summaryrefslogtreecommitdiff
path: root/smcc/src
diff options
context:
space:
mode:
authorclemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2009-01-20 17:01:09 +0000
committerclemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2009-01-20 17:01:09 +0000
commita7d404cd6db2724d36523e59c87c3007fa86a258 (patch)
treee938b10cccf606c062fdb4cf569b8245a83b8a37 /smcc/src
parentc97c49eb4399829603816e4b3e47c74b67d0f27b (diff)
parentce598ba5142ff7673085dd90865f9323d69574be (diff)
downloadmocca-a7d404cd6db2724d36523e59c87c3007fa86a258.tar.gz
mocca-a7d404cd6db2724d36523e59c87c3007fa86a258.tar.bz2
mocca-a7d404cd6db2724d36523e59c87c3007fa86a258.zip
[maven-release-plugin] copy for tag mocca-1.0.2mocca-1.0.2
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/tags/mocca-1.0.2@276 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'smcc/src')
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java320
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java244
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java386
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SWCard.java12
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SecurityStatusNotSatisfiedException.java38
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java12
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java8
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/VerificationFailedException.java65
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java4
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java9
-rw-r--r--smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java46
-rw-r--r--smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java92
-rw-r--r--smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java63
13 files changed, 713 insertions, 586 deletions
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
index 2baff834..6d96599c 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
@@ -30,7 +30,6 @@ package at.gv.egiz.smcc;
import java.nio.charset.Charset;
-import javax.smartcardio.Card;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CommandAPDU;
@@ -110,41 +109,47 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard {
public byte[] getCertificate(KeyboxName keyboxName)
throws SignatureCardException, InterruptedException {
- byte[] aid;
- byte[] efc;
- int maxsize;
- if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
- aid = AID_SIG;
- efc = EF_C_CH_DS;
- maxsize = EF_C_CH_DS_MAX_SIZE;
- } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
- aid = AID_DEC;
- efc = EF_C_CH_EKEY;
- maxsize = EF_C_CH_EKEY_MAX_SIZE;
- } else {
- throw new IllegalArgumentException("Keybox " + keyboxName
- + " not supported.");
- }
-
- log.debug("Get certificate for keybox '" + keyboxName.getKeyboxName() + "'" +
- " (AID=" + toString(aid) + " EF=" + toString(efc) + ").");
-
try {
- Card card = getCardChannel().getCard();
- try {
- card.beginExclusive();
- return readTLVFile(aid, efc, maxsize + 15000);
- } catch (FileNotFoundException e) {
- // if certificate is not present,
- // the citizen card application has not been activated
- throw new NotActivatedException();
- } finally {
- card.endExclusive();
+
+ if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
+
+ try {
+ getCard().beginExclusive();
+ byte[] certificate = readTLVFile(AID_SIG, EF_C_CH_DS, EF_C_CH_DS_MAX_SIZE);
+ if (certificate == null) {
+ throw new NotActivatedException();
+ }
+ return certificate;
+ } catch (FileNotFoundException e) {
+ throw new NotActivatedException();
+ } finally {
+ getCard().endExclusive();
+ }
+
+ } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
+
+ try {
+ getCard().beginExclusive();
+ byte[] certificate = readTLVFile(AID_DEC, EF_C_CH_EKEY, EF_C_CH_EKEY_MAX_SIZE);
+ if (certificate == null) {
+ throw new NotActivatedException();
+ }
+ return certificate;
+ } catch (FileNotFoundException e) {
+ throw new NotActivatedException();
+ } finally {
+ getCard().endExclusive();
+ }
+
+ } else {
+ throw new IllegalArgumentException("Keybox " + keyboxName
+ + " not supported.");
}
+
} catch (CardException e) {
- throw new SignatureCardException("Failed to get exclusive card access.");
+ log.warn(e);
+ throw new SignatureCardException("Failed to access card.", e);
}
-
}
@@ -155,30 +160,47 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard {
public byte[] getInfobox(String infobox, PINProvider provider, String domainId)
throws SignatureCardException, InterruptedException {
- if ("IdentityLink".equals(infobox)) {
-
- PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("inf.pin.name"));
-
- try {
- Card card = getCardChannel().getCard();
- try {
- card.beginExclusive();
- return readTLVFilePIN(AID_DEC, EF_INFOBOX, KID_PIN_INF, provider,
- spec, EF_INFOBOX_MAX_SIZE);
- } catch (FileNotFoundException e) {
- // if certificate is not present,
- // the citizen card application has not been activated
- throw new NotActivatedException();
- } finally {
- card.endExclusive();
- }
- } catch (CardException e) {
- throw new SignatureCardException("Failed to get exclusive card access.");
+ try {
+ if ("IdentityLink".equals(infobox)) {
+
+ PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("inf.pin.name"));
+
+ int retries = -1;
+ String pin = null;
+ boolean pinRequiered = false;
+
+ do {
+ if (pinRequiered) {
+ pin = provider.providePIN(spec, retries);
+ if (pin == null) {
+ throw new CancelledException();
+ }
+ }
+ try {
+ getCard().beginExclusive();
+ return readTLVFile(AID_DEC, EF_INFOBOX, pin, KID_PIN_INF, EF_INFOBOX_MAX_SIZE);
+ } catch (FileNotFoundException e) {
+ throw new NotActivatedException();
+ } catch (SecurityStatusNotSatisfiedException e) {
+ pinRequiered = true;
+ } catch (VerificationFailedException e) {
+ pinRequiered = true;
+ retries = e.getRetries();
+ } finally {
+ getCard().endExclusive();
+ }
+ } while (retries != 0);
+
+ throw new LockedException();
+
+ } else {
+ throw new IllegalArgumentException("Infobox '" + infobox
+ + "' not supported.");
}
-
- } else {
- throw new IllegalArgumentException("Infobox '" + infobox
- + "' not supported.");
+
+ } catch (CardException e) {
+ log.warn(e);
+ throw new SignatureCardException("Failed to access card.", e);
}
}
@@ -192,68 +214,103 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard {
}
try {
- Card card = getCardChannel().getCard();
- try {
- card.beginExclusive();
-
- if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) {
-
- // SELECT DF
- selectFileFID(DF_SIG);
- // VERIFY
- verifyPIN(provider, new PINSpec(6, 10, "[0-9]", getResourceBundle()
- .getString("sig.pin.name")), KID_PIN_SIG);
- // MSE: SET DST
- mseSetDST(0x81, 0xb6, DST_SIG);
- // PSO: HASH
- psoHash(hash);
- // PSO: COMPUTE DIGITAL SIGNATURE
- return psoComputDigitalSiganture();
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) {
-
- // SELECT DF
- selectFileFID(DF_DEC);
- // VERIFY
