Examples with CardStateEntry org.openecard.common.sal.state.CardStateEntry used on opensource projects

Example 26 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class DIDAuthenticateStep method perform.

@Override
public DIDAuthenticateResponse perform(DIDAuthenticate request, Map<String, Object> internalData) {
    DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
    char[] rawPIN = null;
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        String didName = SALUtils.getDIDName(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(request.getAuthenticationProtocolData());
        PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
        byte[] cardApplication;
        if (request.getDIDScope() != null && request.getDIDScope().equals(DIDScopeType.GLOBAL)) {
            cardApplication = cardStateEntry.getInfo().getApplicationIdByDidName(request.getDIDName(), request.getDIDScope());
        } else {
            cardApplication = connectionHandle.getCardApplication();
        }
        Assert.securityConditionDID(cardStateEntry, cardApplication, didName, DifferentialIdentityServiceActionName.DID_AUTHENTICATE);
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, cardApplication);
        PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStructure.getDIDMarker());
        byte keyRef = pinCompareMarker.getPINRef().getKeyRef()[0];
        byte[] slotHandle = connectionHandle.getSlotHandle();
        PasswordAttributesType attributes = pinCompareMarker.getPasswordAttributes();
        rawPIN = pinCompareInput.getPIN();
        // delete pin from memory of the structure
        pinCompareInput.setPIN(null);
        byte[] template = new byte[] { 0x00, 0x20, 0x00, keyRef };
        byte[] responseCode;
        // with [ISO7816-4] (Section 7.5.6).
        if (rawPIN == null || rawPIN.length == 0) {
            VerifyUser verify = new VerifyUser();
            verify.setSlotHandle(slotHandle);
            InputUnitType inputUnit = new InputUnitType();
            verify.setInputUnit(inputUnit);
            PinInputType pinInput = new PinInputType();
            inputUnit.setPinInput(pinInput);
            pinInput.setIndex(BigInteger.ZERO);
            pinInput.setPasswordAttributes(attributes);
            verify.setTemplate(template);
            VerifyUserResponse verifyR = (VerifyUserResponse) dispatcher.safeDeliver(verify);
            WSHelper.checkResult(verifyR);
            responseCode = verifyR.getResponse();
        } else {
            Transmit verifyTransmit = PINUtils.buildVerifyTransmit(rawPIN, attributes, template, slotHandle);
            try {
                TransmitResponse transResp = (TransmitResponse) dispatcher.safeDeliver(verifyTransmit);
                WSHelper.checkResult(transResp);
                responseCode = transResp.getOutputAPDU().get(0);
            } finally {
                // blank PIN APDU
                for (InputAPDUInfoType apdu : verifyTransmit.getInputAPDUInfo()) {
                    byte[] rawApdu = apdu.getInputAPDU();
                    if (rawApdu != null) {
                        java.util.Arrays.fill(rawApdu, (byte) 0);
                    }
                }
            }
        }
        CardResponseAPDU verifyResponseAPDU = new CardResponseAPDU(responseCode);
        if (verifyResponseAPDU.isWarningProcessed()) {
            pinCompareOutput.setRetryCounter(new BigInteger(Integer.toString((verifyResponseAPDU.getSW2() & 0x0F))));
        }
        cardStateEntry.addAuthenticated(didName, cardApplication);
        response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
    } catch (ECardException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        if (e instanceof RuntimeException) {
            throw (RuntimeException) e;
        }
        LOG.error(e.getMessage(), e);
        response.setResult(WSHelper.makeResult(e));
    } finally {
        if (rawPIN != null) {
            Arrays.fill(rawPIN, ' ');
        }
    }
    return response;
}

Example 27 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class CredentialManager method addCredential.

/**
 * The method adds a new credential to the managed {@link CardStateMap}.
 *
 * @param handle A {@link ConnectionHandleType} object for the creation of a new {@link CardStateEntry} object.
 * @param protocol Interface protocol with which the card is connected.
 * @param cif A {@link CardInfoType} object for the creation of a new {@link CardStateEntry} object.
 * @return The method returns {@code true} if the credential was added successfully else {@code false}.
 */
public boolean addCredential(ConnectionHandleType handle, String protocol, CardInfoType cif) {
    if (handle == null || cif == null) {
        logger.warn("The ConnectionHandle and/or CardInfo object is null. Can't add the Credential.");
        return false;
    }
    CardStateEntry entry = new CardStateEntry(handle, cif, protocol);
    states.addEntry(entry);
    return true;
}

Example 28 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class SignStep method perform.

