use of org.openecard.crypto.common.sal.did.CryptoMarkerType in project open-ecard by ecsec.
the class AndroidMarshallerTest method testConversionOfCardInfo.
@Test
public void testConversionOfCardInfo() throws Exception {
WSMarshaller m = new AndroidMarshaller();
Object o = m.unmarshal(m.str2doc(NPA_CIF));
if (!(o instanceof CardInfo)) {
throw new Exception("Object should be an instace of CardInfo");
}
CardInfo cardInfo = (CardInfo) o;
assertEquals("http://bsi.bund.de/cif/npa.xml", cardInfo.getCardType().getObjectIdentifier());
assertEquals(new byte[] { 0x3F, 0x00 }, cardInfo.getApplicationCapabilities().getImplicitlySelectedApplication());
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().size(), 3);
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getApplicationName(), "MF");
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getRequirementLevel(), BasicRequirementsType.PERSONALIZATION_MANDATORY);
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().size(), 40);
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(0).getCardApplicationServiceName(), "CardApplicationServiceAccess");
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(0).getAction().getAPIAccessEntryPoint(), APIAccessEntryPointName.INITIALIZE);
assertTrue(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(0).getSecurityCondition().isAlways());
// last accessrule
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(39).getAction().getAuthorizationServiceAction(), AuthorizationServiceActionName.ACL_MODIFY);
assertFalse(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getCardApplicationACL().getAccessRule().get(39).getSecurityCondition().isNever());
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getDIDInfo().get(0).getRequirementLevel(), BasicRequirementsType.PERSONALIZATION_MANDATORY);
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(0).getDIDInfo().get(0).getDIDACL().getAccessRule().get(0).getCardApplicationServiceName(), "DifferentialIdentityService");
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(1).getDataSetInfo().get(0).getRequirementLevel(), BasicRequirementsType.PERSONALIZATION_MANDATORY);
assertEquals(cardInfo.getApplicationCapabilities().getCardApplication().get(1).getDataSetInfo().get(0).getDataSetACL().getAccessRule().get(0).getCardApplicationServiceName(), "NamedDataService");
for (DataSetInfoType dataSetInfo : cardInfo.getApplicationCapabilities().getCardApplication().get(2).getDataSetInfo()) {
if (dataSetInfo.getDataSetName().equals("EF.C.ZDA.QES")) {
assertEquals(dataSetInfo.getLocalDataSetName().get(0).getLang(), "DE");
assertEquals(dataSetInfo.getLocalDataSetName().get(0).getValue(), "Zertifikat des ZDA für die QES");
}
}
// Test eGK
o = m.unmarshal(m.str2doc(EGK_CIF));
if (!(o instanceof CardInfo)) {
throw new Exception("Object should be an instace of CardInfo");
}
cardInfo = (CardInfo) o;
assertEquals("http://ws.gematik.de/egk/1.0.0", cardInfo.getCardType().getObjectIdentifier());
CardApplicationType cardApplicationESIGN = cardInfo.getApplicationCapabilities().getCardApplication().get(2);
DIDInfoType didInfo = cardApplicationESIGN.getDIDInfo().get(2);
DifferentialIdentityType differentialIdentity = didInfo.getDifferentialIdentity();
assertEquals(differentialIdentity.getDIDName(), "PrK.CH.AUT_signPKCS1_V1_5");
assertEquals(differentialIdentity.getDIDProtocol(), "urn:oid:1.3.162.15480.3.0.25");
CryptoMarkerType cryptoMarkerType = new CryptoMarkerType(differentialIdentity.getDIDMarker().getCryptoMarker());
assertEquals(cryptoMarkerType.getProtocol(), "urn:oid:1.3.162.15480.3.0.25");
assertEquals(cryptoMarkerType.getAlgorithmInfo().getSupportedOperations().get(0), "Compute-signature");
// uncomment to get output files to make a diff
/*WSMarshaller jaxbMarshaller = new JAXBMarshaller();
CardInfo cardInfoJM = (CardInfo) jaxbMarshaller.unmarshal(jaxbMarshaller.str2doc(egkCif));
File f = new File("cifJM.xml");
FileOutputStream fos = new FileOutputStream(f);
File f2 = new File("cifAM.xml");
FileOutputStream fos2 = new FileOutputStream(f2);
marshalLog(cardInfoJM, fos);
marshalLog(cardInfo, fos2);*/
// Test ecard AT 0.9.0
o = m.unmarshal(m.str2doc(ECARD_AT_CIF));
if (!(o instanceof CardInfo)) {
throw new Exception("Object should be an instance of CardInfo");
}
cardInfo = (CardInfo) o;
}
use of org.openecard.crypto.common.sal.did.CryptoMarkerType in project open-ecard by ecsec.
