Example 1 with PACESecurityInfos
use of org.openecard.crypto.common.asn1.eac.PACESecurityInfos in project open-ecard by ecsec.
the class PACEProtocol method establish.
@Override
public EstablishChannelResponse establish(EstablishChannel req, Dispatcher dispatcher, UserConsent gui) {
EstablishChannelResponse response = new EstablishChannelResponse();
try {
// Get parameters for the PACE protocol
PACEInputType paceInput = new PACEInputType(req.getAuthenticationProtocolData());
byte[] pin;
byte pinID = paceInput.getPINID();
byte[] chat = paceInput.getCHAT();
if (paceInput.getPIN() == null || paceInput.getPIN().isEmpty()) {
// GUI request
GUIContentMap content = new GUIContentMap();
content.add(GUIContentMap.ELEMENT.PIN_ID, pinID);
PACEUserConsent paceUserConsent = new PACEUserConsent(gui);
paceUserConsent.show(content);
pin = ((String) content.get(GUIContentMap.ELEMENT.PIN)).getBytes(PACEConstants.PIN_CHARSET);
} else {
pin = paceInput.getPIN().getBytes(PACEConstants.PIN_CHARSET);
}
if (pin == null || pin.length == 0) {
response.setResult(WSHelper.makeResultError(ECardConstants.Minor.IFD.CANCELLATION_BY_USER, "No PIN was entered."));
return response;
}
// Read EF.CardAccess from card
byte[] slotHandle = req.getSlotHandle();
CardResponseAPDU resp = CardUtils.selectFileWithOptions(dispatcher, slotHandle, ShortUtils.toByteArray(PACEConstants.EF_CARDACCESS_FID), null, CardUtils.FCP_RESPONSE_DATA);
FCP efCardAccessFCP = new FCP(TLV.fromBER(resp.getData()));
byte[] efcadata = CardUtils.readFile(efCardAccessFCP, dispatcher, slotHandle);
// Parse SecurityInfos and get PACESecurityInfos
SecurityInfos sis = SecurityInfos.getInstance(efcadata);
EFCardAccess efca = new EFCardAccess(sis);
PACESecurityInfos psi = efca.getPACESecurityInfos();
// Start PACE
PACEImplementation pace = new PACEImplementation(dispatcher, slotHandle, psi);
pace.execute(pin, pinID, chat);
// Establish Secure Messaging channel
sm = new SecureMessaging(pace.getKeyMAC(), pace.getKeyENC());
// Create AuthenticationProtocolData (PACEOutputType)
PACEOutputType paceOutput = paceInput.getOutputType();
paceOutput.setEFCardAccess(efcadata);
paceOutput.setCurrentCAR(pace.getCurrentCAR());
paceOutput.setPreviousCAR(pace.getPreviousCAR());
paceOutput.setIDPICC(pace.getIDPICC());
paceOutput.setRetryCounter(pace.getRetryCounter());
// Create EstablishChannelResponse
response.setResult(WSHelper.makeResultOK());
response.setAuthenticationProtocolData(paceOutput.getAuthDataType());
} catch (UnsupportedEncodingException ex) {
logger.error(ex.getMessage(), ex);
response.setResult(WSHelper.makeResultError(ECardConstants.Minor.IFD.IO.UNKNOWN_PIN_FORMAT, "Cannot encode the PIN in " + PACEConstants.PIN_CHARSET + " charset."));
} catch (ProtocolException ex) {
logger.error(ex.getMessage(), ex);
response.setResult(WSHelper.makeResult(ex));
} catch (Throwable ex) {
logger.error(ex.getMessage(), ex);
response.setResult(WSHelper.makeResult(ex));
}
return response;
}
Also used :
ProtocolException(org.openecard.common.ifd.protocol.exception.ProtocolException)
EstablishChannelResponse(iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse)
EFCardAccess(org.openecard.crypto.common.asn1.eac.ef.EFCardAccess)
PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos)
SecurityInfos(org.openecard.crypto.common.asn1.eac.SecurityInfos)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
PACEInputType(org.openecard.common.ifd.anytype.PACEInputType)
FCP(org.openecard.common.tlv.iso7816.FCP)
PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos)
PACEOutputType(org.openecard.common.ifd.anytype.PACEOutputType)
CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU)
GUIContentMap(org.openecard.ifd.protocol.pace.gui.GUIContentMap)
Example 2 with PACESecurityInfos
use of org.openecard.crypto.common.asn1.eac.PACESecurityInfos in project open-ecard by ecsec.
the class EFCardAccess method decodeSecurityInfos.
/**
* Decode the SecurityInfos.