@Override
public SignResponse perform(Sign sign, Map<String, Object> internalData) {
    SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(sign);
        String didName = SALUtils.getDIDName(sign);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        DIDStructureType didStructure = SALUtils.getDIDStructure(sign, didName, cardStateEntry, connectionHandle);
        CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
        byte[] slotHandle = connectionHandle.getSlotHandle();
        byte[] applicationID = connectionHandle.getCardApplication();
        Assert.securityConditionDID(cardStateEntry, applicationID, didName, CryptographicServiceActionName.SIGN);
        byte[] message = sign.getMessage();
        byte[] keyReference = cryptoMarker.getCryptoKeyInfo().getKeyRef().getKeyRef();
        byte[] algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getCardAlgRef();
        byte[] hashRef = cryptoMarker.getAlgorithmInfo().getHashAlgRef();
        HashGenerationInfoType hashInfo = cryptoMarker.getHashGenerationInfo();
        if (didStructure.getDIDScope() == DIDScopeType.LOCAL) {
            keyReference[0] = (byte) (0x80 | keyReference[0]);
        }
        if (cryptoMarker.getSignatureGenerationInfo() != null) {
            response = performSignature(cryptoMarker, keyReference, algorithmIdentifier, message, slotHandle, hashRef, hashInfo);
        } else {
            // assuming that legacySignatureInformation exists
            BaseTemplateContext templateContext = new BaseTemplateContext();
            templateContext.put(HASH_TO_SIGN, message);
            templateContext.put(KEY_REFERENCE, keyReference);
            templateContext.put(ALGORITHM_IDENTIFIER, algorithmIdentifier);
            templateContext.put(HASHALGORITHM_REFERENCE, hashRef);
            response = performLegacySignature(cryptoMarker, connectionHandle, templateContext);
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.warn(e.getMessage(), e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 29 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class VerifySignatureStep method perform.

@Override
public VerifySignatureResponse perform(VerifySignature request, Map<String, Object> internalData) {
    VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
        // required
        byte[] signature = request.getSignature();
        // optional
        byte[] message = request.getMessage();
        CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
        String dataSetNameCertificate = cryptoMarker.getCertificateRefs().get(0).getDataSetName();
        String algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
        DSIRead dsiRead = new DSIRead();
        dsiRead.setConnectionHandle(connectionHandle);
        dsiRead.setDSIName(dataSetNameCertificate);
        DSIReadResponse dsiReadResponse = (DSIReadResponse) dispatcher.safeDeliver(dsiRead);
        WSHelper.checkResult(dsiReadResponse);
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        Certificate cert = (X509Certificate) certFactory.generateCertificate(new ByteArrayInputStream(dsiReadResponse.getDSIContent()));
        Signature signatureAlgorithm;
        if (algorithmIdentifier.equals(GenericCryptoUris.RSA_ENCRYPTION)) {
            signatureAlgorithm = Signature.getInstance("RSA", new BouncyCastleProvider());
        } else if (algorithmIdentifier.equals(GenericCryptoUris.RSASSA_PSS_SHA256)) {
            signatureAlgorithm = Signature.getInstance("RAWRSASSA-PSS", new BouncyCastleProvider());
            signatureAlgorithm.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
        } else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2)) {
            return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
        } else if (algorithmIdentifier.equals(GenericCryptoUris.sigS_ISO9796_2rnd)) {
            return WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultUnknownError(algorithmIdentifier + " Not supported yet."));
        } else {
            throw new IncorrectParameterException("Unknown signature algorithm.");
        }
        signatureAlgorithm.initVerify(cert);
        if (message != null) {
            signatureAlgorithm.update(message);
        }
        if (!signatureAlgorithm.verify(signature)) {
            throw new InvalidSignatureException();
        }
    } catch (ECardException e) {
        LOG.error(e.getMessage(), e);
        response.setResult(e.getResult());
    } catch (Exception e) {
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}

Example 30 with CardStateEntry

use of org.openecard.common.sal.state.CardStateEntry in project open-ecard by ecsec.

the class TinySAL method verifySignature.

/**
 * The VerifySignature function verifies a digital signature.
 * See BSI-TR-03112-4, version 1.1.2, section 3.5.6.
 *
 * @param request VerifySignature
 * @return VerifySignatureResponse
 */
@Override
public VerifySignatureResponse verifySignature(VerifySignature request) {
    VerifySignatureResponse response = WSHelper.makeResponse(VerifySignatureResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        byte[] applicationID = cardStateEntry.getCurrentCardApplication().getApplicationIdentifier();
        String didName = SALUtils.getDIDName(request);
        byte[] signature = request.getSignature();
        Assert.assertIncorrectParameter(signature, "The parameter Signature is empty.");
        DIDScopeType didScope = request.getDIDScope();
        if (didScope == null) {
            didScope = DIDScopeType.LOCAL;
        }
        if (didScope.equals(DIDScopeType.LOCAL)) {
            byte[] necessarySelectedApp = cardStateEntry.getInfo().getApplicationIdByDidName(didName, didScope);
            if (!Arrays.equals(necessarySelectedApp, applicationID)) {
                String msg = "Wrong application selected for the execution of VerifySignature with the DID " + didName + ".";
                throw new SecurityConditionNotSatisfiedException(msg);
            }
        }
        DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, didScope);
        Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
        String protocolURI = didStructure.getDIDMarker().getProtocol();
        SALProtocol protocol = getProtocol(connectionHandle, request.getDIDScope(), protocolURI);
        if (protocol.hasNextStep(FunctionType.VerifySignature)) {
            response = protocol.verifySignature(request);
            removeFinishedProtocol(connectionHandle, protocolURI, protocol);
        } else {
            throw new InappropriateProtocolForActionException("VerifySignature", protocol.toString());
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}