- verifyPIN(provider, new PINSpec(4, 4, "[0-9]", getResourceBundle()
- .getString("dec.pin.name")), KID_PIN_DEC);
- // MSE: SET DST
- mseSetDST(0x41, 0xa4, DST_DEC);
- // INTERNAL AUTHENTICATE
- return internalAuthenticate(hash);
-
-
- // 00 88 10 00 23 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 54 26 F0 EA AF EA F0 4E D4 A1 AD BF 66 D4 A5 9B 45 6F AF 79 00
- // 00 88 10 00 23 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 DF 8C AB 8F E2 AD AC 7B 5A AF BE E9 44 5E 95 99 FA AF 2F 48 00
-
- } else {
- throw new IllegalArgumentException("KeyboxName '" + keyboxName
- + "' not supported.");
- }
+ if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) {
+
+ PINSpec spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name"));
+
+ int retries = -1;
+ String pin = null;
+
+ do {
+ pin = provider.providePIN(spec, retries);
+ if (pin == null) {
+ throw new CancelledException();
+ }
+ try {
+ getCard().beginExclusive();
+
+ // SELECT DF
+ selectFileFID(DF_SIG);
+ // VERIFY
+ retries = verifyPIN(pin, KID_PIN_SIG);
+ if (retries != -1) {
+ throw new VerificationFailedException(retries);
+ }
+ // MSE: SET DST
+ mseSetDST(0x81, 0xb6, DST_SIG);
+ // PSO: HASH
+ psoHash(hash);
+ // PSO: COMPUTE DIGITAL SIGNATURE
+ return psoComputDigitalSiganture();
+
+ } catch (SecurityStatusNotSatisfiedException e) {
+ retries = verifyPIN(null, KID_PIN_SIG);
+ } catch (VerificationFailedException e) {
+ retries = e.getRetries();
+ } finally {
+ getCard().endExclusive();
+ }
+ } while (retries != 0);
+
+ throw new LockedException();
+
+
+ } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) {
- } catch (FileNotFoundException e) {
- // if certificate is not present,
- // the citizen card application has not been activated
- throw new NotActivatedException();
- } finally {
- card.endExclusive();
+ PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("dec.pin.name"));
+
+ int retries = -1;
+ String pin = null;
+ boolean pinRequiered = false;
+
+ do {
+ if (pinRequiered) {
+ pin = provider.providePIN(spec, retries);
+ if (pin == null) {
+ throw new CancelledException();
+ }
+ }
+ try {
+ getCard().beginExclusive();
+
+ // SELECT DF
+ selectFileFID(DF_DEC);
+ // VERIFY
+ retries = verifyPIN(pin, KID_PIN_DEC);
+ if (retries != -1) {
+ throw new VerificationFailedException(retries);
+ }
+ // MSE: SET DST
+ mseSetDST(0x41, 0xa4, DST_DEC);
+ // INTERNAL AUTHENTICATE
+ return internalAuthenticate(hash);
+
+ } catch (FileNotFoundException e) {
+ throw new NotActivatedException();
+ } catch (SecurityStatusNotSatisfiedException e) {
+ pinRequiered = true;
+ retries = verifyPIN(null, KID_PIN_DEC);
+ } catch (VerificationFailedException e) {
+ pinRequiered = true;
+ retries = e.getRetries();
+ } finally {
+ getCard().endExclusive();
+ }
+ } while (retries != 0);
+
+ throw new LockedException();
+
+ } else {
+ throw new IllegalArgumentException("KeyboxName '" + keyboxName
+ + "' not supported.");
}
+
} catch (CardException e) {
- throw new SignatureCardException("Failed to get exclusive card access.");
- }
-
- }
-
- protected byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException {
- CardChannel channel = getCardChannel();
- ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04,
- 0x00, fid, 256));
- if (resp.getSW() != 0x9000) {
- throw new SignatureCardException("Failed to select file (AID="
- + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + ".");
- } else {
- return resp.getBytes();
- }
+ log.warn(e);
+ throw new SignatureCardException("Failed to access card.", e);
+ }
+
}
protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException {
@@ -262,6 +319,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard {
0x00, fid, 256));
}
+ @Override
protected int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException {
CardChannel channel = getCardChannel();
@@ -290,35 +348,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard {
}
- /**
- *
- * @param pinProvider
- * @param spec
- * the PIN spec to be given to the pinProvider
- * @param kid
- * the KID (key identifier) of the PIN to be verified
- * @throws CancelledException
- * if the user canceld the operation
- * @throws javax.smartcardio.CardException
- * @throws at.gv.egiz.smcc.SignatureCardException
- */
- @Override
- protected void verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid)
- throws CardException, CancelledException, SignatureCardException, InterruptedException {
-
- int retries = -1;
- do {
- String pin = pinProvider.providePIN(spec, retries);
- if (pin == null) {
- // user canceled operation
- throw new CancelledException("User canceled operation");
- }
- retries = verifyPIN(pin, kid);
- } while (retries > 0);
-
- }
-
- void mseSetDST(int p1, int p2, byte[] dst) throws CardException, SignatureCardException {
+ private void mseSetDST(int p1, int p2, byte[] dst) throws CardException, SignatureCardException {
CardChannel channel = getCardChannel();
ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, p1,
p2, dst));
@@ -328,7 +358,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard {
}
}
- void psoHash(byte[] hash) throws CardException, SignatureCardException {
+ private void psoHash(byte[] hash) throws CardException, SignatureCardException {
CardChannel channel = getCardChannel();
ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x90,
0x81, hash));
@@ -338,7 +368,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard {
}
}
- byte[] psoComputDigitalSiganture() throws CardException,
+ private byte[] psoComputDigitalSiganture() throws CardException,
SignatureCardException {
CardChannel channel = getCardChannel();
ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E,
@@ -352,7 +382,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard {
}
}
- byte[] internalAuthenticate(byte[] hash) throws CardException, SignatureCardException {
+ private byte[] internalAuthenticate(byte[] hash) throws CardException, SignatureCardException {
byte[] digestInfo = new byte[] {
(byte) 0x30, (byte) 0x21, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2B, (byte) 0x0E,
(byte) 0x03, (byte) 0x02, (byte) 0x1A, (byte) 0x05, (byte) 0x00, (byte) 0x04
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java
index b828e8cd..633cc90d 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java
@@ -28,6 +28,8 @@
//
package at.gv.egiz.smcc;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Locale;
import java.util.ResourceBundle;
@@ -36,6 +38,7 @@ import javax.smartcardio.ATR;
import javax.smartcardio.Card;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
+import javax.smartcardio.CardTerminal;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
@@ -53,7 +56,12 @@ public abstract class AbstractSignatureCard implements SignatureCard {
int ifs_ = 254;
- Card card_;
+ private Card card_;
+
+ /**
+ * The card terminal that connects the {@link #card_}.
