Example 11 with TLV
use of org.openecard.common.tlv.TLV in project open-ecard by ecsec.
the class CHAT method toByteArray.
/**
* Returns the CHAT as a byte array.
*
* @return CHAT
* @throws TLVException
*/
public byte[] toByteArray() throws TLVException {
byte[] data = new byte[5];
// Decode role in bit 0 to 1.
switch(role) {
case CVCA:
data[0] |= 0xC0;
break;
case DV_OFFICIAL:
data[0] |= 0x80;
break;
case DV_NON_OFFICIAL:
data[0] |= 0x40;
break;
default:
break;
}
// Decode write access in bit 2 to 8.
Iterator<DataGroup> it1 = writeAccess.keySet().iterator();
for (int i = 2; i < 8; i++) {
DataGroup item = it1.next();
if (writeAccess.get(item)) {
ByteUtils.setBit(i, data);
}
}
// Decode read access in bit 10 to 31.
Iterator<DataGroup> it2 = readAccess.keySet().iterator();
for (int i = 31; i > 10; i--) {
DataGroup item = it2.next();
if (readAccess.get(item)) {
ByteUtils.setBit(i, data);
}
}
// Decode special functions in bit 32 to 40.
Iterator<SpecialFunction> it3 = specialFunctions.keySet().iterator();
for (int i = 32; i < 40; i++) {
SpecialFunction item = it3.next();
if (specialFunctions.get(item)) {
ByteUtils.setBit(i, data);
}
}
// Decode access rights in bit 2 to 7.
Iterator<AccessRight> it4 = accessRights.keySet().iterator();
for (int i = 6; i < 7; i++) {
AccessRight item = it4.next();
if (accessRights.get(item)) {
ByteUtils.setBit(i, data);
}
}
TLV discretionaryDataObject = new TLV();
discretionaryDataObject.setTagNumWithClass((byte) 0x53);
discretionaryDataObject.setValue(data);
TLV oidObject = new TLV();
oidObject.setTagNumWithClass((byte) 0x06);
oidObject.setValue(ObjectIdentifierUtils.getValue(oid));
oidObject.addToEnd(discretionaryDataObject);
TLV chatObject = new TLV();
chatObject.setTagNum((byte) 0x4C);
chatObject.setTagClass(TagClass.APPLICATION);
chatObject.setChild(oidObject);
return chatObject.toBER(true);
}
Also used :
TLV(org.openecard.common.tlv.TLV)
Example 12 with TLV
use of org.openecard.common.tlv.TLV in project open-ecard by ecsec.
the class AuthenticatedAuxiliaryData method emptyOrStructure.
private static TLV emptyOrStructure(byte[] data) throws TLVException {
if (data == null) {
TLV tlv = new TLV();
tlv.setTag(new Tag(TagClass.APPLICATION, false, EACTags.AUTHENTIFICATION_DATA));
return tlv;
} else {
return TLV.fromBER(data);
}
}Example 13 with TLV
use of org.openecard.common.tlv.TLV in project open-ecard by ecsec.
the class SignStep method performSignature.
/**
* This method performs the signature creation according to BSI TR-03112 part 7.
*
* @param cryptoMarker The {@link CryptoMarkerType} containing the SignatureCreationInfo for creating the signature.
* @param keyReference A byte array containing the reference of the key to use.
* @param algorithmIdentifier A byte array containing the identifier of the signing algorithm.
* @param message The message to sign.
* @param slotHandle The slotHandle identifying the card.
* @param hashRef The variable contains the reference for the hash algorithm which have to be used.
* @param hashInfo A HashGenerationInfo object which indicates how the hash computation is to perform.
* @return A {@link SignResponse} object containing the signature of the <b>message</b>.
* @throws TLVException Thrown if the TLV creation for the key identifier or algorithm identifier failed.
* @throws IncorrectParameterException Thrown if the SignatureGenerationInfo does not contain PSO_CDS or INT_AUTH
* after an MSE_KEY command.
