diff options
70 files changed, 8026 insertions, 2630 deletions
| diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java index 72a7c4cc..e0b09d63 100644 --- a/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java +++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java @@ -16,41 +16,32 @@   */  package at.gv.egiz.bku.smccstal.ext; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +  import at.gv.egiz.bku.gui.BKUGUIFacade;  import at.gv.egiz.bku.gui.PINManagementGUIFacade; -import at.gv.egiz.bku.gui.PINManagementGUIFacade.DIALOG;  import at.gv.egiz.bku.gui.PINManagementGUIFacade.STATUS;  import at.gv.egiz.bku.smccstal.AbstractRequestHandler; -import at.gv.egiz.bku.smccstal.PINProviderFactory;  import at.gv.egiz.smcc.CancelledException;  import at.gv.egiz.smcc.LockedException;  import at.gv.egiz.smcc.NotActivatedException;  import at.gv.egiz.smcc.PINConfirmationException;  import at.gv.egiz.smcc.PINFormatException; +import at.gv.egiz.smcc.PINMgmtSignatureCard;  import at.gv.egiz.smcc.PINOperationAbortedException; -import at.gv.egiz.smcc.PINProvider;  import at.gv.egiz.smcc.PINSpec; -import at.gv.egiz.smcc.STARCOSCard; -import at.gv.egiz.smcc.SignatureCard;  import at.gv.egiz.smcc.SignatureCardException;  import at.gv.egiz.smcc.TimeoutException; -import at.gv.egiz.smcc.VerificationFailedException; -import at.gv.egiz.smcc.util.SMCCHelper; +import at.gv.egiz.smcc.PINMgmtSignatureCard.PIN_STATE;  import at.gv.egiz.stal.ErrorResponse;  import at.gv.egiz.stal.STALRequest;  import at.gv.egiz.stal.STALResponse;  import at.gv.egiz.stal.ext.PINManagementRequest;  import at.gv.egiz.stal.ext.PINManagementResponse; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import javax.smartcardio.Card; -import javax.smartcardio.CardChannel; -import javax.smartcardio.CardException; -import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory;  /**   * @@ -60,23 +51,36 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {    protected static final Log log = LogFactory.getLog(PINManagementRequestHandler.class); -  protected Map<PINSpec, STATUS> pinStatuses; +  protected Map<PINSpec, STATUS> pinStates = new HashMap<PINSpec, STATUS>();    @Override    public STALResponse handleRequest(STALRequest request) throws InterruptedException {      if (request instanceof PINManagementRequest) { -      PINManagementGUIFacade gui = (PINManagementGUIFacade) this.gui; +    PINManagementGUIFacade gui = (PINManagementGUIFacade) this.gui; +       +    PINSpec selectedPIN = null; -      PINSpec selectedPIN = null; +    try { -      try { +      if (card instanceof PINMgmtSignatureCard) { -      pinStatuses = getPINStatuses(); -       -      gui.showPINManagementDialog(pinStatuses, -              this, "activate_enterpin", "change_enterpin", "unblock_enterpuk", "verify_enterpin", -              this, "cancel"); +        // update all PIN states +        for (PINSpec pinSpec : ((PINMgmtSignatureCard) card).getPINSpecs()) { +          updatePINState(pinSpec, STATUS.UNKNOWN); +        } +         +        gui.showPINManagementDialog(pinStates, this, "activate_enterpin", +              "change_enterpin", "unblock_enterpuk", "verify_enterpin", this, +              "cancel"); +         +      } else { +         +        // card does not support PIN management +        gui.showErrorDialog(PINManagementGUIFacade.ERR_UNSUPPORTED_CARD, +              null, this, "cancel"); +         +      }        while (true) { @@ -97,9 +101,9 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {            try {              if ("activate_enterpin".equals(actionCommand)) {                log.info("activate " + selectedPIN.getLocalizedName()); -              card.activatePIN(selectedPIN, +              ((PINMgmtSignatureCard) card).activatePIN(selectedPIN,                        ppfac.getActivatePINProvider()); -              updatePINStatus(selectedPIN, STATUS.ACTIV); +              updatePINState(selectedPIN, STATUS.ACTIV);                gui.showMessageDialog(PINManagementGUIFacade.TITLE_ACTIVATE_SUCCESS,                        PINManagementGUIFacade.MESSAGE_ACTIVATE_SUCCESS,                        new Object[] {selectedPIN.getLocalizedName()}, @@ -107,9 +111,9 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {                waitForAction();              } else if ("change_enterpin".equals(actionCommand)) {                log.info("change " + selectedPIN.getLocalizedName()); -              card.changePIN(selectedPIN,  +              ((PINMgmtSignatureCard) card).changePIN(selectedPIN,                         ppfac.getChangePINProvider()); -              updatePINStatus(selectedPIN, STATUS.ACTIV); +              updatePINState(selectedPIN, STATUS.ACTIV);                gui.showMessageDialog(PINManagementGUIFacade.TITLE_CHANGE_SUCCESS,                        PINManagementGUIFacade.MESSAGE_CHANGE_SUCCESS,                        new Object[] {selectedPIN.getLocalizedName()}, @@ -118,13 +122,13 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {              } else if ("unblock_enterpuk".equals(actionCommand)) {                log.info("unblock " + selectedPIN.getLocalizedName()); -              card.unblockPIN(selectedPIN, +              ((PINMgmtSignatureCard) card).unblockPIN(selectedPIN,                        ppfac.getUnblockPINProvider());              } else if ("verify_enterpin".equals(actionCommand)) {                log.info("verify " + selectedPIN.getLocalizedName()); -              card.verifyPIN(selectedPIN, +              ((PINMgmtSignatureCard) card).verifyPIN(selectedPIN,                        ppfac.getVerifyPINProvider()); -              updatePINStatus(selectedPIN, STATUS.ACTIV); +              updatePINState(selectedPIN, STATUS.ACTIV);              }            } catch (CancelledException ex) {              log.trace("cancelled"); @@ -137,14 +141,14 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {              waitForAction();            } catch (LockedException ex) {              log.error(selectedPIN.getLocalizedName() + " locked"); -            updatePINStatus(selectedPIN, STATUS.BLOCKED); +            updatePINState(selectedPIN, STATUS.BLOCKED);              gui.showErrorDialog(PINManagementGUIFacade.ERR_LOCKED,                      new Object[] {selectedPIN.getLocalizedName()},                      this, null);              waitForAction();            } catch (NotActivatedException ex) {              log.error(selectedPIN.getLocalizedName() + " not active"); -            updatePINStatus(selectedPIN, STATUS.NOT_ACTIV); +            updatePINState(selectedPIN, STATUS.NOT_ACTIV);              gui.showErrorDialog(PINManagementGUIFacade.ERR_NOT_ACTIVE,                      new Object[] {selectedPIN.getLocalizedName()},                      this, null); @@ -176,7 +180,7 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {          } // end if          selectedPIN = null; -        gui.showPINManagementDialog(pinStatuses, +        gui.showPINManagementDialog(pinStates,                  this, "activate_enterpin", "change_enterpin", "unblock_enterpuk", "verify_enterpin",                  this, "cancel");        } // end while @@ -206,70 +210,6 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {      return true;    } -  private Map<PINSpec, STATUS> getPINStatuses() throws GetPINStatusException { -    HashMap<PINSpec, STATUS> pinStatuses = new HashMap<PINSpec, STATUS>(); -    List<PINSpec> pins = card.getPINSpecs(); - -    if (card instanceof STARCOSCard) { -      Card icc = card.getCard(); -      try { -        icc.beginExclusive(); -        CardChannel channel = icc.getBasicChannel(); - -        for (PINSpec pinSpec : pins) { -          byte kid = pinSpec.getKID(); -          byte[] contextAID = pinSpec.getContextAID(); - -          if (contextAID != null) { -            CommandAPDU selectAPDU = new CommandAPDU(0x00, 0xa4, 0x04, 0x0c, contextAID); -            ResponseAPDU responseAPDU = channel.transmit(selectAPDU); -            if (responseAPDU.getSW() != 0x9000) { -              icc.endExclusive(); -              String msg = "Select AID " + SMCCHelper.toString(pinSpec.getContextAID()) + -                  ": SW=" + Integer.toHexString(responseAPDU.getSW()); -              log.error(msg); -              throw new GetPINStatusException(msg); -            } -          } - -          CommandAPDU verifyAPDU = new CommandAPDU(new byte[] { -            (byte) 0x00, (byte) 0x20, (byte) 00, kid }); -          ResponseAPDU responseAPDU = channel.transmit(verifyAPDU); - -          STATUS status = STATUS.UNKNOWN; -          if (responseAPDU.getSW() == 0x6984) { -            status = STATUS.NOT_ACTIV; -          } else if (responseAPDU.getSW() == 0x63c0) { -            status = STATUS.BLOCKED; -          } else if (responseAPDU.getSW1() == 0x63) { -            status = STATUS.ACTIV; -          } -          if (log.isDebugEnabled()) { -            log.debug("PIN " + pinSpec.getLocalizedName() + -                    " status: " + SMCCHelper.toString(responseAPDU.getBytes())); -          } -          pinStatuses.put(pinSpec, status); -        } -        return pinStatuses; - -      } catch (CardException ex) { -        log.error("Failed to get PIN status: " + ex.getMessage(), ex); -        throw new GetPINStatusException(ex.getMessage()); -      } finally { -        try { -          icc.endExclusive(); -        } catch (CardException ex) { -          log.trace("failed to end exclusive card access: " + ex.getMessage()); -        } -      } -    } else { -      for (PINSpec pinSpec : pins) { -        pinStatuses.put(pinSpec, STATUS.UNKNOWN); -      } -    } -    return pinStatuses; -  } -    /**     * query status for STARCOS card,     * assume provided status for ACOS card @@ -277,154 +217,28 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {     * @param status     * @throws at.gv.egiz.smcc.SignatureCardException if query status fails     */ -  private void updatePINStatus(PINSpec pinSpec, STATUS status) throws GetPINStatusException { -    if (card instanceof STARCOSCard) { -      Card icc = card.getCard(); -      try { -        icc.beginExclusive(); -        CardChannel channel = icc.getBasicChannel(); - -          byte kid = pinSpec.getKID(); -          byte[] contextAID = pinSpec.getContextAID(); - -          if (contextAID != null) { -            CommandAPDU selectAPDU = new CommandAPDU(0x00, 0xa4, 0x04, 0x0c, contextAID); -            ResponseAPDU responseAPDU = channel.transmit(selectAPDU); -            if (responseAPDU.getSW() != 0x9000) { -              icc.endExclusive(); -              String msg = "Select AID " + SMCCHelper.toString(pinSpec.getContextAID()) + -                  ": SW=" + Integer.toHexString(responseAPDU.getSW()); -              log.error(msg); -              throw new GetPINStatusException(msg); -            } -          } - -          CommandAPDU verifyAPDU = new CommandAPDU(new byte[] { -            (byte) 0x00, (byte) 0x20, (byte) 00, kid }); -          ResponseAPDU responseAPDU = channel.transmit(verifyAPDU); - -          status = STATUS.UNKNOWN; -          if (responseAPDU.getSW() == 0x6984) { -            status = STATUS.NOT_ACTIV; -          } else if (responseAPDU.getSW() == 0x63c0) { -            status = STATUS.BLOCKED; -          } else if (responseAPDU.getSW1() == 0x63) { -            status = STATUS.ACTIV; -          } -          if (log.isDebugEnabled()) { -            log.debug(pinSpec.getLocalizedName() + -                    " status: " + SMCCHelper.toString(responseAPDU.getBytes())); -          } -          pinStatuses.put(pinSpec, status); - -      } catch (CardException ex) { -        log.error("Failed to get PIN status: " + ex.getMessage(), ex); -        throw new GetPINStatusException(ex.getMessage()); -      } finally { -        try { -          icc.endExclusive(); -        } catch (CardException ex) { -          log.warn("failed to end exclusive card access: " + ex.getMessage()); -        } -      } +  private void updatePINState(PINSpec pinSpec, STATUS status) +      throws GetPINStatusException { + +    PINMgmtSignatureCard pmCard = ((PINMgmtSignatureCard) card); +    PIN_STATE pinState; +    try { +      pinState = pmCard.getPINState(pinSpec); +    } catch (SignatureCardException e) { +      String msg = "Failed to get PIN status for pin '" +          + pinSpec.getLocalizedName() + "'."; +      log.info(msg, e); +      throw new GetPINStatusException(msg); +    } +    if (pinState == PIN_STATE.ACTIV) { +      pinStates.put(pinSpec, STATUS.ACTIV); +    } else if (pinState == PIN_STATE.NOT_ACTIV) { +      pinStates.put(pinSpec, STATUS.NOT_ACTIV); +    } else if (pinState == PIN_STATE.BLOCKED) { +      pinStates.put(pinSpec, STATUS.BLOCKED);      } else { -      pinStatuses.put(pinSpec, status); +      pinStates.put(pinSpec, status);      }    } -//  /** -//   * provides oldPin and newPin from one dialog, -//   * and don't know whether providePIN() or provideOldPIN() is called first. -//   */ -//  class SoftwarePinProvider implements PINProvider { -// -//    private PINManagementGUIFacade.DIALOG type; -//    private boolean retry = false; -// -//    private char[] newPin; -//    private char[] oldPin; -// -//    public SoftwarePinProvider(DIALOG type) { -//      this.type = type; -//    } -// -//    @Override -//    public char[] providePIN(PINSpec spec, int retries) -//            throws CancelledException, InterruptedException { -//      if (newPin == null) { -//        getPINs(spec, retries); -//      } -//      char[] pin = newPin; -//      newPin = null; -//      return pin; -//    } -// -//    @Override -//    public char[] provideOldPIN(PINSpec spec, int retries) -//            throws CancelledException, InterruptedException { -//      if (oldPin == null) { -//        getPINs(spec, retries); -//      } -//      char[] pin = oldPin; -//      oldPin = null; -//      return pin; -//    } -// -//    private void getPINs(PINSpec spec, int retries) -//            throws InterruptedException, CancelledException { -//      PINManagementGUIFacade gui = -//              (PINManagementGUIFacade) PINManagementRequestHandler.this.gui; -// -//      if (retry) { -//        gui.showPINDialog(type, spec, retries, -//              PINManagementRequestHandler.this, "exec", -//              PINManagementRequestHandler.this, "back"); -//      } else { -//        gui.showPINDialog(type, spec, -//              PINManagementRequestHandler.this, "exec", -//              PINManagementRequestHandler.this, "back"); -//      } -//      waitForAction(); -// -//      if (actionCommand.equals("exec")) { -//        gui.showWaitDialog(null); -//        retry = true; -//        oldPin = gui.getOldPin(); -//        newPin = gui.getPin(); -//      } else if (actionCommand.equals("back")) { -//        throw new CancelledException(); -//      } else { -//        log.error("unsupported command " + actionCommand); -//        throw new CancelledException(); -//      } -//    } -//  } -// -// -//  class PinpadPinProvider implements PINProvider { -// -//    private PINManagementGUIFacade.DIALOG type; -//    private boolean retry = false; -// -//    public PinpadPinProvider(DIALOG type) { -//      this.type = type; -//    } -// -//    @Override -//    public char[] providePIN(PINSpec spec, int retries) { -//      log.debug("provide pin for " + type); -//      if (retry) { -//        ((PINManagementGUIFacade) gui).showPinpadPINDialog(type, spec, retries); -//      } else { -//        ((PINManagementGUIFacade) gui).showPinpadPINDialog(type, spec, -1); -//        retry = true; -//      } -//      return null; -//    } -// -//    @Override -//    public char[] provideOldPIN(PINSpec spec, int retries) { -//      return null; -//    } -//  }  } diff --git a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java index 09695808..213114d0 100644 --- a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java +++ b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java @@ -24,9 +24,6 @@ import org.apache.commons.cli.PosixParser;  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
 -import at.gv.egiz.bku.local.ui.BKUControllerInterface;
 -import at.gv.egiz.bku.local.ui.TrayIconDialog;
 -import at.gv.egiz.bku.utils.HexDump;
  import at.gv.egiz.bku.utils.StreamUtil;
  public class BKULauncher implements BKUControllerInterface {
 diff --git a/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.wsdl b/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.wsdl index 9ef43f39..dc7ad8f1 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.wsdl +++ b/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.wsdl @@ -24,7 +24,7 @@      xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">      <types>          <xsd:schema targetNamespace="http://www.egiz.gv.at/wsdl/stal"> -            <xsd:import namespace="http://www.egiz.gv.at/stal" schemaLocation="stal-service.xsd"/> +            <xsd:import namespace="http://www.egiz.gv.at/stal" schemaLocation="stal.xsd"/>              <!--xsd:import namespace="http://www.egiz.gv.at/stal" schemaLocation="stal-extended.xsd"/-->          </xsd:schema>          <!-- test  diff --git a/smcc/pom.xml b/smcc/pom.xml index 6a9f52a3..ce414318 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -32,6 +32,11 @@        <artifactId>junit</artifactId>        <scope>test</scope>      </dependency> +    <dependency> +      <groupId>iaik</groupId> +      <artifactId>iaik_jce_full_signed</artifactId> +      <scope>test</scope> +    </dependency>      <!-- FIXME just for testing       <dependency>        <groupId>iaik</groupId> diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOS04Card.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOS04Card.java deleted file mode 100644 index 9fca6ab9..00000000 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOS04Card.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - *  - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *  - *     http://www.apache.org/licenses/LICENSE-2.0 - *  - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package at.gv.egiz.smcc; - -/** - * - * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> - */ -public class ACOS04Card extends ACOSCard { - -  public ACOS04Card() { -    pinSpecs.remove(PINSPEC_INF); -  } - -} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java index d064b821..9825978c 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -1,48 +1,47 @@ -//Copyright (C) 2002 IAIK -//http://jce.iaik.at -// -//Copyright (C) 2003 Stiftung Secure Information and  -//                 Communication Technologies SIC -//http://www.sic.st -// -//All rights reserved. -// -//This source is provided for inspection purposes and recompilation only, -//unless specified differently in a contract with IAIK. This source has to -//be kept in strict confidence and must not be disclosed to any third party -//under any circumstances. Redistribution in source and binary forms, with -//or without modification, are <not> permitted in any case! -// -//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. -// -// +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/  package at.gv.egiz.smcc; -import at.gv.egiz.smcc.ccid.CCID; -import at.gv.egiz.smcc.util.SMCCHelper; -import java.nio.ByteBuffer; -import java.nio.CharBuffer; -import java.nio.charset.Charset; - +import java.io.IOException; +import java.security.AlgorithmParameters; +import java.security.GeneralSecurityException; +import java.util.Arrays; +import java.util.List; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.DESedeKeySpec; +import javax.crypto.spec.IvParameterSpec; +import javax.smartcardio.Card;  import javax.smartcardio.CardChannel;  import javax.smartcardio.CardException; +import javax.smartcardio.CardTerminal;  import javax.smartcardio.CommandAPDU;  import javax.smartcardio.ResponseAPDU;  import org.apache.commons.logging.Log;  import org.apache.commons.logging.LogFactory; -public class ACOSCard extends AbstractSignatureCard { +import at.gv.egiz.smcc.util.ISO7816Utils; +import at.gv.egiz.smcc.util.SMCCHelper; +import at.gv.egiz.smcc.util.TransparentFileInputStream; + +public class ACOSCard extends AbstractSignatureCard implements PINMgmtSignatureCard {    private static Log log = LogFactory.getLog(ACOSCard.class); @@ -69,6 +68,8 @@ public class ACOSCard extends AbstractSignatureCard {        (byte) 0x01 };    public static final byte[] EF_INFOBOX = new byte[] { (byte) 0xc0, (byte) 0x02 }; +   +  public static final byte[] EF_INFO = new byte[] { (byte) 0xd0, (byte) 0x02 };    public static final int EF_INFOBOX_MAX_SIZE = 1500; @@ -90,7 +91,7 @@ public class ACOSCard extends AbstractSignatureCard {        (byte) 0x14 // ECDSA    }; -  public static final byte[] DST_DEC = new byte[] { (byte) 0x84, (byte) 0x01, // tag +  public static final byte[] AT_DEC = new byte[] { (byte) 0x84, (byte) 0x01, // tag        // ,        // length        // ( @@ -102,123 +103,278 @@ public class ACOSCard extends AbstractSignatureCard {        (byte) 0x01 // RSA // TODO: Not verified yet    }; -  protected static final int PINSPEC_INF = 0; -  protected static final int PINSPEC_DEC = 1; -  protected static final int PINSPEC_SIG = 2; +  private static final PINSpec DEC_PIN_SPEC = new PINSpec(0, 8, "[0-9]", +      "at/gv/egiz/smcc/ACOSCard", "dec.pin.name", KID_PIN_DEC, AID_DEC); + +  private static final PINSpec SIG_PIN_SPEC = new PINSpec(0, 8, "[0-9]", +      "at/gv/egiz/smcc/ACOSCard", "sig.pin.name", KID_PIN_SIG, AID_SIG); + +  private static final PINSpec INF_PIN_SPEC = new PINSpec(0, 8, "[0-9]", +      "at/gv/egiz/smcc/ACOSCard", "inf.pin.name", KID_PIN_INF, AID_DEC); +   +  /** +   * The version of the card's digital signature application. +   */ +  protected int appVersion = -1;    public ACOSCard() {      super("at/gv/egiz/smcc/ACOSCard"); -    pinSpecs.add(PINSPEC_INF, -            new PINSpec(0, 8, "[0-9]", getResourceBundle().getString("inf.pin.name"), KID_PIN_INF, AID_DEC)); -    pinSpecs.add(PINSPEC_DEC,  -            new PINSpec(0, 8, "[0-9]", getResourceBundle().getString("dec.pin.name"), KID_PIN_DEC, AID_DEC)); -    pinSpecs.add(PINSPEC_SIG,  -            new PINSpec(0, 8, "[0-9]", getResourceBundle().getString("sig.pin.name"), KID_PIN_SIG, AID_SIG));    } -  /* (non-Javadoc) -   * @see at.gv.egiz.smcc.SignatureCard#getCertificate(at.gv.egiz.smcc.SignatureCard.KeyboxName) -   */    @Override +  public void init(Card card, CardTerminal cardTerminal) { +    super.init(card, cardTerminal); + +    // determine application version +    try { +      CardChannel channel = getCardChannel(); +      // SELECT application +      execSELECT_AID(channel, AID_SIG); +      // SELECT file +      execSELECT_FID(channel, EF_INFO); +      // READ BINARY +      TransparentFileInputStream is = ISO7816Utils.openTransparentFileInputStream(channel, 8); +      appVersion = is.read(); +      log.info("a-sign premium application version = " + appVersion); +    } catch (FileNotFoundException e) { +      appVersion = 1; +      log.info("a-sign premium application version = " + appVersion); +    } catch (SignatureCardException e) { +      log.warn(e); +      appVersion = 0; +    } catch (IOException e) { +      log.warn(e); +      appVersion = 0; +    } catch (CardException e) { +      log.warn(e); +      appVersion = 0; +    }  +     +    pinSpecs.add(DEC_PIN_SPEC); +    pinSpecs.add(SIG_PIN_SPEC); +    if (appVersion < 2) { +      pinSpecs.add(INF_PIN_SPEC); +    } + +  } + +  @Override +  @Exclusive    public byte[] getCertificate(KeyboxName keyboxName)        throws SignatureCardException, InterruptedException { -   -    try { -       +     +      byte[] aid; +      byte[] fid;        if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { -         -        try { -          getCard().beginExclusive(); -          byte[] certificate = readTLVFile(AID_SIG, EF_C_CH_DS, EF_C_CH_DS_MAX_SIZE); -          if (certificate == null) { -            throw new NotActivatedException(); -          } -          return certificate; -        } catch (FileNotFoundException e) { -          throw new NotActivatedException(); -        } finally { -          getCard().endExclusive(); -        } -         +        aid = AID_SIG; +        fid = EF_C_CH_DS;        } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { -         -        try { -          getCard().beginExclusive(); -          byte[] certificate = readTLVFile(AID_DEC, EF_C_CH_EKEY, EF_C_CH_EKEY_MAX_SIZE); -          if (certificate == null) { -            throw new NotActivatedException(); -          } -          return certificate; -        } catch (FileNotFoundException e) { -          throw new NotActivatedException(); -        } finally { -          getCard().endExclusive(); -        } -         +        aid = AID_DEC; +        fid = EF_C_CH_EKEY;        } else {          throw new IllegalArgumentException("Keybox " + keyboxName              + " not supported.");        } -    } catch (CardException e) { -      log.warn(e); -      throw new SignatureCardException("Failed to access card.", e); -    } -     +      try { +        CardChannel channel = getCardChannel(); +        // SELECT application +        execSELECT_AID(channel, aid); +        // SELECT file +        byte[] fcx = execSELECT_FID(channel, fid); +        int maxSize = -1; +        if (getAppVersion() < 2) { +          maxSize = ISO7816Utils.getLengthFromFCx(fcx); +          log.debug("Size of selected file = " + maxSize); +        } +        // READ BINARY +        byte[] certificate = ISO7816Utils.readTransparentFileTLV(channel, maxSize, (byte) 0x30); +        if (certificate == null) { +          throw new NotActivatedException(); +        } +        return certificate; +      } catch (FileNotFoundException e) { +        throw new NotActivatedException(); +      } catch (CardException e) { +        log.info("Failed to get certificate.", e); +        throw new SignatureCardException(e); +      }  + +          } -  /* (non-Javadoc) -   * @see at.gv.egiz.smcc.SignatureCard#getInfobox(java.lang.String, at.gv.egiz.smcc.PINProvider, java.lang.String) -   */    @Override +  @Exclusive    public byte[] getInfobox(String infobox, PINProvider provider, String domainId)        throws SignatureCardException, InterruptedException { +     +    if ("IdentityLink".equals(infobox)) { +      if (getAppVersion() < 2) { +        return getIdentityLinkV1(provider, domainId); +      } else { +        return getIdentityLinkV2(provider, domainId); +      } +    } else { +      throw new IllegalArgumentException("Infobox '" + infobox +          + "' not supported."); +    } +   +  } + +  protected byte[] getIdentityLinkV1(PINProvider provider, String domainId)  +      throws SignatureCardException, InterruptedException { +     +    try { +      CardChannel channel = getCardChannel(); +      // SELECT application +      execSELECT_AID(channel, AID_DEC); +      // SELECT file +      byte[] fcx = execSELECT_FID(channel, EF_INFOBOX); +      int maxSize = ISO7816Utils.getLengthFromFCx(fcx); +      log.debug("Size of selected file = " + maxSize); +      // READ BINARY +      while(true) { +        try { +          return ISO7816Utils.readTransparentFileTLV(channel, maxSize, (byte) 0x30); +        } catch (SecurityStatusNotSatisfiedException e) { +          verifyPINLoop(channel, INF_PIN_SPEC, provider); +        } +      } +       +    } catch (FileNotFoundException e) { +      throw new NotActivatedException(); +    } catch (CardException e) { +      log.info("Faild to get infobox.", e); +      throw new SignatureCardException(e); +    } +     +  } +  protected byte[] getIdentityLinkV2(PINProvider provider, String domainId) +      throws SignatureCardException, InterruptedException { +          try { -      if ("IdentityLink".equals(infobox)) { -  -        PINSpec spec = pinSpecs.get(PINSPEC_INF); -        //new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("inf.pin.name")); +      CardChannel channel = getCardChannel(); +      // SELECT application +      execSELECT_AID(channel, AID_DEC); +      // SELECT file +      execSELECT_FID(channel, EF_INFOBOX); +       +      // READ BINARY +      TransparentFileInputStream is = ISO7816Utils.openTransparentFileInputStream(channel, -1); +       +      int b = is.read(); +      if (b == 0x00) { +        return null; +      } +      if (b != 0x41 || is.read() != 0x49 || is.read() != 0x4b) { +        String msg = "Infobox structure invalid."; +        log.info(msg); +        throw new SignatureCardException(msg); +      } -        int retries = -1; -        boolean pinRequired = false; +      b = is.read(); +      if (b != 0x01) { +        String msg = "Infobox structure v" + b + " not supported."; +        log.info(msg); +        throw new SignatureCardException(msg); +      } +       +      while ((b = is.read()) != 0x01 && b != 00) { +        is.read(); // modifiers +        is.skip(is.read() + (is.read() << 8)); // length +      } +       +      if (b != 0x01) { +        return null;  +      } +       +      int modifiers = is.read(); +      int length = is.read() + (is.read() << 8); -        do { -          try { -            getCard().beginExclusive(); -            if (pinRequired) { -              char[] pin = provider.providePIN(spec, retries); -              return readTLVFile(AID_DEC, EF_INFOBOX, pin, spec.getKID(), EF_INFOBOX_MAX_SIZE); -            } else { -              return readTLVFile(AID_DEC, EF_INFOBOX, EF_INFOBOX_MAX_SIZE); -            } -          } catch (FileNotFoundException e) { -            throw new NotActivatedException(); -          } catch (SecurityStatusNotSatisfiedException e) { -            pinRequired = true; -          } catch (VerificationFailedException e) { -            pinRequired = true; -            retries = e.getRetries(); -          } finally { -            getCard().endExclusive(); -          } -        } while (retries != 0); +      byte[] bytes; +      byte[] key = null; +       +      switch (modifiers) { +      case 0x00: +        bytes = new byte[length]; +        break; +      case 0x01: +        key = new byte[is.read() + (is.read() << 8)]; +        is.read(key); +        bytes = new byte[length - key.length - 2]; +        break; +      default: +        String msg = "Compressed infobox structure not yet supported."; +        log.info(msg); +        throw new SignatureCardException(msg); +      } +       +      is.read(bytes); +       +      if (key == null) { +        return bytes; +      } -        throw new LockedException(); +      execMSE(channel, 0x41, 0xb8, new byte[] { +          (byte) 0x84, (byte) 0x01, (byte) 0x88, (byte) 0x80, (byte) 0x01, +          (byte) 0x02 }); -      } else { -        throw new IllegalArgumentException("Infobox '" + infobox -            + "' not supported."); -      } +      byte[] plainKey = null; + +      while (true) { +        try { +          plainKey = execPSO_DECIPHER(channel, key); +          break; +        } catch(SecurityStatusNotSatisfiedException e) { +          verifyPINLoop(channel, DEC_PIN_SPEC, provider); +        } +      } +       +      try { +        Cipher cipher = Cipher +            .getInstance("DESede/CBC/PKCS5Padding"); +        byte[] iv = new byte[8]; +        Arrays.fill(iv, (byte) 0x00); +        IvParameterSpec ivParameterSpec = new IvParameterSpec(iv); +        AlgorithmParameters parameters = AlgorithmParameters +            .getInstance("DESede"); +        parameters.init(ivParameterSpec); + +        DESedeKeySpec keySpec = new DESedeKeySpec(plainKey); +        SecretKeyFactory keyFactory = SecretKeyFactory +            .getInstance("DESede"); +        SecretKey secretKey = keyFactory.generateSecret(keySpec); + +        cipher.init(Cipher.DECRYPT_MODE, secretKey, parameters); + +        return cipher.doFinal(bytes); + +      } catch (GeneralSecurityException e) { +        String msg = "Failed to decrypt infobox."; +        log.info(msg, e); +        throw new SignatureCardException(msg, e); +      } +       +       +    } catch (FileNotFoundException e) { +      throw new NotActivatedException();      } catch (CardException e) { -      log.warn(e); -      throw new SignatureCardException("Failed to access card.", e); +      log.info("Faild to get infobox.", e); +      throw new SignatureCardException(e); +    } catch (IOException e) { +      if (e.getCause() instanceof SignatureCardException) { +        throw (SignatureCardException) e.getCause(); +      } else { +        throw new SignatureCardException(e); +      }      } -   +        } - +      @Override +  @Exclusive    public byte[] createSignature(byte[] hash, KeyboxName keyboxName,        PINProvider provider) throws SignatureCardException, InterruptedException { @@ -228,87 +384,40 @@ public class ACOSCard extends AbstractSignatureCard {      try { -      if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { - -        PINSpec spec = pinSpecs.get(PINSPEC_SIG); -        //new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); -         -        int retries = -1; -        char[] pin = null; - -        do { -          pin = provider.providePIN(spec, retries); -          try { -            getCard().beginExclusive(); -             -            // SELECT DF -            selectFileFID(DF_SIG); -            // VERIFY -            retries = verifyPIN(KID_PIN_SIG, pin); -            if (retries != -1) { -              throw new VerificationFailedException(retries); -            } -            // MSE: SET DST -            mseSetDST(0x81, 0xb6, DST_SIG); -            // PSO: HASH -            psoHash(hash); -            // PSO: COMPUTE DIGITAL SIGNATURE -            return psoComputDigitalSiganture(); +      CardChannel channel = getCardChannel(); -          } catch (SecurityStatusNotSatisfiedException e) { -            retries = verifyPIN(KID_PIN_SIG); -          } catch (VerificationFailedException e) { -            retries = e.getRetries(); -          } finally { -            getCard().endExclusive(); -          } -        } while (retries != 0); +      if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { -        throw new LockedException(); +        PINSpec spec = SIG_PIN_SPEC; +        // SELECT application +        execSELECT_AID(channel, AID_SIG); +        // MANAGE SECURITY ENVIRONMENT : SET DST +        execMSE(channel, 0x41, 0xb6, DST_SIG); +        // VERIFY +        verifyPINLoop(channel, spec, provider); +        // PERFORM SECURITY OPERATION : HASH +        execPSO_HASH(channel, hash); +        // PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATRE +        return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel);        } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { -        PINSpec spec = pinSpecs.get(PINSPEC_DEC); -        //new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("dec.pin.name")); - -        int retries = -1; -        char[] pin = null; -        boolean pinRequired = false; +        PINSpec spec = DEC_PIN_SPEC; -        do { -          if (pinRequired) { -            pin = provider.providePIN(spec, retries); -          } +        // SELECT application +        execSELECT_AID(channel, AID_DEC); +        // MANAGE SECURITY ENVIRONMENT : SET AT +        execMSE(channel, 0x41, 0xa4, AT_DEC); +         +        while (true) {            try { -            getCard().beginExclusive(); -             -            // SELECT DF -            selectFileFID(DF_DEC); -            // VERIFY -            retries = verifyPIN(KID_PIN_DEC, pin); -            if (retries != -1) { -              throw new VerificationFailedException(retries); -            } -            // MSE: SET DST -            mseSetDST(0x41, 0xa4, DST_DEC);              // INTERNAL AUTHENTICATE -            return internalAuthenticate(hash); -             -          } catch (FileNotFoundException e) { -            throw new NotActivatedException(); +            return execINTERNAL_AUTHENTICATE(channel, hash);            } catch (SecurityStatusNotSatisfiedException e) { -            pinRequired = true; -            retries = verifyPIN(KID_PIN_DEC); -          } catch (VerificationFailedException e) { -            pinRequired = true; -            retries = e.getRetries(); -          } finally { -            getCard().endExclusive(); +            verifyPINLoop(channel, spec, provider);            } -        } while (retries != 0); - -        throw new LockedException(); +        }        } else {          throw new IllegalArgumentException("KeyboxName '" + keyboxName @@ -321,377 +430,311 @@ public class ACOSCard extends AbstractSignatureCard {      }     } +   +  public int getAppVersion() { +    return appVersion; +  } -  //////////////////////////////////////////////////////////////////////// -  // PROTECTED METHODS (assume exclusive card access) -  //////////////////////////////////////////////////////////////////////// +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.AbstractSignatureCard#verifyPIN(at.gv.egiz.smcc.PINSpec, at.gv.egiz.smcc.PINProvider) +   */ +  @Override +  public void verifyPIN(PINSpec pinSpec, PINProvider pinProvider) +      throws LockedException, NotActivatedException, CancelledException, +      TimeoutException, SignatureCardException, InterruptedException { -  protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException {      CardChannel channel = getCardChannel(); -    return transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, -        0x00, fid, 256)); +     +    try { +      // SELECT application +      execSELECT_AID(channel, pinSpec.getContextAID()); +      // VERIFY +      verifyPIN(channel, pinSpec, pinProvider, -1); +    } catch (CardException e) { +      log.info("Failed to verify PIN.", e); +      throw new SignatureCardException("Failed to verify PIN.", e); +    } +    } +   +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.AbstractSignatureCard#changePIN(at.gv.egiz.smcc.PINSpec, at.gv.egiz.smcc.ChangePINProvider) +   */ +  @Override +  public void changePIN(PINSpec pinSpec, ChangePINProvider pinProvider) +      throws LockedException, NotActivatedException, CancelledException, +      TimeoutException, SignatureCardException, InterruptedException { -  private void mseSetDST(int p1, int p2, byte[] dst) throws CardException, SignatureCardException {      CardChannel channel = getCardChannel(); -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, p1, -        p2, dst)); -    if (resp.getSW() != 0x9000) { -      throw new SignatureCardException("MSE:SET DST failed: SW=" -          + Integer.toHexString(resp.getSW())); +     +    try { +      // SELECT application +      execSELECT_AID(channel, pinSpec.getContextAID()); +      // CHANGE REFERENCE DATA +      changePIN(channel, pinSpec, pinProvider, -1); +    } catch (CardException e) { +      log.info("Failed to change PIN.", e); +      throw new SignatureCardException("Failed to change PIN.", e);      } +    } -  private void psoHash(byte[] hash) throws CardException, SignatureCardException { -    CardChannel channel = getCardChannel(); -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x90, -        0x81, hash)); -    if (resp.getSW() != 0x9000) { -      throw new SignatureCardException("PSO:HASH failed: SW=" -          + Integer.toHexString(resp.getSW())); -    } +  @Override +  public void activatePIN(PINSpec pinSpec, PINProvider pinProvider) +      throws CancelledException, SignatureCardException, CancelledException, +      TimeoutException, InterruptedException { +    