Examples with IncorrectParameterException org.openecard.common.sal.exception.IncorrectParameterException used on opensource projects

Example 1 with IncorrectParameterException

use of org.openecard.common.sal.exception.IncorrectParameterException in project open-ecard by ecsec.

the class MiddlewareSAL method dsiRead.

@Override
public DSIReadResponse dsiRead(DSIRead request) {
    DSIReadResponse response = WSHelper.makeResponse(DSIReadResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
        byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
        String dsiName = request.getDSIName();
        byte[] slotHandle = connectionHandle.getSlotHandle();
        Assert.assertIncorrectParameter(dsiName, "The parameter DSIName is empty.");
        Assert.securityConditionDataSet(cardStateEntry, applicationID, dsiName, NamedDataServiceActionName.DSI_READ);
        MwSession session = managedSessions.get(slotHandle);
        for (MwCertificate cert : session.getCertificates()) {
            try {
                String label = cert.getLabel();
                if (label.equals(dsiName)) {
                    // read certificate
                    byte[] certificate = cert.getValue();
                    response.setDSIContent(certificate);
                    return response;
                }
            } catch (CryptokiException ex) {
                LOG.warn("Skipping certificate due to error.", ex);
            }
        }
        String msg = "The given DSIName does not related to any know DSI or DataSet.";
        throw new IncorrectParameterException(msg);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 2 with IncorrectParameterException

use of org.openecard.common.sal.exception.IncorrectParameterException in project open-ecard by ecsec.

the class MiddlewareSAL method cardApplicationConnect.

@Override
public CardApplicationConnectResponse cardApplicationConnect(CardApplicationConnect request) {
    CardApplicationConnectResponse response = WSHelper.makeResponse(CardApplicationConnectResponse.class, WSHelper.makeResultOK());
    try {
        CardApplicationPathType cardAppPath = request.getCardApplicationPath();
        Assert.assertIncorrectParameter(cardAppPath, "The parameter CardAppPathRequest is empty.");
        Set<CardStateEntry> cardStateEntrySet = states.getMatchingEntries(cardAppPath, false);
        Assert.assertIncorrectParameter(cardStateEntrySet, "The given ConnectionHandle is invalid.");
        /*
	     * [TR-03112-4] If the provided path fragments are valid for more than one card application
	     * the eCard-API-Framework SHALL return any of the possible choices.
             */
        CardStateEntry cardStateEntry = cardStateEntrySet.iterator().next();
        ConnectionHandleType handle = cardStateEntry.handleCopy();
        cardStateEntry = cardStateEntry.derive(handle);
        byte[] applicationID = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
        Assert.securityConditionApplication(cardStateEntry, applicationID, ConnectionServiceActionName.CARD_APPLICATION_CONNECT);
        // find matching slot and associate it with the slotHandle
        MwSlot slot = getMatchingSlot(handle.getIFDName(), handle.getSlotIndex());
        if (slot != null) {
            // open session
            MwSession session = slot.openSession();
            // save values in maps
            byte[] slotHandle = ValueGenerators.generateRandom(64);
            handle.setSlotHandle(slotHandle);
            managedSlots.put(slotHandle, slot);
            managedSessions.put(slotHandle, session);
        } else {
            throw new IncorrectParameterException("No slot found for requestet handle.");
        }
        cardStateEntry.setSlotHandle(handle.getSlotHandle());
        // reset the ef FCP
        cardStateEntry.unsetFCPOfSelectedEF();
        states.addEntry(cardStateEntry);
        response.setConnectionHandle(cardStateEntry.handleCopy());
        response.getConnectionHandle().setCardApplication(applicationID);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (CryptokiException ex) {
        String msg = "Error in Middleware.";
        LOG.error(msg, ex);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.Disp.COMM_ERROR, msg));
    }
    return response;
}

Example 3 with IncorrectParameterException

use of org.openecard.common.sal.exception.IncorrectParameterException in project open-ecard by ecsec.

the class TinySAL method aclList.