* @throws APDUException Thrown if one of the command to create the signature failed.
* @throws org.openecard.common.WSHelper.WSException Thrown if the checkResults method of WSHelper failed.
*/
private SignResponse performSignature(CryptoMarkerType cryptoMarker, byte[] keyReference, byte[] algorithmIdentifier, byte[] message, byte[] slotHandle, byte[] hashRef, HashGenerationInfoType hashInfo) throws TLVException, IncorrectParameterException, APDUException, WSHelper.WSException {
SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
TLV tagAlgorithmIdentifier = new TLV();
tagAlgorithmIdentifier.setTagNumWithClass(CARD_ALG_REF);
tagAlgorithmIdentifier.setValue(algorithmIdentifier);
TLV tagKeyReference = new TLV();
tagKeyReference.setTagNumWithClass(KEY_REFERENCE_PRIVATE_KEY);
tagKeyReference.setValue(keyReference);
CardCommandAPDU cmdAPDU = null;
CardResponseAPDU responseAPDU = null;
String[] signatureGenerationInfo = cryptoMarker.getSignatureGenerationInfo();
for (String command : signatureGenerationInfo) {
HashSet<String> signGenInfo = new HashSet<>(java.util.Arrays.asList(signatureGenerationInfo));
if (command.equals("MSE_KEY")) {
byte[] mseData = tagKeyReference.toBER();
if (signGenInfo.contains("PSO_CDS")) {
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
} else if (signGenInfo.contains("INT_AUTH") && !signGenInfo.contains("PSO_CDS")) {
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
} else {
String msg = "The command 'MSE_KEY' followed by 'INT_AUTH' and 'PSO_CDS' is currently not supported.";
LOG.error(msg);
throw new IncorrectParameterException(msg);
}
} else if (command.equals("PSO_CDS")) {
cmdAPDU = new PSOComputeDigitalSignature(message, BLOCKSIZE);
} else if (command.equals("INT_AUTH")) {
cmdAPDU = new InternalAuthenticate(message, BLOCKSIZE);
} else if (command.equals("MSE_RESTORE")) {
cmdAPDU = new ManageSecurityEnvironment.Restore(ManageSecurityEnvironment.DST);
} else if (command.equals("MSE_HASH")) {
cmdAPDU = new ManageSecurityEnvironment.Set(SET_COMPUTATION, ManageSecurityEnvironment.HT);
TLV mseDataTLV = new TLV();
mseDataTLV.setTagNumWithClass((byte) 0x80);
mseDataTLV.setValue(hashRef);
cmdAPDU.setData(mseDataTLV.toBER());
} else if (command.equals("PSO_HASH")) {
if (hashInfo == HashGenerationInfoType.LAST_ROUND_ON_CARD || hashInfo == HashGenerationInfoType.NOT_ON_CARD) {
cmdAPDU = new PSOHash(PSOHash.P2_SET_HASH_OR_PART, message);
} else {
cmdAPDU = new PSOHash(PSOHash.P2_HASH_MESSAGE, message);
}
} else if (command.equals("MSE_DS")) {
byte[] mseData = tagAlgorithmIdentifier.toBER();
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
} else if (command.equals("MSE_KEY_DS")) {
byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.DST, mseData);
} else if (command.equals("MSE_INT_AUTH")) {
byte[] mseData = tagKeyReference.toBER();
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
} else if (command.equals("MSE_KEY_INT_AUTH")) {
byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
cmdAPDU = new ManageSecurityEnvironment(SET_COMPUTATION, ManageSecurityEnvironment.AT, mseData);
} else {
String msg = "The signature generation command '" + command + "' is unknown.";
throw new IncorrectParameterException(msg);
}
responseAPDU = cmdAPDU.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
}
byte[] signedMessage = responseAPDU.getData();
// check if further response data is available
while (responseAPDU.getTrailer()[0] == (byte) 0x61) {
GetResponse getResponseData = new GetResponse();