log.error("ACTIVATE PIN not supported by ACOS"); +    throw new SignatureCardException("PIN activation not supported by this card.");    } -  private byte[] psoComputDigitalSiganture() throws CardException, -      SignatureCardException { -    CardChannel channel = getCardChannel(); -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E, -        0x9A, 256)); -    if (resp.getSW() != 0x9000) { -      throw new SignatureCardException( -          "PSO: COMPUTE DIGITAL SIGNATRE failed: SW=" -              + Integer.toHexString(resp.getSW())); -    } else { -      return resp.getData(); -    } +  @Override +  public void unblockPIN(PINSpec pinSpec, PINProvider pinProvider) +      throws CancelledException, SignatureCardException, InterruptedException { +    throw new SignatureCardException("Unblock PIN not supported.");    } -  private byte[] internalAuthenticate(byte[] hash) throws CardException, SignatureCardException { -    byte[] digestInfo = new byte[] { -        (byte) 0x30, (byte) 0x21, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2B, (byte) 0x0E,  -        (byte) 0x03, (byte) 0x02, (byte) 0x1A, (byte) 0x05, (byte) 0x00, (byte) 0x04 -    }; -     -    byte[] data = new byte[digestInfo.length + hash.length + 1]; -     -    System.arraycopy(digestInfo, 0, data, 0, digestInfo.length); -    data[digestInfo.length] = (byte) hash.length; -    System.arraycopy(hash, 0, data, digestInfo.length + 1, hash.length); -     -    CardChannel channel = getCardChannel(); -     -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x88, 0x10, 0x00, data, 256)); -    if (resp.getSW() != 0x9000) { -      throw new SignatureCardException("INTERNAL AUTHENTICATE failed: SW=" + Integer.toHexString(resp.getSW())); +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.PINMgmtSignatureCard#getPINSpecs() +   */ +  @Override +  public List<PINSpec> getPINSpecs() { +    if (getAppVersion() < 2) { +      return Arrays.asList(new PINSpec[] {DEC_PIN_SPEC, SIG_PIN_SPEC, INF_PIN_SPEC});      } else { -      return resp.getData(); +      return Arrays.asList(new PINSpec[] {DEC_PIN_SPEC, SIG_PIN_SPEC});      }    } -  /** -   * -   * @param kid -   * @return -1 +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.PINMgmtSignatureCard#getPINStatus(at.gv.egiz.smcc.PINSpec)     */    @Override -  protected int verifyPIN(byte kid) { -    log.debug("VERIFY PIN without PIN BLOCK not supported by ACOS"); -    return -1; +  public PIN_STATE getPINState(PINSpec pinSpec) throws SignatureCardException { +    return PIN_STATE.UNKNOWN;    }    @Override -  protected int verifyPIN(byte kid, char[] pin) -          throws LockedException, NotActivatedException, CancelledException, TimeoutException, PINFormatException, PINOperationAbortedException, SignatureCardException { -    try { -      byte[] sw; -      if (reader.hasFeature(CCID.FEATURE_VERIFY_PIN_DIRECT)) { -        log.debug("verify pin on cardreader"); -        sw = reader.verifyPinDirect(getPINVerifyStructure(kid)); -//        int sw = (resp[resp.length-2] & 0xff) << 8 | resp[resp.length-1] & 0xff; -      } else if (reader.hasFeature(CCID.FEATURE_VERIFY_PIN_START)) { -        log.debug("verify pin on cardreader"); -        sw = reader.verifyPin(getPINVerifyStructure(kid)); -      } else { -        byte[] pinBlock = encodePINBlock(pin); -        CardChannel channel = getCardChannel(); -        ResponseAPDU resp = transmit(channel, -                new CommandAPDU(0x00, 0x20, 0x00, kid, pinBlock), false); -        sw = new byte[2]; -        sw[0] = (byte) resp.getSW1(); -        sw[1] = (byte) resp.getSW2(); -      } +  public String toString() { +    return "a-sign premium"; +  } -      //6A 00 (falshe P1/P2) nicht in contextAID -      //69 85 (nutzungsbedingungen nicht erfüllt) in DF_Sig und nicht sigpin - -      if (sw[0] == (byte) 0x90 && sw[1] == (byte) 0x00) { -        return -1; -      } else if (sw[0] == (byte) 0x63 && sw[1] == (byte) 0xc0) { -        throw new LockedException("[63:c0]"); -      } else if (sw[0] == (byte) 0x63 && (sw[1] & 0xf0) >> 4 == 0xc) { -        return sw[1] & 0x0f; -      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x83) { -        //Authentisierungsmethode gesperrt -        throw new NotActivatedException("[69:83]"); -//      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x84) { -//        //referenzierte Daten sind reversibel gesperrt (invalidated) -//        throw new NotActivatedException("[69:84]"); -//      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x85) { -//        //Benutzungsbedingungen nicht erfüllt -//        throw new NotActivatedException("[69:85]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x00) { -        throw new TimeoutException("[64:00]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x01) { -        throw new CancelledException("[64:01]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x03) { -        throw new PINFormatException("[64:03]"); -      } -      log.error("Failed to verify pin: SW=" -              + SMCCHelper.toString(sw)); -      throw new SignatureCardException(SMCCHelper.toString(sw)); +  //////////////////////////////////////////////////////////////////////// +  // PROTECTED METHODS (assume exclusive card access) +  //////////////////////////////////////////////////////////////////////// -    } catch (CardException ex) { -      log.error("smart card communication failed: " + ex.getMessage()); -      throw new SignatureCardException("smart card communication failed: " + ex.getMessage(), ex); -    } +  protected void verifyPINLoop(CardChannel channel, PINSpec spec, PINProvider provider) +      throws InterruptedException, LockedException, NotActivatedException, +      TimeoutException, PINFormatException, PINOperationAbortedException, +      SignatureCardException, CardException { +     +    int retries = -1; +    do { +      retries = verifyPIN(channel, spec, provider, retries); +    } while (retries > 0); +        } -  /** -   * SCARD_E_NOT_TRANSACTED inf/dec PIN not active (pcsc crash) -   * @param kid -   * @param oldPin -   * @param newPin -   * @return -   * @throws at.gv.egiz.smcc.LockedException -   * @throws at.gv.egiz.smcc.NotActivatedException -   * @throws at.gv.egiz.smcc.SignatureCardException -   */ -  @Override -  protected int changePIN(byte kid, char[] oldPin, char[] newPin) -          throws LockedException, NotActivatedException, CancelledException, PINFormatException, PINConfirmationException, TimeoutException, PINOperationAbortedException, SignatureCardException { -    try { -       byte[] sw; -      if (reader.hasFeature(CCID.FEATURE_MODIFY_PIN_DIRECT)) { -        log.debug("modify pin on cardreader"); -        sw = reader.modifyPinDirect(getPINModifyStructure(kid)); -      } else if (reader.hasFeature(CCID.FEATURE_MODIFY_PIN_START)) { -        log.debug("modify pin on cardreader"); -        sw = reader.modifyPin(getPINModifyStructure(kid)); -      } else { -        byte[] cmd = new byte[16]; -        System.arraycopy(encodePINBlock(oldPin), 0, cmd, 0, 8); -        System.arraycopy(encodePINBlock(newPin), 0, cmd, 8, 8); - -        CardChannel channel = getCardChannel(); +  protected int verifyPIN(CardChannel channel, PINSpec pinSpec, +      PINProvider provider, int retries) throws InterruptedException, CardException, SignatureCardException { +     +    VerifyAPDUSpec apduSpec = new VerifyAPDUSpec( +        new byte[] { +            (byte) 0x00, (byte) 0x20, (byte) 0x00, pinSpec.getKID(), (byte) 0x08, +            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,  +            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 },  +        0, VerifyAPDUSpec.PIN_FORMAT_ASCII, 8); +     +    ResponseAPDU resp = reader.verify(channel, apduSpec, pinSpec, provider, retries); +     +    if (resp.getSW() == 0x9000) { +      return -1; +    } +    if (resp.getSW() >> 4 == 0x63c) { +      return 0x0f & resp.getSW(); +    } -        ResponseAPDU resp = transmit(channel, -                new CommandAPDU(0x00, 0x24, 0x00, kid, cmd), false); +    switch (resp.getSW()) { +    case 0x6983: +      // authentication method blocked +      throw new LockedException(); +   +    default: +      String msg = "VERIFY failed. SW=" + Integer.toHexString(resp.getSW());  +      log.info(msg); +      throw new SignatureCardException(msg); +    } -        sw = new byte[2]; -        sw[0] = (byte) resp.getSW1(); -        sw[1] = (byte) resp.getSW2(); -      } +  } -      // activates pin (newPIN) if not active -      if (sw[0] == (byte) 0x90 && sw[1] == (byte) 0x00) { -        return -1; -      } else if (sw[0] == (byte) 0x63 && sw[1] == (byte) 0xc0) { -        throw new LockedException("[63:c0]"); -      } else if (sw[0] == (byte) 0x63 && (sw[1] & 0xf0) >> 4 == 0xc) { -        return sw[1] & 0x0f; -      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x83) { -        //Authentisierungsmethode gesperrt -        // sig-pin only (card not transacted for inf/dec pin) -        throw new NotActivatedException("[69:83]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x00) { -        throw new TimeoutException("[64:00]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x01) { -        throw new CancelledException("[64:01]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x02) { -        throw new PINConfirmationException("[64:02]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x03) { -        throw new PINFormatException("[64:03]"); -      } else if (sw[0] == (byte) 0x6a && sw[1] == (byte) 0x80) { -        log.info("invalid parameter, assume wrong pin size"); -        throw new PINFormatException("[6a:80]"); -      } -      log.error("Failed to change pin: SW=" -              + SMCCHelper.toString(sw)); -      throw new SignatureCardException(SMCCHelper.toString(sw)); +  protected int changePIN(CardChannel channel, PINSpec pinSpec, +      ChangePINProvider pinProvider, int retries) throws CancelledException, InterruptedException, CardException, SignatureCardException { + +    ChangeReferenceDataAPDUSpec apduSpec = new ChangeReferenceDataAPDUSpec( +        new byte[] { +            (byte) 0x00, (byte) 0x24, (byte) 0x00, pinSpec.getKID(), (byte) 0x10,   +            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,        +            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,        +            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,        +            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00         +        },  +        0, VerifyAPDUSpec.PIN_FORMAT_ASCII, 8); +     +     +     +    ResponseAPDU resp = reader.modify(channel, apduSpec, pinSpec, pinProvider, retries); +     +    if (resp.getSW() == 0x9000) { +      return -1; +    } +    if (resp.getSW() >> 4 == 0x63c) { +      return 0x0f & resp.getSW(); +    } +     +    switch (resp.getSW()) { +    case 0x6983: +      // authentication method blocked +      throw new LockedException(); +   +    default: +      String msg = "CHANGE REFERENCE DATA failed. SW=" + Integer.toHexString(resp.getSW());  +      log.info(msg); +      throw new SignatureCardException(msg); +    } +     +  } -    } catch (CardException ex) { -      log.error("smart card communication failed: " + ex.getMessage()); -      throw new SignatureCardException("smart card communication failed: " + ex.getMessage(), ex); +  protected byte[] execSELECT_AID(CardChannel channel, byte[] aid) +      throws SignatureCardException, CardException { + +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0xA4, 0x04, 0x00, aid, 256)); + +    if (resp.getSW() == 0x6A82) { +      String msg = "File or application not found AID=" +          + SMCCHelper.toString(aid) + " SW=" +          + Integer.toHexString(resp.getSW()) + "."; +      log.info(msg); +      throw new FileNotFoundException(msg); +    } else if (resp.getSW() != 0x9000) { +      String msg = "Failed to select application AID=" +          + SMCCHelper.toString(aid) + " SW=" +          + Integer.toHexString(resp.getSW()) + "."; +      log.info(msg); +      throw new SignatureCardException(msg); +    } else { +      return resp.getBytes();      } +    } +   +  protected byte[] execSELECT_FID(CardChannel channel, byte[] fid) +      throws SignatureCardException, CardException { +     +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0xA4, 0x00, 0x00, fid, 256)); +     +    if (resp.getSW() == 0x6A82) { +      String msg = "File or application not found FID=" +          + SMCCHelper.toString(fid) + " SW=" +          + Integer.toHexString(resp.getSW()) + "."; +      log.info(msg); +      throw new FileNotFoundException(msg); +    } else if (resp.getSW() != 0x9000) { +      String msg = "Failed to select application FID=" +          + SMCCHelper.toString(fid) + " SW=" +          + Integer.toHexString(resp.getSW()) + "."; +      log.error(msg); +      throw new SignatureCardException(msg); +    } else { +      return resp.getBytes(); +    } -  /** -   * throws SignatureCardException (PIN activation not supported by ACOS) -   * @throws at.gv.egiz.smcc.SignatureCardException -   */ -  @Override -  public void activatePIN(byte kid, char[] pin) -          throws SignatureCardException { -    log.error("ACTIVATE PIN not supported by ACOS"); -    throw new SignatureCardException("PIN activation not supported by this card"); +        } +   +  protected void execMSE(CardChannel channel, int p1, +      int p2, byte[] data) throws SignatureCardException, CardException { -  /** -   * ASCII encoded pin, padded with 0x00 -   * @param pin -   * @return a 8 byte pin block -   */ -  @Override -  protected byte[] encodePINBlock(char[] pin) { -//    byte[] asciiPIN = new String(pin).getBytes(Charset.forName("ASCII")); -    CharBuffer chars = CharBuffer.wrap(pin); -    ByteBuffer bytes = Charset.forName("ASCII").encode(chars); -    byte[] asciiPIN = bytes.array(); -    byte[] encodedPIN = new byte[8]; -    System.arraycopy(asciiPIN, 0, encodedPIN, 0, Math.min(asciiPIN.length, -        encodedPIN.length)); -//    System.out.println("ASCII encoded PIN block: " + SMCCHelper.toString(encodedPIN)); -    return encodedPIN; +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0x22, p1, p2, data)); + +    if (resp.getSW() != 0x9000) { +      String msg = "MSE failed: SW=" +          + Integer.toHexString(resp.getSW()); +      log.error(msg); +      throw new SignatureCardException(msg); +    }  +        } -  private byte[] getPINVerifyStructure(byte kid) { -       -      byte bTimeOut = reader.getbTimeOut();    -      byte bTimeOut2 = reader.getbTimeOut2();  -      byte bmFormatString = (byte) 0x82;      // 1 0000 0 10 -                                              // ^------------ System unit = byte -                                              //   ^^^^------- PIN position in the frame = 1 byte -                                              //        ^----- PIN justification left -                                              //          ^^-- ASCII format -      byte bmPINBlockString = (byte) 0x08;    // 0000 1000 -                                              // ^^^^--------- PIN length size: 0 bits -                                              //      ^^^^---- Length PIN = 8 bytes -      byte bmPINLengthFormat = (byte) 0x00;   // 000 0 0000 -                                              //     ^-------- System bit units is bit -                                              //       ^^^^--- no PIN length -      byte wPINMaxExtraDigitL = //TODO compare ints, not bytes -              (reader.getwPINMaxExtraDigitL() < (byte) 0x08) ? -                reader.getwPINMaxExtraDigitL() : (byte) 0x08; -      byte wPINMaxExtraDigitH =                -              (reader.getwPINMaxExtraDigitH() > (byte) 0x00) ? -                reader.getwPINMaxExtraDigitH() : (byte) 0x00; -      byte bEntryValidationCondition =  -              reader.getbEntryValidationCondition(); -      byte bNumberMessage = (byte) 0x00;      // No message -      byte wLangIdL = (byte) 0x0C;             -      byte wLangIdH = (byte) 0x04;             -      byte bMsgIndex = (byte) 0x00;            - -      byte[] apdu = new byte[] { -        (byte) 0x00, (byte) 0x20, (byte) 0x00, kid, (byte) 0x08,  -        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,       -        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00        -      }; - -      int offset = 0; -      byte[] pinVerifyStructure = new byte[offset + 19 + apdu.length]; -      pinVerifyStructure[offset++] = bTimeOut; -      pinVerifyStructure[offset++] = bTimeOut2; -      pinVerifyStructure[offset++] = bmFormatString; -      pinVerifyStructure[offset++] = bmPINBlockString; -      pinVerifyStructure[offset++] = bmPINLengthFormat; -      pinVerifyStructure[offset++] = wPINMaxExtraDigitL; -      pinVerifyStructure[offset++] = wPINMaxExtraDigitH; -      pinVerifyStructure[offset++] = bEntryValidationCondition; -      pinVerifyStructure[offset++] = bNumberMessage; -      pinVerifyStructure[offset++] = wLangIdL; -      pinVerifyStructure[offset++] = wLangIdH; -      pinVerifyStructure[offset++] = bMsgIndex; - -      pinVerifyStructure[offset++] = 0x00; -      pinVerifyStructure[offset++] = 0x00; -      pinVerifyStructure[offset++] = 0x00; - -      pinVerifyStructure[offset++] = (byte) apdu.length; -      pinVerifyStructure[offset++] = 0x00; -      pinVerifyStructure[offset++] = 0x00; -      pinVerifyStructure[offset++] = 0x00; -      System.arraycopy(apdu, 0, pinVerifyStructure, offset, apdu.length); - -      return pinVerifyStructure; +  protected byte[] execPSO_DECIPHER(CardChannel channel, byte [] cipher) throws CardException, SignatureCardException { +     +    byte[] data = new byte[cipher.length + 1]; +    data[0] = 0x00; +    System.arraycopy(cipher, 0, data, 1, cipher.length); +    ResponseAPDU resp = channel.transmit(new CommandAPDU(0x00, 0x2A, 0x80, 0x86, data, 256)); +    if (resp.getSW() == 0x6982) { +      throw new SecurityStatusNotSatisfiedException(); +    } else if (resp.getSW() != 0x9000) { +      throw new SignatureCardException( +          "PSO - DECIPHER failed: SW=" +          + Integer.toHexString(resp.getSW())); +    } +     +    return resp.getData(); +        } -  public byte[] getPINModifyStructure(byte kid) { - -      byte bTimeOut = reader.getbTimeOut(); -      byte bTimeOut2 = reader.getbTimeOut2(); -      byte bmFormatString = (byte) 0x82;      // 1 0000 0 10 -                                              // ^------------ System unit = byte -                                              //   ^^^^------- PIN position in the frame = 1 byte -                                              //        ^----- PIN justification left -                                              //          ^^-- ASCII format -      byte bmPINBlockString = (byte) 0x08;    // 0000 1000 -                                              // ^^^^--------- PIN length size: 0 bits -                                              //      ^^^^---- Length PIN = 8 bytes -      byte bmPINLengthFormat = (byte) 0x00;   // 000 0 0000 -                                              //     ^-------- System bit units is bit -                                              //       ^^^^--- no PIN length  -      byte bInsertionOffsetOld = (byte) 0x00; // insertion position offset in bytes -      byte bInsertionOffsetNew = (byte) 0x08;  -      byte wPINMaxExtraDigitL = -              (reader.getwPINMaxExtraDigitL() < (byte) 0x08) ? -                reader.getwPINMaxExtraDigitL() : (byte) 0x08; -      byte wPINMaxExtraDigitH = -              (reader.getwPINMaxExtraDigitH() > (byte) 0x00) ? -                reader.getwPINMaxExtraDigitH() : (byte) 0x00; -      byte bConfirmPIN = (byte) 0x03; -      byte bEntryValidationCondition = -              reader.getbEntryValidationCondition(); -      byte bNumberMessage = (byte) 0x03;       -      byte wLangIdL = (byte) 0x0C;             -      byte wLangIdH = (byte) 0x04;             -      byte bMsgIndex1 = (byte) 0x00;            -      byte bMsgIndex2 = (byte) 0x01;            -      byte bMsgIndex3 = (byte) 0x02;            - -      byte[] apdu = new byte[] { -        (byte) 0x00, (byte) 0x24, (byte) 0x00, kid, (byte) 0x10,   -        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,        -        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,        -        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,        -        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00         -      }; - -      int offset = 0; -      byte[] pinModifyStructure = new byte[offset + 24 + apdu.length]; -      pinModifyStructure[offset++] = bTimeOut; -      pinModifyStructure[offset++] = bTimeOut2; -      pinModifyStructure[offset++] = bmFormatString; -      pinModifyStructure[offset++] = bmPINBlockString; -      pinModifyStructure[offset++] = bmPINLengthFormat; -      pinModifyStructure[offset++] = bInsertionOffsetOld; -      pinModifyStructure[offset++] = bInsertionOffsetNew; -      pinModifyStructure[offset++] = wPINMaxExtraDigitL; -      pinModifyStructure[offset++] = wPINMaxExtraDigitH; -      pinModifyStructure[offset++] = bConfirmPIN; -      pinModifyStructure[offset++] = bEntryValidationCondition; -      pinModifyStructure[offset++] = bNumberMessage; -      pinModifyStructure[offset++] = wLangIdL; -      pinModifyStructure[offset++] = wLangIdH; -      pinModifyStructure[offset++] = bMsgIndex1; -      pinModifyStructure[offset++] = bMsgIndex2; -      pinModifyStructure[offset++] = bMsgIndex3; - -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; - -      pinModifyStructure[offset++] = (byte) apdu.length; -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; -      System.arraycopy(apdu, 0, pinModifyStructure, offset, apdu.length); - -      return pinModifyStructure; +  protected void execPSO_HASH(CardChannel channel, byte[] hash) throws CardException, SignatureCardException { +     +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0x2A, 0x90, 0x81, hash)); +    if (resp.getSW() != 0x9000) { +      throw new SignatureCardException("PSO - HASH failed: SW=" +          + Integer.toHexString(resp.getSW())); +    } +        } +   +  protected byte[] execPSO_COMPUTE_DIGITAL_SIGNATURE(CardChannel channel) throws CardException, +      SignatureCardException { -  @Override -  public String toString() { -    return "a-sign premium"; +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, 256)); +    if (resp.getSW() != 0x9000) { +      throw new SignatureCardException( +          "PSO - COMPUTE DIGITAL SIGNATRE failed: SW=" +              + Integer.toHexString(resp.getSW())); +    } else { +      return resp.getData(); +    } + +  } +   +  protected byte[] execINTERNAL_AUTHENTICATE(CardChannel channel, byte[] hash) throws CardException, +      SignatureCardException { + +    byte[] digestInfo = new byte[] { (byte) 0x30, (byte) 0x21, (byte) 0x30, +        (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2B, (byte) 0x0E, +        (byte) 0x03, (byte) 0x02, (byte) 0x1A, (byte) 0x05, (byte) 0x00, +        (byte) 0x04 }; +     +    byte[] data = new byte[digestInfo.length + hash.length + 1]; +     +    System.arraycopy(digestInfo, 0, data, 0, digestInfo.length); +    data[digestInfo.length] = (byte) hash.length; +    System.arraycopy(hash, 0, data, digestInfo.length + 1, hash.length); +     +    ResponseAPDU resp = channel.transmit(new CommandAPDU(0x00, 0x88, 0x10, 0x00, data, 256)); +    if (resp.getSW() == 0x6982) { +      throw new SecurityStatusNotSatisfiedException(); +    } else if (resp.getSW() == 0x6983) { +      throw new LockedException(); +    } else if (resp.getSW() != 0x9000) { +      throw new SignatureCardException("INTERNAL AUTHENTICATE failed: SW=" +          + Integer.toHexString(resp.getSW())); +    } else { +      return resp.getData(); +    }    }  } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index f0f8b8c8..54b4c7fe 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -1,55 +1,37 @@ -//Copyright (C) 2002 IAIK -//http://jce.iaik.at -// -//Copyright (C) 2003 Stiftung Secure Information and  -//                 Communication Technologies SIC -//http://www.sic.st -// -//All rights reserved. -// -//This source is provided for inspection purposes and recompilation only, -//unless specified differently in a contract with IAIK. This source has to -//be kept in strict confidence and must not be disclosed to any third party -//under any circumstances. Redistribution in source and binary forms, with -//or without modification, are <not> permitted in any case! -// -//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. -// -// +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/  package at.gv.egiz.smcc; -import at.gv.egiz.smcc.ccid.CCID; -import at.gv.egiz.smcc.ccid.ReaderFactory; -import at.gv.egiz.smcc.util.SMCCHelper; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.nio.ByteBuffer;  import java.util.ArrayList;  import java.util.List;  import java.util.Locale;  import java.util.ResourceBundle; -import javax.smartcardio.ATR;  import javax.smartcardio.Card;  import javax.smartcardio.CardChannel;  import javax.smartcardio.CardException;  import javax.smartcardio.CardTerminal; -import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU;  import org.apache.commons.logging.Log;  import org.apache.commons.logging.LogFactory; +import at.gv.egiz.smcc.ccid.CCID; +import at.gv.egiz.smcc.ccid.ReaderFactory; +  public abstract class AbstractSignatureCard implements SignatureCard {    private static Log log = LogFactory.getLog(AbstractSignatureCard.class); @@ -61,14 +43,8 @@ public abstract class AbstractSignatureCard implements SignatureCard {    private Locale locale = Locale.getDefault(); -  int ifs_ = 254; -    private Card card_; -  /** -   * The card terminal that connects the {@link #card_}.   -   */ -//  private CardTerminal cardTerminal;    protected CCID reader;    protected AbstractSignatureCard(String resourceBundleName) { @@ -89,379 +65,10 @@ public abstract class AbstractSignatureCard implements SignatureCard {      return sb.toString();    } -  /** -   * Select an application using AID as DF name according to ISO/IEC 7816-4 -   * section 8.2.2.2. -   *  -   * @param dfName -   *          AID of the application to be selected -   *  -   * @return the response data of the response APDU if SW=0x9000 -   *  -   * @throws CardException -   *           if card communication fails -   *  -   * @throws SignatureCardException -   *           if application selection fails (e.g. an application with the -   *           given AID is not present on the card) -   */ -  protected byte[] selectFileAID(byte[] dfName) throws CardException, SignatureCardException { -    CardChannel channel = getCardChannel(); -    ResponseAPDU resp = transmit(channel, -            new CommandAPDU(0x00, 0xA4, 0x04, 0x00, dfName, 256)); -//            new CommandAPDU(0x00, 0xa4, 0x04, 0x0c, dfName)); -    if (resp.getSW() != 0x9000) { -      String msg = "Failed to select application AID=" + SMCCHelper.toString(dfName) + -              ": SW=" + Integer.toHexString(resp.getSW()); -      log.error(msg); -      throw new SignatureCardException(msg); -    } else { -      return resp.getBytes(); -    } -  } - -  protected abstract ResponseAPDU selectFileFID(byte[] fid) throws CardException, -      SignatureCardException; - -  /** -   * VERIFY APDU without PIN BLOCK -   * Not supported by ACOS cards (and GemPC Pinpad?) -   * @param kid -   * @return the number of possible tries until card is blocked or -1 if unknown -   * (ACOS does not support this VERIFY APDU type) -   * @throws at.gv.egiz.smcc.LockedException -   * @throws at.gv.egiz.smcc.NotActivatedException -   * @throws at.gv.egiz.smcc.SignatureCardException -   */ -  protected abstract int verifyPIN(byte kid) -          throws LockedException, NotActivatedException, SignatureCardException; - -  /** -   * VERIFY APDU with PIN BLOCK -   * If IFD supports VERIFY_PIN on pinpad, parameter pin may be empty. -   * @param kid -   * @param pin to be encoded in the PIN BLOCK -   * @return -1 if VERIFY PIN was successful, or the number of possible retries -   * @throws at.gv.egiz.smcc.LockedException -   * @throws at.gv.egiz.smcc.NotActivatedException -   * @throws at.gv.egiz.smcc.SignatureCardException -   */ -  protected abstract int verifyPIN(byte kid, char[] pin) -          throws LockedException, NotActivatedException, CancelledException, PINFormatException, TimeoutException, PINOperationAbortedException, SignatureCardException; -   -  /** -   * CHANGE(?) APDU -   * If IFD supports VERIFY_PIN on pinpad, parameter pin may be empty. -   * @param kid -   * @param pin -   * @throws at.gv.egiz.smcc.SignatureCardException if activation fails -   */ -  protected abstract void activatePIN(byte kid, char[] pin) -          throws CancelledException, PINFormatException, PINConfirmationException, TimeoutException, PINOperationAbortedException, SignatureCardException; - -  /** -   * CHANGE(?) APDU -   * If IFD supports VERIFY_PIN on pinpad, parameter pin may be empty. -   * @param kid -   * @param pin -   * @return -1 if CHANGE PIN was successful, or the number of possible retries -   * @throws at.gv.egiz.smcc.SignatureCardException if change fails -   */ -  protected abstract int changePIN(byte kid, char[] oldPin, char[] newPin) -          throws LockedException, NotActivatedException, CancelledException, PINFormatException, PINConfirmationException, TimeoutException, PINOperationAbortedException, SignatureCardException; - -  /** -   * encode the pin as needed in VERIFY/CHANGE APDUs -   * @param pin -   * @return -   * @throws at.gv.egiz.smcc.SignatureCardException if the provided pin does -   * not meet the restrictions imposed by the encoding (not the pinSpec!), -   * such as maximum Length -   */ -  protected abstract byte[] encodePINBlock(char[] pin) throws SignatureCardException; - -  protected byte[] readRecord(int recordNumber) throws SignatureCardException, CardException { -    return readRecord(getCardChannel(), recordNumber); -  } - -  protected byte[] readRecord(CardChannel channel, int recordNumber) throws SignatureCardException, CardException { -     -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB2, -        recordNumber, 0x04, 256)); -    if (resp.getSW() == 0x9000) { -      return resp.getData(); -    } else { -      throw new SignatureCardException("Failed to read records. SW=" + Integer.toHexString(resp.getSW())); -    } -      -  } -   -  protected byte[] readBinary(CardChannel channel, int offset, int len) -      throws CardException, SignatureCardException { - -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, -        0x7F & (offset >> 8), offset & 0xFF, len)); -    if (resp.getSW() == 0x9000) { -      return resp.getData(); -    } else if (resp.getSW() == 0x6982) { -      throw new SecurityStatusNotSatisfiedException(); -    } else { -      throw new SignatureCardException("Failed to read bytes (" + offset + "+" -          + len + "): SW=" + Integer.toHexString(resp.getSW())); -    } - -  } - -  protected int readBinary(int offset, int len, byte[] b) throws CardException, -      SignatureCardException { - -    if (b.length < len) { -      throw new IllegalArgumentException( -          "Length of b must not be less than len."); -    } - -    CardChannel channel = getCardChannel(); - -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, -        0x7F & (offset >> 8), offset & 0xFF, len)); -    if (resp.getSW() == 0x9000) { -      System.arraycopy(resp.getData(), 0, b, 0, len); -    } - -    return resp.getSW(); - -  } - -  protected byte[] readBinaryTLV(int maxSize, byte expectedType) throws CardException, -      SignatureCardException { - -    CardChannel channel = getCardChannel(); - -    // read first chunk -    int len = Math.min(maxSize, ifs_); -    byte[] chunk = readBinary(channel, 0, len); -    if (chunk.length > 0 && chunk[0] != expectedType) { -      return null; -    } -    int offset = chunk.length; -    int actualSize = maxSize; -    if (chunk.length > 3) { -      if ((chunk[1] & 0x80) > 0) { -        int octets = (0x0F & chunk[1]); -        actualSize = 2 + octets; -        for (int i = 1; i <= octets; i++) { -          actualSize += (0xFF & chunk[i + 1]) << ((octets - i) * 8); -        } -      } else { -        actualSize = 2 + chunk[1]; -      } -    } -    ByteBuffer buffer = ByteBuffer.allocate(actualSize); -    buffer.put(chunk, 0, Math.min(actualSize, chunk.length)); -    while (offset < actualSize) { -      len = Math.min(ifs_, actualSize - offset); -      chunk = readBinary(channel, offset, len); -      buffer.put(chunk); -      offset += chunk.length; -    } -    return buffer.array(); - -  } - -  protected byte[] readRecords(byte[] aid, byte[] ef, int start, int end) throws SignatureCardException, InterruptedException { -     -    try { -       -      // SELECT FILE (AID) -      byte[] rb = selectFileAID(aid); -      if (rb[rb.length - 2] != (byte) 0x90 || rb[rb.length - 1] != (byte) 0x00) { - -        throw new SignatureCardException("SELECT FILE with " -            + "AID=" -            + toString(aid) -            + " failed (" -            + "SW=" -            + Integer.toHexString((0xFF & (int) rb[rb.length - 1]) -                | (0xFF & (int) rb[rb.length - 2]) << 8) + ")."); - -      } - -      // SELECT FILE (EF) -      ResponseAPDU resp = selectFileFID(ef); -      if (resp.getSW() == 0x6a82) { -         -        // EF not found -        throw new FileNotFoundException("EF " + toString(ef) + " not found."); -         -      } else if (resp.getSW() != 0x9000) { - -        throw new SignatureCardException("SELECT FILE with " -            + "FID=" -            + toString(ef) -            + " failed (" -            + "SW=" -            + Integer.toHexString(resp.getSW()) + ")."); -         -      } -       -      ByteArrayOutputStream bytes = new ByteArrayOutputStream(); -       -      for (int i = start; i <= end; i++) { -        bytes.write(readRecord(i)); -      } -       -      return bytes.toByteArray(); -       -    } catch (CardException e) { -      throw new SignatureCardException("Failed to acces card.", e); -    } catch (IOException e) { -      throw new SignatureCardException("Failed to read records.", e); -    } -     -  } -   -  /** -   * Read the content of a TLV file. -   *  -   * @param aid the application ID (AID) -   * @param ef the elementary file (EF) -   * @param maxLength the maximum length of the file -   *  -   * @return the content of the file -   *  -   * @throws SignatureCardException -   * @throws CardException  -   */ -  protected byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) -      throws SignatureCardException, InterruptedException, CardException { -    // SELECT FILE (AID) -    selectFileAID(aid); - -    // SELECT FILE (EF) -    ResponseAPDU resp = selectFileFID(ef); -    if (resp.getSW() == 0x6a82) { -      // EF not found -      throw new FileNotFoundException("EF " + toString(ef) + " not found."); -    } else if (resp.getSW() != 0x9000) { -      throw new SignatureCardException("SELECT FILE with " -          + "FID=" -          + toString(ef) -          + " failed (" -          + "SW=" -          + Integer.toHexString(resp.getSW()) + ")."); -    } - -    return readBinaryTLV(maxLength, (byte) 0x30); -//    return readTLVFile(aid, ef, null, (byte) 0, maxLength); -  } - -  /** -   * Read the content of a TLV file wich requires a PIN. -   *  -   * @param aid the application ID (AID) -   * @param ef the elementary file (EF) -   * @param kid the key ID (KID) of the corresponding PIN -   * @param pin the pin or null if VERIFY on pinpad -   * @param spec the PINSpec -   * @param maxLength the maximum length of the file -   *  -   * @return the content of the file -   *  -   * @throws SignatureCardException -   * @throws CardException  -   */ -  protected byte[] readTLVFile(byte[] aid, byte[] ef, char[] pin, byte kid, int maxLength) -      throws SignatureCardException, InterruptedException, CardException { - - -    // SELECT FILE (AID) -    selectFileAID(aid); - -    // SELECT FILE (EF) -    ResponseAPDU resp = selectFileFID(ef); -    if (resp.getSW() == 0x6a82) { -      // EF not found -      throw new FileNotFoundException("EF " + toString(ef) + " not found."); -    } else if (resp.getSW() != 0x9000) { -      throw new SignatureCardException("SELECT FILE with " -          + "FID=" -          + toString(ef) -          + " failed (" -          + "SW=" -          + Integer.toHexString(resp.getSW()) + ")."); -    } - -    // VERIFY -      int retries = verifyPIN(kid, pin); -      if (retries != -1) { -        throw new VerificationFailedException(retries); -      } -    -    return readBinaryTLV(maxLength, (byte) 0x30); -       -     -  } -   -  /** -   * Transmit the given command APDU using the given card channel. -   *  -   * @param channel -   *          the card channel -   * @param commandAPDU -   *          the command APDU -   * @param logData -   *          <code>true</code> if command APDU data may be logged, or -   *          <code>false</code> otherwise -   *  -   * @return the corresponding response APDU -   *  -   * @throws CardException -   *           if smart card communication fails -   */ -  protected ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU, boolean logData) -      throws CardException { -     -    if (log.isTraceEnabled()) { -      log.trace(commandAPDU  -          + (logData ? "\n" + toString(commandAPDU.getBytes()) : "")); -      long t0 = System.currentTimeMillis(); -      ResponseAPDU responseAPDU = channel.transmit(commandAPDU); -      long t1 = System.currentTimeMillis(); -      log.trace(responseAPDU + "\n[" + (t1 - t0) + "ms] " -          + (logData ? "\n" + toString(responseAPDU.getBytes()) : "")); -      return responseAPDU; -    } else { -      return channel.transmit(commandAPDU); -    } -     -  } - -  /** -   * Transmit the given command APDU using the given card channel. -   *  -   * @param channel the card channel -   * @param commandAPDU the command APDU -   *  -   * @return the corresponding response APDU -   *  -   * @throws CardException if smart card communication fails -   */ -  protected ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU) -      throws CardException { -    return transmit(channel, commandAPDU, true); -  } - -      @Override    public void init(Card card, CardTerminal cardTerminal) {      this.card_ = card;      this.reader = ReaderFactory.getInstance().getReader(card, cardTerminal); -    ATR atr = card.getATR(); -    byte[] atrBytes = atr.getBytes(); -    if (atrBytes.length >= 6) { -      ifs_ = 0xFF & atr.getBytes()[6]; -      log.trace("Setting IFS (information field size) to " + ifs_); -    }    }    @Override @@ -470,7 +77,7 @@ public abstract class AbstractSignatureCard implements SignatureCard {    }    protected CardChannel getCardChannel() { -    return card_.getBasicChannel(); +    return new LogCardChannel(card_.getBasicChannel());    }    @Override @@ -517,112 +124,4 @@ public abstract class AbstractSignatureCard implements SignatureCard {      }    } -  @Override -  public List<PINSpec> getPINSpecs() { -    return pinSpecs; -  } - -  @Override -  public void verifyPIN(PINSpec pinSpec, PINProvider pinProvider) -          throws LockedException, NotActivatedException, CancelledException, TimeoutException, SignatureCardException, InterruptedException { -    try { -      getCard().beginExclusive(); - -      if (pinSpec.getContextAID() != null) { -        selectFileAID(pinSpec.getContextAID()); -      } - -      // -1 if ok or unknown -      int retries = verifyPIN(pinSpec.getKID()); -      do { -        char[] pin = pinProvider.providePIN(pinSpec, retries); -        retries = verifyPIN(pinSpec.getKID(), pin); -      } while (retries > 0); -      //return on -1, 0 never reached: verifyPIN throws LockedEx - -    } catch (CardException ex) { -      log.error("failed to verify " + pinSpec.getLocalizedName() + -              ": " + ex.getMessage(), ex); -      throw new SignatureCardException(ex); -    } finally { -      try { -        getCard().endExclusive(); -      } catch (CardException ex) { -        log.trace("failed to end exclusive card access: " + ex.getMessage()); -      } -    } -  } - -  @Override -  public void activatePIN(PINSpec pinSpec, PINProvider pinProvider) -          throws CancelledException, SignatureCardException, CancelledException, TimeoutException, InterruptedException { -   try { -      getCard().beginExclusive(); - -      if (pinSpec.getContextAID() != null) { -        selectFileAID(pinSpec.getContextAID()); -      } -      char[] pin = pinProvider.providePIN(pinSpec, -1); -      activatePIN(pinSpec.getKID(), pin); -       -    } catch (CardException ex) { -      log.error("Failed to activate " + pinSpec.getLocalizedName() + -              ": " + ex.getMessage()); -      throw new SignatureCardException(ex.getMessage(), ex); -    } finally { -      try { -        getCard().endExclusive(); -      } catch (CardException ex) { -        log.trace("failed to end exclusive card access: " + ex.getMessage()); -      } -    } -  } - -  /** -   * activates pin (newPIN) if not active -   * @param pinSpec -   * @param oldPIN -   * @param newPIN -   * @throws at.gv.egiz.smcc.LockedException -   * @throws at.gv.egiz.smcc.VerificationFailedException -   * @throws at.gv.egiz.smcc.NotActivatedException -   * @throws at.gv.egiz.smcc.SignatureCardException -   */ -  @Override -  public void changePIN(PINSpec pinSpec, ChangePINProvider pinProvider) -          throws LockedException, NotActivatedException, CancelledException, -          TimeoutException, SignatureCardException, InterruptedException { -    try { -      getCard().beginExclusive(); - -      if (pinSpec.getContextAID() != null) { -        selectFileAID(pinSpec.getContextAID()); -      } - -      int retries = verifyPIN(pinSpec.getKID()); -      do { -        char[] newPin = pinProvider.providePIN(pinSpec, retries); -        char[] oldPin = pinProvider.provideOldPIN(pinSpec, retries); -        retries = changePIN(pinSpec.getKID(), oldPin, newPin); -      } while (retries > 0); -      //return on -1, 0 never reached: verifyPIN throws LockedEx - -    } catch (CardException ex) { -      log.error("Failed to change " + pinSpec.getLocalizedName() + -              ": " + ex.getMessage()); -      throw new SignatureCardException(ex.getMessage(), ex); -    } finally { -      try { -        getCard().endExclusive(); -      } catch (CardException ex) { -        log.trace("failed to end exclusive card access: " + ex.getMessage()); -      } -    } -  } - -  @Override -  public void unblockPIN(PINSpec pinSpec, PINProvider pinProvider) -          throws CancelledException, SignatureCardException, InterruptedException { -    throw new SignatureCardException("Unblock not supported yet"); -  }  } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java b/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java index e2a5fe16..1cde093d 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java @@ -1,31 +1,19 @@ -//Copyright (C) 2002 IAIK -//http://jce.iaik.at -// -//Copyright (C) 2003 Stiftung Secure Information and  -//                 Communication Technologies SIC -//http://www.sic.st -// -//All rights reserved. -// -//This source is provided for inspection purposes and recompilation only, -//unless specified differently in a contract with IAIK. This source has to -//be kept in strict confidence and must not be disclosed to any third party -//under any circumstances. Redistribution in source and binary forms, with -//or without modification, are <not> permitted in any case! -// -//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. -// -// +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/  package at.gv.egiz.smcc;  public class CardNotSupportedException extends Exception { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ChangePINProvider.java b/smcc/src/main/java/at/gv/egiz/smcc/ChangePINProvider.java index d0622aa4..41010551 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ChangePINProvider.