the class MiddlewareSAL method sign.
@Override
public SignResponse sign(Sign request) {
SignResponse response = WSHelper.makeResponse(SignResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
byte[] slotHandle = connectionHandle.getSlotHandle();
String didName = SALUtils.getDIDName(request);
byte[] message = request.getMessage();
Assert.assertIncorrectParameter(message, "The parameter Message is empty.");
DIDStructureType didStructure = cardStateEntry.getDIDStructure(didName, application);
Assert.assertNamedEntityNotFound(didStructure, "The given DIDName cannot be found.");
CryptoMarkerType marker = new CryptoMarkerType(didStructure.getDIDMarker());
String keyLabel = marker.getLegacyKeyName();
MwSession session = managedSessions.get(slotHandle);
for (MwPrivateKey key : session.getPrivateKeys()) {
String nextLabel = "";
try {
nextLabel = key.getKeyLabel();
} catch (CryptokiException ex) {
LOG.warn("Error reading key label.", ex);
}
LOG.debug("Try to match keys '{}' == '{}'", keyLabel, nextLabel);
if (keyLabel.equals(nextLabel)) {
long sigAlg = getPKCS11Alg(marker.getAlgorithmInfo());
byte[] sig = key.sign(sigAlg, message);
response.setSignature(sig);
// set PIN to unauthenticated
setPinNotAuth(cardStateEntry);
return response;
}
}
// TODO: use other exception
String msg = String.format("The given DIDName %s references an unknown key.", didName);
throw new IncorrectParameterException(msg);
} catch (ECardException e) {
LOG.debug(e.getMessage(), e);
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.crypto.common.sal.did.CryptoMarkerType in project open-ecard by ecsec.
the class CryptoMarkerTypeTest method testCryptoMarkerType.
/**
* Simple test for CryptoMarkerType.
* After creating the CryptoMarker of the PrK.CH.AUT_signPKCS1_V1_5 DID in the the
* ESIGN application of the EGK we check if the get-methods return the expected values.
*
* @throws Exception
* when something in this test went unexpectedly wrong
*/
@Test
public void testCryptoMarkerType() throws Exception {
WSMarshaller marshaller = WSMarshallerFactory.createInstance();
// setup the iso cryptoMarker type
iso.std.iso_iec._24727.tech.schema.CryptoMarkerType cryptoMarker = new iso.std.iso_iec._24727.tech.schema.CryptoMarkerType();
cryptoMarker.setProtocol("urn:oid:1.3.162.15480.3.0.25");
// algorithm info
AlgorithmInfoType algType = new AlgorithmInfoType();
algType.setAlgorithm("signPKCS1_V1_5");
AlgorithmIdentifierType aIdType = new AlgorithmIdentifierType();
aIdType.setAlgorithm("http://ws.openecard.org/alg/rsa");
algType.setAlgorithmIdentifier(aIdType);
algType.getSupportedOperations().add("Compute-signature");
algType.setCardAlgRef(new byte[] { (byte) 0x02 });
QName elemName = new QName("urn:iso:std:iso-iec:24727:tech:schema", "AlgorithmInfo");
JAXBElement<AlgorithmInfoType> algInfo = new JAXBElement<>(elemName, AlgorithmInfoType.class, algType);
Element algInfoElem = marshaller.marshal(algInfo).getDocumentElement();
cryptoMarker.getAny().add(algInfoElem);
// key info
elemName = new QName("urn:iso:std:iso-iec:24727:tech:schema", "KeyInfo");
