0] != (byte) 0x04) {
            key = ByteUtils.concatenate((byte) 0x04, key);
        }
        CardCommandAPDU generalAuthenticate = new GeneralAuthenticate((byte) 0x80, key);
        CardResponseAPDU response = generalAuthenticate.transmit(dispatcher, slotHandle);
        return response.getData();
    } catch (APDUException e) {
        throw new ProtocolException(e.getResult());
    }
}

Example 8 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class CardUtils method selectMF.

/**
 * Selects the Master File.
 *
 * @param dispatcher Dispatcher
 * @param slotHandle Slot handle
 * @throws APDUException
 */
public static void selectMF(Dispatcher dispatcher, byte[] slotHandle) throws APDUException {
    CardCommandAPDU selectMF = new Select.MasterFile();
    selectMF.transmit(dispatcher, slotHandle);
}

Example 9 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class CardUtils method readFile.

/**
 * Reads a file.
 *
 * @param dispatcher Dispatcher
 * @param slotHandle Slot handle
 * @param fcp File Control Parameters
 * @return File content
 * @throws APDUException
 */
public static byte[] readFile(FCP fcp, Dispatcher dispatcher, byte[] slotHandle) throws APDUException {
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    // Read 255 bytes per APDU
    byte length = (byte) 0xFF;
    // -1 indicates I don't know
    short numToRead = -1;
    if (fcp != null) {
        Long fcpNumBytes = fcp.getNumBytes();
        if (fcpNumBytes != null) {
            // more than short is not possible and besides that very unrealistic
            numToRead = fcpNumBytes.shortValue();
            // reduce readout size
            if (numToRead < 255) {
                length = (byte) numToRead;
            }
        }
    }
    boolean isRecord = isRecordEF(fcp);
    // records start at index 1
    byte i = (byte) (isRecord ? 1 : 0);
    short numRead = 0;
    try {
        CardResponseAPDU response;
        byte[] trailer;
        int lastNumRead = 0;
        boolean goAgain;
        do {
            if (!isRecord) {
                CardCommandAPDU readBinary = new ReadBinary(numRead, length);
                // 0x6A84 code for the estonian identity card. The card returns this code
                // after the last read process.
                response = readBinary.transmit(dispatcher, slotHandle, CardCommandStatus.response(0x9000, 0x6282, 0x6A84, 0x6A83, 0x6A86, 0x6B00));
            } else {
                CardCommandAPDU readRecord = new ReadRecord((byte) i);
                response = readRecord.transmit(dispatcher, slotHandle, CardCommandStatus.response(0x9000, 0x6282, 0x6A84, 0x6A83));
            }
            trailer = response.getTrailer();
            if (!Arrays.equals(trailer, new byte[] { (byte) 0x6A, (byte) 0x84 }) && !Arrays.equals(trailer, new byte[] { (byte) 0x6A, (byte) 0x83 }) && !Arrays.equals(trailer, new byte[] { (byte) 0x6A, (byte) 0x86 })) {
                byte[] data = response.getData();
                // some cards are just pure shit and return 9000 when no bytes have been read
                baos.write(data);
                lastNumRead = data.length;
                numRead += lastNumRead;
            }
            i++;
            // update length value
            goAgain = response.isNormalProcessed() && lastNumRead != 0 || (Arrays.equals(trailer, new byte[] { (byte) 0x62, (byte) 0x82 }) && isRecord);
            if (goAgain && numToRead != -1) {
                // we have a limit, enforce it
                short remainingBytes = (short) (numToRead - numRead);
                if (remainingBytes <= 0) {
                    goAgain = false;
                } else if (remainingBytes < 255) {
                    // update length when we reached the area below 255
                    length = (byte) remainingBytes;
                }
            }
        } while (goAgain);
        baos.close();
    } catch (IOException e) {
        throw new APDUException(e);
    }
    return baos.toByteArray();
}

Example 10 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class SignStep method performSignature.

