Examples with CardStateEntry org.openecard.common.sal.state.CardStateEntry used on opensource projects

Example 21 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class TinySAL method cardApplicationList.

/**
 * The CardApplicationList function returns a list of the available card applications on an eCard.
 * See BSI-TR-03112-4, version 1.1.2, section 3.3.1.
 *
 * @param request CardApplicationList
 * @return CardApplicationListResponse
 */
@Publish
@Override
public CardApplicationListResponse cardApplicationList(CardApplicationList request) {
    CardApplicationListResponse response = WSHelper.makeResponse(CardApplicationListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        /*
		TR-03112-4 section 3.3.2 states that the alpha application have to be connected with
		CardApplicationConnect.
		In case of using CardInfo file descriptions this is not necessary because we just work on a file.
	    */
        // byte[] cardApplicationID = connectionHandle.getCardApplication();
        // Assert.securityConditionApplication(cardStateEntry, cardApplicationID,
        // CardApplicationServiceActionName.CARD_APPLICATION_LIST);
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        CardApplicationNameList cardApplicationNameList = new CardApplicationNameList();
        cardApplicationNameList.getCardApplicationName().addAll(cardInfoWrapper.getCardApplicationNameList());
        response.setCardApplicationNameList(cardApplicationNameList);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 22 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class TinySAL method cardApplicationEndSession.

/**
 * The CardApplicationEndSession function closes the session between the client application and the card application.
 * See BSI-TR-03112-4, version 1.1.2, section 3.2.4.
 *
 * @param request CardApplicationEndSession
 * @return CardApplicationEndSessionResponse
 */
@Publish
@Override
public CardApplicationEndSessionResponse cardApplicationEndSession(CardApplicationEndSession request) {
    CardApplicationEndSessionResponse response = WSHelper.makeResponse(CardApplicationEndSessionResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle);
        byte[] cardApplicationID = connectionHandle.getCardApplication();
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplicationID);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        Assert.securityConditionApplication(cardStateEntry, cardApplicationID, ConnectionServiceActionName.CARD_APPLICATION_END_SESSION);
        String protocolURI = didStructure.getDIDMarker().getProtocol();
        SALProtocol protocol = getProtocol(connectionHandle, null, protocolURI);
        if (protocol.hasNextStep(FunctionType.CardApplicationEndSession)) {
            response = protocol.cardApplicationEndSession(request);
            removeFinishedProtocol(connectionHandle, protocolURI, protocol);
        } else {
            throw new InappropriateProtocolForActionException("CardApplicationEndSession", protocol.toString());
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 23 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class TinySALTest method testCardApplicationCreate.

/**
 * Test of cardApplicationCreate method, of class TinySAL.
 */
@Test(enabled = TESTS_ENABLED)
public void testCardApplicationCreate() {
    System.out.println("cardApplicationCreate");
    Set<CardStateEntry> cHandles = states.getMatchingEntries(new ConnectionHandleType());
    byte[] appName = { (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74 };
    CardApplicationCreate parameters = new CardApplicationCreate();
    parameters.setConnectionHandle(cHandles.iterator().next().handleCopy());
    parameters.setCardApplicationName(appName);
    AccessControlListType cardApplicationACL = new AccessControlListType();
    parameters.setCardApplicationACL(cardApplicationACL);
    CardApplicationCreateResponse result = instance.cardApplicationCreate(parameters);
    assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
    // get path to esign
    CardApplicationPath cardApplicationPath = new CardApplicationPath();
    CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
    cardApplicationPathType.setCardApplication(appIdentifier_ESIGN);
    cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
    CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
    // connect to esign
    CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
    cardApplicationConnect.setCardApplicationPath(cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0));
    CardApplicationConnectResponse resultConnect = instance.cardApplicationConnect(cardApplicationConnect);
    assertEquals(ECardConstants.Major.OK, resultConnect.getResult().getResultMajor());
    CardApplicationList cardApplicationList = new CardApplicationList();
    cardApplicationList.setConnectionHandle(cHandles.iterator().next().handleCopy());
    CardApplicationListResponse cardApplicationListResponse = instance.cardApplicationList(cardApplicationList);
    Iterator<byte[]> it = cardApplicationListResponse.getCardApplicationNameList().getCardApplicationName().iterator();
    boolean appFound = false;
    try {
        while (it.hasNext()) {
            byte[] val = it.next();
            if (Arrays.equals(val, appName)) {
                appFound = true;
            }
        }
        assertTrue(appFound);
    } catch (Exception e) {
        assertTrue(appFound);
        System.out.println(e);
    }
}

Example 24 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class TinySALTest method testCardApplicationDelete.