+ */
+ private CardTerminal cardTerminal;
protected AbstractSignatureCard(String resourceBundleName) {
this.resourceBundleName = resourceBundleName;
@@ -73,45 +81,56 @@ public abstract class AbstractSignatureCard implements SignatureCard {
return sb.toString();
}
- protected abstract byte[] selectFileAID(byte[] fid) throws CardException,
- SignatureCardException;
-
- protected abstract ResponseAPDU selectFileFID(byte[] fid) throws CardException,
- SignatureCardException;
-
/**
- * VERIFY PIN
+ * Select an application using AID as DF name according to ISO/IEC 7816-4
+ * section 8.2.2.2.
*
- * <p>
- * Implementations of this method should call
- * {@link PINProvider#providePIN(PINSpec, int)} to retrieve the PIN entered by
- * the user and VERIFY PIN on the smart card until the PIN has been
- * successfully verified.
- * </p>
+ * @param dfName
+ * AID of the application to be selected
*
- * @param pinProvider
- * the PINProvider
- * @param spec
- * the PINSpec
- * @param kid
- * the key ID (KID) of the PIN to verify
+ * @return the response data of the response APDU if SW=0x9000
*
* @throws CardException
- * if smart card communication fails
- *
- * @throws CancelledException
- * if the PINProvider indicated that the user canceled the PIN entry
- * @throws NotActivatedException
- * if the card application has not been activated
- * @throws LockedException
- * if the card application is locked
+ * if card communication fails
*
* @throws SignatureCardException
- * if VERIFY PIN fails
+ * if application selection fails (e.g. an application with the
+ * given AID is not present on the card)
*/
- protected abstract void verifyPIN(PINProvider pinProvider, PINSpec spec,
- byte kid) throws CardException, SignatureCardException, InterruptedException;
+ protected byte[] selectFileAID(byte[] dfName) throws CardException, SignatureCardException {
+ CardChannel channel = getCardChannel();
+ ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04,
+ 0x00, dfName, 256));
+ if (resp.getSW() != 0x9000) {
+ throw new SignatureCardException("Failed to select application AID="
+ + toString(dfName) + ": SW=" + Integer.toHexString(resp.getSW()) + ".");
+ } else {
+ return resp.getBytes();
+ }
+ }
+ protected abstract ResponseAPDU selectFileFID(byte[] fid) throws CardException,
+ SignatureCardException;
+
+ protected abstract int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException;
+
+
+ protected byte[] readRecord(int recordNumber) throws SignatureCardException, CardException {
+ return readRecord(getCardChannel(), recordNumber);
+ }
+
+ protected byte[] readRecord(CardChannel channel, int recordNumber) throws SignatureCardException, CardException {
+
+ ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB2,
+ recordNumber, 0x04, 256));
+ if (resp.getSW() == 0x9000) {
+ return resp.getData();
+ } else {
+ throw new SignatureCardException("Failed to read records. SW=" + Integer.toHexString(resp.getSW()));
+ }
+
+ }
+
protected byte[] readBinary(CardChannel channel, int offset, int len)
throws CardException, SignatureCardException {
@@ -119,6 +138,8 @@ public abstract class AbstractSignatureCard implements SignatureCard {
0x7F & (offset >> 8), offset & 0xFF, len));
if (resp.getSW() == 0x9000) {
return resp.getData();
+ } else if (resp.getSW() == 0x6982) {
+ throw new SecurityStatusNotSatisfiedException();
} else {
throw new SignatureCardException("Failed to read bytes (" + offset + "+"
+ len + "): SW=" + Integer.toHexString(resp.getSW()));
@@ -182,43 +203,10 @@ public abstract class AbstractSignatureCard implements SignatureCard {
}
- /**
- * Read the content of a TLV file.
- *
- * @param aid the application ID (AID)
- * @param ef the elementary file (EF)
- * @param maxLength the maximum length of the file
- *
- * @return the content of the file
- *
- * @throws SignatureCardException
- */
- protected byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength)
- throws SignatureCardException, InterruptedException {
- return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength);
- }
-
-
- /**
- * Read the content of a TLV file wich may require a PIN.
