Examples with CardCommandAPDU org.openecard.common.apdu.common.CardCommandAPDU used on opensource projects

Example 11 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class SignStep method performLegacySignature.

/**
 * The method performs the SignatureCreation if no standard commands are possible.
 * This method creates a signature with APDUs which are not covered by the methods defined in TR-03112 part 7.
 *
 * @param cryptoMarker A {@link CryptoMarkerType} object containing the information about the creation of a signature
 *   in a legacy way.
 * @param slotHandle A slotHandle identifying the current card.
 * @param templateCTX A Map containing the context data for the evaluation of the template variables. This object
 *   contains per default the message to sign and the {@link TLVFunction}.
 * @return A {@link SignResponse} object containing the signature of the <b>message</b>.
 * @throws APDUTemplateException Thrown if the evaluation of the {@link CardCommandTemplate} failed.
 * @throws APDUException Thrown if one of the commands to execute failed.
 * @throws WSHelper.WSException Thrown if the checkResult method of WSHelper failed.
 */
private SignResponse performLegacySignature(CryptoMarkerType cryptoMarker, ConnectionHandleType connectionHandle, BaseTemplateContext templateCTX) throws APDUTemplateException, APDUException, WSHelper.WSException {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    List<Object> legacyCommands = cryptoMarker.getLegacySignatureGenerationInfo();
    CardCommandAPDU cmdAPDU;
    CardResponseAPDU responseAPDU = null;
    byte[] slotHandle = connectionHandle.getSlotHandle();
    byte[] signedMessage;
    for (Object next : legacyCommands) {
        if (next instanceof CardCallTemplateType) {
            CardCallTemplateType cctt = (CardCallTemplateType) next;
            CardCommandTemplate template = new CardCommandTemplate(cctt);
            cmdAPDU = template.evaluate(templateCTX);
            responseAPDU = cmdAPDU.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
        } else if (next instanceof APICommand) {
            sendAPICommand(connectionHandle, (APICommand) next);
        }
    }
    signedMessage = responseAPDU.getData();
    // check if further response data is available
    while (responseAPDU.getTrailer()[0] == (byte) 0x61) {
        CardCommandAPDU getResponseData = new CardCommandAPDU((byte) 0x00, (byte) 0xC0, (byte) 0x00, (byte) 0x00, responseAPDU.getTrailer()[1]);
        responseAPDU = getResponseData.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
        signedMessage = Arrays.concatenate(signedMessage, responseAPDU.getData());
    }
    if (!Arrays.areEqual(responseAPDU.getTrailer(), new byte[] { (byte) 0x90, (byte) 0x00 })) {
        String minor = SALErrorUtils.getMinor(responseAPDU.getTrailer());
        response.setResult(WSHelper.makeResultError(minor, responseAPDU.getStatusMessage()));
        return response;
    }
    // fix output format
    String outForm = cryptoMarker.getLegacyOutputFormat();
    if (outForm != null) {
        switch(outForm) {
            case "rawRS":
                signedMessage = encodeRawRS(signedMessage);
                break;
            default:
                LOG.warn("Unsupport outputFormat={} specified in LegacySignatureGenerationInfo.", outForm);
        }
    }
    response.setSignature(signedMessage);
    return response;
}

Example 12 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class TinySAL method cardApplicationSelect.

@Override
public CardApplicationSelectResponse cardApplicationSelect(CardApplicationSelect request) {
    CardApplicationSelectResponse response = WSHelper.makeResponse(CardApplicationSelectResponse.class, WSHelper.makeResultOK());
    try {
        byte[] slotHandle = request.getSlotHandle();
        ConnectionHandleType connectionHandle = SALUtils.createConnectionHandle(slotHandle);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
        byte[] reqApplicationID = request.getCardApplication();
        Assert.assertIncorrectParameter(reqApplicationID, "The parameter CardApplication is empty.");
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        CardApplicationWrapper appInfo = cardInfoWrapper.getCardApplication(reqApplicationID);
        Assert.assertNamedEntityNotFound(appInfo, "The given Application cannot be found.");
        Assert.securityConditionApplication(cardStateEntry, reqApplicationID, ConnectionServiceActionName.CARD_APPLICATION_CONNECT);
        // check if the currently selected application is already what the caller wants
        byte[] curApplicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
        if (!ByteUtils.compare(reqApplicationID, curApplicationID)) {
            // Select the card application
            CardCommandAPDU select;
            // TODO: proper determination of path, file and app id
            if (reqApplicationID.length == 2) {
                select = new Select.File(reqApplicationID);
                List<byte[]> responses = new ArrayList<>();
                responses.add(TrailerConstants.Success.OK());
                responses.add(TrailerConstants.Error.WRONG_P1_P2());
                CardResponseAPDU resp = select.transmit(env.getDispatcher(), slotHandle, responses);
                if (Arrays.equals(resp.getTrailer(), TrailerConstants.Error.WRONG_P1_P2())) {
                    select = new Select.AbsolutePath(reqApplicationID);
                    select.transmit(env.getDispatcher(), slotHandle);
                }
            } else {
                select = new Select.Application(reqApplicationID);
                select.transmit(env.getDispatcher(), slotHandle);
            }
            cardStateEntry.setCurrentCardApplication(reqApplicationID);
            // reset the ef FCP
            cardStateEntry.unsetFCPOfSelectedEF();
        }
        response.setConnectionHandle(cardStateEntry.handleCopy());
    } catch (ECardException e) {
        response.setResult(e.getResult());
    }
    return response;
}