/**
 * Test of cardApplicationDelete method, of class TinySAL.
 */
@Test(enabled = TESTS_ENABLED)
public void testCardApplicationDelete() {
    System.out.println("cardApplicationDelete");
    Set<CardStateEntry> cHandles = states.getMatchingEntries(new ConnectionHandleType());
    byte[] appName = { (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74 };
    CardApplicationDelete parameters = new CardApplicationDelete();
    parameters.setConnectionHandle(cHandles.iterator().next().handleCopy());
    parameters.setCardApplicationName(appName);
    CardApplicationDeleteResponse result = instance.cardApplicationDelete(parameters);
    assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
    // get path to esign
    CardApplicationPath cardApplicationPath = new CardApplicationPath();
    CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
    cardApplicationPathType.setCardApplication(appIdentifier_ESIGN);
    cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
    CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
    // connect to esign
    CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
    cardApplicationConnect.setCardApplicationPath(cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0));
    CardApplicationConnectResponse resultConnect = instance.cardApplicationConnect(cardApplicationConnect);
    assertEquals(ECardConstants.Major.OK, resultConnect.getResult().getResultMajor());
    CardApplicationList cardApplicationList = new CardApplicationList();
    cardApplicationList.setConnectionHandle(cHandles.iterator().next().handleCopy());
    CardApplicationListResponse cardApplicationListResponse = instance.cardApplicationList(cardApplicationList);
    Iterator<byte[]> it = cardApplicationListResponse.getCardApplicationNameList().getCardApplicationName().iterator();
    boolean appFound = false;
    try {
        while (it.hasNext()) {
            byte[] val = it.next();
            if (Arrays.equals(val, appName)) {
                appFound = true;
            }
        }
        assertTrue(!appFound);
    } catch (Exception e) {
        assertTrue(!appFound);
        System.out.println(e);
    }
}

Example 25 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class PACEStep method perform.