- *
- * @param aid the application ID (AID)
- * @param ef the elementary file (EF)
- * @param kid the key ID (KID) of the corresponding PIN
- * @param provider the PINProvider
- * @param spec the PINSpec
- * @param maxLength the maximum length of the file
- *
- * @return the content of the file
- *
- * @throws SignatureCardException
- */
- protected byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid,
- PINProvider provider, PINSpec spec, int maxLength)
- throws SignatureCardException, InterruptedException {
-
+ protected byte[] readRecords(byte[] aid, byte[] ef, int start, int end) throws SignatureCardException, InterruptedException {
+
try {
-
+
// SELECT FILE (AID)
byte[] rb = selectFileAID(aid);
if (rb[rb.length - 2] != (byte) 0x90 || rb[rb.length - 1] != (byte) 0x00) {
@@ -250,38 +238,90 @@ public abstract class AbstractSignatureCard implements SignatureCard {
+ Integer.toHexString(resp.getSW()) + ").");
}
-
- // try to READ BINARY
- byte[] b = new byte[1];
- int sw = readBinary(0, 1, b);
- if (provider != null && sw == 0x6982) {
-
- // VERIFY
- verifyPIN(provider, spec, kid);
-
- } else if (sw == 0x9000) {
- // not expected type
- if (b[0] != 0x30) {
- throw new NotActivatedException();
- }
- } else {
- throw new SignatureCardException("READ BINARY failed (SW="
- + Integer.toHexString(sw) + ").");
+ ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+
+ for (int i = start; i <= end; i++) {
+ bytes.write(readRecord(i));
}
-
- // READ BINARY
- byte[] data = readBinaryTLV(maxLength, (byte) 0x30);
-
- return data;
-
+
+ return bytes.toByteArray();
+
} catch (CardException e) {
throw new SignatureCardException("Failed to acces card.", e);
+ } catch (IOException e) {
+ throw new SignatureCardException("Failed to read records.", e);
}
-
+
+ }
+
+ /**
+ * Read the content of a TLV file.
+ *
+ * @param aid the application ID (AID)
+ * @param ef the elementary file (EF)
+ * @param maxLength the maximum length of the file
+ *
+ * @return the content of the file
+ *
+ * @throws SignatureCardException
+ * @throws CardException
+ */
+ protected byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength)
+ throws SignatureCardException, InterruptedException, CardException {
+ return readTLVFile(aid, ef, null, (byte) 0, maxLength);
}
/**
+ * Read the content of a TLV file wich may require a PIN.
+ *
+ * @param aid the application ID (AID)
+ * @param ef the elementary file (EF)
+ * @param kid the key ID (KID) of the corresponding PIN
+ * @param provider the PINProvider
+ * @param spec the PINSpec
+ * @param maxLength the maximum length of the file
+ *
+ * @return the content of the file
+ *
+ * @throws SignatureCardException
+ * @throws CardException
+ */
+ protected byte[] readTLVFile(byte[] aid, byte[] ef, String pin, byte kid, int maxLength)
+ throws SignatureCardException, InterruptedException, CardException {
+
+
+ // SELECT FILE (AID)
+ selectFileAID(aid);
+
+ // SELECT FILE (EF)
+ ResponseAPDU resp = selectFileFID(ef);
+ if (resp.getSW() == 0x6a82) {
+ // EF not found
+ throw new FileNotFoundException("EF " + toString(ef) + " not found.");
+ } else if (resp.getSW() != 0x9000) {
+ throw new SignatureCardException("SELECT FILE with "
+ + "FID="
+ + toString(ef)
+ + " failed ("
+ + "SW="
+ + Integer.toHexString(resp.getSW()) + ").");
+ }
+
+ // VERIFY
+ if (pin != null) {
+ int retries = verifyPIN(pin, kid);
+ if (retries != -1) {
+ throw new VerificationFailedException(retries);
+ }
+ }
+
+ return readBinaryTLV(maxLength, (byte) 0x30);
+
+
+ }
+
+ /**
* Transmit the given command APDU using the given card channel.
*
* @param channel
@@ -331,8 +371,9 @@ public abstract class AbstractSignatureCard implements SignatureCard {
}
- public void init(Card card) {
+ public void init(Card card, CardTerminal cardTerminal) {
card_ = card;
+ this.cardTerminal = cardTerminal;
ATR atr = card.getATR();
byte[] atrBytes = atr.getBytes();
if (atrBytes.length >= 6) {
@@ -340,6 +381,11 @@ public abstract class AbstractSignatureCard implements SignatureCard {
log.trace("Setting IFS (information field size) to " + ifs_);
}
}
+
+ @Override
+ public Card getCard() {
+ return card_;
+ }
protected CardChannel getCardChannel() {
return card_.getBasicChannel();
@@ -372,4 +418,18 @@ public abstract class AbstractSignatureCard implements SignatureCard {
}
}
+ @Override
+ public void reset() throws SignatureCardException {
+ try {
+ log.debug("Disconnect and reset smart card.");
+ card_.disconnect(true);
+ log.debug("Reconnect smart card.");
+ if (cardTerminal != null) {
+ card_ = cardTerminal.connect("*");
+ }
+ } catch (CardException e) {
+ throw new SignatureCardException("Failed to reset card.", e);
+ }
+ }
+
}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
index d6d02475..2a6e90bf 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java
@@ -31,7 +31,6 @@ package at.gv.egiz.smcc;
import java.math.BigInteger;
import java.util.Arrays;
-import javax.smartcardio.Card;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
import javax.smartcardio.CommandAPDU;
@@ -49,6 +48,42 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard
public static final byte[] MF = new byte[] { (byte) 0x3F, (byte) 0x00 };
+ /**
+ * Application ID <em>SV-Personendaten</em>.
+ */
+ public static final byte[] AID_SV_PERSONENDATEN = new byte[] {
+ (byte) 0xD0, (byte) 0x40, (byte) 0x00, (byte) 0x00,
+ (byte) 0x17, (byte) 0x01, (byte) 0x01, (byte) 0x01
+ };
+
+ /**
+ * File ID <em>Grunddaten</em> ({@link #AID_SV_PERSONENDATEN}).
+ */
+ public static final byte[] FID_GRUNDDATEN = new byte[] {
+ (byte) 0xEF, (byte) 0x01
+ };
+
+ /**
+ * File ID <em>EHIC</em> ({@link #AID_SV_PERSONENDATEN}).
+ */
+ public static final byte[] FID_EHIC = new byte[] {
+ (byte) 0xEF, (byte) 0x02
+ };
+
+ /**
+ * File ID <em>Status</em> ({@link #AID_SV_PERSONENDATEN}).