Example 13 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class PACEImplementation method generalAuthenticateMapNonce.

/**
 * Step 3: Mapping nonce
 */
private void generalAuthenticateMapNonce() throws Exception {
    byte[] pkMapPCD = null;
    PACEMapping mapping = cryptoSuite.getMapping();
    if (mapping instanceof PACEGenericMapping) {
        PACEGenericMapping gm = (PACEGenericMapping) mapping;
        pkMapPCD = gm.getMappingKey().getEncodedPublicKey();
    } else if (mapping instanceof PACEIntegratedMapping) {
        throw new UnsupportedOperationException("Not implemented yet.");
    }
    CardCommandAPDU gaMapNonce = new GeneralAuthenticate((byte) 0x81, pkMapPCD);
    gaMapNonce.setChaining();
    try {
        response = gaMapNonce.transmit(dispatcher, slotHandle);
    } catch (APDUException e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(e.getResult());
    }
    if (mapping instanceof PACEGenericMapping) {
        PACEGenericMapping gm = (PACEGenericMapping) mapping;
        PACEKey keyMapPICC = new PACEKey(domainParameter);
        keyMapPICC.decodePublicKey(response.getData());
        byte[] pkMapPICC = keyMapPICC.getEncodedPublicKey();
        if (ByteUtils.compare(pkMapPICC, pkMapPCD)) {
            throw new GeneralSecurityException("PACE security violation: equal keys");
        }
        domainParameter = gm.map(pkMapPICC, s);
    } else if (mapping instanceof PACEIntegratedMapping) {
        throw new UnsupportedOperationException("Not implemented yet.");
    }
    // Continue with Step 4
    generalAuthenticateKeyAgreement();
}

Example 14 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class PACEImplementation method generalAuthenticateEncryptedNonce.

/**
 * Step 2: Encrypted nonce
 */
private void generalAuthenticateEncryptedNonce() throws Exception {
    CardCommandAPDU gaEncryptedNonce = new GeneralAuthenticate();
    gaEncryptedNonce.setChaining();
    // Derive key PI
    byte[] keyPI = kdf.derivePI(password);
    try {
        response = gaEncryptedNonce.transmit(dispatcher, slotHandle);
        s = cryptoSuite.decryptNonce(keyPI, response.getData());
        // Continue with Step 3
        generalAuthenticateMapNonce();
    } catch (APDUException e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(e.getResult());
    } catch (GeneralSecurityException e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(e.getMessage());
    }
}

Example 15 with CardCommandAPDU

use of org.openecard.common.apdu.common.CardCommandAPDU in project open-ecard by ecsec.

the class PACEImplementation method generalAuthenticateKeyAgreement.

/**
 * Step 4: Key agreement
 *
 * @param mapPK_PICC
 */
private void generalAuthenticateKeyAgreement() throws Exception {
    keyPCD = new PACEKey(domainParameter);
    keyPCD.generateKeyPair();
    byte[] keyPKPCD = keyPCD.getEncodedPublicKey();
    CardCommandAPDU gaKeyAgreement = new GeneralAuthenticate((byte) 0x83, keyPKPCD);
    gaKeyAgreement.setChaining();
    try {
        response = gaKeyAgreement.transmit(dispatcher, slotHandle);
        keyPICC = new PACEKey(domainParameter);
        byte[] keyPKPICC = keyPICC.decodePublicKey(response.getData());
        if (!ByteUtils.compare(keyPKPCD, keyPKPICC)) {
            // Continue with Step 5
            generalAuthenticateMutualAuthentication();
        } else {
            throw new GeneralSecurityException("PACE security violation: equal keys");
        }
    } catch (APDUException e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(e.getResult());
    } catch (GeneralSecurityException e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(e.getMessage());
    }
}