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ChangePINProvider.java @@ -1,24 +1,21 @@  /* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - *  - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *  - *     http://www.apache.org/licenses/LICENSE-2.0 - *  - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/  package at.gv.egiz.smcc; -import at.gv.egiz.smcc.*; -  /**   *   * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ChangeReferenceDataAPDUSpec.java b/smcc/src/main/java/at/gv/egiz/smcc/ChangeReferenceDataAPDUSpec.java new file mode 100644 index 00000000..0b10d88f --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/ChangeReferenceDataAPDUSpec.java @@ -0,0 +1,95 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class ChangeReferenceDataAPDUSpec extends VerifyAPDUSpec { +   +  /** +   * The offset for the insertion of the old PIN. (Default: 0) +   */ +  protected int pinInsertionOffsetOld = 0; +   +  /** +   * The offset for the insertion of the new PIN. (Default: +   * {@link VerifyAPDUSpec#pinLength} + 1}) +   */ +  protected int pinInsertionOffsetNew = pinLength; + +  public ChangeReferenceDataAPDUSpec(byte[] apdu, int pinPosition, int pinFormat, int pinLength) { +    super(apdu, pinPosition, pinFormat, pinLength); +  } + +  /** +   * @param apdu +   * @param pinPosition +   * @param pinFormat +   * @param pinLength +   * @param pinLengthSize +   * @param pinLengthPos +   */ +  public ChangeReferenceDataAPDUSpec(byte[] apdu, int pinPosition, +      int pinFormat, int pinLength, int pinLengthSize, int pinLengthPos) { +    super(apdu, pinPosition, pinFormat, pinLength, pinLengthSize, pinLengthPos); +  } +   +  /** +   * @param apdu +   * @param pinPosition +   * @param pinFormat +   * @param pinLength +   * @param pinLengthSize +   * @param pinLengthPos +   * @param pinInsertionOffsetNew +   */ +  public ChangeReferenceDataAPDUSpec(byte[] apdu, int pinPosition, +      int pinFormat, int pinLength, int pinLengthSize, int pinLengthPos, +      int pinInsertionOffsetNew) { +    super(apdu, pinPosition, pinFormat, pinLength, pinLengthSize, pinLengthPos); +    this.pinInsertionOffsetNew = pinInsertionOffsetNew; +  } + +  /** +   * @return the pinInsertionOffsetOld +   */ +  public int getPinInsertionOffsetOld() { +    return pinInsertionOffsetOld; +  } + +  /** +   * @param pinInsertionOffsetOld the pinInsertionOffsetOld to set +   */ +  public void setPinInsertionOffsetOld(int pinInsertionOffsetOld) { +    this.pinInsertionOffsetOld = pinInsertionOffsetOld; +  } + +  /** +   * @return the pinInsertionOffsetNew +   */ +  public int getPinInsertionOffsetNew() { +    return pinInsertionOffsetNew; +  } + +  /** +   * @param pinInsertionOffsetNew the pinInsertionOffsetNew to set +   */ +  public void setPinInsertionOffsetNew(int pinInsertionOffsetNew) { +    this.pinInsertionOffsetNew = pinInsertionOffsetNew; +  } + +   +   +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ExclSignatureCardProxy.java b/smcc/src/main/java/at/gv/egiz/smcc/ExclSignatureCardProxy.java new file mode 100644 index 00000000..bfbd0063 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/ExclSignatureCardProxy.java @@ -0,0 +1,110 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.lang.reflect.Proxy; +import java.util.ArrayList; + +import javax.smartcardio.Card; +import javax.smartcardio.CardException; +import javax.smartcardio.CardTerminal; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class ExclSignatureCardProxy implements InvocationHandler { +   +  private static Log log = LogFactory.getLog(ExclSignatureCardProxy.class); + +  private static final Method init; +   +  static { +    try { +      init = SignatureCard.class.getMethod("init", new Class<?>[] { Card.class, +          CardTerminal.class }); +    } catch (SecurityException e) { +      throw new RuntimeException(e); +    } catch (NoSuchMethodException e) { +      throw new RuntimeException(e); +    } +  } +   +  private SignatureCard signatureCard; +   +  public ExclSignatureCardProxy(SignatureCard signatureCard) { +    this.signatureCard = signatureCard; +  } + +  public static SignatureCard newInstance(SignatureCard signatureCard) { +    ArrayList<Class<?>> proxyInterfaces = new ArrayList<Class<?>>(); +    proxyInterfaces.add(SignatureCard.class); +    if (PINMgmtSignatureCard.class.isAssignableFrom(signatureCard.getClass())) { +      proxyInterfaces.add(PINMgmtSignatureCard.class); +    } +    ClassLoader loader = signatureCard.getClass().getClassLoader(); +    return (SignatureCard) Proxy.newProxyInstance(loader, proxyInterfaces +        .toArray(new Class[proxyInterfaces.size()]), +        new ExclSignatureCardProxy(signatureCard)); +  } +   +  public static PINMgmtSignatureCard newInstance(PINMgmtSignatureCard signatureCard) { +    return null; +  } + +  @Override +  public Object invoke(Object proxy, Method method, Object[] args) +      throws Throwable { + +    Card card = null; +     +    Method target = signatureCard.getClass().getMethod(method.getName(), +        method.getParameterTypes()); +     +    if (target.isAnnotationPresent(Exclusive.class)) { +      card = (Card) ((method.equals(init))  +        ? args[0] +        : signatureCard.getCard()); +    } +     +    if (card != null) { +      try { +        log.trace("Invoking method " + method.getName() + "() with exclusive access."); +        card.beginExclusive(); +      } catch (CardException e) { +        log.info("Failed to get exclusive access to signature card " +            + signatureCard.toString() + "."); +        throw new SignatureCardException(e); +      } +    } +       +    try { +      return method.invoke(signatureCard, args); +    } catch (InvocationTargetException e) { +      throw e.getTargetException(); +    } finally { +      if (card != null) { +        card.endExclusive(); +      } +    } +     +   +  } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/Exclusive.java b/smcc/src/main/java/at/gv/egiz/smcc/Exclusive.java new file mode 100644 index 00000000..b796b045 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/Exclusive.java @@ -0,0 +1,28 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Retention(RetentionPolicy.RUNTIME) +@Target(ElementType.METHOD) +public @interface Exclusive { + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/LogCardChannel.java b/smcc/src/main/java/at/gv/egiz/smcc/LogCardChannel.java new file mode 100644 index 00000000..3fc80fa1 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/LogCardChannel.java @@ -0,0 +1,129 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.nio.ByteBuffer; + +import javax.smartcardio.Card; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class LogCardChannel extends CardChannel { +   +  protected static Log log = LogFactory.getLog(LogCardChannel.class); +   +  private CardChannel channel; +   +  public LogCardChannel(CardChannel channel) { +    if (channel == null) { +      throw new NullPointerException(); +    } +    this.channel = channel; +  } + +  @Override +  public void close() throws CardException { +    channel.close(); +  } + +  @Override +  public Card getCard() { +    return channel.getCard(); +  } + +  @Override +  public int getChannelNumber() { +    return channel.getChannelNumber(); +  } + +  @Override +  public ResponseAPDU transmit(CommandAPDU command) throws CardException { +    if (log.isTraceEnabled()) { +      switch (command.getINS()) { +      case 0x20:    // VERIFY +      case 0x21:    // VERIFY +      case 0x24: {  // CHANGE REFERENCE DATA  +        // Don't log possibly sensitive command data  +        StringBuilder sb = new StringBuilder(); +        sb.append(command); +        sb.append('\n'); +        byte[] c = new byte[4]; +        c[0] = (byte) command.getCLA(); +        c[1] = (byte) command.getINS(); +        c[2] = (byte) command.getP1(); +        c[3] = (byte) command.getP2(); +        sb.append(toString(c)); +        if (command.getNc() > 0) { +          sb.append(':'); +          sb.append(toString(new byte[] {(byte) command.getNc()})); +          for (int i = 0; i < command.getNc(); i++) { +            sb.append(":XX"); +          } +        } +        if (command.getNe() > 0) { +          sb.append(':'); +          sb.append(toString(new byte[] {(byte) command.getNe()})); +        } +        log.trace(sb.toString()); +      }; break; + +      default: +        log.trace(command + "\n" + toString(command.getBytes())); +      } +      long t0 = System.currentTimeMillis(); +      ResponseAPDU response = channel.transmit(command); +      long t1 = System.currentTimeMillis(); +      log.trace(response + " [" + (t1 - t0) + "ms]\n" + toString(response.getBytes())); +      return response; +    } else { +      return channel.transmit(command); +    } +  } + +  @Override +  public int transmit(ByteBuffer command, ByteBuffer response) throws CardException { +    if (log.isTraceEnabled()) { +      long t0 = System.currentTimeMillis(); +      int l = channel.transmit(command, response); +      long t1 = System.currentTimeMillis(); +      log.trace("[" + (t1 - t0) + "ms]"); +      return l; +    } else { +      return channel.transmit(command, response); +    } +  } + +  private String toString(byte[] b) { +    StringBuffer sb = new StringBuffer(); +    if (b != null && b.length > 0) { +      sb.append(Integer.toHexString((b[0] & 240) >> 4)); +      sb.append(Integer.toHexString(b[0] & 15)); +    } +    for (int i = 1; i < b.length; i++) { +      sb.append(':'); +      sb.append(Integer.toHexString((b[i] & 240) >> 4)); +      sb.append(Integer.toHexString(b[i] & 15)); +    } +    return sb.toString(); +  } +   +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/NewReferenceDataAPDUSpec.java b/smcc/src/main/java/at/gv/egiz/smcc/NewReferenceDataAPDUSpec.java new file mode 100644 index 00000000..2eadaf26 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/NewReferenceDataAPDUSpec.java @@ -0,0 +1,60 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class NewReferenceDataAPDUSpec extends VerifyAPDUSpec { +   +  /** +   * The offset for the insertion of the new PIN. (Default: +   * {@link VerifyAPDUSpec#pinLength} + 1}) +   */ +  protected int pinInsertionOffsetNew = 0; + +  public NewReferenceDataAPDUSpec(byte[] apdu, int pinPosition, int pinFormat, int pinLength) { +    super(apdu, pinPosition, pinFormat, pinLength); +  } + +  /** +   * @param apdu +   * @param pinPosition +   * @param pinFormat +   * @param pinLength +   * @param pinLengthSize +   * @param pinLengthPos +   */ +  public NewReferenceDataAPDUSpec(byte[] apdu, int pinPosition, +      int pinFormat, int pinLength, int pinLengthSize, int pinLengthPos) { +    super(apdu, pinPosition, pinFormat, pinLength, pinLengthSize, pinLengthPos); +  } + +  /** +   * @return the pinInsertionOffsetNew +   */ +  public int getPinInsertionOffsetNew() { +    return pinInsertionOffsetNew; +  } + +  /** +   * @param pinInsertionOffsetNew the pinInsertionOffsetNew to set +   */ +  public void setPinInsertionOffsetNew(int pinInsertionOffsetNew) { +    this.pinInsertionOffsetNew = pinInsertionOffsetNew; +  } + +   +   +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINConfirmationException.java b/smcc/src/main/java/at/gv/egiz/smcc/PINConfirmationException.java index 115e6d5f..eaf38435 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PINConfirmationException.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINConfirmationException.java @@ -24,6 +24,8 @@ package at.gv.egiz.smcc;   */  public class PINConfirmationException extends SignatureCardException { +  private static final long serialVersionUID = 1L; +    public PINConfirmationException() {      super();    } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINFormatException.java b/smcc/src/main/java/at/gv/egiz/smcc/PINFormatException.java index 28a13fdb..774fcdf5 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PINFormatException.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINFormatException.java @@ -24,6 +24,8 @@ package at.gv.egiz.smcc;   */  public class PINFormatException extends SignatureCardException { +  private static final long serialVersionUID = 1L; +    public PINFormatException() {      super();    } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINMgmtSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/PINMgmtSignatureCard.java new file mode 100644 index 00000000..53738612 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINMgmtSignatureCard.java @@ -0,0 +1,41 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.util.List; + +public interface PINMgmtSignatureCard extends SignatureCard { + +  public enum PIN_STATE {UNKNOWN, ACTIV, NOT_ACTIV, BLOCKED}; +   +  public List<PINSpec> getPINSpecs(); + +  public PIN_STATE getPINState(PINSpec pinSpec) throws SignatureCardException; +   +  public void verifyPIN(PINSpec pinSpec, PINProvider pinProvider) +  throws LockedException, NotActivatedException, CancelledException, SignatureCardException, InterruptedException; + +  public void changePIN(PINSpec pinSpec, ChangePINProvider pinProvider) +  throws LockedException, NotActivatedException, CancelledException, PINFormatException, SignatureCardException, InterruptedException; + +  public void activatePIN(PINSpec pinSpec, PINProvider pinProvider) +  throws CancelledException, SignatureCardException, InterruptedException; + +  public void unblockPIN(PINSpec pinSpec, PINProvider pukProvider) +  throws CancelledException, SignatureCardException, InterruptedException; + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINOperationAbortedException.java b/smcc/src/main/java/at/gv/egiz/smcc/PINOperationAbortedException.java index 7337f59e..51e4904e 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PINOperationAbortedException.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINOperationAbortedException.java @@ -24,6 +24,8 @@ package at.gv.egiz.smcc;   */  public class PINOperationAbortedException extends SignatureCardException { +  private static final long serialVersionUID = 1L; +    public PINOperationAbortedException() {      super();    } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java b/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java index 8fa80dcb..5c294b5b 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java @@ -1,31 +1,19 @@ -//Copyright (C) 2002 IAIK -//http://jce.iaik.at -// -//Copyright (C) 2003 Stiftung Secure Information and  -//                 Communication Technologies SIC -//http://www.sic.st -// -//All rights reserved. -// -//This source is provided for inspection purposes and recompilation only, -//unless specified differently in a contract with IAIK. This source has to -//be kept in strict confidence and must not be disclosed to any third party -//under any circumstances. Redistribution in source and binary forms, with -//or without modification, are <not> permitted in any case! -// -//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. -// -// +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/  package at.gv.egiz.smcc;  /** diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java index d180ddf0..b8ffafab 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java @@ -14,9 +14,9 @@  * See the License for the specific language governing permissions and  * limitations under the License.  */ -  package at.gv.egiz.smcc; +import java.util.Locale;  import java.util.ResourceBundle;  /** @@ -31,7 +31,7 @@ public class PINSpec {      String rexepPattern_; -    ResourceBundle resourceBundle_; +    String resourceBundleName_;      String name_; @@ -49,17 +49,17 @@ public class PINSpec {       * @param kid the keyId for this pin       */      public PINSpec(int minLenght, int maxLength, String rexepPattern,  -        ResourceBundle resourceBundle, String name, byte kid, byte[] contextAID) { +        String resourceBundleName, String name, byte kid, byte[] contextAID) {          minLength_ = minLenght;          maxLength_ = maxLength;          rexepPattern_ = rexepPattern; -        resourceBundle_ = resourceBundle; +        resourceBundleName_ = resourceBundleName;          name_ = name;          kid_ = kid;          context_aid_ = contextAID;      } -     +      public PINSpec(int minLenght, int maxLength, String rexepPattern,           String name, byte kid, byte[] contextAID) { @@ -71,14 +71,26 @@ public class PINSpec {          context_aid_ = contextAID;      } -     -          public String getLocalizedName() { +       +      if (resourceBundleName_ != null) { +        ResourceBundle resourceBundle = ResourceBundle.getBundle(resourceBundleName_); +        return resourceBundle.getString(name_); +      } else { +        return name_; +      } -        return (resourceBundle_ != null)  -            ? resourceBundle_.getString(name_) -            : name_; -         +    } +     +    public String getLocalizedName(Locale locale) { +       +      if (resourceBundleName_ != null) { +        ResourceBundle resourceBundle = ResourceBundle.getBundle(resourceBundleName_, locale); +        return resourceBundle.getString(name_); +      } else { +        return name_; +      } +            }      public int getMaxLength() { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index e622f65a..83c0197a 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -1,36 +1,27 @@ -//Copyright (C) 2002 IAIK -//http://jce.iaik.at -// -//Copyright (C) 2003 Stiftung Secure Information and  -//                 Communication Technologies SIC -//http://www.sic.st -// -//All rights reserved. -// -//This source is provided for inspection purposes and recompilation only, -//unless specified differently in a contract with IAIK. This source has to -//be kept in strict confidence and must not be disclosed to any third party -//under any circumstances. Redistribution in source and binary forms, with -//or without modification, are <not> permitted in any case! -// -//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. -// -// +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +  package at.gv.egiz.smcc; -import at.gv.egiz.smcc.ccid.CCID; -import at.gv.egiz.smcc.util.SMCCHelper; +import java.io.ByteArrayOutputStream; +import java.io.IOException;  import java.util.Arrays; +import java.util.List; +  import javax.smartcardio.CardChannel;  import javax.smartcardio.CardException;  import javax.smartcardio.CommandAPDU; @@ -39,7 +30,10 @@ import javax.smartcardio.ResponseAPDU;  import org.apache.commons.logging.Log;  import org.apache.commons.logging.LogFactory; -public class STARCOSCard extends AbstractSignatureCard { +import at.gv.egiz.smcc.util.ISO7816Utils; +import at.gv.egiz.smcc.util.SMCCHelper; + +public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatureCard {    /**     * Logging facility. @@ -154,133 +148,131 @@ public class STARCOSCard extends AbstractSignatureCard {    public static final byte KID_PIN_CARD = (byte) 0x01; -  public static final int PINSPEC_CARD = 0; -  public static final int PINSPEC_SS = 1; +  private static final PINSpec CARD_PIN_SPEC = +    new PINSpec(4, 12, "[0-9]",  +        "at/gv/egiz/smcc/STARCOSCard", "card.pin.name", KID_PIN_CARD, null); +   +  private static final PINSpec SS_PIN_SPEC = +    new PINSpec(6, 12, "[0-9]",  +        "at/gv/egiz/smcc/STARCOSCard", "sig.pin.name", KID_PIN_SS, AID_DF_SS);    /**     * Creates an new instance.     */    public STARCOSCard() {      super("at/gv/egiz/smcc/STARCOSCard"); -    pinSpecs.add(PINSPEC_CARD,  -            new PINSpec(4, 12, "[0-9]", -              getResourceBundle().getString("card.pin.name"), -              KID_PIN_CARD, null)); -    pinSpecs.add(PINSPEC_SS, -            new PINSpec(6, 12, "[0-9]", -              getResourceBundle().getString("sig.pin.name"), -              KID_PIN_SS, AID_DF_SS)); +    pinSpecs.add(CARD_PIN_SPEC); +    pinSpecs.add(SS_PIN_SPEC);    }    @Override +  @Exclusive    public byte[] getCertificate(KeyboxName keyboxName)        throws SignatureCardException, InterruptedException { -    try { -       -      if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { -         -        try { -          getCard().beginExclusive(); -          return readTLVFile(AID_DF_SS, EF_C_X509_CH_DS, 2000); -        } catch (FileNotFoundException e) { -          throw new NotActivatedException(); -        } finally { -          getCard().endExclusive(); -        } -         -      } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { - -        try { -          getCard().beginExclusive(); -          return readTLVFile(AID_DF_GS, EF_C_X509_CH_AUT, 2000); -        } catch (FileNotFoundException e) { -          throw new NotActivatedException(); -        } finally { -          getCard().endExclusive(); -        } +    byte[] aid; +    byte[] fid; +    if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { +      aid = AID_DF_SS; +      fid = EF_C_X509_CH_DS; +    } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { +      aid = AID_DF_GS; +      fid = EF_C_X509_CH_AUT; +    } else { +      throw new IllegalArgumentException("Keybox " + keyboxName +          + " not supported."); +    } -      } else { -        throw new IllegalArgumentException("Keybox " + keyboxName -            + " not supported."); +    try { +      CardChannel channel = getCardChannel(); +      // SELECT application +      execSELECT_AID(channel, aid); +      // SELECT file +      execSELECT_FID(channel, fid); +      // READ BINARY +      byte[] certificate = ISO7816Utils.readTransparentFileTLV(channel, -1, (byte) 0x30); +      if (certificate == null) { +        throw new NotActivatedException();        } -       +      return certificate; +    } catch (FileNotFoundException e) { +      throw new NotActivatedException();      } catch (CardException e) { -      log.warn(e); -      throw new SignatureCardException("Failed to access card.", e); +      log.info("Failed to get certificate.", e); +      throw new SignatureCardException(e);      }    }    @Override +  @Exclusive    public byte[] getInfobox(String infobox, PINProvider provider, String domainId)        throws SignatureCardException, InterruptedException {      try {        if ("IdentityLink".equals(infobox)) { -        PINSpec spec = pinSpecs.get(PINSPEC_CARD); -        //new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); - -        int retries = -1; -        boolean pinRequired = false; +        PINSpec spec = CARD_PIN_SPEC; +         +        CardChannel channel = getCardChannel(); +        // SELECT application +        execSELECT_AID(channel, AID_INFOBOX); +        // SELECT file +        execSELECT_FID(channel, EF_INFOBOX); -        do { +        while (true) {            try { -            getCard().beginExclusive(); -            if (pinRequired) { -              char[] pin = provider.providePIN(spec, retries); -              return readTLVFile(AID_INFOBOX, EF_INFOBOX, pin, spec.getKID(), 2000); -            } else { -              return readTLVFile(AID_INFOBOX, EF_INFOBOX, 2000); -            } -          } catch (FileNotFoundException e) { -            throw new NotActivatedException(); +            return ISO7816Utils.readTransparentFileTLV(channel, -1, (byte) 0x30);            } catch (SecurityStatusNotSatisfiedException e) { -            pinRequired = true; -            retries = verifyPIN(KID_PIN_CARD); -          } catch (VerificationFailedException e) { -            pinRequired = true; -            retries = e.getRetries(); -          } finally { -            getCard().endExclusive(); +            verifyPINLoop(channel, spec, provider);            } -        } while (retries != 0); - -        throw new LockedException(); -         -      } else if ("EHIC".equals(infobox)) { -        try { -          getCard().beginExclusive(); -          return readTLVFile(AID_SV_PERSONENDATEN, FID_EHIC, 126); -        } finally { -          getCard().endExclusive(); -        } -      } else if ("Grunddaten".equals(infobox)) { -        try { -          getCard().beginExclusive(); -          return readTLVFile(AID_SV_PERSONENDATEN, FID_GRUNDDATEN, 550); -        } finally { -          getCard().endExclusive(); -        } -      } else if ("SV-Personenbindung".equals(infobox)) { -        try { -          getCard().beginExclusive(); -          return readTLVFile(AID_SV_PERSONENDATEN, FID_SV_PERSONENBINDUNG, 500); -        } finally { -          getCard().endExclusive();          } +                } else if ("Status".equals(infobox)) { +         +        CardChannel channel = getCardChannel(); +        // SELECT application +        execSELECT_AID(channel, AID_SV_PERSONENDATEN); +        // SELECT file +        execSELECT_FID(channel, FID_STATUS); +        // READ RECORDS +        ByteArrayOutputStream bytes = new ByteArrayOutputStream();          try { -          getCard().beginExclusive(); -          return readRecords(AID_SV_PERSONENDATEN, FID_STATUS, 1, 5); -        } finally { -          getCard().endExclusive(); +          for (int record = 1; record <= 5; record++) { +            byte[] rb = ISO7816Utils.readRecord(channel, record); +            bytes.write(rb); +          } +        } catch (IOException e) { +          throw new SignatureCardException("Failed to read infobox '" + infobox +              + "'.", e);          } +        return bytes.toByteArray(); +                } else { -        throw new IllegalArgumentException("Infobox '" + infobox -            + "' not supported."); + +        byte[] fid; +         +        if ("EHIC".equals(infobox)) { +          fid = FID_EHIC; +        } else if ("Grunddaten".equals(infobox)) { +          fid = FID_GRUNDDATEN; +        } else if ("SV-Personenbindung".equals(infobox)) { +          fid = FID_SV_PERSONENBINDUNG; +        } else { +          throw new IllegalArgumentException("Infobox '" + infobox +              + "' not supported."); +        } +        +        CardChannel channel = getCardChannel(); +        // SELECT application +        execSELECT_AID(channel, AID_SV_PERSONENDATEN); +        // SELECT file +        execSELECT_FID(channel, fid); +        // READ BINARY +        return ISO7816Utils.readTransparentFileTLV(channel, -1, (byte) 0x30); +                } +              } catch (CardException e) {        log.warn(e);        throw new SignatureCardException("Failed to access card.", e); @@ -288,6 +280,7 @@ public class STARCOSCard extends AbstractSignatureCard {    }    @Override +  @Exclusive    public byte[] createSignature(byte[] hash, KeyboxName keyboxName,        PINProvider provider) throws SignatureCardException, InterruptedException { @@ -297,68 +290,44 @@ public class STARCOSCard extends AbstractSignatureCard {      try { +      CardChannel channel = getCardChannel(); +              if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { -        PINSpec spec = pinSpecs.get(PINSPEC_SS); -        //new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); +        PINSpec spec = SS_PIN_SPEC; +         +        // SELECT MF +        execSELECT_MF(channel); +        // SELECT application +        execSELECT_AID(channel, AID_DF_SS); +        // VERIFY +        verifyPINLoop(channel, spec, provider); +        // MANAGE SECURITY ENVIRONMENT : SET DST +        execMSE(channel, 0x41, 0xb6, DST_SS); +        // PERFORM SECURITY OPERATION : HASH +        execPSO_HASH(channel, hash); +        // PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATURE +        return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel); -        int retries = -1; -        char[] pin = null; - -        do { -          try { -            getCard().beginExclusive(); -            selectFileAID(AID_DF_SS); -            retries = verifyPIN(KID_PIN_SS); //, null); -          } finally { -            getCard().endExclusive(); -          } -          pin = provider.providePIN(spec, retries); -          try { -            getCard().beginExclusive(); -            return createSignature(hash, AID_DF_SS, pin, KID_PIN_SS, DST_SS); -          } catch (VerificationFailedException e) { -            retries = e.getRetries(); -          } catch (PINFormatException e) { -            log.debug("wrong pin size entered, retry"); -          } finally { -            getCard().endExclusive(); -          } -        } while (retries != 0); - -        throw new LockedException(); - -         } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { -        PINSpec spec = pinSpecs.get(PINSPEC_CARD); -        //new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); -  -        int retries = -1; -        char[] pin = null; -        boolean pinRequiered = false; - -        do { -          if (pinRequiered) { -            pin = provider.providePIN(spec, retries); -          } +        PINSpec spec = CARD_PIN_SPEC; +         +        // SELECT application +        execSELECT_AID(channel, AID_DF_GS); +        // MANAGE SECURITY ENVIRONMENT : SET DST +        execMSE(channel, 0x41, 0xb6, DST_GS); +        // PERFORM SECURITY OPERATION : HASH +        execPSO_HASH(channel, hash); +         +        while (true) {            try { -            getCard().beginExclusive(); -            return createSignature(hash, AID_DF_GS, pin, KID_PIN_CARD, DST_GS); -          } catch (FileNotFoundException e) { -            throw new NotActivatedException(); +            // PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATURE +            return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel);            } catch (SecurityStatusNotSatisfiedException e) { -            pinRequiered = true; -            retries = verifyPIN(KID_PIN_CARD); -          } catch (VerificationFailedException e) { -            pinRequiered = true; -            retries = e.getRetries(); -          } finally { -            getCard().endExclusive(); +            verifyPINLoop(channel, spec, provider);            } -        } while (retries != 0); - -        throw new LockedException(); +        }        } else {          throw new IllegalArgumentException("KeyboxName '" + keyboxName @@ -372,529 +341,366 @@ public class STARCOSCard extends AbstractSignatureCard {    } - -  //////////////////////////////////////////////////////////////////////// -  // PROTECTED METHODS (assume exclusive card access) -  //////////////////////////////////////////////////////////////////////// - -  protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException { -    CardChannel channel = getCardChannel(); -    return transmit(channel, new CommandAPDU(0x00, 0xA4, 0x02, -        0x04, fid, 256)); -  } - -  private byte[] createSignature(byte[] hash, byte[] aid, char[] pin, byte kid, -      byte[] dst) throws CardException, SignatureCardException { -     -    // SELECT MF -    selectMF(); -    // SELECT DF -    selectFileAID(aid); -    // VERIFY -    int retries = verifyPIN(kid, pin); -    if (retries != -1) { -      throw new VerificationFailedException(retries); -    } -    // MSE: SET DST -    mseSetDST(dst); -    // PSO: HASH -    psoHash(hash); -    // PSO: COMPUTE DIGITAL SIGNATURE -    return psoComputDigitalSiganture(); - +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.AbstractSignatureCard#verifyPIN(at.gv.egiz.smcc.PINSpec, at.gv.egiz.smcc.PINProvider) +   */ +  @Override +  @Exclusive +  public void verifyPIN(PINSpec pinSpec, PINProvider pinProvider) +      throws LockedException, NotActivatedException, CancelledException, +      TimeoutException, SignatureCardException, InterruptedException { -  } - -  private void selectMF() throws CardException, SignatureCardException {      CardChannel channel = getCardChannel(); -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, -        0x0C)); -    if (resp.getSW() != 0x9000) { -      throw new SignatureCardException("Failed to select MF: SW=" -          + Integer.toHexString(resp.getSW()) + "."); +     +    try { +      if (pinSpec.getContextAID() != null) { +        // SELECT application +        execSELECT_AID(channel, pinSpec.getContextAID()); +      } +      int retries = verifyPIN(channel, pinSpec, null, 0); +      verifyPIN(channel, pinSpec, pinProvider, retries); +    } catch (CardException e) { +      log.info("Failed to verify PIN.", e); +      throw new SignatureCardException("Failed to verify PIN.", e);      } +        } - -  private void mseSetDST(byte[] dst) throws CardException, SignatureCardException { +   +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.AbstractSignatureCard#changePIN(at.gv.egiz.smcc.PINSpec, at.gv.egiz.smcc.ChangePINProvider) +   */ +  @Override +  @Exclusive +  public void changePIN(PINSpec pinSpec, ChangePINProvider pinProvider) +      throws LockedException, NotActivatedException, CancelledException, +      TimeoutException, SignatureCardException, InterruptedException { +          CardChannel channel = getCardChannel(); -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, 0x41, -        0xB6, dst)); -    if (resp.getSW() != 0x9000) { -      throw new SignatureCardException("MSE:SET DST failed: SW=" -          + Integer.toHexString(resp.getSW())); +     +    try { +      if (pinSpec.getContextAID() != null) { +        // SELECT application +        execSELECT_AID(channel, pinSpec.getContextAID()); +      } +      int retries = verifyPIN(channel, pinSpec, null, 0); +      changePIN(channel, pinSpec, pinProvider, retries); +    } catch (CardException e) { +      log.info("Failed to change PIN.", e); +      throw new SignatureCardException("Failed to change PIN.", e);      } +        } -  private void psoHash(byte[] hash) throws CardException, SignatureCardException { -    byte[] data = new byte[hash.length + 2]; -    data[0] = (byte) 0x90; // tag -    data[1] = (byte) (hash.length); // length -    System.arraycopy(hash, 0, data, 2, hash.length); +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.AbstractSignatureCard#activatePIN(at.gv.egiz.smcc.PINSpec, at.gv.egiz.smcc.PINProvider) +   */ +  @Override +  @Exclusive +  public void activatePIN(PINSpec pinSpec, PINProvider pinProvider) +      throws CancelledException, SignatureCardException, CancelledException, +      TimeoutException, InterruptedException {      CardChannel channel = getCardChannel(); -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x90, -        0xA0, data)); -    if (resp.getSW() != 0x9000) { -      throw new SignatureCardException("PSO:HASH failed: SW=" -          + Integer.toHexString(resp.getSW())); -    } -  } -  private byte[] psoComputDigitalSiganture() throws CardException, -      SignatureCardException { -    CardChannel channel = getCardChannel(); -    ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E, -        0x9A, 256)); -    if (resp.getSW() != 0x9000) { -      throw new SignatureCardException( -          "PSO: COMPUTE DIGITAL SIGNATRE failed: SW=" -              + Integer.toHexString(resp.getSW())); -    } else { -      return resp.getData(); +    try { +      if (pinSpec.getContextAID() != null) { +        // SELECT application +        execSELECT_AID(channel, pinSpec.getContextAID()); +      } +      activatePIN(channel, pinSpec, pinProvider); +    } catch (CardException e) { +      log.info("Failed to activate PIN.", e); +      throw new SignatureCardException("Failed to activate PIN.", e);      } +        } +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.PINMgmtSignatureCard#unblockPIN(at.gv.egiz.smcc.PINSpec, at.gv.egiz.smcc.PINProvider) +   */    @Override -  protected int verifyPIN(byte kid, char[] pin) -          throws LockedException, NotActivatedException, TimeoutException, CancelledException, PINFormatException, PINOperationAbortedException, SignatureCardException { -    try { -      byte[] sw; -      if (reader.hasFeature(CCID.FEATURE_VERIFY_PIN_DIRECT)) { -        log.debug("verify pin on cardreader"); -        sw = reader.verifyPinDirect(getPINVerifyStructure(kid)); -//        int sw = (resp[resp.length-2] & 0xff) << 8 | resp[resp.length-1] & 0xff; -      } else if (reader.hasFeature(CCID.FEATURE_VERIFY_PIN_START)) { -        log.debug("verify pin on cardreader"); -        sw = reader.verifyPin(getPINVerifyStructure(kid)); -      } else { -        byte[] pinBlock = encodePINBlock(pin); -        CardChannel channel = getCardChannel(); -        ResponseAPDU resp = transmit(channel, -                new CommandAPDU(0x00, 0x20, 0x00, kid, pinBlock), false); -        sw = new byte[2]; -        sw[0] = (byte) resp.getSW1(); -        sw[1] = (byte) resp.getSW2(); -      } - -      if (sw[0] == (byte) 0x90 && sw[1] == (byte) 0x00) { -        return -1; -      } else if (sw[0] == (byte) 0x63 && sw[1] == (byte) 0xc0) { -        throw new LockedException("[63:c0]"); -      } else if (sw[0] == (byte) 0x63 && (sw[1] & 0xf0) >> 4 == 0xc) { -        return sw[1] & 0x0f; -      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x83) { -        //Authentisierungsmethode gesperrt -        throw new LockedException("[69:83]"); -      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x84) { -        //referenzierte Daten sind reversibel gesperrt (invalidated) -        throw new NotActivatedException("[69:84]"); -      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x85) { -        //Benutzungsbedingungen nicht erfüllt -        throw new NotActivatedException("[69:85]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x00) { -        throw new TimeoutException("[64:00]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x01) { -        throw new CancelledException("[64:01]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x03) { -        throw new PINFormatException("[64:03]"); -      } -      log.error("Failed to verify pin: SW=" -              + SMCCHelper.toString(sw)); -      throw new SignatureCardException(SMCCHelper.toString(sw)); -       -    } catch (CardException ex) { -      log.error("smart card communication failed: " + ex.getMessage()); -      throw new SignatureCardException("smart card communication failed: " + ex.getMessage(), ex); -    } +  public void unblockPIN(PINSpec pinSpec, PINProvider pukProvider) +      throws CancelledException, SignatureCardException, InterruptedException { +    throw new SignatureCardException("Unblock PIN is not supported.");    }    @Override -  protected int verifyPIN(byte kid) -          throws LockedException, NotActivatedException, SignatureCardException { +  public void reset() throws SignatureCardException {      try { +      super.reset(); +      log.debug("select MF (e-card workaround)");        CardChannel channel = getCardChannel(); -      ResponseAPDU resp = transmit(channel, -              new CommandAPDU(0x00, 0x20, 0x00, kid), false); - -      if (resp.getSW() == 0x9000) { -        return -1; -      } else if (resp.getSW() == 0x63c0) { -        throw new LockedException("[63:c0]"); -      } else if (resp.getSW1() == 0x63 && (resp.getSW2() & 0xf0) >> 4 == 0xc) { -        return resp.getSW2() & 0x0f; -      } else if (resp.getSW() == 0x6983) { -        //Authentisierungsmethode gesperrt -        throw new LockedException("[69:83]"); -      } else if (resp.getSW() == 0x6984) { -        //referenzierte Daten sind reversibel gesperrt (invalidated) -        throw new NotActivatedException("[69:84]"); -      } else if (resp.getSW() == 0x6985) { -        //Benutzungsbedingungen nicht erfüllt -        throw new NotActivatedException("[69:85]"); +      ResponseAPDU resp = channel.transmit(new CommandAPDU(0x00, 0xA4, 0x00, 0x0C)); +      if (resp.getSW() != 0x9000) { +        throw new SignatureCardException("Failed to select MF after RESET: SW=" + Integer.toHexString(resp.getSW()) + ".");        } -      log.error("Failed to verify pin: SW=" -              + Integer.toHexString(resp.getSW())); -      throw new SignatureCardException("[" + Integer.toHexString(resp.getSW()) + "]"); -      } catch (CardException ex) { -      log.error("smart card communication failed: " + ex.getMessage()); -      throw new SignatureCardException("smart card communication failed: " + ex.getMessage(), ex); +      log.error("Failed to select MF after RESET: " + ex.getMessage(), ex); +      throw new SignatureCardException("Failed to select MF after RESET");      }    } +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.PINMgmtSignatureCard#getPINSpecs() +   */    @Override -  protected int changePIN(byte kid, char[] oldPin, char[] newPin) -          throws LockedException, CancelledException, PINFormatException, PINConfirmationException, TimeoutException, PINOperationAbortedException, SignatureCardException { -    try { -      byte[] sw; -      if (reader.hasFeature(CCID.FEATURE_MODIFY_PIN_DIRECT)) { -        log.debug("modify pin on cardreader"); -        sw = reader.modifyPinDirect(getPINModifyStructure(kid)); -      } else if (reader.hasFeature(CCID.FEATURE_MODIFY_PIN_START)) { -        log.debug("modify pin on cardreader"); -        sw = reader.modifyPin(getPINModifyStructure(kid)); -      } else { -        byte[] cmd = new byte[16]; -        System.arraycopy(encodePINBlock(oldPin), 0, cmd, 0, 8); -        System.arraycopy(encodePINBlock(newPin), 0, cmd, 8, 8); - -        CardChannel channel = getCardChannel(); - -        ResponseAPDU resp = transmit(channel, -                new CommandAPDU(0x00, 0x24, 0x00, kid, cmd), false); - -        sw = new byte[2]; -        sw[0] = (byte) resp.getSW1(); -        sw[1] = (byte) resp.getSW2(); -      } - -      // activates pin (newPIN) if not active -      if (sw[0] == (byte) 0x90 && sw[1] == (byte) 0x00) { -        return -1; -      } else if (sw[0] == (byte) 0x63 && sw[1] == (byte) 0xc0) { -        throw new LockedException("[63:c0]"); -      } else if (sw[0] == (byte) 0x63 && (sw[1] & 0xf0) >> 4 == 0xc) { -        return sw[1] & 0x0f; -      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x83) { -        //Authentisierungsmethode gesperrt -        throw new LockedException("[69:83]"); -//      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x84) { -//        //referenzierte Daten sind reversibel gesperrt (invalidated) -//        throw new NotActivatedException("[69:84]"); -//      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x85) { -//        //Benutzungsbedingungen nicht erfüllt -//        throw new NotActivatedException("[69:85]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x00) { -        throw new TimeoutException("[64:00]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x01) { -        throw new CancelledException("[64:01]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x02) { -        throw new PINConfirmationException("[64:02]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x03) { -        throw new PINFormatException("[64:03]"); -      } else if (sw[0] == (byte) 0x6a && sw[1] == (byte) 0x80) { -        log.info("invalid parameter, assume wrong pin size"); -        throw new PINFormatException("[6a:80]"); -      } -      log.error("Failed to change pin: SW=" -              + SMCCHelper.toString(sw)); -      throw new SignatureCardException(SMCCHelper.toString(sw)); -    } catch (CardException ex) { -      log.error("smart card communication failed: " + ex.getMessage()); -      throw new SignatureCardException("smart card communication failed: " + ex.getMessage(), ex); -    } +  public List<PINSpec> getPINSpecs() { +    return Arrays.asList(new PINSpec[] {CARD_PIN_SPEC, SS_PIN_SPEC});    } +  /* (non-Javadoc) +   * @see at.gv.egiz.smcc.PINMgmtSignatureCard#getPINStatus(at.gv.egiz.smcc.PINSpec) +   */    @Override -  protected void activatePIN(byte kid, char[] pin) -          throws CancelledException, PINFormatException, PINConfirmationException, TimeoutException, PINOperationAbortedException, SignatureCardException { +  public PIN_STATE getPINState(PINSpec pinSpec) throws SignatureCardException { +     +    CardChannel channel = getCardChannel(); +          try { -      byte[] sw; -      if (reader.hasFeature(CCID.FEATURE_MODIFY_PIN_DIRECT)) { -        log.debug("activate pin on cardreader"); -        sw = reader.modifyPinDirect(getActivatePINModifyStructure(kid)); -      } else if (reader.hasFeature(CCID.FEATURE_MODIFY_PIN_START)) { -        log.debug("activate pin on cardreader"); -        sw = reader.modifyPin(getActivatePINModifyStructure(kid)); -      } else { -        CardChannel channel = getCardChannel(); -        ResponseAPDU resp = transmit(channel, -                new CommandAPDU(0x00, 0x24, 0x01, kid, encodePINBlock(pin)), false); - -        sw = new byte[2]; -        sw[0] = (byte) resp.getSW1(); -        sw[1] = (byte) resp.getSW2(); -        log.trace("activate pin returned SW=" + Integer.toHexString(resp.getSW())); -      } - -      if (sw[0] == (byte) 0x90 && sw[1] == (byte) 0x00) { -        return; -      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x83) { -        //Authentisierungsmethode gesperrt -        throw new LockedException("[69:83]"); -//      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x84) { -//        //referenzierte Daten sind reversibel gesperrt (invalidated) -//        throw new NotActivatedException("[69:84]"); -//      } else if (sw[0] == (byte) 0x69 && sw[1] == (byte) 0x85) { -//        //Benutzungsbedingungen nicht erfüllt -//        throw new NotActivatedException("[69:85]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x00) { -        throw new TimeoutException("[64:00]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x01) { -        throw new CancelledException("[64:01]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x02) { -        throw new PINConfirmationException("[64:02]"); -      } else if (sw[0] == (byte) 0x64 && sw[1] == (byte) 0x03) { -        throw new PINFormatException("[64:03]"); +      if (pinSpec.getContextAID() != null) { +        // SELECT AID +        execSELECT_AID(channel, pinSpec.getContextAID());        } -      log.error("Failed to activate pin: SW=" -              + SMCCHelper.toString(sw)); -      throw new SignatureCardException(SMCCHelper.toString(sw)); - -    } catch (CardException ex) { -      log.error("smart card communication failed: " + ex.getMessage()); -      throw new SignatureCardException("smart card communication failed: " + ex.getMessage(), ex); +      verifyPIN(channel, pinSpec, null, 0); +      return PIN_STATE.ACTIV; +    } catch (InterruptedException e) { +      return PIN_STATE.UNKNOWN; +    } catch (LockedException e) { +      return PIN_STATE.BLOCKED; +    } catch (NotActivatedException e) { +      return PIN_STATE.NOT_ACTIV; +    } catch (CardException e) { +      log.error("Failed to get PIN status.", e); +      throw new SignatureCardException("Failed to get PIN status.", e);      } +        } -  /** -   * BCD encodes the pin, pads with 0xFF and prepends the pins length -   * @param pin -   * @return a 8 byte pin block consisting of length byte (0x2X), -   * the BCD encoded pin and a 0xFF padding -   */ -  @Override -  protected byte[] encodePINBlock(char[] pin) throws SignatureCardException { -    if (pin == null || pin.length > 12) { -      throw new SignatureCardException("invalid pin: " + pin); +  public String toString() { +    return "e-card"; +  } +   +  //////////////////////////////////////////////////////////////////////// +  // PROTECTED METHODS (assume exclusive card access) +  //////////////////////////////////////////////////////////////////////// +   +  protected void verifyPINLoop(CardChannel channel, PINSpec spec, PINProvider provider) +      throws LockedException, NotActivatedException, SignatureCardException, +      InterruptedException, CardException { +     +    int retries = verifyPIN(channel, spec, null, -1); +    do { +      retries = verifyPIN(channel, spec, provider, retries); +    } while (retries > 0); +     +  } +   +  protected int verifyPIN(CardChannel channel, PINSpec pinSpec, +      PINProvider provider, int retries) throws SignatureCardException, +      LockedException, NotActivatedException, InterruptedException, +      CardException { +     +    VerifyAPDUSpec apduSpec = new VerifyAPDUSpec( +        new byte[] { +            (byte) 0x00, (byte) 0x20, (byte) 0x00, pinSpec.getKID(), (byte) 0x08, +            (byte) 0x20, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, +            (byte) 0xff, (byte) 0xff, (byte) 0xff },  +        1, VerifyAPDUSpec.PIN_FORMAT_BCD, 7, 4, 4); +     +    ResponseAPDU resp; +    if (provider != null) { +      resp = reader.verify(channel, apduSpec, pinSpec, provider, retries); +    } else { +      resp = channel.transmit(new CommandAPDU(0x00, 0x20, 0x00, pinSpec.getKID())); +    } +     +    if (resp.getSW() == 0x9000) { +      return -1; +    } +    if (resp.getSW() >> 4 == 0x63c) { +      return 0x0f & resp.getSW(); +    } +     +    switch (resp.getSW()) { +    case 0x6983: +      // authentication method blocked +      throw new LockedException(); +    case 0x6984: +      // reference data not usable +      throw new NotActivatedException(); +    case 0x6985: +      // conditions of use not satisfied +      throw new NotActivatedException(); +   +    default: +      String msg = "VERIFY failed. SW=" + Integer.toHexString(resp.getSW());  +      log.info(msg); +      throw new SignatureCardException(msg); +    } +     +  } +   +  protected int changePIN(CardChannel channel, PINSpec pinSpec, +      ChangePINProvider pinProvider, int retries) throws CancelledException, +      InterruptedException, CardException, SignatureCardException { +     +    ChangeReferenceDataAPDUSpec apduSpec = new ChangeReferenceDataAPDUSpec( +        new byte[] {  +            (byte) 0x00, (byte) 0x24, (byte) 0x00, pinSpec.getKID(), (byte) 0x10,  +            (byte) 0x20, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,  +            (byte) 0xff, (byte) 0xff, (byte) 0xff,  +            (byte) 0x20, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,  +            (byte) 0xff, (byte) 0xff, (byte) 0xff },  +        1, VerifyAPDUSpec.PIN_FORMAT_BCD, 7, 4, 4, 8); +     +    ResponseAPDU resp = reader.modify(channel, apduSpec, pinSpec, pinProvider, retries); +     +    if (resp.getSW() == 0x9000) { +      return -1;      } -    int numDigits = pin.length; -    int numBytes = (int) Math.ceil(numDigits/2.0); +    if (resp.getSW() >> 4 == 0x63c) { +      return 0x0f & resp.getSW(); +    } +     +    switch (resp.getSW()) { +    case 0x6983: +      // authentication method blocked +      throw new LockedException(); +   +    default: +      String msg = "CHANGE REFERENCE DATA failed. SW=" + Integer.toHexString(resp.getSW());  +      log.info(msg); +      throw new SignatureCardException(msg); +    } +    +     +  } -    byte[] pinBlock = new byte[8]; -    pinBlock[0] = (byte) (0x20 | numDigits); +  protected int activatePIN(CardChannel channel, PINSpec pinSpec, +      PINProvider provider) throws SignatureCardException, +      InterruptedException, CardException { +     +    NewReferenceDataAPDUSpec apduSpec = new NewReferenceDataAPDUSpec( +        new byte[] { +            (byte) 0x00, (byte) 0x20, (byte) 0x01, pinSpec.getKID(), (byte) 0x08, +            (byte) 0x20, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, +            (byte) 0xff, (byte) 0xff, (byte) 0xff },  +        1, VerifyAPDUSpec.PIN_FORMAT_BCD, 7, 4, 4); +     +    ResponseAPDU resp = reader.activate(channel, apduSpec, pinSpec, provider); +     +    switch (resp.getSW()) { +     +    case 0x9000: +      return -1; -    for (int i = 0; i < numBytes; i++) { -      int p1 = 16*Character.digit(pin[i*2], 16); -      int p2 = (i*2+1 < numDigits) ? Character.digit(pin[i*2+1], 16) : 0xf; -      pinBlock[i+1] = (byte) (p1 + p2); -    } -    Arrays.fill(pinBlock, numBytes + 1, pinBlock.length, (byte) 0xff); -//    log.trace("BCD encoded PIN block: " + SMCCHelper.toString(pinBlock)); +    case 0x6983: +      // authentication method blocked +      throw new LockedException(); -    return pinBlock; +    default: +      String msg = "CHANGE REFERENCE DATA failed. SW=" + Integer.toHexString(resp.getSW());  +      log.info(msg); +      throw new SignatureCardException(msg); +    } +        } -  private byte[] getPINVerifyStructure(byte kid) { -      byte bTimeOut = reader.getbTimeOut();  -      byte bTimeOut2 = reader.getbTimeOut2(); // time out after first entry -      byte bmFormatString = (byte) 0x89;      // 1 0001 0 01  -                                              // ^------------ System unit = byte -                                              //   ^^^^------- PIN position in the frame = 1 byte -                                              //        ^----- PIN justification left -                                              //          ^^-- BCD format -      byte bmPINBlockString = (byte) 0x47;    // 0100 0111 -                                              // ^^^^--------- PIN length size: 4 bits -                                              //      ^^^^---- Length PIN = 7 bytes -      byte bmPINLengthFormat = (byte) 0x04;   // 000 0 0100 -                                              //     ^-------- System bit units is bit -                                              //       ^^^^--- PIN length is at the 4th position bit -      //TODO compare ints, not bytes -      byte wPINMaxExtraDigitL =               // Max=12 digits  -              (reader.getwPINMaxExtraDigitL() < (byte) 0x0c) ? -                reader.getwPINMaxExtraDigitL() : (byte) 0x0c; -      byte wPINMaxExtraDigitH =               // Min=4/6 digits TODO card/ss pin (min: 4/6) -              (reader.getwPINMaxExtraDigitH() > (byte) 0x04) ? -                reader.getwPINMaxExtraDigitH() : (byte) 0x04; -      byte bEntryValidationCondition =  -              reader.getbEntryValidationCondition();   -      byte bNumberMessage = (byte) 0x00;      // No message -      byte wLangIdL = (byte) 0x0C;            // - English? -      byte wLangIdH = (byte) 0x04;            // \ -      byte bMsgIndex = (byte) 0x00;           // Default Msg - -      byte[] apdu = new byte[] { -        (byte) 0x00, (byte) 0x20, (byte) 0x00, kid, (byte) 0x08,  // CLA INS P1 P2 LC -        (byte) 0x20, (byte) 0xff, (byte) 0xff, (byte) 0xff,               // Data -        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff                // ... -      }; - -      int offset = 0; -      byte[] pinVerifyStructure = new byte[offset + 19 + apdu.length]; -      pinVerifyStructure[offset++] = bTimeOut; -      pinVerifyStructure[offset++] = bTimeOut2; -      pinVerifyStructure[offset++] = bmFormatString; -      pinVerifyStructure[offset++] = bmPINBlockString; -      pinVerifyStructure[offset++] = bmPINLengthFormat; -      pinVerifyStructure[offset++] = wPINMaxExtraDigitL; -      pinVerifyStructure[offset++] = wPINMaxExtraDigitH; -      pinVerifyStructure[offset++] = bEntryValidationCondition; -      pinVerifyStructure[offset++] = bNumberMessage; -      pinVerifyStructure[offset++] = wLangIdL; -      pinVerifyStructure[offset++] = wLangIdH; -      pinVerifyStructure[offset++] = bMsgIndex; -       -      pinVerifyStructure[offset++] = 0x00; -      pinVerifyStructure[offset++] = 0x00; -      pinVerifyStructure[offset++] = 0x00; -       -      pinVerifyStructure[offset++] = (byte) apdu.length; -      pinVerifyStructure[offset++] = 0x00; -      pinVerifyStructure[offset++] = 0x00; -      pinVerifyStructure[offset++] = 0x00; -      System.arraycopy(apdu, 0, pinVerifyStructure, offset, apdu.length); - -      return pinVerifyStructure; +  protected void execSELECT_MF(CardChannel channel) throws CardException, SignatureCardException { +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0xA4, 0x00, 0x0C)); +    if (resp.getSW() != 0x9000) { +      throw new SignatureCardException("Failed to select MF: SW=" +          + Integer.toHexString(resp.getSW()) + "."); +    }    } -  private byte[] getPINModifyStructure(byte kid) { - -      byte bTimeOut = reader.getbTimeOut();   // s.o. -      byte bTimeOut2 = reader.getbTimeOut2(); // s.o. -      byte bmFormatString = (byte) 0x89;      // s.o. -      byte bmPINBlockString = (byte) 0x47;    // s.o. -      byte bmPINLengthFormat = (byte) 0x04;   // s.o. -      byte bInsertionOffsetOld = (byte) 0x00; // insertion position offset in bytes -      byte bInsertionOffsetNew = (byte) 0x08; // (add 1 from bmFormatString b3) -      byte wPINMaxExtraDigitL =  -              (reader.getwPINMaxExtraDigitL() < (byte) 0x0c) ? -                reader.getwPINMaxExtraDigitL() : (byte) 0x0c; -      byte wPINMaxExtraDigitH =               // Min=4/6 digits TODO card/ss pin (min: 4/6) -              (reader.getwPINMaxExtraDigitH() > (byte) 0x04) ? -                reader.getwPINMaxExtraDigitH() : (byte) 0x04; -      byte bConfirmPIN = (byte) 0x03;         // current pin entry + confirmation -      byte bEntryValidationCondition = -              reader.getbEntryValidationCondition(); -      byte bNumberMessage = (byte) 0x03;      // 3 messages -      byte wLangIdL = (byte) 0x0C;             -      byte wLangIdH = (byte) 0x04;             -      byte bMsgIndex1 = (byte) 0x00;          // insertion -      byte bMsgIndex2 = (byte) 0x01;          // modification -      byte bMsgIndex3 = (byte) 0x02;          // confirmation - -      byte[] apdu = new byte[] { -        (byte) 0x00, (byte) 0x24, (byte) 0x00, kid, (byte) 0x10,  -        (byte) 0x20, (byte) 0xff, (byte) 0xff, (byte) 0xff,       -        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,       -        (byte) 0x20, (byte) 0xff, (byte) 0xff, (byte) 0xff,       -        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff        -      }; - -      int offset = 0; -      byte[] pinModifyStructure = new byte[offset + 24 + apdu.length]; -      pinModifyStructure[offset++] = bTimeOut; -      pinModifyStructure[offset++] = bTimeOut2; -      pinModifyStructure[offset++] = bmFormatString; -      pinModifyStructure[offset++] = bmPINBlockString; -      pinModifyStructure[offset++] = bmPINLengthFormat; -      pinModifyStructure[offset++] = bInsertionOffsetOld; -      pinModifyStructure[offset++] = bInsertionOffsetNew; -      pinModifyStructure[offset++] = wPINMaxExtraDigitL; -      pinModifyStructure[offset++] = wPINMaxExtraDigitH; -      pinModifyStructure[offset++] = bConfirmPIN; -      pinModifyStructure[offset++] = bEntryValidationCondition; -      pinModifyStructure[offset++] = bNumberMessage; -      pinModifyStructure[offset++] = wLangIdL; -      pinModifyStructure[offset++] = wLangIdH; -      pinModifyStructure[offset++] = bMsgIndex1; -      pinModifyStructure[offset++] = bMsgIndex2; -      pinModifyStructure[offset++] = bMsgIndex3; - -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; - -      pinModifyStructure[offset++] = (byte) apdu.length; -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; -      System.arraycopy(apdu, 0, pinModifyStructure, offset, apdu.length); - -//      log.debug("PIN MODIFY " + SMCCHelper.toString(pinModifyStructure)); -      return pinModifyStructure; +  protected byte[] execSELECT_AID(CardChannel channel, byte[] aid) +      throws SignatureCardException, CardException { +     +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0xA4, 0x04, 0x00, aid, 256)); +     +    if (resp.getSW() == 0x6A82) { +      String msg = "File or application not found AID=" +          + SMCCHelper.toString(aid) + " SW=" +          + Integer.toHexString(resp.getSW()) + "."; +      log.info(msg); +      throw new FileNotFoundException(msg); +    } else if (resp.getSW() != 0x9000) { +      String msg = "Failed to select application AID=" +          + SMCCHelper.toString(aid) + " SW=" +          + Integer.toHexString(resp.getSW()) + "."; +      log.info(msg); +      throw new SignatureCardException(msg); +    } else { +      return resp.getBytes(); +    } +        } -  private byte[] getActivatePINModifyStructure(byte kid) { - -      byte bTimeOut = reader.getbTimeOut();    -      byte bTimeOut2 = reader.getbTimeOut2();  -      byte bmFormatString = (byte) 0x89;       -      byte bmPINBlockString = (byte) 0x47;     -      byte bmPINLengthFormat = (byte) 0x04;    -      byte bInsertionOffsetOld = (byte) 0x00; // ignored -      byte bInsertionOffsetNew = (byte) 0x00;  -      byte wPINMaxExtraDigitL = -              (reader.getwPINMaxExtraDigitL() < (byte) 0x12) ? -                reader.getwPINMaxExtraDigitL() : (byte) 0x12; -      byte wPINMaxExtraDigitH =               // Min=4/6 digits TODO card/ss pin (min: 4/6) -              (reader.getwPINMaxExtraDigitH() > (byte) 0x04) ? -                reader.getwPINMaxExtraDigitH() : (byte) 0x04; -      byte bConfirmPIN = (byte) 0x01;         // confirm, no current pin entry -      byte bEntryValidationCondition = -              reader.getbEntryValidationCondition(); -      byte bNumberMessage = (byte) 0x02;      // 2 messages -      byte wLangIdL = (byte) 0x0c; -      byte wLangIdH = (byte) 0x04; -      byte bMsgIndex1 = (byte) 0x01;          // modification prompt -      byte bMsgIndex2 = (byte) 0x02;          // confirmation prompt -      byte bMsgIndex3 = (byte) 0x00;            - -      byte[] apdu = new byte[] { -        (byte) 0x00, (byte) 0x24, (byte) 0x01, kid, (byte) 0x08, -        (byte) 0x20, (byte) 0xff, (byte) 0xff, (byte) 0xff, -        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff -      }; - -      int offset = 0; -      byte[] pinModifyStructure = new byte[offset + 24 + apdu.length]; -      pinModifyStructure[offset++] = bTimeOut; -      pinModifyStructure[offset++] = bTimeOut2; -      pinModifyStructure[offset++] = bmFormatString; -      pinModifyStructure[offset++] = bmPINBlockString; -      pinModifyStructure[offset++] = bmPINLengthFormat; -      pinModifyStructure[offset++] = bInsertionOffsetOld; -      pinModifyStructure[offset++] = bInsertionOffsetNew; -      pinModifyStructure[offset++] = wPINMaxExtraDigitL; -      pinModifyStructure[offset++] = wPINMaxExtraDigitH; -      pinModifyStructure[offset++] = bConfirmPIN; -      pinModifyStructure[offset++] = bEntryValidationCondition; -      pinModifyStructure[offset++] = bNumberMessage; -      pinModifyStructure[offset++] = wLangIdL; -      pinModifyStructure[offset++] = wLangIdH; -      pinModifyStructure[offset++] = bMsgIndex1; -      pinModifyStructure[offset++] = bMsgIndex2; -      pinModifyStructure[offset++] = bMsgIndex3; - -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; - -      pinModifyStructure[offset++] = (byte) apdu.length; -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; -      pinModifyStructure[offset++] = 0x00; -      System.arraycopy(apdu, 0, pinModifyStructure, offset, apdu.length); - -//      log.debug("PIN MODIFY " + SMCCHelper.toString(pinModifyStructure)); -      return pinModifyStructure; +   +  protected byte[] execSELECT_FID(CardChannel channel, byte[] fid) +      throws SignatureCardException, CardException { +     +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0xA4, 0x02, 0x04, fid, 256)); +     +    if (resp.getSW() == 0x6A82) { +      String msg = "File or application not found FID=" +          + SMCCHelper.toString(fid) + " SW=" +          + Integer.toHexString(resp.getSW()) + "."; +      log.info(msg); +      throw new FileNotFoundException(msg); +    } else if (resp.getSW() != 0x9000) { +      String msg = "Failed to select application FID=" +          + SMCCHelper.toString(fid) + " SW=" +          + Integer.toHexString(resp.getSW()) + "."; +      log.error(msg); +      throw new SignatureCardException(msg); +    } else { +      return resp.getBytes(); +    } +        } +   +  protected void execMSE(CardChannel channel, int p1, int p2, byte[] data) +      throws CardException, SignatureCardException { +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0x22, p1, p2, data)); +    if (resp.getSW() != 0x9000) { +      throw new SignatureCardException("MSE:SET DST failed: SW=" +          + Integer.toHexString(resp.getSW())); +    } +  } +   +  protected void execPSO_HASH(CardChannel channel, byte[] hash) throws CardException, SignatureCardException { +    byte[] data = new byte[hash.length + 2]; +    data[0] = (byte) 0x90; // tag +    data[1] = (byte) (hash.length); // length +    System.arraycopy(hash, 0, data, 2, hash.length); -  @Override -  public void reset() throws SignatureCardException { -    try { -      super.reset(); -      log.debug("select MF (e-card workaround)"); -      CardChannel channel = getCardChannel(); -      ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, 0x0C)); -      if (resp.getSW() != 0x9000) { -        throw new SignatureCardException("Failed to select MF after RESET: SW=" + Integer.toHexString(resp.getSW()) + "."); -      } -    } catch (CardException ex) { -      log.error("Failed to select MF after RESET: " + ex.getMessage(), ex); -      throw new SignatureCardException("Failed to select MF after RESET"); +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0x2A, 0x90, 0xA0, data)); +    if (resp.getSW() != 0x9000) { +      throw new SignatureCardException("PSO:HASH failed: SW=" +          + Integer.toHexString(resp.getSW()));      }    } -  public String toString() { -    return "e-card"; +  protected byte[] execPSO_COMPUTE_DIGITAL_SIGNATURE(CardChannel channel) +      throws CardException, SignatureCardException { +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, 256)); +    if (resp.getSW() == 0x6982) { +      throw new SecurityStatusNotSatisfiedException(); +    } else if (resp.getSW() == 0x6983) { +      throw new LockedException(); +    } else if (resp.getSW() != 0x9000) { +      throw new SignatureCardException( +          "PSO: COMPUTE DIGITAL SIGNATRE failed: SW=" +              + Integer.toHexString(resp.getSW())); +    } else { +      return resp.getData(); +    }    }  } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index da084e0d..279362c0 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -14,10 +14,8 @@  * See the License for the specific language governing permissions and  * limitations under the License.  */ -  package at.gv.egiz.smcc; -import at.gv.egiz.smcc.ccid.CCID;  import java.io.ByteArrayOutputStream;  import java.io.FileInputStream;  import java.io.FileNotFoundException; @@ -37,20 +35,20 @@ import java.security.cert.Certificate;  import java.security.cert.CertificateEncodingException;  import java.security.cert.CertificateException;  import java.security.cert.CertificateFactory; -import java.util.ArrayList;  import java.util.Enumeration; -import java.util.HashMap; -import java.util.List;  import java.util.Locale; -import java.util.Map;  import javax.smartcardio.Card; +import javax.smartcardio.CardChannel;  import javax.smartcardio.CardException;  import javax.smartcardio.CardTerminal; +import javax.smartcardio.ResponseAPDU;  import org.apache.commons.logging.Log;  import org.apache.commons.logging.LogFactory; +import at.gv.egiz.smcc.ccid.CCID; +  /**   *   * @author mcentner @@ -396,31 +394,6 @@ public class SWCard implements SignatureCard {    }    @Override -  public List<PINSpec> getPINSpecs() { -    return new ArrayList<PINSpec>(); -  } - -  @Override -  public void verifyPIN(PINSpec pinSpec, PINProvider pinProvider) -          throws LockedException, NotActivatedException, SignatureCardException { -  } - -  @Override -  public void activatePIN(PINSpec pinSpec, PINProvider pinProvider) throws SignatureCardException { -    throw new UnsupportedOperationException("Not supported yet."); -  } - -  @Override -  public void unblockPIN(PINSpec pinSpec, PINProvider pukProvider) throws CancelledException, SignatureCardException, InterruptedException { -    throw new UnsupportedOperationException("Not supported yet."); -  } - -  @Override -  public void changePIN(PINSpec pinSpec, ChangePINProvider pinProvider) throws LockedException, NotActivatedException, CancelledException, SignatureCardException, InterruptedException { -    throw new UnsupportedOperationException("Not supported yet."); -  } - -  @Override    public CCID getReader() {      return new CCID() { @@ -488,6 +461,32 @@ public class SWCard implements SignatureCard {        public void setDisablePinpad(boolean disable) {          throw new UnsupportedOperationException("Not supported yet.");        } + +      @Override +      public ResponseAPDU verify(CardChannel channel, VerifyAPDUSpec apduSpec, +          PINSpec pinSpec, PINProvider provider, int retries) +          throws CancelledException, InterruptedException, CardException, +          SignatureCardException { +        throw new UnsupportedOperationException("Not supported yet."); +      } + +      @Override +      public ResponseAPDU activate(CardChannel channel, +          NewReferenceDataAPDUSpec apduSpec, PINSpec pinSpec, +          PINProvider provider) throws CancelledException, +          InterruptedException, CardException, SignatureCardException { +        // TODO Auto-generated method stub +        return null; +      } + +      @Override +      public ResponseAPDU modify(CardChannel channel, +          ChangeReferenceDataAPDUSpec apduSpec, PINSpec pinSpec, +          ChangePINProvider provider, int retries) throws CancelledException, +          InterruptedException, CardException, SignatureCardException { +        // TODO Auto-generated method stub +        return null; +      }      };    }  } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java index c06074f2..1a163783 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -1,35 +1,23 @@ -//Copyright (C) 2002 IAIK -//http://jce.iaik.at -// -//Copyright (C) 2003 Stiftung Secure Information and  -//                 Communication Technologies SIC -//http://www.sic.st -// -//All rights reserved. -// -//This source is provided for inspection purposes and recompilation only, -//unless specified differently in a contract with IAIK. This source has to -//be kept in strict confidence and must not be disclosed to any third party -//under any circumstances. Redistribution in source and binary forms, with -//or without modification, are <not> permitted in any case! -// -//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. -// -// +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +  package at.gv.egiz.smcc;  import at.gv.egiz.smcc.ccid.CCID; -import java.util.List;  import java.util.Locale;  import javax.smartcardio.Card; @@ -76,6 +64,11 @@ public interface SignatureCard {        return keyboxName_;      } +    @Override +    public String toString() { +      return keyboxName_; +    } +    }    public void init(Card card, CardTerminal cardTerminal); @@ -118,24 +111,6 @@ public interface SignatureCard {    public byte[] createSignature(byte[] hash, KeyboxName keyboxName,        PINProvider provider) throws SignatureCardException, InterruptedException; -  /** -   * Get the KIDs for all available PINs and the corresponding PINSpecs -   * @return array of KIDs -   */ -  public List<PINSpec> getPINSpecs(); - -  public void verifyPIN(PINSpec pinSpec, PINProvider pinProvider) -          throws LockedException, NotActivatedException, CancelledException, SignatureCardException, InterruptedException; - -  public void changePIN(PINSpec pinSpec, ChangePINProvider pinProvider) -          throws LockedException, NotActivatedException, CancelledException, PINFormatException, SignatureCardException, InterruptedException; - -  public void activatePIN(PINSpec pinSpec, PINProvider pinProvider) -          throws CancelledException, SignatureCardException, InterruptedException; - -  public void unblockPIN(PINSpec pinSpec, PINProvider pukProvider) -          throws CancelledException, SignatureCardException, InterruptedException; -    public CCID getReader();    /** diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java index f296f3a2..48b4646a 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java @@ -1,31 +1,20 @@ -//Copyright (C) 2002 IAIK -//http://jce.iaik.at -// -//Copyright (C) 2003 Stiftung Secure Information and  -//                 Communication Technologies SIC -//http://www.sic.st -// -//All rights reserved. -// -//This source is provided for inspection purposes and recompilation only, -//unless specified differently in a contract with IAIK. This source has to -//be kept in strict confidence and must not be disclosed to any third party -//under any circumstances. Redistribution in source and binary forms, with -//or without modification, are <not> permitted in any case! -// -//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. -// -// +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +  package at.gv.egiz.smcc;  public class SignatureCardException extends Exception { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java index 5146c275..f46f8657 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java @@ -1,31 +1,20 @@ -//Copyright (C) 2002 IAIK -//http://jce.iaik.at -// -//Copyright (C) 2003 Stiftung Secure Information and  -//                 Communication Technologies SIC -//http://www.sic.st -// -//All rights reserved. -// -//This source is provided for inspection purposes and recompilation only, -//unless specified differently in a contract with IAIK. This source has to -//be kept in strict confidence and must not be disclosed to any third party -//under any circumstances. Redistribution in source and binary forms, with -//or without modification, are <not> permitted in any case! -// -//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -//ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -//SUCH DAMAGE. -// -// +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +  package at.gv.egiz.smcc;  import java.util.ArrayList; @@ -233,7 +222,11 @@ public class SignatureCardFactory {          try {            Class<?