Example 1 with EAC2InputType
use of org.openecard.sal.protocol.eac.anytype.EAC2InputType in project open-ecard by ecsec.
the class TerminalAuthenticationStep method perform.
@Override
public DIDAuthenticateResponse perform(DIDAuthenticate didAuthenticate, Map<String, Object> internalData) {
DIDAuthenticateResponse response = new DIDAuthenticateResponse();
DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
try {
ObjectSchemaValidator valid = (ObjectSchemaValidator) dynCtx.getPromise(EACProtocol.SCHEMA_VALIDATOR).deref();
boolean messageValid = valid.validateObject(didAuthenticate);
if (!messageValid) {
String msg = "Validation of the EAC2InputType message failed.";
logger.error(msg);
dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg));
return response;
}
} catch (ObjectValidatorException ex) {
String msg = "Validation of the EAC2InputType message failed due to invalid input data.";
logger.error(msg, ex);
dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
return response;
} catch (InterruptedException ex) {
String msg = "Thread interrupted while waiting for schema validator instance.";
logger.error(msg, ex);
dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INT_ERROR, msg));
return response;
}
byte[] slotHandle = didAuthenticate.getConnectionHandle().getSlotHandle();
try {
EAC2InputType eac2Input = new EAC2InputType(didAuthenticate.getAuthenticationProtocolData());
EAC2OutputType eac2Output = eac2Input.getOutputType();
TerminalAuthentication ta = new TerminalAuthentication(dispatcher, slotHandle);
// Build certificate chain
CardVerifiableCertificateChain certificateChain;
certificateChain = (CardVerifiableCertificateChain) internalData.get(EACConstants.IDATA_CERTIFICATES);
certificateChain.addCertificates(eac2Input.getCertificates());
byte[] currentCAR = (byte[]) internalData.get(EACConstants.IDATA_CURRENT_CAR);
byte[] previousCAR = (byte[]) internalData.get(EACConstants.IDATA_PREVIOUS_CAR);
CardVerifiableCertificateChain tmpChain = certificateChain.getCertificateChainFromCAR(currentCAR);
// try again with previous car if it didn't work
if (tmpChain.getCertificates().isEmpty() && previousCAR != null) {
tmpChain = certificateChain.getCertificateChainFromCAR(previousCAR);
}
certificateChain = tmpChain;
if (certificateChain.getCertificates().isEmpty()) {
String msg = "Failed to create a valid certificate chain from the transmitted certificates.";
logger.error(msg);
response.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, msg));
return response;
}
// TA: Step 1 - Verify certificates
ta.verifyCertificates(certificateChain);
// save values for later use
CardVerifiableCertificate terminalCertificate = certificateChain.getTerminalCertificate();
byte[] key = eac2Input.getEphemeralPublicKey();
byte[] signature = eac2Input.getSignature();
internalData.put(EACConstants.IDATA_PK_PCD, key);
internalData.put(EACConstants.IDATA_SIGNATURE, signature);
internalData.put(EACConstants.IDATA_TERMINAL_CERTIFICATE, terminalCertificate);
if (signature != null) {
logger.trace("Signature has been provided in EAC2InputType.");
// perform TA and CA authentication
ChipAuthentication ca = new ChipAuthentication(dispatcher, slotHandle);
AuthenticationHelper auth = new AuthenticationHelper(ta, ca);
eac2Output = auth.performAuth(eac2Output, internalData);
// no third step needed, notify GUI
DynamicContext ctx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
ctx.put(EACProtocol.AUTHENTICATION_DONE, true);
} else {
logger.trace("Signature has not been provided in EAC2InputType.");
// send challenge again
byte[] rPICC = (byte[]) internalData.get(EACConstants.IDATA_CHALLENGE);
eac2Output.setChallenge(rPICC);
}
response.setResult(WSHelper.makeResultOK());
response.setAuthenticationProtocolData(eac2Output.getAuthDataType());
} catch (Exception e) {
logger.error(e.getMessage(), e);
response.setResult(WSHelper.makeResultUnknownError(e.getMessage()));
dynCtx.put(EACProtocol.AUTHENTICATION_FAILED, true);
}
Promise<Object> p = (Promise<Object>) dynCtx.getPromise(TR03112Keys.PROCESSING_CANCELLATION);
if (p.derefNonblocking() == null) {
return response;
} else {
response = new DIDAuthenticateResponse();
String msg = "Authentication Canceled by the user.";
response.setResult(WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, msg));
return response;
}
}
Also used :
ObjectValidatorException(org.openecard.common.interfaces.ObjectValidatorException)
Promise(org.openecard.common.util.Promise)
DIDAuthenticateResponse(iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse)
ObjectValidatorException(org.openecard.common.interfaces.ObjectValidatorException)
EAC2InputType(org.openecard.sal.protocol.eac.anytype.EAC2InputType)
CardVerifiableCertificate(org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificate)
ObjectSchemaValidator(org.openecard.common.interfaces.ObjectSchemaValidator)
CardVerifiableCertificateChain(org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificateChain)
DynamicContext(org.openecard.common.DynamicContext)
EAC2OutputType(org.openecard.sal.protocol.eac.anytype.EAC2OutputType)
Aggregations
DIDAuthenticateResponse (iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse)1
DynamicContext (org.openecard.common.DynamicContext)1
ObjectSchemaValidator (org.openecard.common.interfaces.ObjectSchemaValidator)1
ObjectValidatorException (org.openecard.common.interfaces.ObjectValidatorException)1
Promise (org.openecard.common.util.Promise)1
CardVerifiableCertificate (org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificate)1
CardVerifiableCertificateChain (org.openecard.crypto.common.asn1.cvc.CardVerifiableCertificateChain)1
EAC2InputType (org.openecard.sal.protocol.eac.anytype.EAC2InputType)1
EAC2OutputType (org.openecard.sal.protocol.eac.anytype.EAC2OutputType)1
