Search in sources :

Example 1 with EAC2InputType

use of org.openecard.sal.protocol.eac.anytype.EAC2InputType in project open-ecard by ecsec.

the class TerminalAuthenticationStep method perform.

@Override
public DIDAuthenticateResponse perform(DIDAuthenticate didAuthenticate, Map<String, Object> internalData) {
    DIDAuthenticateResponse response = new DIDAuthenticateResponse();
    DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
    try {
        ObjectSchemaValidator valid = (ObjectSchemaValidator) dynCtx.getPromise(EACProtocol.SCHEMA_VALIDATOR).deref();
        boolean messageValid = valid.validateObject(didAuthenticate);
        if (!messageValid) {
            String msg = "Validation of the EAC2InputType message failed.";
            logger.error(msg);
            dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
            response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg));
            return response;
        }
    } catch (ObjectValidatorException ex) {
        String msg = "Validation of the EAC2InputType message failed due to invalid input data.";
        logger.error(msg, ex);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        return response;
    } catch (InterruptedException ex) {
        String msg = "Thread interrupted while waiting for schema validator instance.";
        logger.error(msg, ex);
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
        return response;
    }
    byte[] slotHandle = didAuthenticate.getConnectionHandle().getSlotHandle();
    try {
        EAC2InputType eac2Input = new EAC2InputType(didAuthenticate.getAuthenticationProtocolData());
        EAC2OutputType eac2Output = eac2Input.getOutputType();
        TerminalAuthentication ta = new TerminalAuthentication(dispatcher, slotHandle);
        // Build certificate chain
        CardVerifiableCertificateChain certificateChain;
        certificateChain = (CardVerifiableCertificateChain) internalData.get(EACConstants.IDATA_CERTIFICATES);
        certificateChain.addCertificates(eac2Input.getCertificates());
        byte[] currentCAR = (byte[]) internalData.get(EACConstants.IDATA_CURRENT_CAR);
        byte[] previousCAR = (byte[]) internalData.get(EACConstants.IDATA_PREVIOUS_CAR);
        CardVerifiableCertificateChain tmpChain = certificateChain.getCertificateChainFromCAR(currentCAR);
        // try again with previous car if it didn't work
        if (tmpChain.getCertificates().isEmpty() && previousCAR != null) {
            tmpChain = certificateChain.getCertificateChainFromCAR(previousCAR);
        }
        certificateChain = tmpChain;
        if (certificateChain.getCertificates().isEmpty()) {
            String msg = "Failed to create a valid certificate chain from the transmitted certificates.";
            logger.error(msg);
            response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg));
            return response;
        }
        // TA: Step 1 - Verify certificates
        ta.verifyCertificates(certificateChain);
        // save values for later use
        CardVerifiableCertificate terminalCertificate = certificateChain.getTerminalCertificate();
        byte[] key = eac2Input.getEphemeralPublicKey();
        byte[] signature = eac2Input.getSignature();
        internalData.put(EACConstants.IDATA_PK_PCD, key);
        internalData.put(EACConstants.IDATA_SIGNATURE, signature);
        internalData.put(EACConstants.IDATA_TERMINAL_CERTIFICATE, terminalCertificate);
        if (signature != null) {
            logger.trace("Signature has been provided in EAC2InputType.");
            // perform TA and CA authentication
            ChipAuthentication ca = new ChipAuthentication(dispatcher, slotHandle);
            AuthenticationHelper auth = new AuthenticationHelper(ta, ca);
            eac2Output = auth.performAuth(eac2Output, internalData);
            // no third step needed, notify GUI
            DynamicContext ctx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
            ctx.put(EACProtocol.AUTHENTICATION_DONE, true);
        } else {
            logger.trace("Signature has not been provided in EAC2InputType.");
            // send challenge again
            byte[] rPICC = (byte[]) internalData.get(EACConstants.IDATA_CHALLENGE);
            eac2Output.setChallenge(rPICC);
        }
        response.setResult(WSHelper.makeResultOK());
        response.setAuthenticationProtocolData(eac2Output.getAuthDataType());
    } catch (Exception e) {
        logger.error(e.getMessage(), e);
        response.setResult(WSHelper.makeResultUnknownError(e.getMessage()));
        dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
    }
    Promise<Object> p = (Promise<Object>) dynCtx.getPromise(TR03112Keys.PROCESSING_CANCELLATION);
    if (p.derefNonblocking() == null) {
        return response;
    } else {
        response = new DIDAuthenticateResponse();
        String msg = "Authentication Canceled by the user.";
        response.setResult(WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, msg));
        return response;
    }
}
Also used : ObjectValidatorException(org.openecard.common.interfaces.ObjectValidatorException) Promise(org.openecard.common.util.Promise) DIDAuthenticateResponse(iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse) ObjectValidatorException(org.openecard.common.interfaces.ObjectValidatorException) EAC2InputType(org.openecard.sal.protocol.eac.anytype.EAC2InputType) CardVerifiableCertificate(org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificate) ObjectSchemaValidator(org.openecard.common.interfaces.ObjectSchemaValidator) CardVerifiableCertificateChain(org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificateChain) DynamicContext(org.openecard.common.DynamicContext) EAC2OutputType(org.openecard.sal.protocol.eac.anytype.EAC2OutputType)

Aggregations

DIDAuthenticateResponse (iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse)1 DynamicContext (org.openecard.common.DynamicContext)1 ObjectSchemaValidator (org.openecard.common.interfaces.ObjectSchemaValidator)1 ObjectValidatorException (org.openecard.common.interfaces.ObjectValidatorException)1 Promise (org.openecard.common.util.Promise)1 CardVerifiableCertificate (org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificate)1 CardVerifiableCertificateChain (org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificateChain)1 EAC2InputType (org.openecard.sal.protocol.eac.anytype.EAC2InputType)1 EAC2OutputType (org.openecard.sal.protocol.eac.anytype.EAC2OutputType)1