> scClass = cl.loadClass(supportedCard.getImplementationClassName());            sc = (SignatureCard) scClass.newInstance(); +           +          sc = ExclSignatureCardProxy.newInstance(sc); +                      sc.init(card, cardTerminal); +            return sc;          } catch (ClassNotFoundException e) { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/VerifyAPDUSpec.java b/smcc/src/main/java/at/gv/egiz/smcc/VerifyAPDUSpec.java new file mode 100644 index 00000000..23c1f0fd --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/VerifyAPDUSpec.java @@ -0,0 +1,200 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class VerifyAPDUSpec { +   +  public static final int PIN_JUSTIFICATION_LEFT = 0; +   +  public static final int PIN_JUSTIFICATION_RIGHT = 1; +   +  public static final int PIN_FORMAT_BINARY = 0; +   +  public static final int PIN_FORMAT_BCD = 1; +   +  public static final int PIN_FORMAT_ASCII = 2;  +   +  /** +   * The APDU template. +   */ +  protected byte[] apdu; +   +  /** +   * The PIN position in bytes. +   */ +  protected int pinPosition; +   +  /** +   * The PIN justification (either {@link #PIN_JUSTIFICATION_LEFT} or +   * {@link #PIN_JUSTIFICATION_RIGHT}). +   */ +  protected int pinJustification = PIN_JUSTIFICATION_LEFT; + +  /** +   * The PIN encoding format (one of {@value #PIN_FORMAT_BCD}, +   * {@link #PIN_FORMAT_ASCII}). +   */ +  protected int pinFormat; + +  /** +   * The size of the PIN length in bits or 0 for no PIN length. (Default: 0) +   */ +  protected int pinLengthSize = 0; +   +  /** +   * The PIN length in the template in bytes. +   */ +  protected int pinLength; +   +  /** +   * The PIN length position in the template in bits or 0 for no PIN length. +   * (Default: 0) +   */ +  protected int pinLengthPos = 0; + +  /** +   * @param apdu +   * @param pinPosition +   * @param pinFormat +   * @param pinLength TODO +   */ +  public VerifyAPDUSpec(byte[] apdu, int pinPosition, int pinFormat, int pinLength) { +    super(); +    this.apdu = apdu; +    this.pinPosition = pinPosition; +    this.pinFormat = pinFormat; +    this.pinLength = pinLength; +  } + +  /** +   * @param apdu +   * @param pinPosition +   * @param pinFormat +   * @param pinLength +   * @param pinLengthSize +   * @param pinLengthPos +   */ +  public VerifyAPDUSpec(byte[] apdu, int pinPosition, int pinFormat, +      int pinLength, int pinLengthSize, int pinLengthPos) { +    super(); +    this.apdu = apdu; +    this.pinPosition = pinPosition; +    this.pinFormat = pinFormat; +    this.pinLength = pinLength; +    this.pinLengthSize = pinLengthSize; +    this.pinLengthPos = pinLengthPos; +  } + +  /** +   * @return the apdu +   */ +  public byte[] getApdu() { +    return apdu; +  } + +  /** +   * @param apdu the apdu to set +   */ +  public void setApdu(byte[] apdu) { +    this.apdu = apdu; +  } + +  /** +   * @return the pinPosition +   */ +  public int getPinPosition() { +    return pinPosition; +  } + +  /** +   * @param pinPosition the pinPosition to set +   */ +  public void setPinPosition(int pinPosition) { +    this.pinPosition = pinPosition; +  } + +  /** +   * @return the pinJustification +   */ +  public int getPinJustification() { +    return pinJustification; +  } + +  /** +   * @param pinJustification the pinJustification to set +   */ +  public void setPinJustification(int pinJustification) { +    this.pinJustification = pinJustification; +  } + +  /** +   * @return the pinFormat +   */ +  public int getPinFormat() { +    return pinFormat; +  } + +  /** +   * @param pinFormat the pinFormat to set +   */ +  public void setPinFormat(int pinFormat) { +    this.pinFormat = pinFormat; +  } + +  /** +   * @return the pinLengthSize +   */ +  public int getPinLengthSize() { +    return pinLengthSize; +  } + +  /** +   * @param pinLengthSize the pinLengthSize to set +   */ +  public void setPinLengthSize(int pinLengthSize) { +    this.pinLengthSize = pinLengthSize; +  } + +  /** +   * @return the pinLength +   */ +  public int getPinLength() { +    return pinLength; +  } + +  /** +   * @param pinLength the pinLength to set +   */ +  public void setPinLength(int pinLength) { +    this.pinLength = pinLength; +  } + +  /** +   * @return the pinLengthPos +   */ +  public int getPinLengthPos() { +    return pinLengthPos; +  } + +  /** +   * @param pinLengthPos the pinLengthPos to set +   */ +  public void setPinLengthPos(int pinLengthPos) { +    this.pinLengthPos = pinLengthPos; +  } +   +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ccid/CCID.java b/smcc/src/main/java/at/gv/egiz/smcc/ccid/CCID.java index 2972f3b8..d73ff0e9 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ccid/CCID.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ccid/CCID.java @@ -16,9 +16,20 @@   */  package at.gv.egiz.smcc.ccid; -import at.gv.egiz.smcc.*;  import javax.smartcardio.Card; +import javax.smartcardio.CardChannel;  import javax.smartcardio.CardException; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CancelledException; +import at.gv.egiz.smcc.ChangePINProvider; +import at.gv.egiz.smcc.ChangeReferenceDataAPDUSpec; +import at.gv.egiz.smcc.NewReferenceDataAPDUSpec; +import at.gv.egiz.smcc.PINOperationAbortedException; +import at.gv.egiz.smcc.PINProvider; +import at.gv.egiz.smcc.PINSpec; +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.VerifyAPDUSpec;  /**   * @@ -66,6 +77,16 @@ public interface CCID {    boolean hasFeature(Byte feature); +  ResponseAPDU verify(CardChannel channel, VerifyAPDUSpec apduSpec, +      PINSpec pinSpec, PINProvider provider, int retries) +      throws CancelledException, InterruptedException, CardException, +      SignatureCardException; + +  ResponseAPDU modify(CardChannel channel, +      ChangeReferenceDataAPDUSpec apduSpec, PINSpec pinSpec, +      ChangePINProvider provider, int retries) throws CancelledException, +      InterruptedException, CardException, SignatureCardException; +      /**     * not supported by OMNIKEY CardMan 3621 with ACOS card     * @param PIN_VERIFY @@ -107,4 +128,9 @@ public interface CCID {    byte getwPINMaxExtraDigitL();    byte getwPINMaxExtraDigitH();    byte getbEntryValidationCondition(); + +  ResponseAPDU activate(CardChannel channel, NewReferenceDataAPDUSpec apduSpec, +      PINSpec pinSpec, PINProvider provider) +      throws CancelledException, InterruptedException, CardException, +      SignatureCardException;  } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ccid/DefaultReader.java b/smcc/src/main/java/at/gv/egiz/smcc/ccid/DefaultReader.java index 580b9379..682390e3 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ccid/DefaultReader.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ccid/DefaultReader.java @@ -16,16 +16,34 @@   */  package at.gv.egiz.smcc.ccid; -import at.gv.egiz.smcc.*; -import at.gv.egiz.smcc.util.SMCCHelper; +import java.io.ByteArrayOutputStream; +import java.io.IOException;  import java.util.HashMap;  import java.util.Map; +  import javax.smartcardio.Card; +import javax.smartcardio.CardChannel;  import javax.smartcardio.CardException;  import javax.smartcardio.CardTerminal; +import javax.smartcardio.ResponseAPDU; +  import org.apache.commons.logging.Log;  import org.apache.commons.logging.LogFactory; +import at.gv.egiz.smcc.CancelledException; +import at.gv.egiz.smcc.ChangePINProvider; +import at.gv.egiz.smcc.ChangeReferenceDataAPDUSpec; +import at.gv.egiz.smcc.NewReferenceDataAPDUSpec; +import at.gv.egiz.smcc.PINFormatException; +import at.gv.egiz.smcc.PINOperationAbortedException; +import at.gv.egiz.smcc.PINProvider; +import at.gv.egiz.smcc.PINSpec; +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.TimeoutException; +import at.gv.egiz.smcc.VerifyAPDUSpec; +import at.gv.egiz.smcc.util.ISO7816Utils; +import at.gv.egiz.smcc.util.SMCCHelper; +  /**   *   * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> @@ -415,4 +433,339 @@ public class DefaultReader implements CCID {      }      return resp;    } +   +   +   +  protected byte[] createPINModifyStructure(NewReferenceDataAPDUSpec apduSpec, PINSpec pinSpec) { +     +    ByteArrayOutputStream s = new ByteArrayOutputStream(); +    // bTimeOut +    s.write(getbTimeOut()); +    // bTimeOut2 +    s.write(getbTimeOut2()); +    // bmFormatString +    s.write(1 << 7 // system unit = byte +        | (0xF & apduSpec.getPinPosition()) << 3 +        | (0x1 & apduSpec.getPinJustification() << 2) +        | (0x3 & apduSpec.getPinFormat())); +    // bmPINBlockString +    s.write((0xF & apduSpec.getPinLengthSize()) << 4 +        | (0xF & apduSpec.getPinLength())); +    // bmPINLengthFormat +    s.write(// system unit = bit +        (0xF & apduSpec.getPinLengthPos())); +    // bInsertionOffsetOld +    s.write(0x00); +    // bInsertionOffsetNew +    s.write(apduSpec.getPinInsertionOffsetNew()); +    // wPINMaxExtraDigit +    s.write(Math.min(pinSpec.getMaxLength(), getwPINMaxExtraDigitL())); +    s.write(Math.max(pinSpec.getMinLength(), getwPINMaxExtraDigitH())); +    // bConfirmPIN +    s.write(0x01); +    // bEntryValidationCondition +    s.write(getbEntryValidationCondition()); +    // bNumberMessage +    s.write(0x02); +    // wLangId +    s.write(0x0C); +    s.write(0x04); +    // bMsgIndex1 +    s.write(0x01); +    // bMsgIndex2 +    s.write(0x02); +    // bMsgIndex3 +    s.write(0x00); +     +    // bTeoPrologue +    s.write(0x00); +    s.write(0x00); +    s.write(0x00); +    // ulDataLength +    s.write(apduSpec.getApdu().length); +    s.write(0x00); +    s.write(0x00); +    s.write(0x00); +    // abData +    try { +      s.write(apduSpec.getApdu()); +    } catch (IOException e) { +      // As we are dealing with ByteArrayOutputStreams no exception is to be +      // expected. +      throw new RuntimeException(e); +    } +     +    return s.toByteArray(); + +  } +   +  protected byte[] createPINModifyStructure(ChangeReferenceDataAPDUSpec apduSpec, PINSpec pinSpec) { +     +    ByteArrayOutputStream s = new ByteArrayOutputStream(); +    // bTimeOut +    s.write(getbTimeOut()); +    // bTimeOut2 +    s.write(getbTimeOut2()); +    // bmFormatString +    s.write(1 << 7 // system unit = byte +        | (0xF & apduSpec.getPinPosition()) << 3 +        | (0x1 & apduSpec.getPinJustification() << 2) +        | (0x3 & apduSpec.getPinFormat())); +    // bmPINBlockString +    s.write((0xF & apduSpec.getPinLengthSize()) << 4 +        | (0xF & apduSpec.getPinLength())); +    // bmPINLengthFormat +    s.write(// system unit = bit +        (0xF & apduSpec.getPinLengthPos())); +    // bInsertionOffsetOld +    s.write(apduSpec.getPinInsertionOffsetOld()); +    // bInsertionOffsetNew +    s.write(apduSpec.getPinInsertionOffsetNew()); +    // wPINMaxExtraDigit +    s.write(Math.min(pinSpec.getMaxLength(), getwPINMaxExtraDigitL())); +    s.write(Math.max(pinSpec.getMinLength(), getwPINMaxExtraDigitH())); +    // bConfirmPIN +    s.write(0x03); +    // bEntryValidationCondition +    s.write(getbEntryValidationCondition()); +    // bNumberMessage +    s.write(0x03); +    // wLangId +    s.write(0x0C); +    s.write(0x04); +    // bMsgIndex1 +    s.write(0x00); +    // bMsgIndex2 +    s.write(0x01); +    // bMsgIndex3 +    s.write(0x02); +     +    // bTeoPrologue +    s.write(0x00); +    s.write(0x00); +    s.write(0x00); +    // ulDataLength +    s.write(apduSpec.getApdu().length); +    s.write(0x00); +    s.write(0x00); +    s.write(0x00); +    // abData +    try { +      s.write(apduSpec.getApdu()); +    } catch (IOException e) { +      // As we are dealing with ByteArrayOutputStreams no exception is to be +      // expected. +      throw new RuntimeException(e); +    } +     +    return s.toByteArray(); + +  } +   +  protected byte[] createPINVerifyStructure(VerifyAPDUSpec apduSpec, PINSpec pinSpec) { +     +    ByteArrayOutputStream s = new ByteArrayOutputStream(); +    // bTimeOut +    s.write(getbTimeOut()); +    // bTimeOut2 +    s.write(getbTimeOut2()); +    // bmFormatString +    s.write(1 << 7 // system unit = byte +        | (0xF & apduSpec.getPinPosition()) << 3 +        | (0x1 & apduSpec.getPinJustification() << 2) +        | (0x3 & apduSpec.getPinFormat())); +    // bmPINBlockString +    s.write((0xF & apduSpec.getPinLengthSize()) << 4 +        | (0xF & apduSpec.getPinLength())); +    // bmPINLengthFormat +    s.write(// system unit = bit +        (0xF & apduSpec.getPinLengthPos())); +    // wPINMaxExtraDigit +    s.write(Math.min(pinSpec.getMaxLength(), getwPINMaxExtraDigitL())); // max PIN length +    s.write(Math.max(pinSpec.getMinLength(), getwPINMaxExtraDigitH())); // min PIN length +    // bEntryValidationCondition +    s.write(getbEntryValidationCondition()); +    // bNumberMessage +    s.write(0xFF); +    // wLangId +    s.write(0x0C); +    s.write(0x04); +    // bMsgIndex +    s.write(0x00); +    // bTeoPrologue +    s.write(0x00); +    s.write(0x00); +    s.write(0x00); +    // ulDataLength +    s.write(apduSpec.getApdu().length); +    s.write(0x00); +    s.write(0x00); +    s.write(0x00); +    // abData +    try { +      s.write(apduSpec.getApdu()); +    } catch (IOException e) { +      // As we are dealing with ByteArrayOutputStreams no exception is to be +      // expected. +      throw new RuntimeException(e); +    } +     +    return s.toByteArray(); +     +  } +   +  @Override +  public ResponseAPDU verify(CardChannel channel, VerifyAPDUSpec apduSpec, +      PINSpec pinSpec, PINProvider provider, int retries) +      throws CancelledException, InterruptedException, CardException, +      SignatureCardException { +     +    char[] pin = provider.providePIN(pinSpec, retries); + +    ResponseAPDU resp = null; +    if (!disablePinpad && hasFeature(FEATURE_MODIFY_PIN_DIRECT)) { +      log.debug("VERIFY using " + FEATURES[FEATURE_VERIFY_PIN_DIRECT] + "."); +      byte[] s = createPINVerifyStructure(apduSpec, pinSpec); +      resp = new ResponseAPDU(verifyPinDirect(s)); +    } else if (!disablePinpad && hasFeature(FEATURE_VERIFY_PIN_START)) { +      log.debug("VERIFY using " + FEATURES[FEATURE_MODIFY_PIN_START] + "."); +      byte[] s = createPINVerifyStructure(apduSpec, pinSpec); +      resp = new ResponseAPDU(verifyPin(s)); +    } +       +    if (resp != null) { +       +      switch (resp.getSW()) { + +      case 0x6400: +        log.debug("SPE operation timed out."); +        throw new TimeoutException(); +      case 0x6401: +        log.debug("SPE operation was cancelled by the 'Cancel' button."); +        throw new CancelledException(); +      case 0x6103: +        log.debug("User entered too short or too long PIN " +            + "regarding MIN/MAX PIN length."); +        throw new PINFormatException(); +      case 0x6480: +        log.debug("SPE operation was aborted by the 'Cancel' operation " +            + "at the host system."); +      case 0x6b80: +        log.info("Invalid parameter in passed structure."); + +      default: +        return resp; +      } +       +    } else { +      log.debug("VERIFY using software pin entry."); +      return channel.transmit(ISO7816Utils.createVerifyAPDU(apduSpec, pin)); +    }     +     +  } + +  @Override +  public ResponseAPDU modify(CardChannel channel, +      ChangeReferenceDataAPDUSpec apduSpec, PINSpec pinSpec, +      ChangePINProvider provider, int retries) throws CancelledException, +      InterruptedException, CardException, SignatureCardException { +     +    char[] oldPin = provider.provideOldPIN(pinSpec, retries); +    char[] newPin = provider.providePIN(pinSpec, retries); +     +    ResponseAPDU resp = null; +    if (!disablePinpad && hasFeature(FEATURE_MODIFY_PIN_DIRECT)) { +      log.debug("MODIFY using " + FEATURES[FEATURE_MODIFY_PIN_DIRECT] + "."); +      byte[] s = createPINModifyStructure(apduSpec, pinSpec); +      resp = new ResponseAPDU(modifyPinDirect(s)); +    } else if (!disablePinpad && hasFeature(FEATURE_MODIFY_PIN_START)) { +      log.debug("MODIFY using " + FEATURES[FEATURE_MODIFY_PIN_START] + "."); +      byte[] s = createPINModifyStructure(apduSpec, pinSpec); +      resp = new ResponseAPDU(modifyPin(s)); +    } +     +    if (resp != null) { +       +      switch (resp.getSW()) { + +      case 0x6400: +        log.debug("SPE operation timed out."); +        throw new TimeoutException(); +      case 0x6401: +        log.debug("SPE operation was cancelled by the 'Cancel' button."); +        throw new CancelledException(); +      case 0x6103: +        log.debug("User entered too short or too long PIN " +            + "regarding MIN/MAX PIN length."); +        throw new PINFormatException(); +      case 0x6480: +        log.debug("SPE operation was aborted by the 'Cancel' operation " +            + "at the host system."); +      case 0x6b80: +        log.info("Invalid parameter in passed structure."); + +      default: +        return resp; +      } +       +    } else { +      log.debug("MODIFY using software pin entry."); +      return channel.transmit(ISO7816Utils.createChangeReferenceDataAPDU(apduSpec, oldPin, newPin)); +    } +     +  } +   +  @Override +  public ResponseAPDU activate(CardChannel channel, +      NewReferenceDataAPDUSpec apduSpec, PINSpec pinSpec, +      PINProvider provider) throws CancelledException, +      InterruptedException, CardException, SignatureCardException { +     +    char[] newPin = provider.providePIN(pinSpec, -1); +     +    ResponseAPDU resp = null; +    if (!disablePinpad && hasFeature(FEATURE_MODIFY_PIN_DIRECT)) { +      log.debug("MODIFY using " + FEATURES[FEATURE_MODIFY_PIN_DIRECT] + "."); +      byte[] s = createPINModifyStructure(apduSpec, pinSpec); +      resp = new ResponseAPDU(modifyPinDirect(s)); +    } else if (!disablePinpad && hasFeature(FEATURE_MODIFY_PIN_START)) { +      log.debug("MODIFY using " + FEATURES[FEATURE_MODIFY_PIN_START] + "."); +      byte[] s = createPINModifyStructure(apduSpec, pinSpec); +      resp = new ResponseAPDU(modifyPin(s)); +    } +     +    if (resp != null) { +       +      switch (resp.getSW()) { + +      case 0x6400: +        log.debug("SPE operation timed out."); +        throw new TimeoutException(); +      case 0x6401: +        log.debug("SPE operation was cancelled by the 'Cancel' button."); +        throw new CancelledException(); +      case 0x6103: +        log.debug("User entered too short or too long PIN " +            + "regarding MIN/MAX PIN length."); +        throw new PINFormatException(); +      case 0x6480: +        log.debug("SPE operation was aborted by the 'Cancel' operation " +            + "at the host system."); +      case 0x6b80: +        log.info("Invalid parameter in passed structure."); + +      default: +        return resp; +      } +       +    } else { +      log.debug("MODIFY using software pin entry."); +      return channel.transmit(ISO7816Utils.createNewReferenceDataAPDU(apduSpec, newPin)); +    } +     +  } +   +   + +    } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/conf/SMCCConfiguration.java b/smcc/src/main/java/at/gv/egiz/smcc/conf/SMCCConfiguration.java index 8ea49ca6..696709bd 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/conf/SMCCConfiguration.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/conf/SMCCConfiguration.java @@ -25,6 +25,8 @@ import java.util.Properties;   */  public class SMCCConfiguration extends Properties { +  private static final long serialVersionUID = 1L; +    public static final String DISABLE_PINPAD_P = "disable.pinpad";    public void setDisablePinpad(String value) { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/ISO7816Utils.java b/smcc/src/main/java/at/gv/egiz/smcc/util/ISO7816Utils.java new file mode 100644 index 00000000..c5c7cbc9 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/ISO7816Utils.java @@ -0,0 +1,359 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.util; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.nio.CharBuffer; +import java.nio.charset.Charset; + +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.ChangeReferenceDataAPDUSpec; +import at.gv.egiz.smcc.NewReferenceDataAPDUSpec; +import at.gv.egiz.smcc.SecurityStatusNotSatisfiedException; +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.VerifyAPDUSpec; + +public class ISO7816Utils { +   +  public static TransparentFileInputStream openTransparentFileInputStream( +      final CardChannel channel, int maxSize) { +     +    TransparentFileInputStream file = new TransparentFileInputStream(maxSize) { + +      @Override +      protected byte[] readBinary(int offset, int len) throws IOException { + +        ResponseAPDU resp; +        try { +          resp = channel.transmit(new CommandAPDU(0x00, 0xB0, +              0x7F & (offset >> 8), offset & 0xFF, len)); +        } catch (CardException e) { +          throw new IOException(e); +        } + +        Throwable cause; +        if (resp.getSW() == 0x9000) { +          return resp.getData(); +        } else if (resp.getSW() == 0x6982) { +          cause = new SecurityStatusNotSatisfiedException(); +        } else { +          cause = new SignatureCardException("Failed to read bytes (offset=" + offset + ",len=" +              + len + ") SW=" + Integer.toHexString(resp.getSW()) + "."); +        } +        throw new IOException(cause); + +      } +       +    }; + +    return file; +     +  } + +  public static byte[] readTransparentFile(CardChannel channel, int maxSize) +      throws CardException, SignatureCardException { +     +    TransparentFileInputStream is = openTransparentFileInputStream(channel, maxSize); +     +    try { + +      ByteArrayOutputStream os = new ByteArrayOutputStream(); +       +      int len; +      for (byte[] b = new byte[256]; (len = is.read(b)) != -1;) { +        os.write(b, 0, len); +      } +       +      return os.toByteArray(); +       +    } catch (IOException e) { +      Throwable cause = e.getCause(); +      if (cause instanceof CardException) { +        throw (CardException) cause; +      } +      if (cause instanceof SignatureCardException) { +        throw (SignatureCardException) cause; +      } +      throw new SignatureCardException(e); +    } +     +  } +   +  public static byte[] readTransparentFileTLV(CardChannel channel, int maxSize, +      byte expectedType) throws CardException, SignatureCardException { + +    TransparentFileInputStream is = openTransparentFileInputStream(channel, +        maxSize); + +    try { + +      is.mark(256); + +      // check expected type +      int b = is.read(); +      if (b == 0x00) { +        return null; +      } +      if (b == -1 || expectedType != (0xFF & b)) { +        throw new SignatureCardException("Unexpected TLV type. Expected " +            + Integer.toHexString(expectedType) + " but was " +            + Integer.toHexString(b) + "."); +      } + +      // get actual length +      int actualSize = 2; +      b = is.read(); +      if (b == -1) { +        return null; +      } else if ((0x80 & b) > 0) { +        int octets = (0x0F & b); +        actualSize += octets; +        for (int i = 1; i <= octets; i++) { +          b = is.read(); +          if (b == -1) { +            return null; +          } +          actualSize += (0xFF & b) << ((octets - i) * 8); +        } +      } else { +        actualSize += 0xFF & b; +      } + +      // set limit to actual size and read into buffer +      is.reset(); +      is.setLimit(actualSize); +      byte[] buf = new byte[actualSize]; +      if (is.read(buf) == actualSize) { +        return buf; +      } else { +        return null; +      } + +    } catch (IOException e) { +      Throwable cause = e.getCause(); +      if (cause instanceof CardException) { +        throw (CardException) cause; +      } +      if (cause instanceof SignatureCardException) { +        throw (SignatureCardException) cause; +      } +      throw new SignatureCardException(e); +    } + +  } +   +  public static int getLengthFromFCx(byte[] fcx) { +     +    int len = -1; +     +    if (fcx.length != 0 && (fcx[0] == (byte) 0x62 || fcx[0] == (byte) 0x6F)) { +      int pos = 2; +      while (pos < (fcx[1] - 2)) { +        switch (fcx[pos]) { +         +        case (byte) 0x80: { +          len = 0xFF & fcx[pos + 2]; +          for (int i = 1; i < fcx[pos + 1]; i++) { +            len<<=8; +            len+=0xFF & fcx[pos + i + 2]; +          } +        } + +        default: +          pos += 0xFF & fcx[pos + 1] + 2; +        } +      } +    } +     +    return len; +     +  } +   +  public static byte[] readRecord(CardChannel channel, int record) throws CardException, SignatureCardException { +     +    ResponseAPDU resp = channel.transmit( +        new CommandAPDU(0x00, 0xB2, record, 0x04, 256)); +    if (resp.getSW() == 0x9000) { +      return resp.getData(); +    } else { +      throw new SignatureCardException("Failed to read records. SW=" +          + Integer.toHexString(resp.getSW())); +    } +     +  } + +  public static void formatPIN(int pinFormat, int pinJustification, byte[] fpin, byte[] mask, char[] pin) { +     +    boolean left = (pinJustification == VerifyAPDUSpec.PIN_JUSTIFICATION_LEFT); +     +    int j = (left) ? 0 : fpin.length - 1; +    int step = (left) ? 1 : - 1; +    switch (pinFormat) { +      case VerifyAPDUSpec.PIN_FORMAT_BINARY: +        if (fpin.length < pin.length) { +          throw new IllegalArgumentException(); +        } +        for (int i = 0; i < pin.length; i++) { +          fpin[j] = (byte) Character.digit(pin[i], 10); +          mask[j] = (byte) 0xFF; +          j += step; +        } +        break; +       +      case VerifyAPDUSpec.PIN_FORMAT_BCD: +        if (fpin.length * 2 < pin.length) { +          throw new IllegalArgumentException(); +        } +        for (int i = 0; i < pin.length; i++) { +          int digit = Character.digit(pin[i], 10); +          boolean h = (i % 2 == 0) ^ left; +          fpin[j] |= h ? digit : digit << 4 ; +          mask[j] |= h ? (byte) 0x0F : (byte) 0xF0; +          j += (i % 2) * step; +        } +        break; +   +      case VerifyAPDUSpec.PIN_FORMAT_ASCII: +        if (fpin.length < pin.length) { +          throw new IllegalArgumentException(); +        } +        byte[] asciiPin = Charset.forName("ASCII").encode(CharBuffer.wrap(pin)).array(); +        for (int i = 0; i < pin.length; i++) { +          fpin[j] = asciiPin[i]; +          mask[j] = (byte) 0xFF; +          j += step; +        } +        break; +      } +   +  } +   +  public static void insertPIN(byte[] apdu, int pos, byte[] fpin, byte[] mask) { +    for (int i = 0; i < fpin.length; i++) { +      apdu[pos + i] &= ~mask[i]; +      apdu[pos + i] |= fpin[i];  +    } +  } +   +  public static void insertPINLength(byte[] apdu, int length, int lengthSize, int pos, int offset) { +     +    // use short (2 byte) to be able to shift the pin length +    // by the number of bits given by the pin length position +    short size = (short) (0x00FF & length); +    short sMask = (short) ((1 << lengthSize) - 1); +    // shift to the proper position  +    int shift = 16 - lengthSize - (pos % 8); +    offset += (pos / 8) + 5; +    size <<= shift; +    sMask <<= shift; +    // insert upper byte +    apdu[offset] &= (0xFF & (~sMask >> 8)); +    apdu[offset] |= (0xFF & (size >> 8)); +    // insert lower byte +    apdu[offset + 1] &= (0xFF & ~sMask); +    apdu[offset + 1] |= (0xFF & size); +     +  } + +  public static CommandAPDU createVerifyAPDU(VerifyAPDUSpec apduSpec, char[] pin) { + +    // format pin +    byte[] fpin = new byte[apduSpec.getPinLength()]; +    byte[] mask = new byte[apduSpec.getPinLength()]; +    formatPIN(apduSpec.getPinFormat(), apduSpec.getPinJustification(), fpin, mask, pin); + +    byte[] apdu = apduSpec.getApdu(); + +    // insert formated pin +    insertPIN(apdu, apduSpec.getPinPosition() + 5, fpin, mask); + +    // insert pin length +    if (apduSpec.getPinLengthSize() != 0) { +      insertPINLength(apdu, pin.length, apduSpec.getPinLengthSize(), apduSpec.getPinLengthPos(), 0); +    } + +    return new CommandAPDU(apdu); +     +  } + +  public static CommandAPDU createChangeReferenceDataAPDU( +      ChangeReferenceDataAPDUSpec apduSpec, char[] oldPin, char[] newPin) { +     +    // format old pin +    byte[] fpin = new byte[apduSpec.getPinLength()]; +    byte[] mask = new byte[apduSpec.getPinLength()]; +    formatPIN(apduSpec.getPinFormat(), apduSpec.getPinJustification(), fpin, mask, oldPin); + +    byte[] apdu = apduSpec.getApdu(); +     +    // insert formated old pin +    insertPIN(apdu, apduSpec.getPinPosition() + apduSpec.getPinInsertionOffsetOld() + 5, fpin, mask); + +    // insert pin length +    if (apduSpec.getPinLengthSize() != 0) { +      insertPINLength(apdu, oldPin.length, apduSpec.getPinLengthSize(), +          apduSpec.getPinLengthPos(), apduSpec.getPinInsertionOffsetOld()); +    } + +    // format new pin +    fpin = new byte[apduSpec.getPinLength()]; +    mask = new byte[apduSpec.getPinLength()]; +    formatPIN(apduSpec.getPinFormat(), apduSpec.getPinJustification(), fpin, mask, newPin); +     +    // insert formated new pin +    insertPIN(apdu, apduSpec.getPinPosition() + apduSpec.getPinInsertionOffsetNew() + 5, fpin, mask); + +    // insert pin length +    if (apduSpec.getPinLengthSize() != 0) { +      insertPINLength(apdu, newPin.length, apduSpec.getPinLengthSize(), +          apduSpec.getPinLengthPos(), apduSpec.getPinInsertionOffsetNew()); +    } + +    return new CommandAPDU(apdu); +     +  } + +  public static CommandAPDU createNewReferenceDataAPDU( +      NewReferenceDataAPDUSpec apduSpec, char[] newPin) { +     +    // format old pin +    byte[] fpin = new byte[apduSpec.getPinLength()]; +    byte[] mask = new byte[apduSpec.getPinLength()]; +    formatPIN(apduSpec.getPinFormat(), apduSpec.getPinJustification(), fpin, mask, newPin); + +    byte[] apdu = apduSpec.getApdu(); +     +    // insert formated new pin +    insertPIN(apdu, apduSpec.getPinPosition() + apduSpec.getPinInsertionOffsetNew() + 5, fpin, mask); + +    // insert pin length +    if (apduSpec.getPinLengthSize() != 0) { +      insertPINLength(apdu, newPin.length, apduSpec.getPinLengthSize(), +          apduSpec.getPinLengthPos(), apduSpec.getPinInsertionOffsetNew()); +    } + +    return new CommandAPDU(apdu); +     +  } + +   +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/TransparentFileInputStream.java b/smcc/src/main/java/at/gv/egiz/smcc/util/TransparentFileInputStream.java new file mode 100644 index 00000000..781f9137 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/TransparentFileInputStream.java @@ -0,0 +1,194 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.util; + +import java.io.IOException; +import java.io.InputStream; + +public abstract class TransparentFileInputStream extends InputStream { +   +  private final int chunkSize = 256; +   +  private byte[] buf = new byte[chunkSize]; +  private int start = 0; +  private int end = 0; + +  private int offset = 0; +   +  private int length = -1; +   +  private int limit = -1; +   +  private int mark = -1; +   +  private int readlimit = -1;  +   +  public TransparentFileInputStream() { +  } +   +  public TransparentFileInputStream(int length) { +    this.length = length; +  } + +  public void setLimit(int limit) { +    this.limit = limit; +  } + +  private int fill() throws IOException { +    if (start == end && (limit < 0 || offset < limit)) { +        int l; +        if (limit > 0 && limit - offset < chunkSize) { +          l = limit - offset; +        } else if (length > 0) { +          if (length - offset < chunkSize) { +            l = length - offset; +          } else { +            l = chunkSize - 1; +          } +        } else { +          l = chunkSize; +        } +        byte[] b = readBinary(offset, l); +        offset += b.length; +        if (mark < 0) { +          start = 0; +          end = b.length; +          System.arraycopy(b, 0, buf, start, b.length); +        } else { +          if (end - mark + b.length > buf.length) { +            // double buffer size +            byte[] nbuf = new byte[buf.length * 2]; +            System.arraycopy(buf, mark, nbuf, 0, end - mark); +            buf = nbuf; +          } else { +            System.arraycopy(buf, mark, buf, 0, end - mark); +          } +          start = start - mark; +          end = end - mark + b.length; +          mark = 0; +          System.arraycopy(b, 0, buf, start, b.length); +        } +        if (l > b.length) { +          // end of file reached +          setLimit(offset); +        } +    } +    return end - start; +  } +     +  protected abstract byte[] readBinary(int offset, int len) throws IOException; +   +  @Override +  public int read() throws IOException { +    int b = (fill() > 0) ? 0xFF & buf[start++] : -1; +    if (readlimit > 0 && start > readlimit) { +      mark = -1; +      readlimit = -1; +    } +    return b; +  } +   +  @Override +  public int read(byte[] b, int off, int len) throws IOException { +    if (b == null) { +      throw new NullPointerException(); +    } else if (off < 0 || len < 0 || len > b.length - off) { +        throw new IndexOutOfBoundsException(); +    } else if (len == 0) { +        return 0; +    } + +    int count = 0; +    int l; +    while (count < len) { +      if (fill() > 0) { +        l = Math.min(end - start, len - count); +        System.arraycopy(buf, start, b, off, l); +        start += l; +        off += l; +        count += l; +        if (readlimit > 0 && start > readlimit) { +          mark = -1; +          readlimit = -1; +        } +      } else { +        return (count > 0) ? count : -1; +      } +    } + +    return count; + +  } + +  @Override +  public synchronized void mark(int readlimit) { +    this.readlimit = readlimit; +    mark = start; +  } + +  @Override +  public boolean markSupported() { +    return true; +  } + +  @Override +  public synchronized void reset() throws IOException { +    if (mark < 0) { +      throw new IOException(); +    } else { +      start = mark; +    } +  } + +  @Override +  public long skip(long n) throws IOException { + +    if (n <= 0) { +      return 0; +    } +     +    if (n <= end - start) { +      start += n; +      return n; +    } else { +       +      mark = -1; +       +      long remaining = n - (end - start); +      start = end; +       +      if (limit >= 0 && limit < offset + remaining) { +        remaining -= limit - offset; +        offset = limit; +        return n - remaining; +      } +       +      if (length >= 0 && length < offset + remaining) { +        remaining -= length - offset; +        offset = length; +        return n - remaining;  +      } +       +      offset += remaining; +       +      return n; +       +    } +     +  } +   +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/ACOSCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/ACOSCardTest.java deleted file mode 100644 index 5839d14a..00000000 --- a/smcc/src/test/java/at/gv/egiz/smcc/ACOSCardTest.java +++ /dev/null @@ -1,135 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - -package at.gv.egiz.smcc; - -import at.gv.egiz.smcc.SignatureCard.KeyboxName; -import at.gv.egiz.smcc.util.SMCCHelper; -import java.util.List; -import java.util.Locale; -import javax.smartcardio.ResponseAPDU; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; -import static org.junit.Assert.*; - -/** - * - * @author clemens - */ -@Ignore -public class ACOSCardTest { - -  static ACOSCard card; -  static PINSpec infPin, decPin, sigPin; - -    public ACOSCardTest() { -    } - -  @BeforeClass -  public static void setUpClass() throws Exception { -    SMCCHelper smccHelper = new SMCCHelper(); -      switch (smccHelper.getResultCode()) { -        case SMCCHelper.CARD_FOUND: -          SignatureCard sigCard = smccHelper.getSignatureCard(Locale.GERMAN); -          if (sigCard instanceof ACOSCard) { -            System.out.println("ACOS card found"); -            card = (ACOSCard) sigCard; -            List<PINSpec> pinSpecs = card.getPINSpecs(); -            infPin = pinSpecs.get(ACOSCard.PINSPEC_INF); -            decPin = pinSpecs.get(ACOSCard.PINSPEC_DEC); -            sigPin = pinSpecs.get(ACOSCard.PINSPEC_SIG); -          } else { -            throw new Exception("not STARCOS card: " + sigCard.toString()); -          } -          break; -        default: -          throw new Exception("no card found"); -      } -  } - -  @AfterClass -  public static void tearDownClass() throws Exception { -  } - -    @Before -    public void setUp() { -    } - -    @After -    public void tearDown() { -    } - - - -  /** -   * Test of verifyPIN method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testVerifyPIN_pinpad() throws Exception { -    System.out.println("verifyPIN (pinpad)"); -    assertNotNull(card); - -    card.verifyPIN(decPin, new PINProvider() { - -      @Override -      public char[] providePIN(PINSpec spec, int retries) { -        return null; -      } -    }); -  } - -  /** -   * Test of verifyPIN method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testVerifyPIN_internal() throws Exception { -    System.out.println("verifyPIN (internal)"); -    assertNotNull(card); - -    card.reset(); - -    card.getCard().beginExclusive(); - -    // 0x6700 without sending an APDU prior to send CtrlCmd -    System.out.println("WARNING: this command will fail if no card " + -            "communication took place prior to sending the CtrlCommand"); -    int retries = card.verifyPIN(decPin.getKID(), null); //"1397".toCharArray()); - -    System.out.println("VERIFY PIN returned " + retries); -    card.getCard().endExclusive(); -  } - -  /** -   * Test of changePIN method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testChangePIN() throws Exception { -    System.out.println("changePIN"); -    assertNotNull(card); - -    card.reset(); -    int retries = card.changePIN(decPin.getKID(), null, null); - -    System.out.println("CHANGE PIN returned " + retries); -  } - -  /** -   * Test of reset method, of class STARCOSCard. -   */ -  @Test -  public void testReset() throws Exception { -    System.out.println("reset"); -    assertNotNull(card); -    card.reset(); -  } - -}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/AbstractAppl.java b/smcc/src/test/java/at/gv/egiz/smcc/AbstractAppl.java new file mode 100644 index 00000000..137de509 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/AbstractAppl.java @@ -0,0 +1,56 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + + +public abstract class AbstractAppl implements CardAppl { +   +  public final HashMap<Integer, PIN> pins = new HashMap<Integer, PIN>(); + +  protected List<File> files = new ArrayList<File>(); + +  public void checkINS(CommandAPDU command, int ins) { +    if (command.getINS() != ins) { +      throw new IllegalArgumentException("INS has to be 0x" + Integer.toHexString(ins) + "."); +    } +  } + +  @Override +  public abstract byte[] getAID(); + +  @Override +  public abstract byte[] getFCI(); +   +  public void putFile(File file) { +    files.add(file); +  } + +  public List<File> getFiles() { +    return files; +  } + +  public abstract void setPin(int kid, char[] value); +   +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/CardAppl.java b/smcc/src/test/java/at/gv/egiz/smcc/CardAppl.java new file mode 100644 index 00000000..76a3e567 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/CardAppl.java @@ -0,0 +1,43 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + + +@SuppressWarnings("restriction") +public interface CardAppl { +   +  public byte[] getAID(); +   +  public byte[] getFID(); +   +  public byte[] getFCI(); +   +  public void leaveApplContext(); + +  public ResponseAPDU cmdMANAGE_SECURITY_ENVIRONMENT(CommandAPDU command, CardChannelEmul channel) throws CardException; + +  public ResponseAPDU cmdPERFORM_SECURITY_OPERATION(CommandAPDU command, CardChannelEmul channel) throws CardException; + +  public ResponseAPDU cmdINTERNAL_AUTHENTICATE(CommandAPDU command, CardChannelEmul channel) throws CardException; + +  public void setPin(int kid, char[] value); + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/CardChannelEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/CardChannelEmul.java new file mode 100644 index 00000000..bfe4e31c --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/CardChannelEmul.java @@ -0,0 +1,52 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.nio.ByteBuffer; + +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; + +@SuppressWarnings("restriction") +public abstract class CardChannelEmul extends CardChannel { + +  protected AbstractAppl currentAppl = null; +  protected File currentFile = null; + +  public CardChannelEmul() { +    super(); +  } + +  @Override +  public int getChannelNumber() { +    return 0; +  } + +  @Override +  public void close() throws CardException { +    throw new IllegalStateException("Basic logical channel cannot be closed."); +  } + +  @Override +  public int transmit(ByteBuffer command, ByteBuffer response) throws CardException { +    byte[] responseBytes = transmit(new CommandAPDU(command)).getBytes(); +    response.put(responseBytes); +    return responseBytes.length; +  } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/CardEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/CardEmul.java new file mode 100644 index 00000000..6017bcce --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/CardEmul.java @@ -0,0 +1,106 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import javax.smartcardio.Card; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; + + +@SuppressWarnings("restriction") +public abstract class CardEmul extends Card { + +  protected Thread exclThread = null; +  protected CardChannel channel = newCardChannel(this); +  protected List<AbstractAppl> applications = new ArrayList<AbstractAppl>(); + +  public CardEmul() { +    super(); +  } + +  protected abstract CardChannelEmul newCardChannel(CardEmul cardEmul); + +  @Override +  public void beginExclusive() throws CardException { +     +    if (exclThread == Thread.currentThread()) { +      throw new CardException("Exclusive access already assigned to current thread."); +    } else if (exclThread != null) { +      throw new CardException("Exclusive access already assigned to another thread."); +    } +   +    exclThread = Thread.currentThread(); +     +  } + +  @Override +  public void endExclusive() throws CardException { +     +    if (exclThread == Thread.currentThread()) { +      exclThread = null; +    } else if (exclThread == null) { +      throw new CardException("Exclusive access has not been assigned."); +    } else { +      throw new CardException("Exclusive access has not been assigned to current thread."); +    } +   +  } + +  @Override +  public CardChannel getBasicChannel() { +    return channel; +  } + +  @Override +  public void disconnect(boolean reset) throws CardException { +    if (reset) { +      channel = newCardChannel(this); +    } +  } + +  @Override +  public CardChannel openLogicalChannel() throws CardException { +    throw new CardException("Logical channels not supported."); +  } + +  @Override +  public String getProtocol() { +    return "T1"; +  } + +  @Override +  public byte[] transmitControlCommand(int arg0, byte[] arg1) +      throws CardException { +            throw new CardException("transmitControlCommand() not supported."); +      } + +  public AbstractAppl getApplication(byte[] fid) { +     +    for(AbstractAppl appl : applications) { +      if (Arrays.equals(appl.getAID(), fid) || Arrays.equals(appl.getFID(), fid)) { +        return appl; +      } +    } +    return null; +     +  } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/CardTerminalEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/CardTerminalEmul.java new file mode 100644 index 00000000..b13de62f --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/CardTerminalEmul.java @@ -0,0 +1,64 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import javax.smartcardio.Card; +import javax.smartcardio.CardException; +import javax.smartcardio.CardTerminal; + +public class CardTerminalEmul extends CardTerminal { +   +  private Card card; +   +  public CardTerminalEmul(Card card) { +    this.card = card; +  } + +  @Override +  public Card connect(String protocol) throws CardException { +    if ("*".equals(protocol) || "T=1".equals(protocol)) { +      return card; +    } else { +      throw new CardException("Protocol '" + protocol + "' not supported."); +    } +  } + +  @Override +  public String getName() { +    return "CardTerminal Emulation"; +  } + +  @Override +  public boolean isCardPresent() throws CardException { +    return true; +  } + +  @Override +  public boolean waitForCardAbsent(long timeout) throws CardException { +    try { +      Thread.sleep(timeout); +    } catch (InterruptedException e) { +    } +    return false; +  } + +  @Override +  public boolean waitForCardPresent(long timeout) throws CardException { +    return true; +  } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/CardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/CardTest.java new file mode 100644 index 00000000..298e26a5 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/CardTest.java @@ -0,0 +1,298 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import static org.junit.Assert.