CryptoKeyInfoType cryptoKey = new CryptoKeyInfoType();
KeyRefType keyref = new KeyRefType();
keyref.setKeyRef(new byte[] { (byte) 0x02 });
cryptoKey.setKeyRef(keyref);
JAXBElement<CryptoKeyInfoType> keyInfoElem = new JAXBElement<>(elemName, CryptoKeyInfoType.class, cryptoKey);
Element keyrefElem = marshaller.marshal(keyInfoElem).getDocumentElement();
cryptoMarker.getAny().add(keyrefElem);
// signature generation info
elemName = new QName("urn:iso:std:iso-iec:24727:tech:schema", "SignatureGenerationInfo");
JAXBElement<String> sigGenInfoElem = new JAXBElement<>(elemName, String.class, "MSE_KEY_DS PSO_CDS");
Element sigGenElem = marshaller.marshal(sigGenInfoElem).getDocumentElement();
cryptoMarker.getAny().add(sigGenElem);
// certificate references if available
elemName = new QName("urn:iso:std:iso-iec:24727:tech:schema", "CertificateRef");
CertificateRefType certRef = new CertificateRefType();
certRef.setDataSetName("EF.C.CH.AUT");
JAXBElement<CertificateRefType> certRefType = new JAXBElement<>(elemName, CertificateRefType.class, certRef);
Element certRefElement = marshaller.marshal(certRefType).getDocumentElement();
cryptoMarker.getAny().add(certRefElement);
// perform the tests
CryptoMarkerType cryptoMarkerNew = new CryptoMarkerType(cryptoMarker);
assertTrue(cryptoMarkerNew.getAlgorithmInfo().getSupportedOperations().size() > 0);
assertEquals(cryptoMarkerNew.getSignatureGenerationInfo(), new String[] { "MSE_KEY_DS", "PSO_CDS" });
assertEquals(cryptoMarkerNew.getCryptoKeyInfo().getKeyRef().getKeyRef(), new byte[] { 0x02 });
assertEquals(cryptoMarkerNew.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm(), "http://ws.openecard.org/alg/rsa");
assertNull(cryptoMarkerNew.getLegacyKeyName());
assertNotNull(cryptoMarkerNew.getHashGenerationInfo());
assertEquals(cryptoMarkerNew.getHashGenerationInfo(), HashGenerationInfoType.NOT_ON_CARD);
assertEquals(cryptoMarkerNew.getCertificateRefs().get(0).getDataSetName(), "EF.C.CH.AUT");
// assertEquals(cryptoMarker.getStateInfo(), "");
assertEquals(cryptoMarker.getProtocol(), ECardConstants.Protocol.GENERIC_CRYPTO);
}
use of org.openecard.crypto.common.sal.did.CryptoMarkerType in project open-ecard by ecsec.
the class DecipherStep method perform.
@Override
public DecipherResponse perform(Decipher request, Map<String, Object> internalData) {
DecipherResponse response = WSHelper.makeResponse(DecipherResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
String didName = SALUtils.getDIDName(request);
byte[] applicationID = connectionHandle.getCardApplication();
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
Assert.securityConditionDID(cardStateEntry, applicationID, didName, CryptographicServiceActionName.DECIPHER);
DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
byte[] keyReference = cryptoMarker.getCryptoKeyInfo().getKeyRef().getKeyRef();
byte[] algorithmIdentifier = cryptoMarker.getAlgorithmInfo().getCardAlgRef();
byte[] slotHandle = connectionHandle.getSlotHandle();
// See eGK specification, part 1, version 2.2.0, section 15.9.6.