/**
 * The ACLList function returns the access control list for the stated target object (card application, data set, DID).
 * See BSI-TR-03112-4, version 1.1.2, section 3.7.1.
 *
 * @param request ACLList
 * @return ACLListResponse
 */
@Publish
@Override
public ACLListResponse aclList(ACLList request) {
    ACLListResponse response = WSHelper.makeResponse(ACLListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        TargetNameType targetName = request.getTargetName();
        Assert.assertIncorrectParameter(targetName, "The parameter TargetName is empty.");
        // get the target values, according to the schema only one must exist, we pick the first existing ;-)
        byte[] targetAppId = targetName.getCardApplicationName();
        String targetDataSet = targetName.getDataSetName();
        String targetDid = targetName.getDIDName();
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        byte[] handleAppId = connectionHandle.getCardApplication();
        if (targetDataSet != null) {
            DataSetInfoType dataSetInfo = cardInfoWrapper.getDataSet(targetDataSet, handleAppId);
            Assert.assertNamedEntityNotFound(dataSetInfo, "The given DataSet cannot be found.");
            response.setTargetACL(cardInfoWrapper.getDataSet(targetDataSet, handleAppId).getDataSetACL());
        } else if (targetDid != null) {
            DIDInfoType didInfo = cardInfoWrapper.getDIDInfo(targetDid, handleAppId);
            Assert.assertNamedEntityNotFound(didInfo, "The given DIDInfo cannot be found.");
            // TODO Check security condition ?
            response.setTargetACL(cardInfoWrapper.getDIDInfo(targetDid, handleAppId).getDIDACL());
        } else if (targetAppId != null) {
            CardApplicationWrapper cardApplication = cardInfoWrapper.getCardApplication(targetAppId);
            Assert.assertNamedEntityNotFound(cardApplication, "The given CardApplication cannot be found.");
            Assert.securityConditionApplication(cardStateEntry, targetAppId, AuthorizationServiceActionName.ACL_LIST);
            response.setTargetACL(cardInfoWrapper.getCardApplication(targetAppId).getCardApplicationACL());
        } else {
            throw new IncorrectParameterException("The given TargetName is invalid.");
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 4 with IncorrectParameterException

use of org.openecard.common.sal.exception.IncorrectParameterException in project open-ecard by ecsec.

the class SignStep method performSignature.

