Search in sources :

Example 1 with PACESecurityInfos

use of org.openecard.crypto.common.asn1.eac.PACESecurityInfos in project open-ecard by ecsec.

the class PACEProtocol method establish.

@Override
public EstablishChannelResponse establish(EstablishChannel req, Dispatcher dispatcher, UserConsent gui) {
    EstablishChannelResponse response = new EstablishChannelResponse();
    try {
        // Get parameters for the PACE protocol
        PACEInputType paceInput = new PACEInputType(req.getAuthenticationProtocolData());
        byte[] pin;
        byte pinID = paceInput.getPINID();
        byte[] chat = paceInput.getCHAT();
        if (paceInput.getPIN() == null || paceInput.getPIN().isEmpty()) {
            // GUI request
            GUIContentMap content = new GUIContentMap();
            content.add(GUIContentMap.ELEMENT.PIN_ID, pinID);
            PACEUserConsent paceUserConsent = new PACEUserConsent(gui);
            paceUserConsent.show(content);
            pin = ((String) content.get(GUIContentMap.ELEMENT.PIN)).getBytes(PACEConstants.PIN_CHARSET);
        } else {
            pin = paceInput.getPIN().getBytes(PACEConstants.PIN_CHARSET);
        }
        if (pin == null || pin.length == 0) {
            response.setResult(WSHelper.makeResultError(ECardConstants.Minor.IFD.CANCELLATION_BY_USER, "No PIN was entered."));
            return response;
        }
        // Read EF.CardAccess from card
        byte[] slotHandle = req.getSlotHandle();
        CardResponseAPDU resp = CardUtils.selectFileWithOptions(dispatcher, slotHandle, ShortUtils.toByteArray(PACEConstants.EF_CARDACCESS_FID), null, CardUtils.FCP_RESPONSE_DATA);
        FCP efCardAccessFCP = new FCP(TLV.fromBER(resp.getData()));
        byte[] efcadata = CardUtils.readFile(efCardAccessFCP, dispatcher, slotHandle);
        // Parse SecurityInfos and get PACESecurityInfos
        SecurityInfos sis = SecurityInfos.getInstance(efcadata);
        EFCardAccess efca = new EFCardAccess(sis);
        PACESecurityInfos psi = efca.getPACESecurityInfos();
        // Start PACE
        PACEImplementation pace = new PACEImplementation(dispatcher, slotHandle, psi);
        pace.execute(pin, pinID, chat);
        // Establish Secure Messaging channel
        sm = new SecureMessaging(pace.getKeyMAC(), pace.getKeyENC());
        // Create AuthenticationProtocolData (PACEOutputType)
        PACEOutputType paceOutput = paceInput.getOutputType();
        paceOutput.setEFCardAccess(efcadata);
        paceOutput.setCurrentCAR(pace.getCurrentCAR());
        paceOutput.setPreviousCAR(pace.getPreviousCAR());
        paceOutput.setIDPICC(pace.getIDPICC());
        paceOutput.setRetryCounter(pace.getRetryCounter());
        // Create EstablishChannelResponse
        response.setResult(WSHelper.makeResultOK());
        response.setAuthenticationProtocolData(paceOutput.getAuthDataType());
    } catch (UnsupportedEncodingException ex) {
        logger.error(ex.getMessage(), ex);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.IFD.IO.UNKNOWN_PIN_FORMAT, "Cannot encode the PIN in " + PACEConstants.PIN_CHARSET + " charset."));
    } catch (ProtocolException ex) {
        logger.error(ex.getMessage(), ex);
        response.setResult(WSHelper.makeResult(ex));
    } catch (Throwable ex) {
        logger.error(ex.getMessage(), ex);
        response.setResult(WSHelper.makeResult(ex));
    }
    return response;
}
Also used : ProtocolException(org.openecard.common.ifd.protocol.exception.ProtocolException) EstablishChannelResponse(iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse) EFCardAccess(org.openecard.crypto.common.asn1.eac.ef.EFCardAccess) PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos) SecurityInfos(org.openecard.crypto.common.asn1.eac.SecurityInfos) UnsupportedEncodingException(java.io.UnsupportedEncodingException) PACEInputType(org.openecard.common.ifd.anytype.PACEInputType) FCP(org.openecard.common.tlv.iso7816.FCP) PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos) PACEOutputType(org.openecard.common.ifd.anytype.PACEOutputType) CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU) GUIContentMap(org.openecard.ifd.protocol.pace.gui.GUIContentMap)

Example 2 with PACESecurityInfos

use of org.openecard.crypto.common.asn1.eac.PACESecurityInfos in project open-ecard by ecsec.

the class EFCardAccess method decodeSecurityInfos.