@Override
public DIDAuthenticateResponse perform(DIDAuthenticate request, Map<String, Object> internalData) {
    // get context to save values in
    DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
    DIDAuthenticate didAuthenticate = request;
    DIDAuthenticateResponse response = new DIDAuthenticateResponse();
    ConnectionHandleType conHandle = (ConnectionHandleType) dynCtx.get(TR03112Keys.CONNECTION_HANDLE);
    try {
        ObjectSchemaValidator valid = (ObjectSchemaValidator) dynCtx.getPromise(EACProtocol.SCHEMA_VALIDATOR).deref();
        boolean messageValid = valid.validateObject(request);
        if (!messageValid) {
            String msg = "Validation of the EAC1InputType message failed.";
            LOG.error(msg);
            dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
            response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg));
            return response;
        }
    } catch (ObjectValidatorException ex) {
        String msg = "Validation of the EAC1InputType message failed due to invalid input data.";
        LOG.error(msg, ex);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        return response;
    } catch (InterruptedException ex) {
        String msg = "Thread interrupted while waiting for schema validator instance.";
        LOG.error(msg, ex);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        return response;
    }
    if (!ByteUtils.compare(conHandle.getSlotHandle(), didAuthenticate.getConnectionHandle().getSlotHandle())) {
        String msg = "Invalid connection handle given in DIDAuthenticate message.";
        Result r = WSHelper.makeResultError(ECardConstants.Minor.SAL.UNKNOWN_HANDLE, msg);
        response.setResult(r);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        return response;
    }
    byte[] slotHandle = conHandle.getSlotHandle();
    dynCtx.put(EACProtocol.SLOT_HANDLE, slotHandle);
    dynCtx.put(EACProtocol.DISPATCHER, dispatcher);
    try {
        EAC1InputType eac1Input = new EAC1InputType(didAuthenticate.getAuthenticationProtocolData());
        EAC1OutputType eac1Output = eac1Input.getOutputType();
        AuthenticatedAuxiliaryData aad = new AuthenticatedAuxiliaryData(eac1Input.getAuthenticatedAuxiliaryData());
        byte pinID = PasswordID.valueOf(didAuthenticate.getDIDName()).getByte();
        final String passwordType = PasswordID.parse(pinID).getString();
        // determine PACE capabilities of the terminal
        boolean nativePace = genericPACESupport(conHandle);
        dynCtx.put(EACProtocol.IS_NATIVE_PACE, nativePace);
        // Certificate chain
        CardVerifiableCertificateChain certChain = new CardVerifiableCertificateChain(eac1Input.getCertificates());
        byte[] rawCertificateDescription = eac1Input.getCertificateDescription();
        CertificateDescription certDescription = CertificateDescription.getInstance(rawCertificateDescription);
        // put CertificateDescription into DynamicContext which is needed for later checks
        dynCtx.put(TR03112Keys.ESERVICE_CERTIFICATE_DESC, certDescription);
        // according to BSI-INSTANCE_KEY-7 we MUST perform some checks immediately after receiving the eService cert
        Result activationChecksResult = performChecks(certDescription, dynCtx);
        if (!ECardConstants.Major.OK.equals(activationChecksResult.getResultMajor())) {
            response.setResult(activationChecksResult);
            dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
            return response;
        }
        CHAT requiredCHAT = new CHAT(eac1Input.getRequiredCHAT());
        CHAT optionalCHAT = new CHAT(eac1Input.getOptionalCHAT());
        // get the PACEMarker
        CardStateEntry cardState = (CardStateEntry) internalData.get(EACConstants.IDATA_CARD_STATE_ENTRY);
        PACEMarkerType paceMarker = getPaceMarker(cardState, passwordType);
        dynCtx.put(EACProtocol.PACE_MARKER, paceMarker);
        // Verify that the certificate description matches the terminal certificate
        CardVerifiableCertificate taCert = certChain.getTerminalCertificate();
        CardVerifiableCertificateVerifier.verify(taCert, certDescription);
        // Verify that the required CHAT matches the terminal certificate's CHAT
        CHAT taCHAT = taCert.getCHAT();
        // an other role.
        if (taCHAT.getRole() != CHAT.Role.AUTHENTICATION_TERMINAL) {
            String msg = "Unsupported terminal type in Terminal Certificate referenced. Refernced terminal type is " + taCHAT.getRole().toString() + ".";
            response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg));
            dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
            return response;
        }
        CHATVerifier.verfiy(taCHAT, requiredCHAT);
        // remove overlapping values from optional chat
        optionalCHAT.restrictAccessRights(taCHAT);
        // Prepare data in DIDAuthenticate for GUI
        final EACData eacData = new EACData();
        eacData.didRequest = didAuthenticate;
        eacData.certificate = certChain.getTerminalCertificate();
        eacData.certificateDescription = certDescription;
        eacData.rawCertificateDescription = rawCertificateDescription;
        eacData.transactionInfo = eac1Input.getTransactionInfo();
        eacData.requiredCHAT = requiredCHAT;
        eacData.optionalCHAT = optionalCHAT;
        eacData.selectedCHAT = requiredCHAT;
        eacData.aad = aad;
        eacData.pinID = pinID;
        eacData.passwordType = passwordType;
        dynCtx.put(EACProtocol.EAC_DATA, eacData);
        // get initial pin status
        InputAPDUInfoType input = new InputAPDUInfoType();
        input.setInputAPDU(new byte[] { (byte) 0x00, (byte) 0x22, (byte) 0xC1, (byte) 0xA4, (byte) 0x0F, (byte) 0x80, (byte) 0x0A, (byte) 0x04, (byte) 0x00, (byte) 0x7F, (byte) 0x00, (byte) 0x07, (byte) 0x02, (byte) 0x02, (byte) 0x04, (byte) 0x02, (byte) 0x02, (byte) 0x83, (byte) 0x01, (byte) 0x03 });
        input.getAcceptableStatusCode().addAll(EacPinStatus.getCodes());
        Transmit transmit = new Transmit();
        transmit.setSlotHandle(slotHandle);
        transmit.getInputAPDUInfo().add(input);
        TransmitResponse pinCheckResponse = (TransmitResponse) dispatcher.safeDeliver(transmit);
        WSHelper.checkResult(pinCheckResponse);
        byte[] output = pinCheckResponse.getOutputAPDU().get(0);
        CardResponseAPDU outputApdu = new CardResponseAPDU(output);
        byte[] status = outputApdu.getStatusBytes();
        dynCtx.put(EACProtocol.PIN_STATUS, EacPinStatus.fromCode(status));
        // define GUI depending on the PIN status
        final UserConsentDescription uc = new UserConsentDescription(LANG.translationForKey(TITLE));
        final CardMonitor cardMon;
        uc.setDialogType("EAC");
        // create GUI and init executor
        cardMon = new CardMonitor();
        CardRemovedFilter filter = new CardRemovedFilter(conHandle.getIFDName(), conHandle.getSlotIndex());
        eventDispatcher.add(cardMon, filter);
        CVCStep cvcStep = new CVCStep(eacData);
        cvcStep.setBackgroundTask(cardMon);
        CVCStepAction cvcStepAction = new CVCStepAction(cvcStep);
        cvcStep.setAction(cvcStepAction);
        uc.getSteps().add(cvcStep);
        uc.getSteps().add(CHATStep.createDummy());
        uc.getSteps().add(PINStep.createDummy(passwordType));
        ProcessingStep procStep = new ProcessingStep();
        ProcessingStepAction procStepAction = new ProcessingStepAction(procStep);
        procStep.setAction(procStepAction);
        uc.getSteps().add(procStep);
        Thread guiThread = new Thread(new Runnable() {