/**
 * This method performs the signature creation according to BSI TR-03112 part 7.
 *
 * @param cryptoMarker The {@link CryptoMarkerType} containing the SignatureCreationInfo for creating the signature.
 * @param keyReference A byte array containing the reference of the key to use.
 * @param algorithmIdentifier A byte array containing the identifier of the signing algorithm.
 * @param message The message to sign.
 * @param slotHandle The slotHandle identifying the card.
 * @param hashRef The variable contains the reference for the hash algorithm which have to be used.
 * @param hashInfo A HashGenerationInfo object which indicates how the hash computation is to perform.
 * @return A {@link SignResponse} object containing the signature of the <b>message</b>.
 * @throws TLVException Thrown if the TLV creation for the key identifier or algorithm identifier failed.
 * @throws IncorrectParameterException Thrown if the SignatureGenerationInfo does not contain PSO_CDS or INT_AUTH
 * after an MSE_KEY command.
 * @throws APDUException Thrown if one of the command to create the signature failed.
 * @throws org.openecard.common.WSHelper.WSException Thrown if the checkResults method of WSHelper failed.
 */
private SignResponse performSignature(CryptoMarkerType cryptoMarker, byte[] keyReference, byte[] algorithmIdentifier, byte[] message, byte[] slotHandle, byte[] hashRef, HashGenerationInfoType hashInfo) throws TLVException, IncorrectParameterException, APDUException, WSHelper.WSException {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    TLV tagAlgorithmIdentifier = new TLV();
    tagAlgorithmIdentifier.setTagNumWithClass(CARD_ALG_REF);
    tagAlgorithmIdentifier.setValue(algorithmIdentifier);
    TLV tagKeyReference = new TLV();
    tagKeyReference.setTagNumWithClass(KEY_REFERENCE_PRIVATE_KEY);
    tagKeyReference.setValue(keyReference);
    CardCommandAPDU cmdAPDU = null;
    CardResponseAPDU responseAPDU = null;
    String[] signatureGenerationInfo = cryptoMarker.getSignatureGenerationInfo();
    for (String command : signatureGenerationInfo) {
        HashSet<String> signGenInfo = new HashSet<>(java.util.Arrays.asList(signatureGenerationInfo));
        if (command.equals("MSE_KEY")) {
            byte[] mseData = tagKeyReference.toBER();
            if (signGenInfo.contains("PSO_CDS")) {
                cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
            } else if (signGenInfo.contains("INT_AUTH") && !signGenInfo.contains("PSO_CDS")) {
                cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
            } else {
                String msg = "The command 'MSE_KEY' followed by 'INT_AUTH' and 'PSO_CDS' is currently not supported.";
                LOG.error(msg);
                throw new IncorrectParameterException(msg);
            }
        } else if (command.equals("PSO_CDS")) {
            cmdAPDU = new PSOComputeDigitalSignature(message, BLOCKSIZE);
        } else if (command.equals("INT_AUTH")) {
            cmdAPDU = new InternalAuthenticate(message, BLOCKSIZE);
        } else if (command.equals("MSE_RESTORE")) {
            cmdAPDU = new ManageSecurityEnvironment.Restore(ManageSecurityEnvironment.DST);
        } else if (command.equals("MSE_HASH")) {
            cmdAPDU = new ManageSecurityEnvironment.Set(SET_COMPUTATION, ManageSecurityEnvironment.HT);
            TLV mseDataTLV = new TLV();
            mseDataTLV.setTagNumWithClass((byte) 0x80);
            mseDataTLV.setValue(hashRef);
            cmdAPDU.setData(mseDataTLV.toBER());
        } else if (command.equals("PSO_HASH")) {
            if (hashInfo == HashGenerationInfoType.LAST_ROUND_ON_CARD || hashInfo == HashGenerationInfoType.NOT_ON_CARD) {
                cmdAPDU = new PSOHash(PSOHash.P2_SET_HASH_OR_PART, message);
            } else {
                cmdAPDU = new PSOHash(PSOHash.P2_HASH_MESSAGE, message);
            }
        } else if (command.equals("MSE_DS")) {
            byte[] mseData = tagAlgorithmIdentifier.toBER();
            cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
        } else if (command.equals("MSE_KEY_DS")) {
            byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
            cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
        } else if (command.equals("MSE_INT_AUTH")) {
            byte[] mseData = tagKeyReference.toBER();
            cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
        } else if (command.equals("MSE_KEY_INT_AUTH")) {
            byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
            cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
        } else {
            String msg = "The signature generation command '" + command + "' is unknown.";
            throw new IncorrectParameterException(msg);
        }
        responseAPDU = cmdAPDU.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
    }
    byte[] signedMessage = responseAPDU.getData();
    // check if further response data is available
    while (responseAPDU.getTrailer()[0] == (byte) 0x61) {
        GetResponse getResponseData = new GetResponse();
        responseAPDU = getResponseData.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
        signedMessage = Arrays.concatenate(signedMessage, responseAPDU.getData());
    }
    if (!Arrays.areEqual(responseAPDU.getTrailer(), new byte[] { (byte) 0x90, (byte) 0x00 })) {
        String minor = SALErrorUtils.getMinor(responseAPDU.getTrailer());
        response.setResult(WSHelper.makeResultError(minor, responseAPDU.getStatusMessage()));
        return response;
    }
    response.setSignature(signedMessage);
    return response;
}

Example 5 with IncorrectParameterException

use of org.openecard.common.sal.exception.IncorrectParameterException in project open-ecard by ecsec.

the class VerifySignatureStep method perform.

@Override
public VerifySignatureResponse perform(VerifySignature request, Map<String, Object> internalData) {
    VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
        // required
        byte[] signature = request.getSignature();
        // optional
        byte[] message = request.getMessage();
        CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
        String dataSetNameCertificate = cryptoMarker.getCertificateRefs().get(0).getDataSetName();
        String algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
        DSIRead dsiRead = new DSIRead();
        dsiRead.setConnectionHandle(connectionHandle);
        dsiRead.setDSIName(dataSetNameCertificate);
        DSIReadResponse dsiReadResponse = (DSIReadResponse) dispatcher.safeDeliver(dsiRead);
        WSHelper.checkResult(dsiReadResponse);
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
        Signature signatureAlgorithm;
        if (algorithmIdentifier.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
            signatureAlgorithm = Signature.getInstance("RSA", new BouncyCastleProvider());
        } else if (algorithmIdentifier.equals(GenericCryptoUris.RSASSA_PSS_SHA256)) {
            signatureAlgorithm = Signature.getInstance("RAWRSASSA-PSS", new BouncyCastleProvider());
            signatureAlgorithm.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
        } else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2)) {
            return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
        } else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2rnd)) {
            return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
        } else {
            throw new IncorrectParameterException("Unknown signature algorithm.");
        }
        signatureAlgorithm.initVerify(cert);
        if (message != null) {
            signatureAlgorithm.update(message);
        }
        if (!signatureAlgorithm.verify(signature)) {
            throw new InvalidSignatureException();
        }
    } catch (ECardException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}