*; + +import java.io.UnsupportedEncodingException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; +import java.util.List; + +import javax.smartcardio.Card; + +import org.junit.Test; + +import at.gv.egiz.smcc.SignatureCard.KeyboxName; +import at.gv.egiz.smcc.acos.A04ApplDEC; + +@SuppressWarnings("restriction") +public abstract class CardTest { + +  public class TestPINProvider implements PINProvider { +     +    int provided = 0; +   +    char[] pin; +   +    public TestPINProvider(char[] pin) { +      super(); +      this.pin = pin; +    } +   +    @Override +    public char[] providePIN(PINSpec spec, int retries) +        throws CancelledException, InterruptedException { +      provided++; +      return pin; +    } + +    public int getProvided() { +      return provided; +    } +   +  } + +  public class TestChangePINProvider extends TestPINProvider implements +      ChangePINProvider { +   +    char[] oldPin; +   +    public TestChangePINProvider(char[] oldPin, char[] pin) { +      super(pin); +      this.oldPin = oldPin; +    } +   +    @Override +    public char[] provideOldPIN(PINSpec spec, int retries) +        throws CancelledException, InterruptedException { +      return oldPin; +    } +   +  } + +  public CardTest() { +    super(); +  } + +  protected abstract SignatureCard createSignatureCard() +      throws CardNotSupportedException; + +  @Test +  public void testGetCard() throws CardNotSupportedException { +    SignatureCard signatureCard = createSignatureCard(); +    Card card = signatureCard.getCard(); +    assertNotNull(card); +  } + +  @Test +  public void testGetInfoboxIdentityLink() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    final char[] pin = "0000".toCharArray(); +     +    SignatureCard signatureCard = createSignatureCard(); +     +    TestPINProvider pinProvider = new TestPINProvider(pin); + +    byte[] idlink = signatureCard.getInfobox("IdentityLink", +        pinProvider, null); +    assertNotNull(idlink); +    assertTrue(Arrays.equals(idlink, A04ApplDEC.IDLINK)); +    assertEquals(1, pinProvider.provided); + +  } + +  @Test(expected = CancelledException.class) +  public void testSignSIGCancel() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { +       +        SignatureCard signatureCard = createSignatureCard(); +       +        MessageDigest md = MessageDigest.getInstance("SHA-1"); +        byte[] hash = md.digest("MOCCA".getBytes("ASCII")); +       +        PINProvider pinProvider = new PINProvider() { +          @Override +          public char[] providePIN(PINSpec spec, int retries) +              throws CancelledException, InterruptedException { +            throw new CancelledException(); +          } +        }; +       +        signatureCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, +            pinProvider); +       +      } + +  @Test(expected = CancelledException.class) +  public void testSignDECCancel() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { +       +        SignatureCard signatureCard = createSignatureCard(); +       +        MessageDigest md = MessageDigest.getInstance("SHA-1"); +        byte[] hash = md.digest("MOCCA".getBytes("ASCII")); +       +        PINProvider pinProvider = new PINProvider() { +          @Override +          public char[] providePIN(PINSpec spec, int retries) +              throws CancelledException, InterruptedException { +            throw new CancelledException(); +          } +        }; +       +        signatureCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, +            pinProvider); +       +      } + +  @Test(expected = InterruptedException.class) +  public void testSignSIGInterrrupted() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { +       +        SignatureCard signatureCard = createSignatureCard(); +       +        MessageDigest md = MessageDigest.getInstance("SHA-1"); +        byte[] hash = md.digest("MOCCA".getBytes("ASCII")); +       +        PINProvider pinProvider = new PINProvider() { +          @Override +          public char[] providePIN(PINSpec spec, int retries) +              throws CancelledException, InterruptedException { +            throw new InterruptedException(); +          } +        }; +       +        signatureCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, +            pinProvider); +       +      } + +  @Test(expected = InterruptedException.class) +  public void testSignDECInterrrupted() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { +       +        SignatureCard signatureCard = createSignatureCard(); +       +        MessageDigest md = MessageDigest.getInstance("SHA-1"); +        byte[] hash = md.digest("MOCCA".getBytes("ASCII")); +       +        PINProvider pinProvider = new PINProvider() { +          @Override +          public char[] providePIN(PINSpec spec, int retries) +              throws CancelledException, InterruptedException { +            throw new InterruptedException(); +          } +        }; +       +        signatureCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, +            pinProvider); +       +      } + +  @Test(expected = CancelledException.class) +  public void testSignSIGConcurrent() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { +       +        final SignatureCard signatureCard = createSignatureCard(); +       +        MessageDigest md = MessageDigest.getInstance("SHA-1"); +        byte[] hash = md.digest("MOCCA".getBytes("ASCII")); +       +        PINProvider pinProvider = new PINProvider() { +          @Override +          public char[] providePIN(PINSpec spec, int retries) +              throws CancelledException, InterruptedException { +       +            try { +              signatureCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); +              assertTrue(false); +              return null; +            } catch (SignatureCardException e) { +              // expected +              throw new CancelledException(); +            } +       +          } +        }; +       +        signatureCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, +            pinProvider); +       +      } + +  @Test(expected = CancelledException.class) +  public void testSignDECConcurrent() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { +       +        final SignatureCard signatureCard = createSignatureCard(); +       +        MessageDigest md = MessageDigest.getInstance("SHA-1"); +        byte[] hash = md.digest("MOCCA".getBytes("ASCII")); +       +        PINProvider pinProvider = new PINProvider() { +          @Override +          public char[] providePIN(PINSpec spec, int retries) +              throws CancelledException, InterruptedException { +       +            try { +              signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); +              assertTrue(false); +              return null; +            } catch (SignatureCardException e) { +              // expected +              throw new CancelledException(); +            } +       +          } +        }; +       +        signatureCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, +            pinProvider); +       +      } + +  @Test +  public void testGetPinSpecs() throws CardNotSupportedException { +   +    PINMgmtSignatureCard signatureCard = (PINMgmtSignatureCard) createSignatureCard(); +   +    List<PINSpec> specs = signatureCard.getPINSpecs(); +    assertNotNull(specs); +    assertTrue(specs.size() > 0); +   +  } + +  @Test(expected = SignatureCardException.class) +  public void testActivatePin() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { +       +        PINMgmtSignatureCard signatureCard = (PINMgmtSignatureCard) createSignatureCard(); +       +        PINProvider pinProvider = new PINProvider() { +          @Override +          public char[] providePIN(PINSpec spec, int retries) +              throws CancelledException, InterruptedException { +            throw new CancelledException(); +          } +        }; +       +        List<PINSpec> specs = signatureCard.getPINSpecs(); +       +        signatureCard.activatePIN(specs.get(0), pinProvider); +      } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/CardTestSuite.java b/smcc/src/test/java/at/gv/egiz/smcc/CardTestSuite.java new file mode 100644 index 00000000..3c275a8d --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/CardTestSuite.java @@ -0,0 +1,29 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import org.junit.runner.RunWith; +import org.junit.runners.Suite; +import org.junit.runners.Suite.SuiteClasses; + +import at.gv.egiz.smcc.acos.ACOSCardTestSuite; + +@RunWith(Suite.class) +@SuiteClasses( { ACOSCardTestSuite.class, at.gv.egiz.smcc.starcos.STARCOSCardTest.class }) +public class CardTestSuite { + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/File.java b/smcc/src/test/java/at/gv/egiz/smcc/File.java new file mode 100644 index 00000000..e47c5f7d --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/File.java @@ -0,0 +1,38 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class File { +  public byte[] fid; +  public byte[] file; +  public byte[] fcx; +  public int kid = -1; + +  public File(byte[] fid, byte[] file, byte[] fcx) { +    this.fid = fid; +    this.file = file; +    this.fcx = fcx; +  } + +  public File(byte[] fid, byte[] file, byte[] fcx, int kid) { +    this.fid = fid; +    this.file = file; +    this.fcx = fcx; +    this.kid = kid; +  } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/PIN.java b/smcc/src/test/java/at/gv/egiz/smcc/PIN.java new file mode 100644 index 00000000..ae883727 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/PIN.java @@ -0,0 +1,41 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class PIN { +   +  public static final int STATE_RESET = 0; +   +  public static final int STATE_PIN_VERIFIED = 1; +   +  public static final int STATE_PIN_BLOCKED = -1; +   +  public byte[] pin; +   +  public int kid; +   +  public int state = STATE_RESET; +   +  public int kfpc = 10; + +  public PIN(byte[] pin, int kid, int kfpc) { +    this.pin = pin; +    this.kid = kid; +    this.kfpc = kfpc; +  } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java deleted file mode 100644 index 9be8db00..00000000 --- a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java +++ /dev/null @@ -1,267 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - -package at.gv.egiz.smcc; - -import at.gv.egiz.smcc.SignatureCard.KeyboxName; -import at.gv.egiz.smcc.util.SMCCHelper; -import java.util.List; -import java.util.Locale; -import javax.smartcardio.ResponseAPDU; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; -import static org.junit.Assert.*; - -/** - * - * @author clemens - */ -@Ignore -public class STARCOSCardTest { - -  static STARCOSCard card; -  static PINSpec cardPin, ssPin; - -    public STARCOSCardTest() { -    } - -  @BeforeClass -  public static void setUpClass() throws Exception { -    SMCCHelper smccHelper = new SMCCHelper(); -      switch (smccHelper.getResultCode()) { -        case SMCCHelper.CARD_FOUND: -          SignatureCard sigCard = smccHelper.getSignatureCard(Locale.GERMAN); -          if (sigCard instanceof STARCOSCard) { -            System.out.println("STARCOS card found"); -            card = (STARCOSCard) sigCard; -            List<PINSpec> pinSpecs = card.getPINSpecs(); -            cardPin = pinSpecs.get(STARCOSCard.PINSPEC_CARD); -            ssPin = pinSpecs.get(STARCOSCard.PINSPEC_SS); - -          } else { -            throw new Exception("not STARCOS card: " + sigCard.toString()); -          } -          break; -        default: -          throw new Exception("no card found"); -      } -  } - -  @AfterClass -  public static void tearDownClass() throws Exception { -  } - -    @Before -    public void setUp() { -    } - -    @After -    public void tearDown() { -    } - -  /** -   * Test of getCertificate method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testGetCertificate() throws Exception { -    System.out.println("getCertificate"); -    KeyboxName keyboxName = null; -    STARCOSCard instance = new STARCOSCard(); -    byte[] expResult = null; -    byte[] result = instance.getCertificate(keyboxName); -    assertEquals(expResult, result); -    // TODO review the generated test code and remove the default call to fail. -    fail("The test case is a prototype."); -  } - -  /** -   * Test of getInfobox method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testGetInfobox() throws Exception { -    System.out.println("getInfobox"); -    String infobox = ""; -    PINProvider provider = null; -    String domainId = ""; -    STARCOSCard instance = new STARCOSCard(); -    byte[] expResult = null; -    byte[] result = instance.getInfobox(infobox, provider, domainId); -    assertEquals(expResult, result); -    // TODO review the generated test code and remove the default call to fail. -    fail("The test case is a prototype."); -  } - -  /** -   * Test of createSignature method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testCreateSignature() throws Exception { -    System.out.println("createSignature"); -    byte[] hash = null; -    KeyboxName keyboxName = null; -    PINProvider provider = null; -    STARCOSCard instance = new STARCOSCard(); -    byte[] expResult = null; -    byte[] result = instance.createSignature(hash, keyboxName, provider); -    assertEquals(expResult, result); -    // TODO review the generated test code and remove the default call to fail. -    fail("The test case is a prototype."); -  } - -  /** -   * Test of selectFileFID method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testSelectFileFID() throws Exception { -    System.out.println("selectFileFID"); -    byte[] fid = null; -    STARCOSCard instance = new STARCOSCard(); -    ResponseAPDU expResult = null; -    ResponseAPDU result = instance.selectFileFID(fid); -    assertEquals(expResult, result); -    // TODO review the generated test code and remove the default call to fail. -    fail("The test case is a prototype."); -  } - -  /** -   * Test of verifyPIN method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testVerifyPIN_pinpad() throws Exception { -    System.out.println("verifyPIN (pinpad)"); -    assertNotNull(card); - -    card.verifyPIN(cardPin, new PINProvider() { - -      @Override -      public char[] providePIN(PINSpec spec, int retries) { -        return null; -      } -    }); -  } - -  /** -   * Test of verifyPIN method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testVerifyPIN_internal() throws Exception { -    System.out.println("verifyPIN (internal)"); -    assertNotNull(card); - -    card.reset(); - -    card.getCard().beginExclusive(); - -    // 0x6700 without sending an APDU prior to send CtrlCmd -    System.out.println("WARNING: this command will fail if no card " + -            "communication took place prior to sending the CtrlCommand"); -    int retries = card.verifyPIN(cardPin.getKID(), null); //"1397".toCharArray()); - -    System.out.println("VERIFY PIN returned " + retries); -    card.getCard().endExclusive(); -  } - -  /** -   * Test of verifyPIN method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testVerifyPIN_byte() throws Exception { -    System.out.println("verifyPIN"); -    byte kid = 0; -    STARCOSCard instance = new STARCOSCard(); -    int expResult = 0; -    int result = instance.verifyPIN(kid); -    assertEquals(expResult, result); -    // TODO review the generated test code and remove the default call to fail. -    fail("The test case is a prototype."); -  } - -  /** -   * Test of changePIN method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testChangePIN() throws Exception { -    System.out.println("changePIN"); -    assertNotNull(card); - -    card.reset(); -    int retries = card.changePIN(cardPin.getKID(), null, null); - -    System.out.println("CHANGE PIN returned " + retries); -  } - -  /** -   * Test of activatePIN method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testActivatePIN() throws Exception { -    System.out.println("activatePIN"); -    assertNotNull(card); - -    card.reset(); -    card.activatePIN(cardPin, new PINProvider() { - -      @Override -      public char[] providePIN(PINSpec spec, int retries) throws CancelledException, InterruptedException { -        return null; -      } -    }); -  } - -  /** -   * Test of encodePINBlock method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testEncodePINBlock() throws Exception { -    System.out.println("encodePINBlock"); -    char[] pin = null; -    STARCOSCard instance = new STARCOSCard(); -    byte[] expResult = null; -    byte[] result = instance.encodePINBlock(pin); -    assertEquals(expResult, result); -    // TODO review the generated test code and remove the default call to fail. -    fail("The test case is a prototype."); -  } - -  /** -   * Test of reset method, of class STARCOSCard. -   */ -  @Test -  public void testReset() throws Exception { -    System.out.println("reset"); -    assertNotNull(card); -    card.reset(); -  } - -  /** -   * Test of toString method, of class STARCOSCard. -   */ -  @Test -  @Ignore -  public void testToString() { -    System.out.println("toString"); -    STARCOSCard instance = new STARCOSCard(); -    String expResult = ""; -    String result = instance.toString(); -    assertEquals(expResult, result); -    // TODO review the generated test code and remove the default call to fail. -    fail("The test case is a prototype."); -  } - -}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/TransparentFileInputStreamTest.java b/smcc/src/test/java/at/gv/egiz/smcc/TransparentFileInputStreamTest.java new file mode 100644 index 00000000..4ae48335 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/TransparentFileInputStreamTest.java @@ -0,0 +1,208 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.io.IOException; + +import org.junit.BeforeClass; +import org.junit.Test; + +import at.gv.egiz.smcc.util.TransparentFileInputStream; +import static org.junit.Assert.*; + +public class TransparentFileInputStreamTest { +   +  public class TestTransparentFileInputStream extends TransparentFileInputStream { + +    private byte[] data; +     +    public TestTransparentFileInputStream(byte[] data) { +      this.data = data; +    } + +    @Override +    protected byte[] readBinary(int offset, int len) throws IOException { +      int l = Math.min(len, data.length - offset); +      byte[] b = new byte[l]; +      System.arraycopy(data, offset, b, 0, l); +      return b; +    } +     +  } +   +  protected static byte[] file; +   +  protected static byte[] file_bs; +   +  @BeforeClass +  public static void setUpClass() { +     +    byte b = 0x00; +    file = new byte[1000]; +    for (int i = 0; i < file.length; i++) { +      file[i] = b++; +    } +     +    file_bs = new byte[256]; +    b = 0x00; +    for (int i = 0; i < file_bs.length; i++) { +      file_bs[i] = b++; +    } +     +  } + +  @Test +  public void testReadSeq() throws IOException { +     +    TransparentFileInputStream is = new TestTransparentFileInputStream(file); +    int i = 0; +    int b;  +    while ((b = is.read()) != -1) { +      assertEquals(0xFF & i++, b); +    } +    assertEquals(file.length, i); +     +  } +   +  @Test +  public void testReadBlock() throws IOException { +     +    TransparentFileInputStream is = new TestTransparentFileInputStream(file); +    int i = 0; +    byte[] b = new byte[28]; +    int l; +    while ((l = is.read(b)) != -1) { +      for(int j = 0; j < l; j++) { +        assertEquals(0xFF & i++, 0xFF & b[j]); +      } +    } +    assertEquals(file.length, i); +     +  } + +  @Test +  public void testReadBlockBS() throws IOException { +     +    TransparentFileInputStream is = new TestTransparentFileInputStream(file_bs); +    int i = 0; +    byte[] b = new byte[28]; +    int l; +    while ((l = is.read(b)) != -1) { +      for(int j = 0; j < l; j++) { +        assertEquals(0xFF & i++, 0xFF & b[j]); +      } +    } +    assertEquals(file_bs.length, i); +     +  } +   +  @Test(expected = IOException.class) +  public void testReset() throws IOException { +     +    TransparentFileInputStream is = new TestTransparentFileInputStream(file); +    is.read(new byte[128]); +    is.reset(); +     +  } +   +  @Test +  public void testMark() throws IOException { +     +    TransparentFileInputStream is = new TestTransparentFileInputStream(file); +    int i = 0; +    is.mark(12); +    byte[] b = new byte[37]; +    int l; +    while ((l = is.read(b)) != -1) { +      for(int j = 0; j < l; j++) { +        assertEquals(0xFF & i++, 0xFF & b[j]); +      } +    } +    assertEquals(file.length, i); +     +  } +   +  @Test +  public void testMarkReset() throws IOException { + +    TransparentFileInputStream is = new TestTransparentFileInputStream(file); +    int i = 128; +    is.read(new byte[i]); +    is.mark(512); +    byte[] b = new byte[256]; +    is.read(b); +    for(int j = 0; j < b.length; j++) { +      assertEquals(0xFF & i + j, 0xFF & b[j]); +    } +    is.reset(); +    int l; +    while ((l = is.read(b)) != -1) { +      for(int j = 0; j < l; j++) { +        assertEquals(0xFF & i++, 0xFF & b[j]); +      } +    } +    assertEquals(file.length, i); +     +  } + +   +  @Test(expected = IOException.class) +  public void testMarkResetLimit() throws IOException { + +    TransparentFileInputStream is = new TestTransparentFileInputStream(file); +    int i = 128; +    is.read(new byte[i]); +    is.mark(128); +    byte[] b = new byte[256]; +    is.read(b); +    for(int j = 0; j < b.length; j++) { +      assertEquals(0xFF & i + j, 0xFF & b[j]); +    } +    is.reset(); +     +  } +   +  @Test +  public void testSkipSmall() throws IOException { +     +    TransparentFileInputStream is = new TestTransparentFileInputStream(file); +    int i = 0; +    i+= is.read(new byte[128]); +    i+= is.skip(3); +    byte[] b = new byte[256]; +    int l = is.read(b); +    for (int j = 0; j < l; j++) { +      assertEquals(0xFF & i + j, 0xFF & b[j]); +    } +     +  } +  @Test +  public void testSkipBig() throws IOException { +     +    TransparentFileInputStream is = new TestTransparentFileInputStream(file); +    int i = 0; +    i+= is.read(new byte[128]); +    i+= is.skip(300); +    byte[] b = new byte[256]; +    int l = is.read(b); +    for (int j = 0; j < l; j++) { +      assertEquals(0xFF & i + j, 0xFF & b[j]); +    } +     +  } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A03ApplDEC.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03ApplDEC.java new file mode 100644 index 00000000..9fd96d73 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03ApplDEC.java @@ -0,0 +1,151 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import java.io.UnsupportedEncodingException; +import java.util.Arrays; +import java.util.Random; + +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.File; +import at.gv.egiz.smcc.PIN; + + +@SuppressWarnings("restriction") +public class A03ApplDEC extends ACOSApplDEC { +   +  public static final int KID_PIN_INF = 0x83; + +  public A03ApplDEC() { +    super(); + +    System.arraycopy(IDLINK, 0, EF_INFOBOX, 0, IDLINK.length); +    putFile(new File(FID_EF_INFOBOX, EF_INFOBOX, FCI_EF_INFOBOX, KID_PIN_INF)); + +    try { +      pins.put(KID_PIN_INF, new PIN("0000\0\0\0\0".getBytes("ASCII"), KID_PIN_INF, 10)); +    } catch (UnsupportedEncodingException e) { +      throw new RuntimeException(e); +    } +  } + +  @Override +  public ResponseAPDU cmdMANAGE_SECURITY_ENVIRONMENT(CommandAPDU command, CardChannelEmul channel) { + +    checkINS(command, 0x22); + +    switch (command.getP2()) { +    case 0xA4: +      switch (command.getP1()) { +      case 0x41: { +        // INTERNAL AUTHENTICATE +        byte[] dst = new byte[] { (byte) 0x84, (byte) 0x01, (byte) 0x88, (byte) 0x80, (byte) 0x01, (byte) 0x01 }; +        if (Arrays.equals(dst, command.getData())) { +          securityEnv = command.getData(); +          return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +        } +      } +      case 0x81: +        // EXTERNAL AUTHENTICATE +      } +    case 0xB6: +      switch (command.getP1()) { +      case 0x41: +        // PSO - COMPUTE DIGITAL SIGNATURE +      case 0x81: +        // PSO - VERIFY DGITAL SIGNATURE +      } +    case 0xB8: +      switch (command.getP1()) { +      case 0x41: +        // PSO � DECIPHER +      case 0x81: +        // PSO � ENCIPHER +      } +    default: +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81}); +    } + +  } + +  @Override +  public ResponseAPDU cmdPERFORM_SECURITY_OPERATION(CommandAPDU command, CardChannelEmul channel) { +     +    checkINS(command, 0x2A); + +    return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x00}); +     +  } + +  @Override +  public ResponseAPDU cmdINTERNAL_AUTHENTICATE(CommandAPDU command, CardChannelEmul channel) { +     +    checkINS(command, 0x88); +     +    if (command.getP1() == 0x10 && command.getP2() == 0x00) { +       +      byte[] data = command.getData(); +       +      if (securityEnv == null) { +        // Security Environment not set or wrong +        return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +      } + +      byte[] digestInfo = new byte[] { +          (byte) 0x30, (byte) 0x21, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2B, (byte) 0x0E,  +          (byte) 0x03, (byte) 0x02, (byte) 0x1A, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x14 +      }; +       +      if (data.length != 35 || !Arrays.equals(digestInfo, Arrays.copyOf(data, 15))) { +        return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +      } +         + +      if (pins.get(KID_PIN_DEC).state != PIN.STATE_PIN_VERIFIED) { +        // Security Status not satisfied +        return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x82}); +      } +       +      byte[] signature = new byte[48];  +       +      // TODO replace by signature creation +      Random random = new Random(); +      random.nextBytes(signature); +       +      byte[] response = new byte[signature.length + 2]; +      System.arraycopy(signature, 0, response, 0, signature.length); +      response[signature.length] = (byte) 0x90; +      response[signature.length + 1] = (byte) 0x00; +       +      hash = null; +      pins.get(KID_PIN_DEC).state = PIN.STATE_RESET; + +      return new ResponseAPDU(response); +         +       +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81}); +    } + +  } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A03ApplSIG.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03ApplSIG.java new file mode 100644 index 00000000..d059ad57 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03ApplSIG.java @@ -0,0 +1,77 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import java.util.Arrays; + +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardChannelEmul; + + +@SuppressWarnings("restriction") +public class A03ApplSIG extends ACOSApplSIG { +   +  public A03ApplSIG() { +    super(); +    System.arraycopy(C_CH_DS, 0, EF_C_CH_DS, 0, C_CH_DS.length); +  } + +  @Override +  public ResponseAPDU cmdMANAGE_SECURITY_ENVIRONMENT(CommandAPDU command, CardChannelEmul channel) { + +    checkINS(command, 0x22); + +    switch (command.getP2()) { +    case 0xA4: +      switch (command.getP1()) { +      case 0x41: +        // INTERNAL AUTHENTICATE +      case 0x81: +        // EXTERNAL AUTHENTICATE +      } +    case 0xB6: +      switch (command.getP1()) { +      case 0x41: { +        // PSO - COMPUTE DIGITAL SIGNATURE +        byte[] dst = new byte[] { (byte) 0x84, (byte) 0x01, (byte) 0x88, (byte) 0x80, (byte) 0x01, (byte) 0x14 }; +        if (Arrays.equals(dst, command.getData())) { +          securityEnv = command.getData(); +          return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +        } +      } +      case 0x81: +        // PSO - VERIFY DGITAL SIGNATURE +      } +    case 0xB8: +      switch (command.getP1()) { +      case 0x41: +        // PSO � DECIPHER +      case 0x81: +        // PSO � ENCIPHER +      } +    default: +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81}); +    } + +  } +   +   +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A03CardChannelEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03CardChannelEmul.java new file mode 100644 index 00000000..c8d5382c --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03CardChannelEmul.java @@ -0,0 +1,98 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardEmul; +import at.gv.egiz.smcc.PIN; + + +@SuppressWarnings("restriction") +public class A03CardChannelEmul extends ACOSCardChannelEmul { + +  public A03CardChannelEmul(CardEmul cardEmul) { +    super(cardEmul); +  } + +  @Override +  public ResponseAPDU cmdREAD_BINARY(CommandAPDU command) throws CardException { + +    if (command.getINS() != 0xB0) { +      throw new IllegalArgumentException("INS has to be 0xB0."); +    } + +    if (currentFile == null) { +      return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x86});  +    } +     +    if ((command.getP1() & 0x80) > 0) { +      throw new CardException("Not implemented."); +    } +     +    int offset = command.getP2() + (command.getP1() << 8); +    if (offset > currentFile.file.length) { +      // Wrong length +      return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +    } +     +    if (command.getNe() == 0) { +      throw new CardException("Not implemented."); +    } +     +    if (currentFile.kid != -1) { +      if ((currentFile.kid & 0x80) > 0) { +        PIN pin; +        if (currentAppl == null +            || (pin = currentAppl.pins.get(currentFile.kid)) == null +            || pin.state != PIN.STATE_PIN_VERIFIED) { +          return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x82}); +        } +      } else { +        // Global PINs not implemented +        throw new CardException("Not implemented."); +      } +    } + +    int len; +    if (command.getNe() == 256) { +      if (currentFile.file.length > 256) { +        return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +      } else { +        len = Math.min(command.getNe(), currentFile.file.length - offset); +      } +    } else { +      if (command.getNe() >= currentFile.file.length - offset) { +        return new ResponseAPDU(new byte[] {(byte) 0x62, (byte) 0x82}); +      } else { +        len = command.getNe(); +      } +    } +     +    byte[] response = new byte[len + 2]; +    System.arraycopy(currentFile.file, offset, response, 0, len); +    response[len] = (byte) 0x90; +    response[len + 1] = (byte) 0x00; +    return new ResponseAPDU(response); +     +  } + + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A03CardEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03CardEmul.java new file mode 100644 index 00000000..58216b6b --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03CardEmul.java @@ -0,0 +1,36 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.CardEmul; + + + +public class A03CardEmul extends ACOSCardEmul { + +  public A03CardEmul(A03ApplSIG applSIG, A03ApplDEC applDEC) { +    applications.add(applSIG); +    applications.add(applDEC); +  } + +  @Override +  protected CardChannelEmul newCardChannel(CardEmul cardEmul) { +    return new A03CardChannelEmul(this); +  } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A03CardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03CardTest.java new file mode 100644 index 00000000..776c0370 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A03CardTest.java @@ -0,0 +1,91 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import static org.junit.Assert.assertTrue; + +import java.util.Arrays; + +import org.junit.Test; + +import at.gv.egiz.smcc.ACOSCard; +import at.gv.egiz.smcc.CancelledException; +import at.gv.egiz.smcc.CardEmul; +import at.gv.egiz.smcc.CardNotSupportedException; +import at.gv.egiz.smcc.CardTerminalEmul; +import at.gv.egiz.smcc.LockedException; +import at.gv.egiz.smcc.NotActivatedException; +import at.gv.egiz.smcc.PINFormatException; +import at.gv.egiz.smcc.PINMgmtSignatureCard; +import at.gv.egiz.smcc.PINSpec; +import at.gv.egiz.smcc.SignatureCard; +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.SignatureCardFactory; + +public class A03CardTest extends ACOSCardTest { + +  @Override +  protected SignatureCard createSignatureCard() +      throws CardNotSupportedException { +    SignatureCardFactory factory = SignatureCardFactory.getInstance(); +    CardEmul card = new A03CardEmul(new A03ApplSIG(), new A03ApplDEC()); +    SignatureCard signatureCard = factory.createSignatureCard(card, +        new CardTerminalEmul(card)); +    assertTrue(signatureCard instanceof PINMgmtSignatureCard); +    return signatureCard; +  } + +  @Override +  protected int getVersion() { +    return 1; +  } + +  @Test +  public void testChangePin() throws CardNotSupportedException, +      LockedException, NotActivatedException, CancelledException, +      PINFormatException, SignatureCardException, InterruptedException { + +    char[] defaultPin = "123456".toCharArray(); + +    PINMgmtSignatureCard signatureCard = (PINMgmtSignatureCard) createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplSIG applSIG = (ACOSApplSIG) card.getApplication(ACOSAppl.AID_SIG); +    applSIG.setPin(ACOSApplSIG.KID_PIN_SIG, defaultPin); +    ACOSApplDEC applDEC = (ACOSApplDEC) card.getApplication(ACOSAppl.AID_DEC); +    applDEC.setPin(ACOSApplDEC.KID_PIN_DEC, defaultPin); +    applDEC.setPin(A03ApplDEC.KID_PIN_INF, defaultPin); + +    for (PINSpec pinSpec : signatureCard.getPINSpecs()) { + +      char[] pin = defaultPin; + +      for (int i = pinSpec.getMinLength(); i <= pinSpec.getMaxLength(); i++) { +        signatureCard.verifyPIN(pinSpec, new TestPINProvider(pin)); +        char[] newPin = new char[i]; +        Arrays.fill(newPin, '0'); +        signatureCard +            .changePIN(pinSpec, new TestChangePINProvider(pin, newPin)); +        signatureCard.verifyPIN(pinSpec, new TestPINProvider(newPin)); +        pin = newPin; +      } + +    } + +  } + +   +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A04ApplDEC.