if (didStructure.getDIDScope().equals(DIDScopeType.LOCAL)) {
keyReference[0] = (byte) (0x80 | keyReference[0]);
}
TLV tagKeyReference = new TLV();
tagKeyReference.setTagNumWithClass(0x84);
tagKeyReference.setValue(keyReference);
TLV tagAlgorithmIdentifier = new TLV();
tagAlgorithmIdentifier.setTagNumWithClass(0x80);
tagAlgorithmIdentifier.setValue(algorithmIdentifier);
byte[] mseData = ByteUtils.concatenate(tagKeyReference.toBER(), tagAlgorithmIdentifier.toBER());
CardCommandAPDU apdu = new ManageSecurityEnvironment((byte) 0x41, ManageSecurityEnvironment.CT, mseData);
apdu.transmit(dispatcher, slotHandle);
byte[] ciphertext = request.getCipherText();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
BigInteger bitKeySize = cryptoMarker.getCryptoKeyInfo().getKeySize();
int blocksize = bitKeySize.divide(new BigInteger("8")).intValue();
// check if the ciphertext length is divisible by the blocksize without rest
if ((ciphertext.length % blocksize) != 0) {
return WSHelper.makeResponse(DecipherResponse.class, WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, "The length of the ciphertext should be a multiple of the blocksize."));
}
// decrypt the ciphertext block for block
for (int offset = 0; offset < ciphertext.length; offset += blocksize) {
byte[] ciphertextblock = ByteUtils.copy(ciphertext, offset, blocksize);
apdu = new PSODecipher(ByteUtils.concatenate(PADDING_INDICATOR_BYTE, ciphertextblock), (byte) blocksize);
CardResponseAPDU responseAPDU = apdu.transmit(dispatcher, slotHandle);
baos.write(responseAPDU.getData());
}
response.setPlainText(baos.toByteArray());
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
logger.error(e.getMessage(), e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of org.openecard.crypto.common.sal.did.CryptoMarkerType in project open-ecard by ecsec.
the class HashStep method perform.
@Override
public HashResponse perform(Hash request, Map<String, Object> internalData) {
HashResponse response = WSHelper.makeResponse(HashResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
String didName = SALUtils.getDIDName(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(internalData, connectionHandle);
DIDStructureType didStructure = SALUtils.getDIDStructure(request, didName, cardStateEntry, connectionHandle);
CryptoMarkerType cryptoMarker = new CryptoMarkerType(didStructure.getDIDMarker());
HashGenerationInfoType hashInfo = cryptoMarker.getHashGenerationInfo();
if (hashInfo != null) {
if (hashInfo == HashGenerationInfoType.NOT_ON_CARD) {
String algId = cryptoMarker.getAlgorithmInfo().getAlgorithmIdentifier().getAlgorithm();
SignatureAlgorithms alg = SignatureAlgorithms.fromAlgId(algId);
HashAlgorithms hashAlg = alg.getHashAlg();
if (hashAlg == null) {
String msg = String.format("Algorithm %s does not specify a Hash algorithm.", algId);
LOG.error(msg);
String minor = ECardConstants.Minor.App.INCORRECT_PARM;
response.setResult(WSHelper.makeResultError(minor, msg));
} else {
// calculate hash
MessageDigest md = MessageDigest.getInstance(hashAlg.getJcaAlg());
md.update(request.getMessage());
byte[] digest = md.digest();
response.setHash(digest);
}
} else {
// TODO: implement hashing on card
String msg = String.format("Unsupported Hash generation type (%s) requested.", hashInfo);
LOG.error(msg);
String minor = ECardConstants.Minor.SAL.INAPPROPRIATE_PROTOCOL_FOR_ACTION;
response.setResult(WSHelper.makeResultError(minor, msg));
}
} else {
// no hash alg specified, this is an error
String msg = String.format("No Hash generation type specified in CIF.");
LOG.error(msg);
String minor = ECardConstants.Minor.SAL.INAPPROPRIATE_PROTOCOL_FOR_ACTION;
response.setResult(WSHelper.makeResultError(minor, msg));
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (UnsupportedAlgorithmException | NoSuchAlgorithmException ex) {
} catch (Exception e) {
LOG.warn(e.getMessage(), e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
Aggregations