            @Override
            public void run() {
                try {
                    // get context here because it is thread local
                    DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
                    if (!uc.getSteps().isEmpty()) {
                        UserConsentNavigator navigator = gui.obtainNavigator(uc);
                        dynCtx.put(TR03112Keys.OPEN_USER_CONSENT_NAVIGATOR, navigator);
                        ExecutionEngine exec = new ExecutionEngine(navigator);
                        ResultStatus guiResult = exec.process();
                        dynCtx.put(EACProtocol.GUI_RESULT, guiResult);
                        if (guiResult == ResultStatus.CANCEL) {
                            Promise<Object> pPaceSuccessful = dynCtx.getPromise(EACProtocol.PACE_EXCEPTION);
                            if (!pPaceSuccessful.isDelivered()) {
                                pPaceSuccessful.deliver(WSHelper.createException(WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, "User canceled the PACE dialog.")));
                            }
                        }
                    }
                } finally {
                    if (cardMon != null) {
                        eventDispatcher.del(cardMon);
                    }
                }
            }
        }, "EAC-GUI");
        guiThread.start();
        // wait for PACE to finish
        Promise<Object> pPaceException = dynCtx.getPromise(EACProtocol.PACE_EXCEPTION);
        Object pPaceError = pPaceException.deref();
        if (pPaceError != null) {
            if (pPaceError instanceof WSHelper.WSException) {
                response.setResult(((WSHelper.WSException) pPaceError).getResult());
                return response;
            } else if (pPaceError instanceof DispatcherException | pPaceError instanceof InvocationTargetException) {
                String msg = "Internal error while PACE authentication.";
                Result r = WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg);
                response.setResult(r);
                return response;
            } else {
                String msg = "Unknown error while PACE authentication.";
                Result r = WSHelper.makeResultError(ECardConstants.Minor.App.UNKNOWN_ERROR, msg);
                response.setResult(r);
                return response;
            }
        }
        // get challenge from card
        TerminalAuthentication ta = new TerminalAuthentication(dispatcher, slotHandle);
        byte[] challenge = ta.getChallenge();
        // prepare DIDAuthenticationResponse
        DIDAuthenticationDataType data = eacData.paceResponse.getAuthenticationProtocolData();
        AuthDataMap paceOutputMap = new AuthDataMap(data);
        // int retryCounter = Integer.valueOf(paceOutputMap.getContentAsString(PACEOutputType.RETRY_COUNTER));
        byte[] efCardAccess = paceOutputMap.getContentAsBytes(PACEOutputType.EF_CARD_ACCESS);
        byte[] currentCAR = paceOutputMap.getContentAsBytes(PACEOutputType.CURRENT_CAR);
        byte[] previousCAR = paceOutputMap.getContentAsBytes(PACEOutputType.PREVIOUS_CAR);
        byte[] idpicc = paceOutputMap.getContentAsBytes(PACEOutputType.ID_PICC);
        // Store SecurityInfos
        SecurityInfos securityInfos = SecurityInfos.getInstance(efCardAccess);
        internalData.put(EACConstants.IDATA_SECURITY_INFOS, securityInfos);
        // Store additional data
        internalData.put(EACConstants.IDATA_AUTHENTICATED_AUXILIARY_DATA, aad);
        internalData.put(EACConstants.IDATA_CERTIFICATES, certChain);
        internalData.put(EACConstants.IDATA_CURRENT_CAR, currentCAR);
        internalData.put(EACConstants.IDATA_PREVIOUS_CAR, previousCAR);
        internalData.put(EACConstants.IDATA_CHALLENGE, challenge);
        // Create response
        // eac1Output.setRetryCounter(retryCounter);
        eac1Output.setCHAT(eacData.selectedCHAT.toByteArray());
        eac1Output.setCurrentCAR(currentCAR);
        eac1Output.setPreviousCAR(previousCAR);
        eac1Output.setEFCardAccess(efCardAccess);
        eac1Output.setIDPICC(idpicc);
        eac1Output.setChallenge(challenge);
        response.setResult(WSHelper.makeResultOK());
        response.setAuthenticationProtocolData(eac1Output.getAuthDataType());
    } catch (CertificateException ex) {
        LOG.error(ex.getMessage(), ex);
        String msg = ex.getMessage();
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.SAL.EAC.DOC_VALID_FAILED, msg));
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    } catch (WSHelper.WSException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    } catch (ElementParsingException ex) {
        LOG.error(ex.getMessage(), ex);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, ex.getMessage()));
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        response.setResult(WSHelper.makeResultUnknownError(e.getMessage()));
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    }
    return response;
}