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04ApplDEC.java new file mode 100644 index 00000000..e38a8e80 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04ApplDEC.java @@ -0,0 +1,296 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import java.io.UnsupportedEncodingException; +import java.security.GeneralSecurityException; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.Signature; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.util.Arrays; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.KeyGenerator; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.File; +import at.gv.egiz.smcc.PIN; + + +@SuppressWarnings("restriction") +public class A04ApplDEC extends ACOSApplDEC { +   +  private static final byte[] SEC_ENV_INTERNAL_AUTHENTICATE = new byte[] { (byte) 0x84, +      (byte) 0x01, (byte) 0x88, (byte) 0x80, (byte) 0x01, (byte) 0x01 }; +   +  private static final byte[] SEC_ENV_DECIPHER = new byte[] { (byte) 0x84, +      (byte) 0x01, (byte) 0x88, (byte) 0x80, (byte) 0x01, (byte) 0x02 }; +   +  private static final RSAPrivateKey SK_CH_EKEY; +   +  private static final RSAPublicKey PK_CH_EKEY; +   +  static { +    try { +      KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); +      gen.initialize(1536); +      KeyPair keyPair = gen.generateKeyPair(); +      SK_CH_EKEY = (RSAPrivateKey) keyPair.getPrivate(); +      PK_CH_EKEY = (RSAPublicKey) keyPair.getPublic(); +    } catch (NoSuchAlgorithmException e) { +      throw new RuntimeException(e); +    } +  } +   +  public A04ApplDEC() { +    this(false); +  } + +  public A04ApplDEC(boolean encrypt) { +     +    int offset = 0; +     +    // HEADER 'AIK' + version +    byte[] header; +    try { +      header = "AIK".getBytes("ASCII"); +    } catch (UnsupportedEncodingException e) { +      throw new RuntimeException(e); +    } +    System.arraycopy(header, 0, EF_INFOBOX, offset, header.length); +    offset += header.length; +    EF_INFOBOX[offset++] = 1;  +     +    // HEADER identity link +    EF_INFOBOX[offset++] = (byte) 0x01; // Personenbindung +    if (encrypt) { +      EF_INFOBOX[offset++] = (byte) 0x01; // Modifier + +      byte[] cipherText; +      byte[] encKey; +      try { +        KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede"); +        SecretKey secretKey = keyGenerator.generateKey(); +         +        byte[] keyBytes = secretKey.getEncoded(); +         +        Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); +        byte[] iv = new byte[8]; +        Arrays.fill(iv, (byte) 0x00); +        IvParameterSpec ivParameterSpec = new IvParameterSpec(iv); +        cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivParameterSpec); +        cipherText = cipher.doFinal(IDLINK); +         +        cipher = Cipher.getInstance("RSA"); +        cipher.init(Cipher.ENCRYPT_MODE, PK_CH_EKEY); +        encKey = cipher.doFinal(keyBytes); +         +      } catch (GeneralSecurityException e) { +        throw new RuntimeException(e); +      } +       +      int len = encKey.length + cipherText.length + 2; +       +      EF_INFOBOX[offset++] = (byte) (0xFF & len); +      EF_INFOBOX[offset++] = (byte) (0xFF & len >> 8); +       +      EF_INFOBOX[offset++] = (byte) (0xFF & encKey.length); +      EF_INFOBOX[offset++] = (byte) (0xFF & encKey.length >> 8); +       +      System.arraycopy(encKey, 0, EF_INFOBOX, offset, encKey.length); +      offset += encKey.length; +       +      System.arraycopy(cipherText, 0, EF_INFOBOX, offset, cipherText.length); +       +    } else { +      EF_INFOBOX[offset++] = (byte) 0x00; // Modifier +      EF_INFOBOX[offset++] = (byte) (0xFF & IDLINK.length); +      EF_INFOBOX[offset++] = (byte) (0xFF & IDLINK.length >> 8); +      System.arraycopy(IDLINK, 0, EF_INFOBOX, offset, IDLINK.length); +      offset += IDLINK.length; +    } +     +    putFile(new File(FID_EF_INFOBOX, EF_INFOBOX, FCI_EF_INFOBOX)); +  } + +  @Override +  public ResponseAPDU cmdMANAGE_SECURITY_ENVIRONMENT(CommandAPDU command, CardChannelEmul channel) { + +    checkINS(command, 0x22); + +    switch (command.getP2()) { +    case 0xA4: +      switch (command.getP1()) { +      case 0x41: { +        // INTERNAL AUTHENTICATE +        if (Arrays.equals(SEC_ENV_INTERNAL_AUTHENTICATE, command.getData())) { +          securityEnv = command.getData(); +          return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x85}); +        } +      } +      case 0x81: +        // EXTERNAL AUTHENTICATE +      } +    case 0xB6: +      switch (command.getP1()) { +      case 0x41: +        // PSO - COMPUTE DIGITAL SIGNATURE +      case 0x81: +        // PSO - VERIFY DGITAL SIGNATURE +      } +    case 0xB8: +      switch (command.getP1()) { +      case 0x41: +        // PSO � DECIPHER +        if (Arrays.equals(SEC_ENV_DECIPHER, command.getData())) { +          securityEnv = command.getData(); +          return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x85}); +        } +      case 0x81: +        // PSO � ENCIPHER +      } +    default: +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81}); +    } + +  } + +  @Override +  public ResponseAPDU cmdPERFORM_SECURITY_OPERATION(CommandAPDU command, CardChannelEmul channel) throws CardException { +     +    checkINS(command, 0x2A); +     +    if (command.getP1() == 0x80 && command.getP2() == 0x86) { +       +      byte[] data = command.getData(); +       +      if (!Arrays.equals(securityEnv, SEC_ENV_DECIPHER)) { +        return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +      } +       +      if (data.length != 193) { +        return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +      } +       +      if (pins.get(KID_PIN_DEC).state != PIN.STATE_PIN_VERIFIED) { +        // Security Status not satisfied +        return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x82}); +      } + +      byte[] cipherText = Arrays.copyOfRange(data, 1, data.length); +       +      byte[] plainText; +      try { +        Cipher cipher = Cipher.getInstance("RSA"); +        cipher.init(Cipher.DECRYPT_MODE, SK_CH_EKEY); +        plainText = cipher.doFinal(cipherText); +      } catch (GeneralSecurityException e) { +        throw new CardException(e); +      } +       +      byte[] response = new byte[plainText.length + 2]; +      System.arraycopy(plainText, 0, response, 0, plainText.length); +      response[plainText.length] = (byte) 0x90; +      response[plainText.length + 1] = (byte) 0x00; +       +      return new ResponseAPDU(response); +       +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x00}); +    } +     +  } + +  @Override +  public ResponseAPDU cmdINTERNAL_AUTHENTICATE(CommandAPDU command, CardChannelEmul channel) throws CardException { +     +    checkINS(command, 0x88); +     +    if (command.getP1() == 0x10 && command.getP2() == 0x00) { +       +      byte[] data = command.getData(); +       +      if (!Arrays.equals(securityEnv, SEC_ENV_INTERNAL_AUTHENTICATE)) { +        return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +      } + +      byte[] digestInfo = new byte[] { +          (byte) 0x30, (byte) 0x21, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2B, (byte) 0x0E,  +          (byte) 0x03, (byte) 0x02, (byte) 0x1A, (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x14 +      }; +       +      if (data.length != 35 || !Arrays.equals(digestInfo, Arrays.copyOf(data, 15))) { +        return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +      } +         + +      if (pins.get(KID_PIN_DEC).state != PIN.STATE_PIN_VERIFIED) { +        // Security Status not satisfied +        return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x82}); +      } +       +      byte[] digest = Arrays.copyOfRange(data, 15, 35); +       +      byte[] sig; +      try { +        Signature signature = Signature.getInstance("RSA"); +        signature.initSign(SK_CH_EKEY); +        signature.update(digest); +        sig = signature.sign(); +      } catch (GeneralSecurityException e) { +        throw new CardException(e); +      } +       +      byte[] response = new byte[sig.length + 2]; +      System.arraycopy(sig, 0, response, 0, sig.length); +      response[sig.length] = (byte) 0x90; +      response[sig.length + 1] = (byte) 0x00; +       +      hash = null; +      pins.get(KID_PIN_DEC).state = PIN.STATE_RESET; + +      return new ResponseAPDU(response); +         +       +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81}); +    } + +  } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A04ApplSIG.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04ApplSIG.java new file mode 100644 index 00000000..aee6a7f7 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04ApplSIG.java @@ -0,0 +1,87 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import java.util.Arrays; + +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.File; + + +@SuppressWarnings("restriction") +public class A04ApplSIG extends ACOSApplSIG { +   +  private static byte[] FID_EF_INFO = new byte[] { (byte) 0xd0, (byte) 0x02 }; + +  private static byte[] FCI_EF_INFO = new byte[] { (byte) 0x6f, (byte) 0x07, +      (byte) 0x80, (byte) 0x02, (byte) 0x00, (byte) 0x08, (byte) 0x82, +      (byte) 0x01, (byte) 0x01 }; + +  private static byte[] EF_INFO = new byte[] { (byte) 0x02, (byte) 0x00, +      (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, +      (byte) 0x00, (byte) 0x90, (byte) 0x00 }; + +  public A04ApplSIG() { +    putFile(new File(FID_EF_INFO, EF_INFO, FCI_EF_INFO)); +  } + +  @Override +  public ResponseAPDU cmdMANAGE_SECURITY_ENVIRONMENT(CommandAPDU command, CardChannelEmul channel) { + +    checkINS(command, 0x22); + +    switch (command.getP2()) { +    case 0xA4: +      switch (command.getP1()) { +      case 0x41: +        // INTERNAL AUTHENTICATE +      case 0x81: +        // EXTERNAL AUTHENTICATE +      } +    case 0xB6: +      switch (command.getP1()) { +      case 0x41: { +        // PSO - COMPUTE DIGITAL SIGNATURE +        byte[] dst = new byte[] { (byte) 0x84, (byte) 0x01, (byte) 0x88, (byte) 0x80, (byte) 0x01, (byte) 0x14 }; +        if (Arrays.equals(dst, command.getData())) { +          securityEnv = command.getData(); +          return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +        } +      } +      case 0x81: +        // PSO - VERIFY DGITAL SIGNATURE +      } +    case 0xB8: +      switch (command.getP1()) { +      case 0x41: +        // PSO � DECIPHER +      case 0x81: +        // PSO � ENCIPHER +      } +    default: +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81}); +    } + +  } +   +   +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A04CardChannelEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04CardChannelEmul.java new file mode 100644 index 00000000..3eaece91 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04CardChannelEmul.java @@ -0,0 +1,75 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardEmul; + + +@SuppressWarnings("restriction") +public class A04CardChannelEmul extends ACOSCardChannelEmul { + +  public A04CardChannelEmul(CardEmul cardEmul) { +    super(cardEmul); +  } + +  @Override +  public ResponseAPDU cmdREAD_BINARY(CommandAPDU command) throws CardException { + +    if (command.getINS() != 0xB0) { +      throw new IllegalArgumentException("INS has to be 0xB0."); +    } + +    if (currentFile == null) { +      return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x86});  +    } +     +    if ((command.getP1() & 0x80) > 0) { +      throw new CardException("Not implemented."); +    } +     +    int offset = command.getP2() + (command.getP1() << 8); +    if (offset > currentFile.file.length) { +      // Wrong length +      return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +    } +     +    if (command.getNe() == 0) { +      throw new CardException("Not implemented."); +    } +     +    if (command.getNe() == 256 || command.getNe() <= currentFile.file.length - offset) { +      int len = Math.min(command.getNe(), currentFile.file.length - offset); +      byte[] response = new byte[len + 2]; +      System.arraycopy(currentFile.file, offset, response, 0, len); +      response[len] = (byte) 0x90; +      response[len + 1] = (byte) 0x00; +      return new ResponseAPDU(response); +    } else if (command.getNe() >= currentFile.file.length - offset) { +      return new ResponseAPDU(new byte[] {(byte) 0x62, (byte) 0x82}); +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +    } +     +  } + + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A04CardEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04CardEmul.java new file mode 100644 index 00000000..70925aa6 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04CardEmul.java @@ -0,0 +1,37 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.CardEmul; + + + +public class A04CardEmul extends ACOSCardEmul { + +  public A04CardEmul(A04ApplSIG applSIG, A04ApplDEC applDEC) { +    applications.add(applSIG); +    applications.add(applDEC); +  } + +  @Override +  protected CardChannelEmul newCardChannel(CardEmul cardEmul) { +    return new A04CardChannelEmul(this); +  } + +   +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/A04CardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04CardTest.java new file mode 100644 index 00000000..d15e80d7 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/A04CardTest.java @@ -0,0 +1,143 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import iaik.security.provider.IAIK; + +import java.security.Security; +import java.util.Arrays; + +import org.junit.BeforeClass; +import org.junit.Test; + +import at.gv.egiz.smcc.ACOSCard; +import at.gv.egiz.smcc.CancelledException; +import at.gv.egiz.smcc.CardEmul; +import at.gv.egiz.smcc.CardNotSupportedException; +import at.gv.egiz.smcc.CardTerminalEmul; +import at.gv.egiz.smcc.LockedException; +import at.gv.egiz.smcc.NotActivatedException; +import at.gv.egiz.smcc.PINFormatException; +import at.gv.egiz.smcc.PINMgmtSignatureCard; +import at.gv.egiz.smcc.PINSpec; +import at.gv.egiz.smcc.SignatureCard; +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.SignatureCardFactory; +import at.gv.egiz.smcc.CardTest.TestPINProvider; + +public class A04CardTest extends ACOSCardTest { + +  @Override +  protected SignatureCard createSignatureCard() +      throws CardNotSupportedException { +    SignatureCardFactory factory = SignatureCardFactory.getInstance(); +    CardEmul card = new A04CardEmul(new A04ApplSIG(), new A04ApplDEC()); +    SignatureCard signatureCard = factory.createSignatureCard(card, +        new CardTerminalEmul(card)); +    assertTrue(signatureCard instanceof PINMgmtSignatureCard); +    return signatureCard; +  } + +  @Override +  protected int getVersion() { +    return 2; +  } + +  @BeforeClass +  public static void setupClass() { +    IAIK.addAsProvider(); +  } +   +  @Test +  public void testChangePin() throws CardNotSupportedException, +      LockedException, NotActivatedException, CancelledException, +      PINFormatException, SignatureCardException, InterruptedException { + +    char[] defaultPin = "123456".toCharArray(); + +    PINMgmtSignatureCard signatureCard = (PINMgmtSignatureCard) createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplSIG applSIG = (ACOSApplSIG) card.getApplication(ACOSAppl.AID_SIG); +    applSIG.setPin(ACOSApplSIG.KID_PIN_SIG, defaultPin); +    ACOSApplDEC applDEC = (ACOSApplDEC) card.getApplication(ACOSAppl.AID_DEC); +    applDEC.setPin(ACOSApplDEC.KID_PIN_DEC, defaultPin); + +    for (PINSpec pinSpec : signatureCard.getPINSpecs()) { + +      char[] pin = defaultPin; + +      for (int i = pinSpec.getMinLength(); i <= pinSpec.getMaxLength(); i++) { +        char[] newPin = new char[i]; +        Arrays.fill(newPin, '0'); +        signatureCard +            .changePIN(pinSpec, new TestChangePINProvider(pin, newPin)); +        signatureCard.verifyPIN(pinSpec, new TestPINProvider(newPin)); +        pin = newPin; +      } + +    } + +  } +   +  @Test +  public void testGetInfoboxIdentityLinkEncrypted() +      throws CardNotSupportedException, SignatureCardException, +      InterruptedException { +     +    char[] pin = "0000".toCharArray(); + +    SignatureCardFactory factory = SignatureCardFactory.getInstance(); +    A04ApplDEC applDEC = new A04ApplDEC(true); +    applDEC.setPin(A04ApplDEC.KID_PIN_DEC, pin); +    CardEmul card = new A04CardEmul(new A04ApplSIG(), applDEC); +    SignatureCard signatureCard = factory.createSignatureCard(card, +        new CardTerminalEmul(card)); + +    TestPINProvider pinProvider = new TestPINProvider(pin); + +    byte[] idlink = signatureCard.getInfobox("IdentityLink", +        pinProvider, null); +    assertNotNull(idlink); +    assertTrue(Arrays.equals(idlink, A04ApplDEC.IDLINK)); +    assertEquals(1, pinProvider.getProvided()); + +  } +   +  @Test +  public void testGetInfoboxIdentityLink() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    final char[] pin = "0000".toCharArray(); +     +    SignatureCard signatureCard = createSignatureCard(); +     +    TestPINProvider pinProvider = new TestPINProvider(pin); + +    byte[] idlink = signatureCard.getInfobox("IdentityLink", +        pinProvider, null); +    assertNotNull(idlink); +    assertTrue(Arrays.equals(idlink, A04ApplDEC.IDLINK)); +    assertEquals(0, pinProvider.getProvided()); + +  } + + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSAppl.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSAppl.java new file mode 100644 index 00000000..4c340d61 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSAppl.java @@ -0,0 +1,79 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import java.io.UnsupportedEncodingException; +import java.util.Arrays; +import java.util.Iterator; + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.AbstractAppl; +import at.gv.egiz.smcc.CardAppl; +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.PIN; + +@SuppressWarnings("restriction") +public abstract class ACOSAppl extends AbstractAppl implements CardAppl { + +  public static byte[] AID_SIG = new byte[] { (byte) 0xA0, (byte) 0x00, +        (byte) 0x00, (byte) 0x01, (byte) 0x18, (byte) 0x45, (byte) 0x43 }; +   +  public static byte[] FID_SIG = new byte[] { (byte) 0xDF, (byte) 0x70 }; +   +  public static byte[] AID_DEC = new byte[] { (byte) 0xA0, (byte) 0x00, +        (byte) 0x00, (byte) 0x01, (byte) 0x18, (byte) 0x45, (byte) 0x4E }; + +  public static byte[] FID_DEC = new byte[] { (byte) 0xDF, (byte) 0x71 }; + +  protected byte[] securityEnv; + +  protected byte[] hash; + +  @Override +  public ResponseAPDU cmdINTERNAL_AUTHENTICATE(CommandAPDU command, CardChannelEmul channel) throws CardException { +    return new ResponseAPDU(new byte[] {(byte) 0x6D, (byte) 0x00}); +  } + +  @Override +  public void leaveApplContext() { +    Iterator<PIN> pin = pins.values().iterator(); +    while (pin.hasNext()) { +      pin.next().state = PIN.STATE_RESET; +    } +  } +   +  public void setPin(int kid, char[] value) { +    try { +      PIN pin = pins.get(kid); +      if (pin != null) { +        if (value == null) { +          Arrays.fill(pin.pin, (byte) 0x00); +          pin.state = PIN.STATE_PIN_BLOCKED; +        } else { +          int l = pin.pin.length; +          pin.pin = Arrays.copyOf(new String(value).getBytes("ASCII"), l); +        } +      } +    } catch (UnsupportedEncodingException e) { +      throw new RuntimeException(e); +    } +  } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSApplDEC.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSApplDEC.java new file mode 100644 index 00000000..08979536 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSApplDEC.java @@ -0,0 +1,334 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import java.io.UnsupportedEncodingException; +import java.util.Arrays; + +import at.gv.egiz.smcc.File; +import at.gv.egiz.smcc.PIN; + +public abstract class ACOSApplDEC extends ACOSAppl { + +  public static final byte[] IDLINK = new byte[] { +      (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x11, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x0c,  +      (byte) 0x26, (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f,  +      (byte) 0x77, (byte) 0x77, (byte) 0x77, (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72,  +      (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x7a,  +      (byte) 0x6d, (byte) 0x72, (byte) 0x2f, (byte) 0x70, (byte) 0x65, (byte) 0x72, (byte) 0x73, (byte) 0x62,  +      (byte) 0x32, (byte) 0x30, (byte) 0x34, (byte) 0x2e, (byte) 0x78, (byte) 0x73, (byte) 0x6c, (byte) 0x0c,  +      (byte) 0x29, (byte) 0x73, (byte) 0x7a, (byte) 0x72, (byte) 0x2e, (byte) 0x62, (byte) 0x6d, (byte) 0x69,  +      (byte) 0x2e, (byte) 0x67, (byte) 0x76, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2d, (byte) 0x41,  +      (byte) 0x73, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e,  +      (byte) 0x49, (byte) 0x44, (byte) 0x31, (byte) 0x32, (byte) 0x33, (byte) 0x36, (byte) 0x33, (byte) 0x35,  +      (byte) 0x36, (byte) 0x33, (byte) 0x36, (byte) 0x36, (byte) 0x37, (byte) 0x39, (byte) 0x39, (byte) 0x39,  +      (byte) 0x31, (byte) 0x39, (byte) 0x0c, (byte) 0x19, (byte) 0x32, (byte) 0x30, (byte) 0x30, (byte) 0x39,  +      (byte) 0x2d, (byte) 0x30, (byte) 0x33, (byte) 0x2d, (byte) 0x30, (byte) 0x36, (byte) 0x54, (byte) 0x31,  +      (byte) 0x36, (byte) 0x3a, (byte) 0x31, (byte) 0x39, (byte) 0x3a, (byte) 0x32, (byte) 0x36, (byte) 0x2b,  +      (byte) 0x30, (byte) 0x31, (byte) 0x3a, (byte) 0x30, (byte) 0x30, (byte) 0xa0, (byte) 0x42, (byte) 0x30,  +      (byte) 0x40, (byte) 0x0c, (byte) 0x18, (byte) 0x45, (byte) 0x68, (byte) 0x42, (byte) 0x53, (byte) 0x36,  +      (byte) 0x54, (byte) 0x6f, (byte) 0x31, (byte) 0x49, (byte) 0x6c, (byte) 0x54, (byte) 0x4b, (byte) 0x4f,  +      (byte) 0x4a, (byte) 0x45, (byte) 0x39, (byte) 0x75, (byte) 0x62, (byte) 0x74, (byte) 0x48, (byte) 0x69,  +      (byte) 0x51, (byte) 0x3d, (byte) 0x3d, (byte) 0x0c, (byte) 0x0a, (byte) 0x58, (byte) 0x58, (byte) 0x58,  +      (byte) 0xc5, (byte) 0x90, (byte) 0x7a, (byte) 0x67, (byte) 0xc3, (byte) 0xbc, (byte) 0x72, (byte) 0x0c,  +      (byte) 0x0c, (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0x54, (byte) 0xc3, (byte) 0xbc, (byte) 0x7a,  +      (byte) 0x65, (byte) 0x6b, (byte) 0xc3, (byte) 0xa7, (byte) 0x69, (byte) 0x0c, (byte) 0x0a, (byte) 0x31,  +      (byte) 0x39, (byte) 0x37, (byte) 0x33, (byte) 0x2d, (byte) 0x30, (byte) 0x36, (byte) 0x2d, (byte) 0x30,  +      (byte) 0x34, (byte) 0x30, (byte) 0x0a, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x00,  +      (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x03, (byte) 0x82, (byte) 0x01,  +      (byte) 0x01, (byte) 0x00, (byte) 0x9f, (byte) 0xa5, (byte) 0x68, (byte) 0xa9, (byte) 0x14, (byte) 0x4c,  +      (byte) 0xa4, (byte) 0x5d, (byte) 0x9d, (byte) 0x09, (byte) 0x99, (byte) 0x2e, (byte) 0xe7, (byte) 0x45,  +      (byte) 0x2e, (byte) 0x42, (byte) 0x49, (byte) 0x02, (byte) 0x16, (byte) 0xd9, (byte) 0xcb, (byte) 0x90,  +      (byte) 0x43, (byte) 0x27, (byte) 0x03, (byte) 0x43, (byte) 0x6d, (byte) 0xb4, (byte) 0x8c, (byte) 0xdc,  +      (byte) 0x1c, (byte) 0x77, (byte) 0xd4, (byte) 0x2e, (byte) 0xa1, (byte) 0x40, (byte) 0xe7, (byte) 0xe0,  +      (byte) 0x03, (byte) 0x60, (byte) 0x15, (byte) 0xf7, (byte) 0xdb, (byte) 0x03, (byte) 0x5e, (byte) 0xca,  +      (byte) 0xe4, (byte) 0x35, (byte) 0xba, (byte) 0x2b, (byte) 0xfd, (byte) 0xe6, (byte) 0xb8, (byte) 0xd8,  +      (byte) 0xb7, (byte) 0x2a, (byte) 0x80, (byte) 0xdd, (byte) 0x38, (byte) 0xe0, (byte) 0x8a, (byte) 0x69,  +      (byte) 0xad, (byte) 0x67, (byte) 0x60, (byte) 0x65, (byte) 0x42, (byte) 0xc9, (byte) 0x41, (byte) 0x60,  +      (byte) 0x94, (byte) 0xde, (byte) 0x84, (byte) 0x54, (byte) 0xad, (byte) 0xb3, (byte) 0xf4, (byte) 0xf7,  +      (byte) 0x44, (byte) 0xd5, (byte) 0xf3, (byte) 0xd3, (byte) 0xb6, (byte) 0x87, (byte) 0x8a, (byte) 0x22,  +      (byte) 0x38, (byte) 0x00, (byte) 0xcb, (byte) 0xa4, (byte) 0x4f, (byte) 0x96, (byte) 0xc2, (byte) 0x28,  +      (byte) 0xc2, (byte) 0x8d, (byte) 0x91, (byte) 0x95, (byte) 0xb4, (byte) 0xea, (byte) 0x00, (byte) 0x59,  +      (byte) 0x2e, (byte) 0xec, (byte) 0x78, (byte) 0xd8, (byte) 0x0f, (byte) 0x26, (byte) 0x04, (byte) 0xee,  +      (byte) 0xed, (byte) 0x13, (byte) 0xbf, (byte) 0x81, (byte) 0x68, (byte) 0x81, (byte) 0x43, (byte) 0xbe,  +      (byte) 0x15, (byte) 0x0e, (byte) 0xba, (byte) 0xf9, (byte) 0x6a, (byte) 0x18, (byte) 0xeb, (byte) 0x95,  +      (byte) 0xad, (byte) 0xb4, (byte) 0x0f, (byte) 0x3c, (byte) 0x94, (byte) 0x63, (byte) 0x32, (byte) 0x81,  +      (byte) 0x90, (byte) 0xcf, (byte) 0x3f, (byte) 0x95, (byte) 0xff, (byte) 0x8d, (byte) 0x86, (byte) 0xed,  +      (byte) 0xe4, (byte) 0x75, (byte) 0xd5, (byte) 0x09, (byte) 0x32, (byte) 0x17, (byte) 0x38, (byte) 0xb2,  +      (byte) 0x68, (byte) 0x35, (byte) 0x49, (byte) 0x8c, (byte) 0xa6, (byte) 0xd0, (byte) 0x3e, (byte) 0xde,  +      (byte) 0x6e, (byte) 0x47, (byte) 0x68, (byte) 0xbf, (byte) 0x98, (byte) 0x33, (byte) 0xae, (byte) 0x59,  +      (byte) 0x9f, (byte) 0xe0, (byte) 0x19, (byte) 0x9b, (byte) 0x5b, (byte) 0x1b, (byte) 0x8f, (byte) 0x74,  +      (byte) 0xd2, (byte) 0x9c, (byte) 0x01, (byte) 0x1a, (byte) 0xdf, (byte) 0xaf, (byte) 0xf8, (byte) 0x96,  +      (byte) 0x91, (byte) 0xcb, (byte) 0xf8, (byte) 0xbf, (byte) 0x06, (byte) 0xc7, (byte) 0xd5, (byte) 0x17,  +      (byte) 0x95, (byte) 0xef, (byte) 0xc5, (byte) 0x97, (byte) 0x37, (byte) 0x1b, (byte) 0xb0, (byte) 0xa1,  +      (byte) 0x4f, (byte) 0x9f, (byte) 0x01, (byte) 0x82, (byte) 0x90, (byte) 0x4a, (byte) 0x6a, (byte) 0x04,  +      (byte) 0xdb, (byte) 0x31, (byte) 0x1a, (byte) 0x58, (byte) 0xeb, (byte) 0xcd, (byte) 0x68, (byte) 0xe3,  +      (byte) 0x68, (byte) 0x0b, (byte) 0xa0, (byte) 0x11, (byte) 0x44, (byte) 0x08, (byte) 0xa0, (byte) 0x5c,  +      (byte) 0xfc, (byte) 0x61, (byte) 0x15, (byte) 0x1f, (byte) 0xbb, (byte) 0x22, (byte) 0x87, (byte) 0x18,  +      (byte) 0xa3, (byte) 0x07, (byte) 0x9b, (byte) 0x0d, (byte) 0x13, (byte) 0x7c, (byte) 0xff, (byte) 0x30,  +      (byte) 0xcf, (byte) 0xf3, (byte) 0xaf, (byte) 0xe4, (byte) 0x45, (byte) 0x05, (byte) 0xa0, (byte) 0x8e,  +      (byte) 0x6b, (byte) 0xef, (byte) 0x70, (byte) 0xf5, (byte) 0x4b, (byte) 0x68, (byte) 0x8f, (byte) 0x61,  +      (byte) 0xd6, (byte) 0xf5, (byte) 0xa0, (byte) 0x17, (byte) 0x03, (byte) 0x15, (byte) 0x00, (byte) 0x8e,  +      (byte) 0xa8, (byte) 0xdf, (byte) 0xa9, (byte) 0x77, (byte) 0xfd, (byte) 0x9b, (byte) 0x4b, (byte) 0x91,  +      (byte) 0x89, (byte) 0x34, (byte) 0x84, (byte) 0xf3, (byte) 0x24, (byte) 0xb2, (byte) 0x5a, (byte) 0x39,  +      (byte) 0xa9, (byte) 0xf2, (byte) 0x17, (byte) 0xa1, (byte) 0x17, (byte) 0x03, (byte) 0x15, (byte) 0x00,  +      (byte) 0xdb, (byte) 0xa2, (byte) 0xfd, (byte) 0xa4, (byte) 0xe7, (byte) 0x65, (byte) 0x2e, (byte) 0x7e,  +      (byte) 0xb0, (byte) 0xc8, (byte) 0xfa, (byte) 0x4d, (byte) 0x13, (byte) 0x28, (byte) 0xdf, (byte) 0xb1,  +      (byte) 0x58, (byte) 0x3b, (byte) 0x9e, (byte) 0x29, (byte) 0xa2, (byte) 0x17, (byte) 0x03, (byte) 0x15,  +      (byte) 0x00, (byte) 0x68, (byte) 0xa0, (byte) 0x17, (byte) 0x18, (byte) 0xb7, (byte) 0xb3, (byte) 0xc3,  +      (byte) 0x60, (byte) 0x77, (byte) 0x82, (byte) 0x8d, (byte) 0xf1, (byte) 0x5e, (byte) 0x10, (byte) 0xc3,  +      (byte) 0x2d, (byte) 0x78, (byte) 0x2c, (byte) 0x11, (byte) 0x0b +    }; +  private static byte[] FCI = new byte[] { (byte) 0x6f, (byte) 0x1a, (byte) 0x84, +        (byte) 0x07, (byte) 0xa0, (byte) 0x00, (byte) 0x00, (byte) 0x01, +        (byte) 0x18, (byte) 0x4e, (byte) 0x43, (byte) 0x85, (byte) 0x0f, +        (byte) 0x50, (byte) 0x0d, (byte) 0x44, (byte) 0x49, (byte) 0x47, +        (byte) 0x53, (byte) 0x49, (byte) 0x47, (byte) 0x20, (byte) 0x43, +        (byte) 0x43, (byte) 0x20, (byte) 0x45, (byte) 0x4e, (byte) 0x43 }; +  protected static byte[] FID_EF_C_CH_EKEY = new byte[] { (byte) 0xc0, (byte) 0x01 }; +  protected static byte[] FCI_EF_C_CH_EKEY = new byte[] { (byte) 0x6f, (byte) 0x07, +    (byte) 0x80, (byte) 0x02, (byte) 0x07, (byte) 0xd0, (byte) 0x82, +    (byte) 0x01, (byte) 0x01}; +  protected static byte[] C_CH_EKEY = new byte[] { +      (byte) 0x30, (byte) 0x82, (byte) 0x05, (byte) 0x7f, (byte) 0x30, (byte) 0x82, (byte) 0x04, (byte) 0x67,  +      (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x03, (byte) 0x02,  +      (byte) 0x05, (byte) 0x51, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86,  +      (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05,  +      (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0xa1, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09,  +      (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41,  +      (byte) 0x54, (byte) 0x31, (byte) 0x48, (byte) 0x30, (byte) 0x46, (byte) 0x06, (byte) 0x03, (byte) 0x55,  +      (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x3f, (byte) 0x41, (byte) 0x2d, (byte) 0x54, (byte) 0x72,  +      (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x73, (byte) 0x2e,  +      (byte) 0x20, (byte) 0x66, (byte) 0x2e, (byte) 0x20, (byte) 0x53, (byte) 0x69, (byte) 0x63, (byte) 0x68,  +      (byte) 0x65, (byte) 0x72, (byte) 0x68, (byte) 0x65, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x73,  +      (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x6d, (byte) 0x65, (byte) 0x20, (byte) 0x69,  +      (byte) 0x6d, (byte) 0x20, (byte) 0x65, (byte) 0x6c, (byte) 0x65, (byte) 0x6b, (byte) 0x74, (byte) 0x72,  +      (byte) 0x2e, (byte) 0x20, (byte) 0x44, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x6e, (byte) 0x76,  +      (byte) 0x65, (byte) 0x72, (byte) 0x6b, (byte) 0x65, (byte) 0x68, (byte) 0x72, (byte) 0x20, (byte) 0x47,  +      (byte) 0x6d, (byte) 0x62, (byte) 0x48, (byte) 0x31, (byte) 0x23, (byte) 0x30, (byte) 0x21, (byte) 0x06,  +      (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x1a, (byte) 0x61, (byte) 0x2d,  +      (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72, (byte) 0x65,  +      (byte) 0x6d, (byte) 0x69, (byte) 0x75, (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73,  +      (byte) 0x74, (byte) 0x2d, (byte) 0x45, (byte) 0x6e, (byte) 0x63, (byte) 0x2d, (byte) 0x30, (byte) 0x32,  +      (byte) 0x31, (byte) 0x23, (byte) 0x30, (byte) 0x21, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,  +      (byte) 0x03, (byte) 0x0c, (byte) 0x1a, (byte) 0x61, (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67,  +      (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72, (byte) 0x65, (byte) 0x6d, (byte) 0x69, (byte) 0x75,  +      (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x45,  +      (byte) 0x6e, (byte) 0x63, (byte) 0x2d, (byte) 0x30, (byte) 0x32, (byte) 0x30, (byte) 0x1e, (byte) 0x17,  +      (byte) 0x0d, (byte) 0x30, (byte) 0x39, (byte) 0x30, (byte) 0x31, (byte) 0x31, (byte) 0x33, (byte) 0x30,  +      (byte) 0x39, (byte) 0x34, (byte) 0x35, (byte) 0x31, (byte) 0x32, (byte) 0x5a, (byte) 0x17, (byte) 0x0d,  +      (byte) 0x31, (byte) 0x32, (byte) 0x31, (byte) 0x32, (byte) 0x33, (byte) 0x31, (byte) 0x30, (byte) 0x39,  +      (byte) 0x34, (byte) 0x35, (byte) 0x31, (byte) 0x32, (byte) 0x5a, (byte) 0x30, (byte) 0x70, (byte) 0x31,  +      (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06,  +      (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x54, (byte) 0x31, (byte) 0x1f, (byte) 0x30, (byte) 0x1d,  +      (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x16, (byte) 0x58,  +      (byte) 0x58, (byte) 0x58, (byte) 0x4f, (byte) 0x74, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x58,  +      (byte) 0x58, (byte) 0x58, (byte) 0x4f, (byte) 0x74, (byte) 0x74, (byte) 0x61, (byte) 0x6b, (byte) 0x72,  +      (byte) 0x69, (byte) 0x6e, (byte) 0x67, (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x17, (byte) 0x30,  +      (byte) 0x15, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x04, (byte) 0x0c, (byte) 0x0e,  +      (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0x4f, (byte) 0x74, (byte) 0x74, (byte) 0x61, (byte) 0x6b,  +      (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x67, (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x10,  +      (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x2a, (byte) 0x0c,  +      (byte) 0x07, (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0x4f, (byte) 0x74, (byte) 0x74, (byte) 0x6f,  +      (byte) 0x31, (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,  +      (byte) 0x05, (byte) 0x13, (byte) 0x0c, (byte) 0x39, (byte) 0x37, (byte) 0x30, (byte) 0x30, (byte) 0x31,  +      (byte) 0x36, (byte) 0x38, (byte) 0x36, (byte) 0x36, (byte) 0x31, (byte) 0x37, (byte) 0x34, (byte) 0x30,  +      (byte) 0x81, (byte) 0xdf, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86,  +      (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05,  +      (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0xcd, (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0xc9,  +      (byte) 0x02, (byte) 0x81, (byte) 0xc1, (byte) 0x00, (byte) 0xae, (byte) 0xe6, (byte) 0x07, (byte) 0x1d,  +      (byte) 0xb9, (byte) 0x56, (byte) 0x0a, (byte) 0x98, (byte) 0x1a, (byte) 0xde, (byte) 0x52, (byte) 0xf2,  +      (byte) 0x77, (byte) 0xdc, (byte) 0x5e, (byte) 0x76, (byte) 0x7f, (byte) 0xe5, (byte) 0xc1, (byte) 0x79,  +      (byte) 0xb9, (byte) 0x51, (byte) 0x97, (byte) 0x08, (byte) 0x20, (byte) 0x4e, (byte) 0xa6, (byte) 0xa3,  +      (byte) 0xab, (byte) 0xdf, (byte) 0x49, (byte) 0x21, (byte) 0x2b, (byte) 0x65, (byte) 0x4f, (byte) 0x7c,  +      (byte) 0x26, (byte) 0xe8, (byte) 0xb9, (byte) 0x47, (byte) 0xdf, (byte) 0x03, (byte) 0x0f, (byte) 0xf7,  +      (byte) 0x4e, (byte) 0xf4, (byte) 0x47, (byte) 0x3d, (byte) 0x32, (byte) 0x61, (byte) 0x05, (byte) 0x33,  +      (byte) 0x0f, (byte) 0xdc, (byte) 0x97, (byte) 0x3e, (byte) 0xbf, (byte) 0x9b, (byte) 0xf2, (byte) 0xf8,  +      (byte) 0xb3, (byte) 0xe2, (byte) 0xc4, (byte) 0x4d, (byte) 0xe0, (byte) 0x48, (byte) 0x6a, (byte) 0x1b,  +      (byte) 0xd2, (byte) 0xfe, (byte) 0xfa, (byte) 0xee, (byte) 0x24, (byte) 0x08, (byte) 0xdc, (byte) 0x60,  +      (byte) 0x2a, (byte) 0x78, (byte) 0x6c, (byte) 0x1d, (byte) 0xd3, (byte) 0x74, (byte) 0x43, (byte) 0x1f,  +      (byte) 0x1f, (byte) 0x4e, (byte) 0xd2, (byte) 0x0f, (byte) 0x89, (byte) 0x3c, (byte) 0xe3, (byte) 0x1e,  +      (byte) 0xfa, (byte) 0x31, (byte) 0x5a, (byte) 0xc2, (byte) 0x04, (byte) 0x24, (byte) 0xd1, (byte) 0xe5,  +      (byte) 0x51, (byte) 0xc4, (byte) 0x94, (byte) 0x26, (byte) 0xd1, (byte) 0x32, (byte) 0x1e, (byte) 0xdf,  +      (byte) 0x64, (byte) 0xaa, (byte) 0xaf, (byte) 0x2c, (byte) 0x85, (byte) 0x25, (byte) 0x88, (byte) 0x8f,  +      (byte) 0x80, (byte) 0xe4, (byte) 0x05, (byte) 0x74, (byte) 0xd5, (byte) 0xda, (byte) 0x69, (byte) 0x88,  +      (byte) 0x4a, (byte) 0x0c, (byte) 0x6a, (byte) 0x85, (byte) 0x5f, (byte) 0x67, (byte) 0x51, (byte) 0x6c,  +      (byte) 0x5c, (byte) 0x1c, (byte) 0x41, (byte) 0x88, (byte) 0x4c, (byte) 0xad, (byte) 0x83, (byte) 0xc9,  +      (byte) 0x10, (byte) 0x97, (byte) 0x45, (byte) 0x00, (byte) 0x3f, (byte) 0xbd, (byte) 0x1d, (byte) 0x2f,  +      (byte) 0x28, (byte) 0x2e, (byte) 0x78, (byte) 0x97, (byte) 0x05, (byte) 0xa5, (byte) 0x41, (byte) 0x42,  +      (byte) 0x37, (byte) 0x08, (byte) 0x60, (byte) 0x0b, (byte) 0x66, (byte) 0xb1, (byte) 0xb8, (byte) 0xdd,  +      (byte) 0x98, (byte) 0x03, (byte) 0x03, (byte) 0x33, (byte) 0xc9, (byte) 0x15, (byte) 0xf7, (byte) 0x5b,  +      (byte) 0x35, (byte) 0xa5, (byte) 0xaa, (byte) 0x7a, (byte) 0x5e, (byte) 0xe9, (byte) 0xa7, (byte) 0x60,  +      (byte) 0xba, (byte) 0xd8, (byte) 0x0d, (byte) 0x6d, (byte) 0xb3, (byte) 0x85, (byte) 0x70, (byte) 0x0e,  +      (byte) 0x38, (byte) 0x6f, (byte) 0xf0, (byte) 0xfd, (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00,  +      (byte) 0x01, (byte) 0xa3, (byte) 0x82, (byte) 0x02, (byte) 0x32, (byte) 0x30, (byte) 0x82, (byte) 0x02,  +      (byte) 0x2e, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23,  +      (byte) 0x04, (byte) 0x0c, (byte) 0x30, (byte) 0x0a, (byte) 0x80, (byte) 0x08, (byte) 0x4b, (byte) 0x5d,  +      (byte) 0x02, (byte) 0x5c, (byte) 0x6d, (byte) 0x58, (byte) 0x24, (byte) 0x67, (byte) 0x30, (byte) 0x81,  +      (byte) 0x84, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05,  +      (byte) 0x07, (byte) 0x01, (byte) 0x01, (byte) 0x04, (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x30,  +      (byte) 0x2c, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05,  +      (byte) 0x07, (byte) 0x30, (byte) 0x01, (byte) 0x86, (byte) 0x20, (byte) 0x68, (byte) 0x74, (byte) 0x74,  +      (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x6f, (byte) 0x63, (byte) 0x73, (byte) 0x70,  +      (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x2d,  +      (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74,  +      (byte) 0x2f, (byte) 0x6f, (byte) 0x63, (byte) 0x73, (byte) 0x70, (byte) 0x30, (byte) 0x46, (byte) 0x06,  +      (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x30,  +      (byte) 0x02, (byte) 0x86, (byte) 0x3a, (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a,  +      (byte) 0x2f, (byte) 0x2f, (byte) 0x77, (byte) 0x77, (byte) 0x77, (byte) 0x2e, (byte) 0x61, (byte) 0x2d,  +      (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74,  +      (byte) 0x2f, (byte) 0x63, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x73, (byte) 0x2f, (byte) 0x61,  +      (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72,  +      (byte) 0x65, (byte) 0x6d, (byte) 0x69, (byte) 0x75, (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65,  +      (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x45, (byte) 0x6e, (byte) 0x63, (byte) 0x2d, (byte) 0x30,  +      (byte) 0x32, (byte) 0x2e, (byte) 0x63, (byte) 0x72, (byte) 0x74, (byte) 0x30, (byte) 0x81, (byte) 0x93,  +      (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x20, (byte) 0x04, (byte) 0x81, (byte) 0x8b,  +      (byte) 0x30, (byte) 0x81, (byte) 0x88, (byte) 0x30, (byte) 0x81, (byte) 0x85, (byte) 0x06, (byte) 0x06,  +      (byte) 0x2a, (byte) 0x28, (byte) 0x00, (byte) 0x11, (byte) 0x01, (byte) 0x03, (byte) 0x30, (byte) 0x7b,  +      (byte) 0x30, (byte) 0x3d, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05,  +      (byte) 0x05, (byte) 0x07, (byte) 0x02, (byte) 0x01, (byte) 0x16, (byte) 0x31, (byte) 0x68, (byte) 0x74,  +      (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x77, (byte) 0x77, (byte) 0x77,  +      (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74,  +      (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x64, (byte) 0x6f, (byte) 0x63, (byte) 0x73,  +      (byte) 0x2f, (byte) 0x63, (byte) 0x70, (byte) 0x2f, (byte) 0x61, (byte) 0x2d, (byte) 0x73, (byte) 0x69,  +      (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x70, (byte) 0x72, (byte) 0x65, (byte) 0x6d, (byte) 0x69,  +      (byte) 0x75, (byte) 0x6d, (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x30,  +      (byte) 0x3a, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05,  +      (byte) 0x07, (byte) 0x02, (byte) 0x02, (byte) 0x30, (byte) 0x2e, (byte) 0x1a, (byte) 0x2c, (byte) 0x44,  +      (byte) 0x69, (byte) 0x65, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x20, (byte) 0x5a, (byte) 0x65,  +      (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x6b, (byte) 0x61, (byte) 0x74,  +      (byte) 0x20, (byte) 0x64, (byte) 0x69, (byte) 0x65, (byte) 0x6e, (byte) 0x74, (byte) 0x20, (byte) 0x6e,  +      (byte) 0x75, (byte) 0x72, (byte) 0x20, (byte) 0x7a, (byte) 0x75, (byte) 0x20, (byte) 0x54, (byte) 0x65,  +      (byte) 0x73, (byte) 0x74, (byte) 0x7a, (byte) 0x77, (byte) 0x65, (byte) 0x63, (byte) 0x6b, (byte) 0x65,  +      (byte) 0x6e, (byte) 0x20, (byte) 0x21, (byte) 0x30, (byte) 0x81, (byte) 0xa4, (byte) 0x06, (byte) 0x03,  +      (byte) 0x55, (byte) 0x1d, (byte) 0x1f, (byte) 0x04, (byte) 0x81, (byte) 0x9c, (byte) 0x30, (byte) 0x81,  +      (byte) 0x99, (byte) 0x30, (byte) 0x81, (byte) 0x96, (byte) 0xa0, (byte) 0x81, (byte) 0x93, (byte) 0xa0,  +      (byte) 0x81, (byte) 0x90, (byte) 0x86, (byte) 0x81, (byte) 0x8d, (byte) 