/**
 * This method performs the signature creation according to BSI TR-03112 part 7.
 *
 * @param cryptoMarker The {@link CryptoMarkerType} containing the SignatureCreationInfo for creating the signature.
 * @param keyReference A byte array containing the reference of the key to use.
 * @param algorithmIdentifier A byte array containing the identifier of the signing algorithm.
 * @param message The message to sign.
 * @param slotHandle The slotHandle identifying the card.
 * @param hashRef The variable contains the reference for the hash algorithm which have to be used.
 * @param hashInfo A HashGenerationInfo object which indicates how the hash computation is to perform.
 * @return A {@link SignResponse} object containing the signature of the <b>message</b>.
 * @throws TLVException Thrown if the TLV creation for the key identifier or algorithm identifier failed.
 * @throws IncorrectParameterException Thrown if the SignatureGenerationInfo does not contain PSO_CDS or INT_AUTH
 * after an MSE_KEY command.
 * @throws APDUException Thrown if one of the command to create the signature failed.
 * @throws org.openecard.common.WSHelper.WSException Thrown if the checkResults method of WSHelper failed.
 */
private SignResponse performSignature(CryptoMarkerType cryptoMarker, byte[] keyReference, byte[] algorithmIdentifier, byte[] message, byte[] slotHandle, byte[] hashRef, HashGenerationInfoType hashInfo) throws TLVException, IncorrectParameterException, APDUException, WSHelper.WSException {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    TLV tagAlgorithmIdentifier = new TLV();
    tagAlgorithmIdentifier.setTagNumWithClass(CARD_ALG_REF);
    tagAlgorithmIdentifier.setValue(algorithmIdentifier);
    TLV tagKeyReference = new TLV();
    tagKeyReference.setTagNumWithClass(KEY_REFERENCE_PRIVATE_KEY);
    tagKeyReference.setValue(keyReference);
    CardCommandAPDU cmdAPDU = null;
    CardResponseAPDU responseAPDU = null;
    String[] signatureGenerationInfo = cryptoMarker.getSignatureGenerationInfo();
    for (String command : signatureGenerationInfo) {
        HashSet<String> signGenInfo = new HashSet<>(java.util.Arrays.asList(signatureGenerationInfo));
        if (command.equals("MSE_KEY")) {
            byte[] mseData = tagKeyReference.toBER();
            if (signGenInfo.contains("PSO_CDS")) {
                cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
            } else if (signGenInfo.contains("INT_AUTH") && !signGenInfo.contains("PSO_CDS")) {
                cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
            } else {
                String msg = "The command 'MSE_KEY' followed by 'INT_AUTH' and 'PSO_CDS' is currently not supported.";
                LOG.error(msg);
                throw new IncorrectParameterException(msg);
            }
        } else if (command.equals("PSO_CDS")) {
            cmdAPDU = new PSOComputeDigitalSignature(message, BLOCKSIZE);
        } else if (command.equals("INT_AUTH")) {
            cmdAPDU = new InternalAuthenticate(message, BLOCKSIZE);
        } else if (command.equals("MSE_RESTORE")) {
            cmdAPDU = new ManageSecurityEnvironment.Restore(ManageSecurityEnvironment.DST);
        } else if (command.equals("MSE_HASH")) {
            cmdAPDU = new ManageSecurityEnvironment.Set(SET_COMPUTATION, ManageSecurityEnvironment.HT);
            TLV mseDataTLV = new TLV();
            mseDataTLV.setTagNumWithClass((byte) 0x80);
            mseDataTLV.setValue(hashRef);
            cmdAPDU.setData(mseDataTLV.toBER());
        } else if (command.equals("PSO_HASH")) {
            if (hashInfo == HashGenerationInfoType.LAST_ROUND_ON_CARD || hashInfo == HashGenerationInfoType.NOT_ON_CARD) {
                cmdAPDU = new PSOHash(PSOHash.P2_SET_HASH_OR_PART, message);
            } else {
                cmdAPDU = new PSOHash(PSOHash.P2_HASH_MESSAGE, message);
            }
        } else if (command.equals("MSE_DS")) {
            byte[] mseData = tagAlgorithmIdentifier.toBER();
            cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
        } else if (command.equals("MSE_KEY_DS")) {
            byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
            cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
        } else if (command.equals("MSE_INT_AUTH")) {
            byte[] mseData = tagKeyReference.toBER();
            cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
        } else if (command.equals("MSE_KEY_INT_AUTH")) {
            byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
            cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
        } else {
            String msg = "The signature generation command '" + command + "' is unknown.";
            throw new IncorrectParameterException(msg);
        }
        responseAPDU = cmdAPDU.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
    }
    byte[] signedMessage = responseAPDU.getData();
    // check if further response data is available
    while (responseAPDU.getTrailer()[0] == (byte) 0x61) {
        GetResponse getResponseData = new GetResponse();
        responseAPDU = getResponseData.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
        signedMessage = Arrays.concatenate(signedMessage, responseAPDU.getData());
    }
    if (!Arrays.areEqual(responseAPDU.getTrailer(), new byte[] { (byte) 0x90, (byte) 0x00 })) {
        String minor = SALErrorUtils.getMinor(responseAPDU.getTrailer());
        response.setResult(WSHelper.makeResultError(minor, responseAPDU.getStatusMessage()));
        return response;
    }
    response.setSignature(signedMessage);
    return response;
}