+ */
+ public static final byte[] FID_SV_PERSONENBINDUNG = new byte[] {
+ (byte) 0xEF, (byte) 0x03
+ };
+
+ /**
+ * File ID <em>Status</em> ({@link #AID_SV_PERSONENDATEN}).
+ */
+ public static final byte[] FID_STATUS = new byte[] {
+ (byte) 0xEF, (byte) 0x04
+ };
+
public static final byte[] AID_INFOBOX = new byte[] { (byte) 0xd0,
(byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00,
(byte) 0x18, (byte) 0x01 };
@@ -126,85 +161,134 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard
super("at/gv/egiz/smcc/STARCOSCard");
}
- /* (non-Javadoc)
- * @see at.gv.egiz.smcc.SignatureCard#getCertificate(at.gv.egiz.smcc.SignatureCard.KeyboxName)
- */
@Override
public byte[] getCertificate(KeyboxName keyboxName)
throws SignatureCardException, InterruptedException {
- byte[] aid;
- byte[] efc;
- if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
- aid = AID_DF_SS;
- efc = EF_C_X509_CH_DS;
- } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
- aid = AID_DF_GS;
- efc = EF_C_X509_CH_AUT;
- } else {
- throw new IllegalArgumentException("Keybox " + keyboxName
- + " not supported.");
- }
+ try {
+
+ if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) {
+
+ try {
+ getCard().beginExclusive();
+ return readTLVFile(AID_DF_SS, EF_C_X509_CH_DS, 2000);
+ } catch (FileNotFoundException e) {
+ throw new NotActivatedException();
+ } finally {
+ getCard().endExclusive();
+ }
+
+ } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) {
- log.debug("Get certificate for keybox '" + keyboxName.getKeyboxName() + "'" +
- " (AID=" + toString(aid) + " EF=" + toString(efc) + ").");
+ try {
+ getCard().beginExclusive();
+ return readTLVFile(AID_DF_GS, EF_C_X509_CH_AUT, 2000);
+ } catch (FileNotFoundException e) {
+ throw new NotActivatedException();
+ } finally {
+ getCard().endExclusive();
+ }
- try {
- Card card = getCardChannel().getCard();
- try {
- card.beginExclusive();
- return readTLVFile(aid, efc, 2000);
- } catch (FileNotFoundException e) {
- // if certificate is not present,
- // the citizen card application has not been activated
- throw new NotActivatedException();
- } finally {
- card.endExclusive();
+ } else {
+ throw new IllegalArgumentException("Keybox " + keyboxName
+ + " not supported.");
}
+
} catch (CardException e) {
- throw new SignatureCardException("Failed to get exclusive card access.");
+ log.warn(e);
+ throw new SignatureCardException("Failed to access card.", e);
}
-
- }
- /* (non-Javadoc)
- * @see at.gv.egiz.smcc.SignatureCard#getInfobox(java.lang.String, at.gv.egiz.smcc.PINProvider, java.lang.String)
- */
+ }
+
@Override
public byte[] getInfobox(String infobox, PINProvider provider, String domainId)
throws SignatureCardException, InterruptedException {
- if ("IdentityLink".equals(infobox)) {
-
- PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name"));
-
- try {
- Card card = getCardChannel().getCard();
+ try {
+ if ("IdentityLink".equals(infobox)) {
+
+ PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name"));
+
+ int retries = -1;
+ String pin = null;
+ boolean pinRequiered = false;
+
+ do {
+ if (pinRequiered) {
+ pin = provider.providePIN(spec, retries);
+ if (pin == null) {
+ throw new CancelledException();
+ }
+ }
+ try {
+ getCard().beginExclusive();
+ return readTLVFile(AID_INFOBOX, EF_INFOBOX, pin, KID_PIN_CARD, 2000);
+ } catch (FileNotFoundException e) {
+ throw new NotActivatedException();
+ } catch (SecurityStatusNotSatisfiedException e) {
+ pinRequiered = true;
+ retries = verifyPIN(null, KID_PIN_CARD);
+ } catch (VerificationFailedException e) {
+ pinRequiered = true;
+ retries = e.getRetries();
+ } finally {
+ getCard().endExclusive();
+ }
+ } while (retries != 0);
+
+ throw new LockedException();
+
+
+ } else if ("EHIC".equals(infobox)) {
+
try {
- card.beginExclusive();
- return readTLVFilePIN(AID_INFOBOX, EF_INFOBOX, KID_PIN_CARD,
- provider, spec, 2000);
- } catch (FileNotFoundException e) {
- // if certificate is not present,
- // the citizen card application has not been activated
- throw new NotActivatedException();
+ getCard().beginExclusive();
+ return readTLVFile(AID_SV_PERSONENDATEN, FID_EHIC, 126);
} finally {
- card.endExclusive();
+ getCard().endExclusive();
}
- } catch (CardException e) {
- throw new SignatureCardException("Failed to get exclusive card access.");
+
+ } else if ("Grunddaten".equals(infobox)) {
+
+ try {
+ getCard().beginExclusive();
+ return readTLVFile(AID_SV_PERSONENDATEN, FID_GRUNDDATEN, 550);
+ } finally {
+ getCard().endExclusive();
+ }
+
+ } else if ("SV-Personenbindung".equals(infobox)) {
+
+ try {
+ getCard().beginExclusive();
+ return readTLVFile(AID_SV_PERSONENDATEN, FID_SV_PERSONENBINDUNG, 500);
+ } finally {
+ getCard().endExclusive();
+ }
+
+ } else if ("Status".equals(infobox)) {
+
+ try {
+ getCard().beginExclusive();
+ return readRecords(AID_SV_PERSONENDATEN, FID_STATUS, 1, 5);
+ } finally {
+ getCard().endExclusive();
+ }
+
+ } else {
+ throw new IllegalArgumentException("Infobox '" + infobox
+ + "' not supported.");
}
- } else {
- throw new IllegalArgumentException("Infobox '" + infobox
- + "' not supported.");
+ } catch (CardException e) {
+ log.warn(e);
+ throw new SignatureCardException("Failed to access card.", e);
}
}
- /* (non-Javadoc)
- * @see at.gv.egiz.smcc.SignatureCard#createSignature(byte[], at.gv.egiz.smcc.SignatureCard.KeyboxName, at.gv.egiz.smcc.PINProvider)
- */
+ @Override
public byte[] createSignature(byte[] hash, KeyboxName keyboxName,
PINProvider provider) throws SignatureCardException, InterruptedException {
@@ -212,72 +296,115 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard
throw new IllegalArgumentException("Hash value must be of length 20.");
}
- byte[] aid;
- byte kid;
- byte[] dst;
- PINSpec spec;
- if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) {
- aid = AID_DF_SS;
- kid = KID_PIN_SS;
- dst = DST_SS;
- spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name"));
-
- } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) {
- aid = AID_DF_GS;
