Search in sources :

Example 6 with ProtocolException

use of org.openecard.common.ifd.protocol.exception.ProtocolException in project open-ecard by ecsec.

the class PACEProtocol method establish.

@Override
public EstablishChannelResponse establish(EstablishChannel req, Dispatcher dispatcher, UserConsent gui) {
    EstablishChannelResponse response = new EstablishChannelResponse();
    try {
        // Get parameters for the PACE protocol
        PACEInputType paceInput = new PACEInputType(req.getAuthenticationProtocolData());
        byte[] pin;
        byte pinID = paceInput.getPINID();
        byte[] chat = paceInput.getCHAT();
        if (paceInput.getPIN() == null || paceInput.getPIN().isEmpty()) {
            // GUI request
            GUIContentMap content = new GUIContentMap();
            content.add(GUIContentMap.ELEMENT.PIN_ID, pinID);
            PACEUserConsent paceUserConsent = new PACEUserConsent(gui);
            paceUserConsent.show(content);
            pin = ((String) content.get(GUIContentMap.ELEMENT.PIN)).getBytes(PACEConstants.PIN_CHARSET);
        } else {
            pin = paceInput.getPIN().getBytes(PACEConstants.PIN_CHARSET);
        }
        if (pin == null || pin.length == 0) {
            response.setResult(WSHelper.makeResultError(ECardConstants.Minor.IFD.CANCELLATION_BY_USER, "No PIN was entered."));
            return response;
        }
        // Read EF.CardAccess from card
        byte[] slotHandle = req.getSlotHandle();
        CardResponseAPDU resp = CardUtils.selectFileWithOptions(dispatcher, slotHandle, ShortUtils.toByteArray(PACEConstants.EF_CARDACCESS_FID), null, CardUtils.FCP_RESPONSE_DATA);
        FCP efCardAccessFCP = new FCP(TLV.fromBER(resp.getData()));
        byte[] efcadata = CardUtils.readFile(efCardAccessFCP, dispatcher, slotHandle);
        // Parse SecurityInfos and get PACESecurityInfos
        SecurityInfos sis = SecurityInfos.getInstance(efcadata);
        EFCardAccess efca = new EFCardAccess(sis);
        PACESecurityInfos psi = efca.getPACESecurityInfos();
        // Start PACE
        PACEImplementation pace = new PACEImplementation(dispatcher, slotHandle, psi);
        pace.execute(pin, pinID, chat);
        // Establish Secure Messaging channel
        sm = new SecureMessaging(pace.getKeyMAC(), pace.getKeyENC());
        // Create AuthenticationProtocolData (PACEOutputType)
        PACEOutputType paceOutput = paceInput.getOutputType();
        paceOutput.setEFCardAccess(efcadata);
        paceOutput.setCurrentCAR(pace.getCurrentCAR());
        paceOutput.setPreviousCAR(pace.getPreviousCAR());
        paceOutput.setIDPICC(pace.getIDPICC());
        paceOutput.setRetryCounter(pace.getRetryCounter());
        // Create EstablishChannelResponse
        response.setResult(WSHelper.makeResultOK());
        response.setAuthenticationProtocolData(paceOutput.getAuthDataType());
    } catch (UnsupportedEncodingException ex) {
        logger.error(ex.getMessage(), ex);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.IFD.IO.UNKNOWN_PIN_FORMAT, "Cannot encode the PIN in " + PACEConstants.PIN_CHARSET + " charset."));
    } catch (ProtocolException ex) {
        logger.error(ex.getMessage(), ex);
        response.setResult(WSHelper.makeResult(ex));
    } catch (Throwable ex) {
        logger.error(ex.getMessage(), ex);
        response.setResult(WSHelper.makeResult(ex));
    }
    return response;
}
Also used : ProtocolException(org.openecard.common.ifd.protocol.exception.ProtocolException) EstablishChannelResponse(iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse) EFCardAccess(org.openecard.crypto.common.asn1.eac.ef.EFCardAccess) PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos) SecurityInfos(org.openecard.crypto.common.asn1.eac.SecurityInfos) UnsupportedEncodingException(java.io.UnsupportedEncodingException) PACEInputType(org.openecard.common.ifd.anytype.PACEInputType) FCP(org.openecard.common.tlv.iso7816.FCP) PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos) PACEOutputType(org.openecard.common.ifd.anytype.PACEOutputType) CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU) GUIContentMap(org.openecard.ifd.protocol.pace.gui.GUIContentMap)

Aggregations

ProtocolException (org.openecard.common.ifd.protocol.exception.ProtocolException)6 GeneralSecurityException (java.security.GeneralSecurityException)5 CardCommandAPDU (org.openecard.common.apdu.common.CardCommandAPDU)5 APDUException (org.openecard.common.apdu.exception.APDUException)5 GeneralAuthenticate (org.openecard.common.apdu.GeneralAuthenticate)4 PACEKey (org.openecard.ifd.protocol.pace.crypto.PACEKey)2 EstablishChannelResponse (iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 CardResponseAPDU (org.openecard.common.apdu.common.CardResponseAPDU)1 PACEInputType (org.openecard.common.ifd.anytype.PACEInputType)1 PACEOutputType (org.openecard.common.ifd.anytype.PACEOutputType)1 FCP (org.openecard.common.tlv.iso7816.FCP)1 PACESecurityInfos (org.openecard.crypto.common.asn1.eac.PACESecurityInfos)1 SecurityInfos (org.openecard.crypto.common.asn1.eac.SecurityInfos)1 EFCardAccess (org.openecard.crypto.common.asn1.eac.ef.EFCardAccess)1 MSESetATPACE (org.openecard.ifd.protocol.pace.apdu.MSESetATPACE)1 AuthenticationToken (org.openecard.ifd.protocol.pace.crypto.AuthenticationToken)1 PACEGenericMapping (org.openecard.ifd.protocol.pace.crypto.PACEGenericMapping)1 PACEIntegratedMapping (org.openecard.ifd.protocol.pace.crypto.PACEIntegratedMapping)1 PACEMapping (org.openecard.ifd.protocol.pace.crypto.PACEMapping)1