responseAPDU = getResponseData.transmit(dispatcher, slotHandle, Collections.<byte[]>emptyList());
signedMessage = Arrays.concatenate(signedMessage, responseAPDU.getData());
}
if (!Arrays.areEqual(responseAPDU.getTrailer(), new byte[] { (byte) 0x90, (byte) 0x00 })) {
String minor = SALErrorUtils.getMinor(responseAPDU.getTrailer());
response.setResult(WSHelper.makeResultError(minor, responseAPDU.getStatusMessage()));
return response;
}
response.setSignature(signedMessage);
return response;
}
Also used :
CardCommandAPDU(org.openecard.common.apdu.common.CardCommandAPDU)
PSOHash(org.openecard.sal.protocol.genericcryptography.apdu.PSOHash)
GetResponse(org.openecard.common.apdu.GetResponse)
PSOComputeDigitalSignature(org.openecard.sal.protocol.genericcryptography.apdu.PSOComputeDigitalSignature)
SignResponse(iso.std.iso_iec._24727.tech.schema.SignResponse)
IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException)
InternalAuthenticate(org.openecard.common.apdu.InternalAuthenticate)
CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU)
ManageSecurityEnvironment(org.openecard.common.apdu.ManageSecurityEnvironment)
TLV(org.openecard.common.tlv.TLV)
HashSet(java.util.HashSet)
Example 14 with TLV
use of org.openecard.common.tlv.TLV in project open-ecard by ecsec.
the class ObjectIdentifierUtils method toByteArray.
/**
* Converts a ASN1 object identifier to a byte array
*
* @param oid String
* @return TLV encoded object identifier
* @throws TLVException
*/
public static byte[] toByteArray(String oid) throws TLVException {
TLV tlv = new TLV();
tlv.setTagNum((byte) 0x06);
tlv.setValue(getValue(oid));
return tlv.toBER();
}
Also used :
TLV(org.openecard.common.tlv.TLV)
Example 15 with TLV
use of org.openecard.common.tlv.TLV in project open-ecard by ecsec.
the class TLVFunction method call.
@Override
@Nonnull
public String call(Object... params) throws APDUTemplateException {
if (params.length != 2) {
throw new APDUTemplateException("Invalid number of parameters given. Two are needed.");
}
byte[] tag = makeBytes(params[0]);
byte[] value = makeBytes(params[1]);
try {
TLV tlv = new TLV();
tlv.setTagNumWithClass(tag);
tlv.setValue(value);
byte[] result = tlv.toBER();
String resultStr = ByteUtils.toHexString(result);
return resultStr;
} catch (TLVException ex) {
throw new APDUTemplateException("Failed to create TLV structure based on given parameters.", ex);
}
}
Also used :
TLVException(org.openecard.common.tlv.TLVException)
TLV(org.openecard.common.tlv.TLV)
Nonnull(javax.annotation.Nonnull)
Aggregations
TLV (org.openecard.common.tlv.TLV)21
Test (org.testng.annotations.Test)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
GeneralSecurityException (java.security.GeneralSecurityException)3
CardCommandAPDU (org.openecard.common.apdu.common.CardCommandAPDU)3
TLVException (org.openecard.common.tlv.TLVException)3
BigInteger (java.math.BigInteger)2
Cipher (javax.crypto.Cipher)2
CMac (org.openecard.bouncycastle.crypto.macs.CMac)2
ManageSecurityEnvironment (org.openecard.common.apdu.ManageSecurityEnvironment)2
CardResponseAPDU (org.openecard.common.apdu.common.CardResponseAPDU)2
ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)1
DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)1
DataMaskType (iso.std.iso_iec._24727.tech.schema.DataMaskType)1
DecipherResponse (iso.std.iso_iec._24727.tech.schema.DecipherResponse)1
SignResponse (iso.std.iso_iec._24727.tech.schema.SignResponse)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
MessageDigest (java.security.MessageDigest)1