- kid = KID_PIN_CARD;
- dst = DST_GS;
- spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name"));
-
- } else {
- throw new IllegalArgumentException("KeyboxName '" + keyboxName
- + "' not supported.");
- }
-
try {
- Card card = getCardChannel().getCard();
- try {
- card.beginExclusive();
-
- // SELECT MF
- selectMF();
- // SELECT DF
- selectFileAID(aid);
- // VERIFY
- verifyPIN(provider, spec, kid);
- // MSE: SET DST
- mseSetDST(dst);
- // PSO: HASH
- psoHash(hash);
- // PSO: COMPUTE DIGITAL SIGNATURE
- return psoComputDigitalSiganture();
-
-
- } catch (FileNotFoundException e) {
- // if certificate is not present,
- // the citizen card application has not been activated
- throw new NotActivatedException();
- } finally {
- card.endExclusive();
+
+ if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) {
+
+ PINSpec spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name"));
+
+ int retries = -1;
+ String pin = null;
+
+ do {
+ try {
+ getCard().beginExclusive();
+ selectFileAID(AID_DF_SS);
+ retries = verifyPIN(null, KID_PIN_SS);
+ } finally {
+ getCard().endExclusive();
+ }
+ pin = provider.providePIN(spec, retries);
+ if (pin == null) {
+ throw new CancelledException();
+ }
+ try {
+ getCard().beginExclusive();
+ return createSignature(hash, AID_DF_SS, pin, KID_PIN_SS, DST_SS);
+ } catch (VerificationFailedException e) {
+ retries = e.getRetries();
+ } finally {
+ getCard().endExclusive();
+ }
+ } while (retries != 0);
+
+ throw new LockedException();
+
+
+ } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) {
+
+ PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name"));
+
+ int retries = -1;
+ String pin = null;
+ boolean pinRequiered = false;
+
+ do {
+ if (pinRequiered) {
+ pin = provider.providePIN(spec, retries);
+ if (pin == null) {
+ throw new CancelledException();
+ }
+ }
+ try {
+ getCard().beginExclusive();
+ return createSignature(hash, AID_DF_GS, pin, KID_PIN_CARD, DST_GS);
+ } catch (FileNotFoundException e) {
+ throw new NotActivatedException();
+ } catch (SecurityStatusNotSatisfiedException e) {
+ pinRequiered = true;
+ retries = verifyPIN(null, KID_PIN_CARD);
+ } catch (VerificationFailedException e) {
+ pinRequiered = true;
+ retries = e.getRetries();
+ } finally {
+ getCard().endExclusive();
+ }
+ } while (retries != 0);
+
+ throw new LockedException();
+
+ } else {
+ throw new IllegalArgumentException("KeyboxName '" + keyboxName
+ + "' not supported.");
}
+
} catch (CardException e) {
- throw new SignatureCardException("Failed to get exclusive card access.");
+ log.warn(e);
+ throw new SignatureCardException("Failed to access card.", e);
}
}
- protected byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException {
+ protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException {
CardChannel channel = getCardChannel();
- ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04,
+ return transmit(channel, new CommandAPDU(0x00, 0xA4, 0x02,
0x04, fid, 256));
- if (resp.getSW() != 0x9000) {
- throw new SignatureCardException("Failed to select file (AID="
- + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + ".");
- } else {
- return resp.getBytes();
+ }
+
+ private byte[] createSignature(byte[] hash, byte[] aid, String pin, byte kid,
+ byte[] dst) throws CardException, SignatureCardException {
+
+ // SELECT MF
+ selectMF();
+ // SELECT DF
+ selectFileAID(aid);
+ // VERIFY
+ int retries = verifyPIN(pin, kid);
+ if (retries != -1) {
+ throw new VerificationFailedException(retries);
}
+ // MSE: SET DST
+ mseSetDST(dst);
+ // PSO: HASH
+ psoHash(hash);
+ // PSO: COMPUTE DIGITAL SIGNATURE
+ return psoComputDigitalSiganture();
+
+
}
- void selectMF() throws CardException, SignatureCardException {
+
+ private void selectMF() throws CardException, SignatureCardException {
CardChannel channel = getCardChannel();
ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00,
0x0C));
@@ -287,13 +414,7 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard
}
}
- protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException {
- CardChannel channel = getCardChannel();
- return transmit(channel, new CommandAPDU(0x00, 0xA4, 0x02,
- 0x04, fid, 256));
- }
-
- void mseSetDST(byte[] dst) throws CardException, SignatureCardException {
+ private void mseSetDST(byte[] dst) throws CardException, SignatureCardException {
CardChannel channel = getCardChannel();
ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, 0x41,
0xB6, dst));
@@ -303,7 +424,7 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard
}
}
- void psoHash(byte[] hash) throws CardException, SignatureCardException {
+ private void psoHash(byte[] hash) throws CardException, SignatureCardException {
byte[] data = new byte[hash.length + 2];
data[0] = (byte) 0x90; // tag
data[1] = (byte) (hash.length); // length
@@ -318,7 +439,7 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard
}
}
- byte[] psoComputDigitalSiganture() throws CardException,
+ private byte[] psoComputDigitalSiganture() throws CardException,
SignatureCardException {
CardChannel channel = getCardChannel();
ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E,
@@ -353,7 +474,8 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard
* @throws SignatureCardException
* if VERIFY PIN fails
*/
- private int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException {
+ @Override
+ protected int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException {
CardChannel channel = getCardChannel();
@@ -385,6 +507,8 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard
} else if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) {
// return number of possible retries
return resp.getSW2() & 0x0f;
+ } else if (resp.getSW() == 0x6983) {
+ throw new LockedException();
} else if (resp.getSW() == 0x6984) {
// PIN LCS = "Initialized" (-> not activated)
throw new NotActivatedException("PIN not set.");
@@ -397,26 +521,8 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard
}
- /* (non-Javadoc)