*/
private void decodeSecurityInfos() {
final ASN1Set securityinfos = sis.getSecurityInfos();
final int length = securityinfos.size();
psi = new PACESecurityInfos();
tsi = new TASecurityInfos();
csi = new CASecurityInfos();
for (int i = 0; i < length; i++) {
ASN1Sequence securityInfo = (ASN1Sequence) securityinfos.getObjectAt(i);
String oid = securityInfo.getObjectAt(0).toString();
// PACEInfo (REQUIRED)
if (PACEInfo.isPACEObjectIdentifer(oid)) {
_logger.debug("Found PACEInfo object identifier");
PACEInfo pi = new PACEInfo(securityInfo);
psi.addPACEInfo(pi);
} else // PACEDoaminParameterInfo (CONDITIONAL)
if (PACEDomainParameterInfo.isPACEObjectIdentifer(oid)) {
_logger.debug("Found PACEDomainParameterInfo object identifier");
PACEDomainParameterInfo pdp = new PACEDomainParameterInfo(securityInfo);
psi.addPACEDomainParameterInfo(pdp);
} else // ChipAuthenticationInfo (CONDITIONAL)
if (CAInfo.isObjectIdentifier(oid)) {
_logger.debug("Found ChipAuthenticationInfo object identifier");
CAInfo ci = new CAInfo(securityInfo);
csi.addCAInfo(ci);
} else // ChipAuthenticationDomainParameterInfo (CONDITIONAL)
if (CADomainParameterInfo.isObjectIdentifier(oid)) {
_logger.debug("Found ChipAuthenticationDomainParameterInfo object identifier");
CADomainParameterInfo cdp = new CADomainParameterInfo(securityInfo);
csi.addCADomainParameterInfo(cdp);
} else // TerminalAuthenticationInfo (CONDITIONAL)
if (EACObjectIdentifier.id_TA.equals(oid)) {
_logger.debug("Found TerminalAuthenticationInfo object identifier");
TAInfo ta = new TAInfo(securityInfo);
tsi.addTAInfo(ta);
} else // CardInfoLocator (RECOMMENDED)
if (EACObjectIdentifier.id_CI.equals(oid)) {
_logger.debug("Found CardInfoLocator object identifier");
cil = CardInfoLocator.getInstance(securityInfo);
} else // PrivilegedTerminalInfo (CONDITIONAL)
if (EACObjectIdentifier.id_PT.equals(oid)) {
_logger.debug("Found PrivilegedTerminalInfo object identifier");
pti = PrivilegedTerminalInfo.getInstance(securityInfo);
} else {
_logger.debug("Found unknown object identifier: {}", oid.toString());
}
}
}
Also used :
PACESecurityInfos(org.openecard.crypto.common.asn1.eac.PACESecurityInfos)
ASN1Sequence(org.openecard.bouncycastle.asn1.ASN1Sequence)
ASN1Set(org.openecard.bouncycastle.asn1.ASN1Set)
TASecurityInfos(org.openecard.crypto.common.asn1.eac.TASecurityInfos)
CADomainParameterInfo(org.openecard.crypto.common.asn1.eac.CADomainParameterInfo)
TAInfo(org.openecard.crypto.common.asn1.eac.TAInfo)
PACEInfo(org.openecard.crypto.common.asn1.eac.PACEInfo)
CAInfo(org.openecard.crypto.common.asn1.eac.CAInfo)
CASecurityInfos(org.openecard.crypto.common.asn1.eac.CASecurityInfos)
PACEDomainParameterInfo(org.openecard.crypto.common.asn1.eac.PACEDomainParameterInfo)
Aggregations
PACESecurityInfos (org.openecard.crypto.common.asn1.eac.PACESecurityInfos)2
EstablishChannelResponse (iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
ASN1Sequence (org.openecard.bouncycastle.asn1.ASN1Sequence)1
ASN1Set (org.openecard.bouncycastle.asn1.ASN1Set)1
CardResponseAPDU (org.openecard.common.apdu.common.CardResponseAPDU)1
PACEInputType (org.openecard.common.ifd.anytype.PACEInputType)1
PACEOutputType (org.openecard.common.ifd.anytype.PACEOutputType)1
ProtocolException (org.openecard.common.ifd.protocol.exception.ProtocolException)1
FCP (org.openecard.common.tlv.iso7816.FCP)1
CADomainParameterInfo (org.openecard.crypto.common.asn1.eac.CADomainParameterInfo)1
CAInfo (org.openecard.crypto.common.asn1.eac.CAInfo)1
CASecurityInfos (org.openecard.crypto.common.asn1.eac.CASecurityInfos)1
PACEDomainParameterInfo (org.openecard.crypto.common.asn1.eac.PACEDomainParameterInfo)1
PACEInfo (org.openecard.crypto.common.asn1.eac.PACEInfo)1
SecurityInfos (org.openecard.crypto.common.asn1.eac.SecurityInfos)1
TAInfo (org.openecard.crypto.common.asn1.eac.TAInfo)1
TASecurityInfos (org.openecard.crypto.common.asn1.eac.TASecurityInfos)1
EFCardAccess (org.openecard.crypto.common.asn1.eac.ef.EFCardAccess)1
GUIContentMap (org.openecard.ifd.protocol.pace.gui.GUIContentMap)1