/**
 * Decode the SecurityInfos.
 */
private void decodeSecurityInfos() {
    final ASN1Set securityinfos = sis.getSecurityInfos();
    final int length = securityinfos.size();
    psi = new PACESecurityInfos();
    tsi = new TASecurityInfos();
    csi = new CASecurityInfos();
    for (int i = 0; i < length; i++) {
        ASN1Sequence securityInfo = (ASN1Sequence) securityinfos.getObjectAt(i);
        String oid = securityInfo.getObjectAt(0).toString();
        // PACEInfo (REQUIRED)
        if (PACEInfo.isPACEObjectIdentifer(oid)) {
            _logger.debug("Found PACEInfo object identifier");
            PACEInfo pi = new PACEInfo(securityInfo);
            psi.addPACEInfo(pi);
        } else // PACEDoaminParameterInfo (CONDITIONAL)
        if (PACEDomainParameterInfo.isPACEObjectIdentifer(oid)) {
            _logger.debug("Found PACEDomainParameterInfo object identifier");
            PACEDomainParameterInfo pdp = new PACEDomainParameterInfo(securityInfo);
            psi.addPACEDomainParameterInfo(pdp);
        } else // ChipAuthenticationInfo (CONDITIONAL)
        if (CAInfo.isObjectIdentifier(oid)) {
            _logger.debug("Found ChipAuthenticationInfo object identifier");
            CAInfo ci = new CAInfo(securityInfo);
            csi.addCAInfo(ci);
        } else // ChipAuthenticationDomainParameterInfo (CONDITIONAL)
        if (CADomainParameterInfo.isObjectIdentifier(oid)) {
            _logger.debug("Found ChipAuthenticationDomainParameterInfo object identifier");
            CADomainParameterInfo cdp = new CADomainParameterInfo(securityInfo);
            csi.addCADomainParameterInfo(cdp);
        } else // TerminalAuthenticationInfo (CONDITIONAL)
        if (EACObjectIdentifier.id_TA.equals(oid)) {
            _logger.debug("Found TerminalAuthenticationInfo object identifier");
            TAInfo ta = new TAInfo(securityInfo);
            tsi.addTAInfo(ta);
        } else // CardInfoLocator (RECOMMENDED)
        if (EACObjectIdentifier.id_CI.equals(oid)) {
            _logger.debug("Found CardInfoLocator object identifier");
            cil = CardInfoLocator.getInstance(securityInfo);
        } else // PrivilegedTerminalInfo (CONDITIONAL)
        if (EACObjectIdentifier.id_PT.equals(oid)) {
            _logger.debug("Found PrivilegedTerminalInfo object identifier");
            pti = PrivilegedTerminalInfo.getInstance(securityInfo);
        } else {
            _logger.debug("Found unknown object identifier: {}", oid.toString());
        }
    }
}
Also used : PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos) ASN1Sequence(org.openecard.bouncycastle.asn1.ASN1Sequence) ASN1Set(org.openecard.bouncycastle.asn1.ASN1Set) TASecurityInfos(org.openecard.crypto.common.asn1.eac.TASecurityInfos) CADomainParameterInfo(org.openecard.crypto.common.asn1.eac.CADomainParameterInfo) TAInfo(org.openecard.crypto.common.asn1.eac.TAInfo) PACEInfo(org.openecard.crypto.common.asn1.eac.PACEInfo) CAInfo(org.openecard.crypto.common.asn1.eac.CAInfo) CASecurityInfos(org.openecard.crypto.common.asn1.eac.CASecurityInfos) PACEDomainParameterInfo(org.openecard.crypto.common.asn1.eac.PACEDomainParameterInfo)

Aggregations

PACESecurityInfos (org.openecard.crypto.common.asn1.eac.PACESecurityInfos)2 EstablishChannelResponse (iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 ASN1Sequence (org.openecard.bouncycastle.asn1.ASN1Sequence)1 ASN1Set (org.openecard.bouncycastle.asn1.ASN1Set)1 CardResponseAPDU (org.openecard.common.apdu.common.CardResponseAPDU)1 PACEInputType (org.openecard.common.ifd.anytype.PACEInputType)1 PACEOutputType (org.openecard.common.ifd.anytype.PACEOutputType)1 ProtocolException (org.openecard.common.ifd.protocol.exception.ProtocolException)1 FCP (org.openecard.common.tlv.iso7816.FCP)1 CADomainParameterInfo (org.openecard.crypto.common.asn1.eac.CADomainParameterInfo)1 CAInfo (org.openecard.crypto.common.asn1.eac.CAInfo)1 CASecurityInfos (org.openecard.crypto.common.asn1.eac.CASecurityInfos)1 PACEDomainParameterInfo (org.openecard.crypto.common.asn1.eac.PACEDomainParameterInfo)1 PACEInfo (org.openecard.crypto.common.asn1.eac.PACEInfo)1 SecurityInfos (org.openecard.crypto.common.asn1.eac.SecurityInfos)1 TAInfo (org.openecard.crypto.common.asn1.eac.TAInfo)1 TASecurityInfos (org.openecard.crypto.common.asn1.eac.TASecurityInfos)1 EFCardAccess (org.openecard.crypto.common.asn1.eac.ef.EFCardAccess)1 GUIContentMap (org.openecard.ifd.protocol.pace.gui.GUIContentMap)1