- * @see at.gv.egiz.smcc.AbstractSignatureCard#verifyPIN(at.gv.egiz.smcc.PINProvider, at.gv.egiz.smcc.PINSpec, byte, int)
- */
- protected void verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid)
- throws CardException, SignatureCardException, InterruptedException {
-
- int retries = verifyPIN(null, kid);
- do {
- String pin = pinProvider.providePIN(spec, retries);
- if (pin == null) {
- // user canceled operation
- throw new CancelledException("User canceld operation.");
- }
- retries = verifyPIN(pin, kid);
- } while (retries > 0);
-
- }
-
public String toString() {
- return "eCard";
+ return "e-card";
}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java
index 42943541..439be034 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java
@@ -40,6 +40,7 @@ import java.util.Enumeration;
import java.util.Locale;
import javax.smartcardio.Card;
+import javax.smartcardio.CardTerminal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -102,7 +103,12 @@ public class SWCard implements SignatureCard {
SWCard.swCardDir = swCardDir;
}
- public void init(Card card) {
+ public void init(Card card, CardTerminal cardTerminal) {
+ }
+
+ @Override
+ public Card getCard() {
+ return null;
}
private String getFileName(String fileName) {
@@ -379,4 +385,8 @@ public class SWCard implements SignatureCard {
public void disconnect(boolean reset) {
}
+ @Override
+ public void reset() throws SignatureCardException {
+ }
+
}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SecurityStatusNotSatisfiedException.java b/smcc/src/main/java/at/gv/egiz/smcc/SecurityStatusNotSatisfiedException.java
new file mode 100644
index 00000000..bf0af76c
--- /dev/null
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SecurityStatusNotSatisfiedException.java
@@ -0,0 +1,38 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.smcc;
+
+public class SecurityStatusNotSatisfiedException extends SignatureCardException {
+
+ private static final long serialVersionUID = 1L;
+
+ public SecurityStatusNotSatisfiedException() {
+ }
+
+ public SecurityStatusNotSatisfiedException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public SecurityStatusNotSatisfiedException(String message) {
+ super(message);
+ }
+
+ public SecurityStatusNotSatisfiedException(Throwable cause) {
+ super(cause);
+ }
+
+}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java
index b6a453df..d7e76dd8 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java
@@ -31,6 +31,7 @@ package at.gv.egiz.smcc;
import java.util.Locale;
import javax.smartcardio.Card;
+import javax.smartcardio.CardTerminal;
public interface SignatureCard {
@@ -75,12 +76,21 @@ public interface SignatureCard {
}
- public void init(Card card);
+ public void init(Card card, CardTerminal cardTerminal);
+
+ public Card getCard();
public byte[] getCertificate(KeyboxName keyboxName)
throws SignatureCardException, InterruptedException;
public void disconnect(boolean reset);
+
+ /**
+ * Performs a reset of the card.
+ *
+ * @throws SignatureCardException if reset fails.
+ */
+ public void reset() throws SignatureCardException;
/**
*
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java
index 777299d9..ab66e9a1 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java
@@ -34,6 +34,7 @@ import java.util.List;
import javax.smartcardio.ATR;
import javax.smartcardio.Card;
+import javax.smartcardio.CardTerminal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -204,6 +205,7 @@ public class SignatureCardFactory {
* @param card
* the smart card, or <code>null</code> if a software card should be
* created
+ * @param cardTerminal TODO
*
* @return a SignatureCard instance
*
@@ -211,12 +213,12 @@ public class SignatureCardFactory {
* if no implementation of the given <code>card</code> could be
* found
*/
- public SignatureCard createSignatureCard(Card card)
+ public SignatureCard createSignatureCard(Card card, CardTerminal cardTerminal)
throws CardNotSupportedException {
if(card == null) {
SignatureCard sCard = new SWCard();
- sCard.init(card);
+ sCard.init(card, cardTerminal);
return sCard;
}
@@ -231,7 +233,7 @@ public class SignatureCardFactory {
try {
Class<?> scClass = cl.loadClass(supportedCard.getImplementationClassName());
sc = (SignatureCard) scClass.newInstance();
- sc.init(card);
+ sc.init(card, cardTerminal);
return sc;
} catch (ClassNotFoundException e) {
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/VerificationFailedException.java b/smcc/src/main/java/at/gv/egiz/smcc/VerificationFailedException.java
new file mode 100644
index 00000000..fa066ff9
--- /dev/null
+++ b/smcc/src/main/java/at/gv/egiz/smcc/VerificationFailedException.java
@@ -0,0 +1,65 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.smcc;
+
+public class VerificationFailedException extends SignatureCardException {
+
+ private static final long serialVersionUID = 1L;
+
+ public static final int UNKNOWN = -1;
+
+ private int retries = UNKNOWN;
+
+ public VerificationFailedException() {
+ }
+
+ public VerificationFailedException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public VerificationFailedException(String message) {
+ super(message);
+ }
+
+ public VerificationFailedException(Throwable cause) {
+ super(cause);
+ }
+
+ public VerificationFailedException(int retries) {
+ this.retries = retries;
+ }
+
+ public VerificationFailedException(int retries, String message, Throwable cause) {
+ super(message, cause);
+ this.retries = retries;
+ }
+
+ public VerificationFailedException(int retries, String message) {
+ super(message);
+ this.retries = retries;
+ }
+
+ public VerificationFailedException(int retries, Throwable cause) {
+ super(cause);
+ this.retries = retries;
+ }
+
+ public int getRetries() {
+ return retries;
+ }
+
+}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java
index 4dae7975..f7d3bab7 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java
@@ -57,7 +57,7 @@ public class SMCCHelper {
SignatureCardFactory factory = SignatureCardFactory.getInstance();
if (useSWCard) {
try {
- signatureCard = factory.createSignatureCard(null);
+ signatureCard = factory.createSignatureCard(null, null);
resultCode = CARD_FOUND;
} catch (CardNotSupportedException e) {
resultCode = CARD_NOT_SUPPORTED;
@@ -83,7 +83,7 @@ public class SMCCHelper {
if (c == null) {
throw new CardNotSupportedException();
}
- signatureCard = factory.createSignatureCard(c);
+ signatureCard = factory.createSignatureCard(c, cardTerminal);
ATR atr = newCards.get(cardTerminal).getATR();
log.trace("Found supported card (" + signatureCard.toString() + ") "
+ "in terminal '" + cardTerminal.getName() + "', ATR = "
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java
index b70b44a7..b1866894 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java
@@ -16,6 +16,7 @@
*/
package at.gv.egiz.smcc.util;
+import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
@@ -54,7 +55,13 @@ public class SmartCardIO {
CardTerminals cardTerminals_;
private void updateTerminalFactory() {
- TerminalFactory terminalFactory = TerminalFactory.getDefault();
+ TerminalFactory terminalFactory;
+ try {
+ terminalFactory = TerminalFactory.getInstance("PC/SC", null);
+ } catch (NoSuchAlgorithmException e) {
+ log.info("Failed to get TerminalFactory of type 'PC/SC'.", e);
+ terminalFactory = TerminalFactory.getDefault();
+ }
log.debug("TerminalFactory : " + terminalFactory);
if ("PC/SC".equals(terminalFactory.getType())) {
terminalFactory_ = terminalFactory;
diff --git a/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java b/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java
deleted file mode 100644
index 5f4bb67e..00000000
--- a/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.smcc;
-
-import java.util.Locale;
-
-import at.gv.egiz.smcc.util.SMCCHelper;
-
-public class SMCCApplication {
-
- /**
- * @param args
- */
- public static void main(String[] args) {
-
- SignatureCard sc = null;
- SMCCHelper smccHelper = new SMCCHelper();
- while (smccHelper.getResultCode() != SMCCHelper.CARD_FOUND) {
- System.out.println("Did not get a signature card ... "+smccHelper.getResultCode());
- smccHelper.update();
- try {
- Thread.sleep(1000);
- } catch (InterruptedException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
- sc = smccHelper.getSignatureCard(Locale.getDefault());
- System.out.println("Found supported siganture card: "+sc);
- }
-
-}
diff --git a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java
deleted file mode 100644
index 13210540..00000000
--- a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.smcc;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Locale;
-
-import javax.smartcardio.CardException;
-import javax.smartcardio.CommandAPDU;
-import javax.smartcardio.ResponseAPDU;
-
-import at.gv.egiz.smcc.SignatureCard.KeyboxName;
-import at.gv.egiz.smcc.util.SMCCHelper;
-
-public class STARCOSCardTest {
-
- /**
- * @param args
- * @throws CardException
- * @throws NoSuchAlgorithmException
- */
- public static void main(String[] args) throws CardException, NoSuchAlgorithmException, InterruptedException {
-
- SMCCHelper helper = new SMCCHelper();
- while (helper.getResultCode() != SMCCHelper.CARD_FOUND) {
- System.out.println("Did not get a signature card ... " + helper.getResultCode());
- helper.update();
- try {
- Thread.sleep(1000);
- } catch (InterruptedException e) {
- e.printStackTrace();
- }
- }
-
- SignatureCard signatureCard = helper.getSignatureCard(Locale.getDefault());
-
- System.out.println("Found '" + signatureCard + "'.");
-
- try {
-// signatureCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR);
-// signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR);
-// signatureCard.getInfobox("IdentityLink", new CommandLinePINProvider(), null);
- MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
- byte[] digest = messageDigest.digest("test".getBytes());
- signatureCard.createSignature(digest, KeyboxName.CERITIFIED_KEYPAIR, new CommandLinePINProvider());
- } catch (SignatureCardException e) {
- e.printStackTrace();
- }
-
- }
-
- private static class CommandLinePINProvider implements PINProvider {
-
- @Override
- public String providePIN(PINSpec spec, int retries) {
-
- InputStreamReader inputStreamReader = new InputStreamReader(System.in);
- BufferedReader in = new BufferedReader(inputStreamReader);
-
- System.out.print("Enter " + spec.getLocalizedName() + " ["
- + spec.getMinLength() + "-" + spec.getMaxLength() + "] (" + retries
- + " retries):");
-
- try {
- return in.readLine();
- } catch (IOException e) {
- return null;
- }
-
- }
-
- }
-
-}
diff --git a/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java
deleted file mode 100644
index 38126a67..00000000
--- a/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.smcc;
-
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-import at.gv.egiz.smcc.SignatureCard.KeyboxName;
-
-public class SWCardTest implements PINProvider {
-
- SWCard swCard = new SWCard();
-
- public static void main(String[] args) throws Exception {
-
- SWCardTest swCardTest = new SWCardTest();
- swCardTest.test();
-
- }
-
- public void test() throws SignatureCardException, NoSuchAlgorithmException, InterruptedException {
-
- swCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR);
- swCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR);
-
- BigInteger t = BigInteger.valueOf(System.currentTimeMillis());
-
- MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
- byte[] hash = messageDigest.digest(t.toByteArray());
-
- byte[] signature;
- signature = swCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, this);
- System.out.println(SignatureCardFactory.toString(signature));
-
- signature = swCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, this);
- System.out.println(SignatureCardFactory.toString(signature));
-
- byte[] infobox = swCard.getInfobox("IdentityLink", this, null);
- System.out.println(SignatureCardFactory.toString(infobox));
-
- }
-
- @Override
- public String providePIN(PINSpec spec, int retries) {
- return "buerger";
- }
-
-}