0x6c, (byte) 0x64, (byte) 0x61,  +      (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x6c, (byte) 0x64, (byte) 0x61, (byte) 0x70,  +      (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x2d,  +      (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74,  +      (byte) 0x2f, (byte) 0x6f, (byte) 0x75, (byte) 0x3d, (byte) 0x61, (byte) 0x2d, (byte) 0x73, (byte) 0x69,  +      (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72, (byte) 0x65, (byte) 0x6d, (byte) 0x69,  +      (byte) 0x75, (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d,  +      (byte) 0x45, (byte) 0x6e, (byte) 0x63, (byte) 0x2d, (byte) 0x30, (byte) 0x32, (byte) 0x2c, (byte) 0x6f,  +      (byte) 0x3d, (byte) 0x41, (byte) 0x2d, (byte) 0x54, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74,  +      (byte) 0x2c, (byte) 0x63, (byte) 0x3d, (byte) 0x41, (byte) 0x54, (byte) 0x3f, (byte) 0x63, (byte) 0x65,  +      (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, (byte) 0x74,  +      (byte) 0x65, (byte) 0x72, (byte) 0x65, (byte) 0x76, (byte) 0x6f, (byte) 0x63, (byte) 0x61, (byte) 0x74,  +      (byte) 0x69, (byte) 0x6f, (byte) 0x6e, (byte) 0x6c, (byte) 0x69, (byte) 0x73, (byte) 0x74, (byte) 0x3f,  +      (byte) 0x62, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x3f, (byte) 0x6f, (byte) 0x62, (byte) 0x6a,  +      (byte) 0x65, (byte) 0x63, (byte) 0x74, (byte) 0x63, (byte) 0x6c, (byte) 0x61, (byte) 0x73, (byte) 0x73,  +      (byte) 0x3d, (byte) 0x65, (byte) 0x69, (byte) 0x64, (byte) 0x43, (byte) 0x65, (byte) 0x72, (byte) 0x74,  +      (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f,  +      (byte) 0x6e, (byte) 0x41, (byte) 0x75, (byte) 0x74, (byte) 0x68, (byte) 0x6f, (byte) 0x72, (byte) 0x69,  +      (byte) 0x74, (byte) 0x79, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d,  +      (byte) 0x0e, (byte) 0x04, (byte) 0x0a, (byte) 0x04, (byte) 0x08, (byte) 0x4a, (byte) 0x24, (byte) 0x43,  +      (byte) 0xc0, (byte) 0x85, (byte) 0x2a, (byte) 0xb4, (byte) 0x51, (byte) 0x30, (byte) 0x0e, (byte) 0x06,  +      (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04,  +      (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x04, (byte) 0xb0, (byte) 0x30, (byte) 0x25, (byte) 0x06,  +      (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x11, (byte) 0x04, (byte) 0x1e, (byte) 0x30, (byte) 0x1c,  +      (byte) 0x81, (byte) 0x1a, (byte) 0x74, (byte) 0x68, (byte) 0x6f, (byte) 0x6d, (byte) 0x61, (byte) 0x73,  +      (byte) 0x2e, (byte) 0x72, (byte) 0x6f, (byte) 0x65, (byte) 0x73, (byte) 0x73, (byte) 0x6c, (byte) 0x65,  +      (byte) 0x72, (byte) 0x40, (byte) 0x65, (byte) 0x67, (byte) 0x69, (byte) 0x7a, (byte) 0x2e, (byte) 0x67,  +      (byte) 0x76, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03,  +      (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30,  +      (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7,  +      (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x82,  +      (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x4a, (byte) 0x36, (byte) 0x02, (byte) 0xb3, (byte) 0xab,  +      (byte) 0x02, (byte) 0xe9, (byte) 0xe1, (byte) 0xaf, (byte) 0x3f, (byte) 0xd5, (byte) 0xcd, (byte) 0x3d,  +      (byte) 0x51, (byte) 0x08, (byte) 0xb8, (byte) 0x73, (byte) 0x23, (byte) 0x68, (byte) 0x0c, (byte) 0x22,  +      (byte) 0x32, (byte) 0xcd, (byte) 0xbe, (byte) 0xc8, (byte) 0x77, (byte) 0xbc, (byte) 0x47, (byte) 0x37,  +      (byte) 0xdd, (byte) 0x89, (byte) 0x7c, (byte) 0x22, (byte) 0x24, (byte) 0x2f, (byte) 0x23, (byte) 0xea,  +      (byte) 0x3e, (byte) 0xc2, (byte) 0xf4, (byte) 0x59, (byte) 0x78, (byte) 0xa6, (byte) 0xbe, (byte) 0xcd,  +      (byte) 0x71, (byte) 0xaa, (byte) 0xb5, (byte) 0xbc, (byte) 0xe3, (byte) 0xbc, (byte) 0x3f, (byte) 0xf1,  +      (byte) 0xfa, (byte) 0x1a, (byte) 0x43, (byte) 0x2b, (byte) 0x91, (byte) 0x35, (byte) 0x67, (byte) 0xa5,  +      (byte) 0x62, (byte) 0x9d, (byte) 0x55, (byte) 0x85, (byte) 0xe0, (byte) 0x3f, (byte) 0xed, (byte) 0x00,  +      (byte) 0x67, (byte) 0x80, (byte) 0x6a, (byte) 0xfb, (byte) 0x46, (byte) 0x8a, (byte) 0xed, (byte) 0x48,  +      (byte) 0x03, (byte) 0xe7, (byte) 0x9d, (byte) 0x5c, (byte) 0xac, (byte) 0xdf, (byte) 0xec, (byte) 0x2d,  +      (byte) 0x53, (byte) 0x8b, (byte) 0x01, (byte) 0xdb, (byte) 0x14, (byte) 0x91, (byte) 0x21, (byte) 0xaf,  +      (byte) 0xa7, (byte) 0x91, (byte) 0x69, (byte) 0x7e, (byte) 0x97, (byte) 0x68, (byte) 0xcc, (byte) 0x2a,  +      (byte) 0x06, (byte) 0x1a, (byte) 0xbc, (byte) 0x53, (byte) 0x35, (byte) 0xde, (byte) 0xd7, (byte) 0x62,  +      (byte) 0x12, (byte) 0xbd, (byte) 0x54, (byte) 0xb5, (byte) 0x4c, (byte) 0x3c, (byte) 0xaf, (byte) 0x55,  +      (byte) 0xa4, (byte) 0x5b, (byte) 0x28, (byte) 0x61, (byte) 0x68, (byte) 0x03, (byte) 0xc6, (byte) 0x72,  +      (byte) 0xc0, (byte) 0xa2, (byte) 0x3f, (byte) 0x84, (byte) 0x02, (byte) 0xf8, (byte) 0x3d, (byte) 0x70,  +      (byte) 0x3f, (byte) 0xde, (byte) 0x9d, (byte) 0x6a, (byte) 0x71, (byte) 0x16, (byte) 0x87, (byte) 0x9d,  +      (byte) 0x93, (byte) 0x3d, (byte) 0x46, (byte) 0x41, (byte) 0xa9, (byte) 0x6a, (byte) 0xca, (byte) 0x87,  +      (byte) 0xd4, (byte) 0xd1, (byte) 0x3f, (byte) 0x1d, (byte) 0x6e, (byte) 0x6a, (byte) 0xbf, (byte) 0x02,  +      (byte) 0x9b, (byte) 0xfb, (byte) 0x4a, (byte) 0x47, (byte) 0xe0, (byte) 0x20, (byte) 0x4a, (byte) 0x2d,  +      (byte) 0x5a, (byte) 0x0c, (byte) 0x6b, (byte) 0x25, (byte) 0xd6, (byte) 0x2d, (byte) 0xd4, (byte) 0x53,  +      (byte) 0x08, (byte) 0x41, (byte) 0xa9, (byte) 0x16, (byte) 0xa2, (byte) 0xa0, (byte) 0xef, (byte) 0x13,  +      (byte) 0xa8, (byte) 0xec, (byte) 0x7e, (byte) 0x99, (byte) 0x15, (byte) 0xf9, (byte) 0x1a, (byte) 0x18,  +      (byte) 0x5e, (byte) 0x75, (byte) 0xc7, (byte) 0x5d, (byte) 0x40, (byte) 0xd4, (byte) 0x84, (byte) 0x4a,  +      (byte) 0xd2, (byte) 0xf7, (byte) 0x7c, (byte) 0x65, (byte) 0x12, (byte) 0xc7, (byte) 0xae, (byte) 0xbc,  +      (byte) 0x9d, (byte) 0x3e, (byte) 0xce, (byte) 0x42, (byte) 0xfe, (byte) 0xe4, (byte) 0x98, (byte) 0x10,  +      (byte) 0x63, (byte) 0x0d, (byte) 0xaa, (byte) 0x2d, (byte) 0x73, (byte) 0x7d, (byte) 0x46, (byte) 0x19,  +      (byte) 0xca, (byte) 0x78, (byte) 0x94, (byte) 0xe5, (byte) 0x11, (byte) 0x83, (byte) 0x87, (byte) 0xb2,  +      (byte) 0xf7, (byte) 0x59, (byte) 0x90, (byte) 0x47, (byte) 0x86, (byte) 0x57, (byte) 0xcf, (byte) 0xc7,  +      (byte) 0x7b, (byte) 0x8f, (byte) 0xac, (byte) 0x20, (byte) 0xbd, (byte) 0x46, (byte) 0xea, (byte) 0xa2,  +      (byte) 0x10, (byte) 0xe1, (byte) 0x72, (byte) 0x3e, (byte) 0xe3, (byte) 0x72, (byte) 0x20, (byte) 0x24,  +      (byte) 0xa5, (byte) 0x2f, (byte) 0xc5 +    }; +  protected static final int KID_PIN_DEC = 0x81; + +  protected static byte[] FID_EF_INFOBOX = new byte[] { (byte) 0xc0, (byte) 0x02 }; +  protected static byte[] FCI_EF_INFOBOX = new byte[] { (byte) 0x6f, (byte) 0x07, +    (byte) 0x80, (byte) 0x02, (byte) 0x05, (byte) 0xdc, (byte) 0x82, +    (byte) 0x01, (byte) 0x01}; +   +  protected byte[] EF_INFOBOX = new byte[1500]; + +  protected byte[] EF_C_CH_EKEY = new byte[2000]; +   +  public ACOSApplDEC() { +    System.arraycopy(C_CH_EKEY, 0, EF_C_CH_EKEY, 0, C_CH_EKEY.length); +    putFile(new File(FID_EF_C_CH_EKEY, EF_C_CH_EKEY, FCI_EF_C_CH_EKEY)); +    try { +      pins.put(KID_PIN_DEC, new PIN("1234\0\0\0\0".getBytes("ASCII"), KID_PIN_DEC, 10)); +    } catch (UnsupportedEncodingException e) { +      throw new RuntimeException(e); +    } +  } + +  @Override +  public byte[] getAID() { +    return AID_DEC; +  } + +  @Override +  public byte[] getFID() { +    return FID_DEC; +  } + +  @Override +  public byte[] getFCI() { +    return FCI; +  } + +  public void clearInfobox() { +    Arrays.fill(EF_INFOBOX, (byte) 0x00); +  } +   +  public void setInfoboxHeader(byte b) { +    EF_INFOBOX[0] = b; +  } +   +  public void clearCert() { +    Arrays.fill(EF_C_CH_EKEY, (byte) 0x00); +  } + +   +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSApplSIG.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSApplSIG.java new file mode 100644 index 00000000..e476b434 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSApplSIG.java @@ -0,0 +1,302 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import java.io.UnsupportedEncodingException; +import java.util.Arrays; +import java.util.Random; + +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.File; +import at.gv.egiz.smcc.PIN; + +@SuppressWarnings("restriction") +public abstract class ACOSApplSIG extends ACOSAppl { + +  private static byte[] FCI = new byte[] { (byte) 0x6f, (byte) 0x1a, +        (byte) 0x84, (byte) 0x07, (byte) 0xa0, (byte) 0x00, (byte) 0x00, +        (byte) 0x01, (byte) 0x18, (byte) 0x45, (byte) 0x43, (byte) 0x85, +        (byte) 0x0f, (byte) 0x50, (byte) 0x0d, (byte) 0x44, (byte) 0x49, +        (byte) 0x47, (byte) 0x53, (byte) 0x49, (byte) 0x47, (byte) 0x20, +        (byte) 0x43, (byte) 0x43, (byte) 0x20, (byte) 0x45, (byte) 0x43, +        (byte) 0x43 }; +  protected static byte[] FID_EF_C_CH_DS = new byte[] { (byte) 0xc0, (byte) 0x02 }; +  protected static byte[] FCI_EF_C_CH_DS = new byte[] { (byte) 0x6f, (byte) 0x07, +        (byte) 0x80, (byte) 0x02, (byte) 0x07, (byte) 0xd0, (byte) 0x82, +        (byte) 0x01, (byte) 0x01 }; +  protected static byte[] C_CH_DS = new byte[] { +      (byte) 0x30, (byte) 0x82, (byte) 0x05, (byte) 0x2b, (byte) 0x30, (byte) 0x82, (byte) 0x04, (byte) 0x13,  +      (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x03, (byte) 0x02,  +      (byte) 0x05, (byte) 0x52, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86,  +      (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05,  +      (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0xa1, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09,  +      (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41,  +      (byte) 0x54, (byte) 0x31, (byte) 0x48, (byte) 0x30, (byte) 0x46, (byte) 0x06, (byte) 0x03, (byte) 0x55,  +      (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x3f, (byte) 0x41, (byte) 0x2d, (byte) 0x54, (byte) 0x72,  +      (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x73, (byte) 0x2e,  +      (byte) 0x20, (byte) 0x66, (byte) 0x2e, (byte) 0x20, (byte) 0x53, (byte) 0x69, (byte) 0x63, (byte) 0x68,  +      (byte) 0x65, (byte) 0x72, (byte) 0x68, (byte) 0x65, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x73,  +      (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x6d, (byte) 0x65, (byte) 0x20, (byte) 0x69,  +      (byte) 0x6d, (byte) 0x20, (byte) 0x65, (byte) 0x6c, (byte) 0x65, (byte) 0x6b, (byte) 0x74, (byte) 0x72,  +      (byte) 0x2e, (byte) 0x20, (byte) 0x44, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x6e, (byte) 0x76,  +      (byte) 0x65, (byte) 0x72, (byte) 0x6b, (byte) 0x65, (byte) 0x68, (byte) 0x72, (byte) 0x20, (byte) 0x47,  +      (byte) 0x6d, (byte) 0x62, (byte) 0x48, (byte) 0x31, (byte) 0x23, (byte) 0x30, (byte) 0x21, (byte) 0x06,  +      (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x1a, (byte) 0x61, (byte) 0x2d,  +      (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72, (byte) 0x65,  +      (byte) 0x6d, (byte) 0x69, (byte) 0x75, (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73,  +      (byte) 0x74, (byte) 0x2d, (byte) 0x53, (byte) 0x69, (byte) 0x67, (byte) 0x2d, (byte) 0x30, (byte) 0x32,  +      (byte) 0x31, (byte) 0x23, (byte) 0x30, (byte) 0x21, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,  +      (byte) 0x03, (byte) 0x0c, (byte) 0x1a, (byte) 0x61, (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67,  +      (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72, (byte) 0x65, (byte) 0x6d, (byte) 0x69, (byte) 0x75,  +      (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x53,  +      (byte) 0x69, (byte) 0x67, (byte) 0x2d, (byte) 0x30, (byte) 0x32, (byte) 0x30, (byte) 0x1e, (byte) 0x17,  +      (byte) 0x0d, (byte) 0x30, (byte) 0x39, (byte) 0x30, (byte) 0x31, (byte) 0x31, (byte) 0x33, (byte) 0x30,  +      (byte) 0x39, (byte) 0x34, (byte) 0x35, (byte) 0x31, (byte) 0x32, (byte) 0x5a, (byte) 0x17, (byte) 0x0d,  +      (byte) 0x31, (byte) 0x32, (byte) 0x31, (byte) 0x32, (byte) 0x33, (byte) 0x31, (byte) 0x30, (byte) 0x39,  +      (byte) 0x34, (byte) 0x35, (byte) 0x31, (byte) 0x32, (byte) 0x5a, (byte) 0x30, (byte) 0x70, (byte) 0x31,  +      (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06,  +      (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x54, (byte) 0x31, (byte) 0x1f, (byte) 0x30, (byte) 0x1d,  +      (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x16, (byte) 0x58,  +      (byte) 0x58, (byte) 0x58, (byte) 0x4f, (byte) 0x74, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x58,  +      (byte) 0x58, (byte) 0x58, (byte) 0x4f, (byte) 0x74, (byte) 0x74, (byte) 0x61, (byte) 0x6b, (byte) 0x72,  +      (byte) 0x69, (byte) 0x6e, (byte) 0x67, (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x17, (byte) 0x30,  +      (byte) 0x15, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x04, (byte) 0x0c, (byte) 0x0e,  +      (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0x4f, (byte) 0x74, (byte) 0x74, (byte) 0x61, (byte) 0x6b,  +      (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x67, (byte) 0x65, (byte) 0x72, (byte) 0x31, (byte) 0x10,  +      (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x2a, (byte) 0x0c,  +      (byte) 0x07, (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0x4f, (byte) 0x74, (byte) 0x74, (byte) 0x6f,  +      (byte) 0x31, (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,  +      (byte) 0x05, (byte) 0x13, (byte) 0x0c, (byte) 0x39, (byte) 0x37, (byte) 0x30, (byte) 0x30, (byte) 0x31,  +      (byte) 0x36, (byte) 0x38, (byte) 0x36, (byte) 0x36, (byte) 0x31, (byte) 0x37, (byte) 0x34, (byte) 0x30,  +      (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, (byte) 0x48,  +      (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86,  +      (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0x03, (byte) 0x42,  +      (byte) 0x00, (byte) 0x04, (byte) 0x6b, (byte) 0xde, (byte) 0x5f, (byte) 0x5e, (byte) 0xd5, (byte) 0x2b,  +      (byte) 0xbe, (byte) 0x1e, (byte) 0xb9, (byte) 0x82, (byte) 0x19, (byte) 0x75, (byte) 0xf4, (byte) 0x3b,  +      (byte) 0xc1, (byte) 0x34, (byte) 0xe9, (byte) 0xdb, (byte) 0x0b, (byte) 0x25, (byte) 0x31, (byte) 0x33,  +      (byte) 0xfa, (byte) 0x8b, (byte) 0x72, (byte) 0xd4, (byte) 0x9f, (byte) 0x21, (byte) 0xf5, (byte) 0x62,  +      (byte) 0xb9, (byte) 0xf6, (byte) 0x50, (byte) 0xdb, (byte) 0xcc, (byte) 0xbf, (byte) 0x43, (byte) 0xb9,  +      (byte) 0x5e, (byte) 0x75, (byte) 0x2a, (byte) 0x37, (byte) 0xbe, (byte) 0x32, (byte) 0xa6, (byte) 0x83,  +      (byte) 0xb1, (byte) 0x5c, (byte) 0xc3, (byte) 0x9d, (byte) 0xf0, (byte) 0xab, (byte) 0xe6, (byte) 0x8f,  +      (byte) 0xe4, (byte) 0x97, (byte) 0x83, (byte) 0x57, (byte) 0x89, (byte) 0xe0, (byte) 0x13, (byte) 0xe3,  +      (byte) 0x13, (byte) 0xa8, (byte) 0xa3, (byte) 0x82, (byte) 0x02, (byte) 0x65, (byte) 0x30, (byte) 0x82,  +      (byte) 0x02, (byte) 0x61, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d,  +      (byte) 0x23, (byte) 0x04, (byte) 0x0c, (byte) 0x30, (byte) 0x0a, (byte) 0x80, (byte) 0x08, (byte) 0x46,  +      (byte) 0x06, (byte) 0x9f, (byte) 0x8e, (byte) 0x41, (byte) 0x8e, (byte) 0x15, (byte) 0xbd, (byte) 0x30,  +      (byte) 0x27, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05,  +      (byte) 0x07, (byte) 0x01, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04, (byte) 0x18,  +      (byte) 0x30, (byte) 0x16, (byte) 0x30, (byte) 0x08, (byte) 0x06, (byte) 0x06, (byte) 0x04, (byte) 0x00,  +      (byte) 0x8e, (byte) 0x46, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08,  +      (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x0b, (byte) 0x01,  +      (byte) 0x30, (byte) 0x81, (byte) 0x84, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01,  +      (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x01, (byte) 0x01, (byte) 0x04, (byte) 0x78, (byte) 0x30,  +      (byte) 0x76, (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01,  +      (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x30, (byte) 0x01, (byte) 0x86, (byte) 0x20, (byte) 0x68,  +      (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x6f, (byte) 0x63,  +      (byte) 0x73, (byte) 0x70, (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2e,  +      (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e,  +      (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x6f, (byte) 0x63, (byte) 0x73, (byte) 0x70, (byte) 0x30,  +      (byte) 0x46, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05,  +      (byte) 0x07, (byte) 0x30, (byte) 0x02, (byte) 0x86, (byte) 0x3a, (byte) 0x68, (byte) 0x74, (byte) 0x74,  +      (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x77, (byte) 0x77, (byte) 0x77, (byte) 0x2e,  +      (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e,  +      (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x63, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x73,  +      (byte) 0x2f, (byte) 0x61, (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d,  +      (byte) 0x50, (byte) 0x72, (byte) 0x65, (byte) 0x6d, (byte) 0x69, (byte) 0x75, (byte) 0x6d, (byte) 0x2d,  +      (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x53, (byte) 0x69, (byte) 0x67,  +      (byte) 0x2d, (byte) 0x30, (byte) 0x32, (byte) 0x2e, (byte) 0x63, (byte) 0x72, (byte) 0x74, (byte) 0x30,  +      (byte) 0x81, (byte) 0x9d, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x20, (byte) 0x04,  +      (byte) 0x81, (byte) 0x95, (byte) 0x30, (byte) 0x81, (byte) 0x92, (byte) 0x30, (byte) 0x81, (byte) 0x85,  +      (byte) 0x06, (byte) 0x06, (byte) 0x2a, (byte) 0x28, (byte) 0x00, (byte) 0x11, (byte) 0x01, (byte) 0x03,  +      (byte) 0x30, (byte) 0x7b, (byte) 0x30, (byte) 0x3d, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06,  +      (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x02, (byte) 0x01, (byte) 0x16, (byte) 0x31,  +      (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x77,  +      (byte) 0x77, (byte) 0x77, (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72, (byte) 0x75,  +      (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x64, (byte) 0x6f,  +      (byte) 0x63, (byte) 0x73, (byte) 0x2f, (byte) 0x63, (byte) 0x70, (byte) 0x2f, (byte) 0x61, (byte) 0x2d,  +      (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x70, (byte) 0x72, (byte) 0x65,  +      (byte) 0x6d, (byte) 0x69, (byte) 0x75, (byte) 0x6d, (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73,  +      (byte) 0x74, (byte) 0x30, (byte) 0x3a, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01,  +      (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x02, (byte) 0x02, (byte) 0x30, (byte) 0x2e, (byte) 0x1a,  +      (byte) 0x2c, (byte) 0x44, (byte) 0x69, (byte) 0x65, (byte) 0x73, (byte) 0x65, (byte) 0x73, (byte) 0x20,  +      (byte) 0x5a, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x6b,  +      (byte) 0x61, (byte) 0x74, (byte) 0x20, (byte) 0x64, (byte) 0x69, (byte) 0x65, (byte) 0x6e, (byte) 0x74,  +      (byte) 0x20, (byte) 0x6e, (byte) 0x75, (byte) 0x72, (byte) 0x20, (byte) 0x7a, (byte) 0x75, (byte) 0x20,  +      (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x7a, (byte) 0x77, (byte) 0x65, (byte) 0x63,  +      (byte) 0x6b, (byte) 0x65, (byte) 0x6e, (byte) 0x20, (byte) 0x21, (byte) 0x30, (byte) 0x08, (byte) 0x06,  +      (byte) 0x06, (byte) 0x04, (byte) 0x00, (byte) 0x8b, (byte) 0x30, (byte) 0x01, (byte) 0x01, (byte) 0x30,  +      (byte) 0x81, (byte) 0xa4, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x1f, (byte) 0x04,  +      (byte) 0x81, (byte) 0x9c, (byte) 0x30, (byte) 0x81, (byte) 0x99, (byte) 0x30, (byte) 0x81, (byte) 0x96,  +      (byte) 0xa0, (byte) 0x81, (byte) 0x93, (byte) 0xa0, (byte) 0x81, (byte) 0x90, (byte) 0x86, (byte) 0x81,  +      (byte) 0x8d, (byte) 0x6c, (byte) 0x64, (byte) 0x61, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f,  +      (byte) 0x6c, (byte) 0x64, (byte) 0x61, (byte) 0x70, (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73,  +      (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73,  +      (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x6f, (byte) 0x75, (byte) 0x3d,  +      (byte) 0x61, (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x50,  +      (byte) 0x72, (byte) 0x65, (byte) 0x6d, (byte) 0x69, (byte) 0x75, (byte) 0x6d, (byte) 0x2d, (byte) 0x54,  +      (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x53, (byte) 0x69, (byte) 0x67, (byte) 0x2d,  +      (byte) 0x30, (byte) 0x32, (byte) 0x2c, (byte) 0x6f, (byte) 0x3d, (byte) 0x41, (byte) 0x2d, (byte) 0x54,  +      (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2c, (byte) 0x63, (byte) 0x3d, (byte) 0x41,  +      (byte) 0x54, (byte) 0x3f, (byte) 0x63, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66,  +      (byte) 0x69, (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x65, (byte) 0x76,  +      (byte) 0x6f, (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, (byte) 0x6c,  +      (byte) 0x69, (byte) 0x73, (byte) 0x74, (byte) 0x3f, (byte) 0x62, (byte) 0x61, (byte) 0x73, (byte) 0x65,  +      (byte) 0x3f, (byte) 0x6f, (byte) 0x62, (byte) 0x6a, (byte) 0x65, (byte) 0x63, (byte) 0x74, (byte) 0x63,  +      (byte) 0x6c, (byte) 0x61, (byte) 0x73, (byte) 0x73, (byte) 0x3d, (byte) 0x65, (byte) 0x69, (byte) 0x64,  +      (byte) 0x43, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63,  +      (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, (byte) 0x41, (byte) 0x75, (byte) 0x74,  +      (byte) 0x68, (byte) 0x6f, (byte) 0x72, (byte) 0x69, (byte) 0x74, (byte) 0x79, (byte) 0x30, (byte) 0x11,  +      (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x0a, (byte) 0x04,  +      (byte) 0x08, (byte) 0x46, (byte) 0x08, (byte) 0xda, (byte) 0x9e, (byte) 0x68, (byte) 0xf8, (byte) 0xe5,  +      (byte) 0x81, (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0f,  +      (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04, (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x06,  +      (byte) 0xc0, (byte) 0x30, (byte) 0x25, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x11,  +      (byte) 0x04, (byte) 0x1e, (byte) 0x30, (byte) 0x1c, (byte) 0x81, (byte) 0x1a, (byte) 0x74, (byte) 0x68,  +      (byte) 0x6f, (byte) 0x6d, (byte) 0x61, (byte) 0x73, (byte) 0x2e, (byte) 0x72, (byte) 0x6f, (byte) 0x65,  +      (byte) 0x73, (byte) 0x73, (byte) 0x6c, (byte) 0x65, (byte) 0x72, (byte) 0x40, (byte) 0x65, (byte) 0x67,  +      (byte) 0x69, (byte) 0x7a, (byte) 0x2e, (byte) 0x67, (byte) 0x76, (byte) 0x2e, (byte) 0x61, (byte) 0x74,  +      (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04,  +      (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a,  +      (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05,  +      (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x82, (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0xd8,  +      (byte) 0xec, (byte) 0xe5, (byte) 0x5c, (byte) 0x17, (byte) 0x42, (byte) 0xe8, (byte) 0x2f, (byte) 0x04,  +      (byte) 0x1f, (byte) 0xe2, (byte) 0x04, (byte) 0x57, (byte) 0x07, (byte) 0x30, (byte) 0xdc, (byte) 0x4f,  +      (byte) 0x61, (byte) 0x7d, (byte) 0xd8, (byte) 0x89, (byte) 0x36, (byte) 0x31, (byte) 0x26, (byte) 0x45,  +      (byte) 0x55, (byte) 0x64, (byte) 0xd3, (byte) 0x55, (byte) 0x1b, (byte) 0x83, (byte) 0x51, (byte) 0xa0,  +      (byte) 0x39, (byte) 0x1b, (byte) 0x6a, (byte) 0x7e, (byte) 0xfa, (byte) 0x7e, (byte) 0x2c, (byte) 0xd0,  +      (byte) 0xd3, (byte) 0x86, (byte) 0x7b, (byte) 0x8d, (byte) 0x29, (byte) 0x8f, (byte) 0xa3, (byte) 0x83,  +      (byte) 0xd2, (byte) 0x72, (byte) 0xce, (byte) 0x43, (byte) 0xcf, (byte) 0xc1, (byte) 0x27, (byte) 0xf1,  +      (byte) 0x4d, (byte) 0x11, (byte) 0xe2, (byte) 0x67, (byte) 0xbe, (byte) 0x6e, (byte) 0x34, (byte) 0x7d,  +      (byte) 0x04, (byte) 0x1f, (byte) 0xba, (byte) 0x55, (byte) 0x34, (byte) 0xea, (byte) 0xc2, (byte) 0xcf,  +      (byte) 0x0f, (byte) 0x64, (byte) 0x7b, (byte) 0x84, (byte) 0xe0, (byte) 0x55, (byte) 0x05, (byte) 0x82,  +      (byte) 0xdd, (byte) 0x9d, (byte) 0xd7, (byte) 0xeb, (byte) 0x91, (byte) 0x78, (byte) 0x69, (byte) 0x49,  +      (byte) 0x58, (byte) 0x70, (byte) 0xff, (byte) 0x83, (byte) 0x70, (byte) 0xa0, (byte) 0xb3, (byte) 0xb7,  +      (byte) 0x3d, (byte) 0x0f, (byte) 0x8e, (byte) 0xe9, (byte) 0x1b, (byte) 0x21, (byte) 0xef, (byte) 0x31,  +      (byte) 0x0b, (byte) 0xe3, (byte) 0xac, (byte) 0xc6, (byte) 0x0f, (byte) 0x57, (byte) 0x4f, (byte) 0xd8,  +      (byte) 0xd6, (byte) 0xb2, (byte) 0xd0, (byte) 0xca, (byte) 0xd9, (byte) 0x6f, (byte) 0x3f, (byte) 0x6e,  +      (byte) 0x83, (byte) 0x8c, (byte) 0xff, (byte) 0x47, (byte) 0xca, (byte) 0xbc, (byte) 0x81, (byte) 0x60,  +      (byte) 0x5f, (byte) 0xe2, (byte) 0xdd, (byte) 0xbd, (byte) 0x89, (byte) 0xb2, (byte) 0x52, (byte) 0xac,  +      (byte) 0xc3, (byte) 0x8b, (byte) 0x44, (byte) 0x99, (byte) 0x70, (byte) 0xe7, (byte) 0x2c, (byte) 0x52,  +      (byte) 0x21, (byte) 0xaa, (byte) 0xa2, (byte) 0x0f, (byte) 0x38, (byte) 0xc6, (byte) 0x98, (byte) 0x4d,  +      (byte) 0x48, (byte) 0xda, (byte) 0x65, (byte) 0x41, (byte) 0xa4, (byte) 0xad, (byte) 0x41, (byte) 0x7c,  +      (byte) 0x99, (byte) 0x14, (byte) 0xe5, (byte) 0xcb, (byte) 0x51, (byte) 0xd7, (byte) 0xab, (byte) 0x76,  +      (byte) 0xb1, (byte) 0x20, (byte) 0xce, (byte) 0x32, (byte) 0x1b, (byte) 0x11, (byte) 0x5c, (byte) 0xef,  +      (byte) 0x8b, (byte) 0x4f, (byte) 0xf3, (byte) 0x46, (byte) 0x5b, (byte) 0x11, (byte) 0xd7, (byte) 0x91,  +      (byte) 0xb6, (byte) 0x41, (byte) 0xd3, (byte) 0x23, (byte) 0xb6, (byte) 0x03, (byte) 0xa8, (byte) 0x98,  +      (byte) 0x40, (byte) 0x76, (byte) 0x13, (byte) 0x5d, (byte) 0x4c, (byte) 0xb2, (byte) 0xe9, (byte) 0xfe,  +      (byte) 0x90, (byte) 0x27, (byte) 0x04, (byte) 0xfc, (byte) 0x10, (byte) 0x45, (byte) 0x8b, (byte) 0x10,  +      (byte) 0xc3, (byte) 0xb2, (byte) 0x4b, (byte) 0x3c, (byte) 0xd2, (byte) 0x5b, (byte) 0x0f, (byte) 0xe8,  +      (byte) 0xfb, (byte) 0xb9, (byte) 0x45, (byte) 0xaf, (byte) 0x05, (byte) 0xc4, (byte) 0xba, (byte) 0xc7,  +      (byte) 0xfc, (byte) 0xa5, (byte) 0x7d, (byte) 0xdb, (byte) 0x4f, (byte) 0xa9, (byte) 0x76, (byte) 0xe2,  +      (byte) 0xfa, (byte) 0xc7, (byte) 0xe0, (byte) 0xad, (byte) 0x70, (byte) 0xaa, (byte) 0x40, (byte) 0x15,  +      (byte) 0x64, (byte) 0x01, (byte) 0xba, (byte) 0xc6, (byte) 0xc3, (byte) 0x83, (byte) 0x65, (byte) 0x95,  +      (byte) 0x3c, (byte) 0x05, (byte) 0x53, (byte) 0x88, (byte) 0xe7, (byte) 0x19, (byte) 0x98 +    }; +   +  protected static final int KID_PIN_SIG = 0x81; + +  protected byte[] EF_C_CH_DS = new byte[2000]; +   +  public ACOSApplSIG() { +    // Files +    System.arraycopy(C_CH_DS, 0, EF_C_CH_DS, 0, C_CH_DS.length); +    putFile(new File(FID_EF_C_CH_DS, EF_C_CH_DS, FCI_EF_C_CH_DS)); +     +    // PINs +    try { +      pins.put(KID_PIN_SIG, new PIN(Arrays.copyOf("123456".getBytes("ASCII"), 8), KID_PIN_SIG, 3)); +    } catch (UnsupportedEncodingException e) { +      throw new RuntimeException(e); +    } +  } + +  @Override +  public byte[] getAID() { +    return AID_SIG; +  } + +  @Override +  public byte[] getFID() { +    return FID_SIG; +  } + +  @Override +  public byte[] getFCI() { +    return FCI; +  } + +  @Override +  public ResponseAPDU cmdPERFORM_SECURITY_OPERATION(CommandAPDU command, CardChannelEmul channel) { +     +    checkINS(command, 0x2A); +   +    if (command.getP1() == 0x90 && command.getP2() == 0x81) { +       +      // PUT HASH +      hash = command.getData(); +      return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +       +    } else if (command.getP1() == 0x9E && command.getP2() == 0x9A) { +       +      // COMPUTE DIGITAL SIGNATURE +      if (securityEnv == null) { +        // No security environment +        return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +      } +      if (hash == null) { +        // Command sequence not correct +        return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x03}); +      } +      if (hash.length != 20) { +        // Invalid hash length +        return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x80}); +      } +      if (pins.get(KID_PIN_SIG).state != PIN.STATE_PIN_VERIFIED) { +        // Security Status not satisfied +        return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x82}); +      } +       +      byte[] signature = new byte[48];  +       +      // TODO replace by signature creation +      Random random = new Random(); +      random.nextBytes(signature); +       +      byte[] response = new byte[signature.length + 2]; +      System.arraycopy(signature, 0, response, 0, signature.length); +      response[signature.length] = (byte) 0x90; +      response[signature.length + 1] = (byte) 0x00; +       +      hash = null; +      pins.get(KID_PIN_SIG).state = PIN.STATE_RESET; +       +      return new ResponseAPDU(response); +       +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x00}); +    } +     +  } +   +  public void clearCert() { +    Arrays.fill(EF_C_CH_DS, (byte) 0x00); +  } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardChannelEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardChannelEmul.java new file mode 100644 index 00000000..25923686 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardChannelEmul.java @@ -0,0 +1,261 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import java.util.Arrays; + +import javax.smartcardio.Card; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.AbstractAppl; +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.CardEmul; +import at.gv.egiz.smcc.File; +import at.gv.egiz.smcc.PIN; + +@SuppressWarnings("restriction") +public abstract class ACOSCardChannelEmul extends CardChannelEmul { + +  /** +   *  +   */ +  protected CardEmul cardEmul; + +  public ACOSCardChannelEmul(CardEmul cardEmul) { +    this.cardEmul = cardEmul; +  } + +  @Override +  public Card getCard() { +    return cardEmul; +  } + +  protected ResponseAPDU cmdSELECT(CommandAPDU command) throws CardException { +   +    byte[] fid = command.getData(); +     +    AbstractAppl appl = cardEmul.getApplication(fid); +    if (appl != null) { +      if (currentAppl != null && currentAppl != appl) { +        currentAppl.leaveApplContext(); +        currentFile = null; +      } +      currentAppl = appl; + +      byte[] fci = currentAppl.getFCI(); +      byte[] response = new byte[fci.length + 2]; +      System.arraycopy(fci, 0, response, 0, fci.length); +      response[fci.length] = (byte) 0x90; +      response[fci.length + 1] = (byte) 0x00; +      return new ResponseAPDU(response); +    } +     +    if (command.getP1() == 0x00) { +      // SELECT with FID +      if (currentAppl instanceof AbstractAppl) { +         +        for (File file : ((AbstractAppl) currentAppl).getFiles()) { +           +          if (Arrays.equals(fid, file.fid)) { +            currentFile = file; +            byte[] response = new byte[file.fcx.length + 2]; +            System.arraycopy(file.fcx, 0, response, 0, file.fcx.length); +            response[file.fcx.length] = (byte) 0x90; +            response[file.fcx.length + 1] = (byte) 0x00; +            return new ResponseAPDU(response); +          } +           +        } +         +        return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x82}); +         +      } else { +        return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x82}); +      } +    } +     +    // Not found +    return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x82}); +     +  } +   +  public abstract ResponseAPDU cmdREAD_BINARY(CommandAPDU command) throws CardException; + + +  @Override +  public ResponseAPDU transmit(CommandAPDU command) throws CardException { +   +    if (command.getCLA() == 0x00) { +   +      switch (command.getINS()) { +   +      // SELECT +      case 0xA4: +        return cmdSELECT(command); +       +      // READ BINARY +      case 0xB0: +        return cmdREAD_BINARY(command); +       +      // VERIFY +      case 0x20: +        if ((command.getP2() & 0x80) > 0) { +          return cmdVERIFY(command); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81});  +        } +       +      // MANAGE SECURITY ENVIRONMENT +      case 0x22: { +        if (currentAppl != null) { +          return currentAppl.cmdMANAGE_SECURITY_ENVIRONMENT(command, this); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05});  +        } +      } +       +      // CHANGE REFERENCE DATA +      case 0x24: { +        return cmdCHANGE_REFERENCE_DATA(command); +      } +       +      // PERFORM SECURITY OPERATION +      case 0x2A: { +        if (currentAppl != null) { +          return currentAppl.cmdPERFORM_SECURITY_OPERATION(command, this); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +        } +      } +   +      // INTERNAL AUTHENTICATE +      case 0x88: { +        if (currentAppl != null) { +          return currentAppl.cmdINTERNAL_AUTHENTICATE(command, this); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +        } +      } +       +      default: +        return new ResponseAPDU(new byte[] { (byte) 0x6D, (byte) 0x00}); +      } +   +    } else { +      return new ResponseAPDU(new byte[] { (byte) 0x6E, (byte) 0x00});  +    } +   +  } + +  protected ResponseAPDU verifyPin(int kid, byte[] reference) { +     +    PIN pin; +    if (currentAppl != null) { +      pin = currentAppl.pins.get(kid); +    } else { +      pin = null; +    } +     +    if (pin != null) { +   +      if (reference.length != 8) { +        return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +      } +       +      if (Arrays.equals(reference, pin.pin)) { +        switch (pin.state) { +        case PIN.STATE_PIN_BLOCKED: +          return new ResponseAPDU(new byte[] { (byte) 0x69, (byte) 0x83 }); +   +        case PIN.STATE_RESET: +          pin.state = PIN.STATE_PIN_VERIFIED; +           +        default: +          pin.kfpc = 10; +          return new ResponseAPDU(new byte[] { (byte) 0x90, (byte) 0x00 }); +        } +      } else { +        switch (pin.state) { +        case PIN.STATE_PIN_BLOCKED: +          return new ResponseAPDU(new byte[] { (byte) 0x69, (byte) 0x83 }); +         +        default: +          if (--pin.kfpc > 0) { +            return new ResponseAPDU(new byte[] { (byte) 0x63, (byte) (pin.kfpc | 0xC0)}); +          } else { +            pin.state = PIN.STATE_PIN_BLOCKED; +            return new ResponseAPDU(new byte[] { (byte) 0x69, (byte) 0x83 }); +          } +        } +         +      } +       +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x00}); +    } +     +  } + +  public ResponseAPDU cmdVERIFY(CommandAPDU command) throws CardException { +     +    if (command.getINS() != 0x20) { +      throw new IllegalArgumentException("INS has to be 0x20."); +    } +     +    if (command.getP1() != 00) { +      return new ResponseAPDU(new byte[] {(byte) 0x6B, (byte) 0x00}); +    } +     +    return verifyPin(command.getP2(), command.getData()); +   +  } + +  public ResponseAPDU cmdCHANGE_REFERENCE_DATA(CommandAPDU command) { +     +    if (command.getINS() != 0x24) { +      throw new IllegalArgumentException("INS has to be 0x24."); +    } +     +    if (command.getP1() == 0x00) { +       +      byte[] data = command.getData(); +      if (data.length != 16) { +        return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +      } +   +      ResponseAPDU response = verifyPin(command.getP2(), Arrays.copyOf(data, 8)); +      if (response.getSW() == 0x9000) { +        PIN pin; +        if (currentAppl != null) { +          pin = currentAppl.pins.get(command.getP2()); +        } else { +          pin = null; +        } +        pin.pin = Arrays.copyOfRange(data, 8, 16); +      } +       +      return response; +       +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81}); +    } +     +  } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardEmul.java new file mode 100644 index 00000000..b9f70a5d --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardEmul.java @@ -0,0 +1,38 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + + +import javax.smartcardio.ATR; + +import at.gv.egiz.smcc.CardEmul; + +@SuppressWarnings("restriction") +public abstract class ACOSCardEmul extends CardEmul { + +  protected static ATR ATR = new ATR(new byte[] { +        (byte) 0x3b, (byte) 0xbf, (byte) 0x11, (byte) 0x00, (byte) 0x81, (byte) 0x31, (byte) 0xfe, (byte) 0x45,  +        (byte) 0x45, (byte) 0x50, (byte) 0x41, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,  +        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0xf1 +  }); +   +  @Override +  public ATR getATR() { +    return ATR; +  } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardTest.java new file mode 100644 index 00000000..90bb039e --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardTest.java @@ -0,0 +1,243 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import java.io.UnsupportedEncodingException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; + +import org.junit.Test; + +import at.gv.egiz.smcc.ACOSCard; +import at.gv.egiz.smcc.CardEmul; +import at.gv.egiz.smcc.CardNotSupportedException; +import at.gv.egiz.smcc.CardTest; +import at.gv.egiz.smcc.LockedException; +import at.gv.egiz.smcc.NotActivatedException; +import at.gv.egiz.smcc.SignatureCard; +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.SignatureCard.KeyboxName; + +public abstract class ACOSCardTest extends CardTest { + +  public ACOSCardTest() { +    super(); +  } + +  protected abstract int getVersion(); + +  @Test +  public void testGetInfoboxIdentityLinkEmpty() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    char[] pin = "0000".toCharArray(); +     +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplDEC appl = (ACOSApplDEC) card.getApplication(ACOSAppl.AID_DEC); +    appl.clearInfobox(); + +    byte[] idlink = signatureCard.getInfobox("IdentityLink", +        new TestPINProvider(pin), null); +    assertNull(idlink); + +  } +   +  @Test(expected = SignatureCardException.class) +  public void testGetInfoboxIdentityInvalid() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    char[] pin = "0000".toCharArray(); +     +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplDEC appl = (ACOSApplDEC) card.getApplication(ACOSAppl.AID_DEC); +    appl.setInfoboxHeader((byte) 0xFF); + +    signatureCard.getInfobox("IdentityLink", new TestPINProvider(pin), null); + +  } + +  @Test +  public void testGetCerts() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    SignatureCard signatureCard = createSignatureCard(); + +    byte[] cert; + +    cert = signatureCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); +    assertNotNull(cert); +    assertTrue(Arrays.equals(cert, A04ApplSIG.C_CH_DS)); + +    cert = signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); +    assertNotNull(cert); +    assertTrue(Arrays.equals(cert, A04ApplDEC.C_CH_EKEY)); + +  } + +  @Test(expected = NotActivatedException.class) +  public void testGetSIGCertEmpty() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplSIG appl = (ACOSApplSIG) card.getApplication(ACOSAppl.AID_SIG); +    appl.clearCert(); + +    signatureCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); + +  } + +  @Test(expected = NotActivatedException.class) +  public void testGetDECCertEmpty() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplDEC appl = (ACOSApplDEC) card.getApplication(ACOSAppl.AID_DEC); +    appl.clearCert(); + +    signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); + +  } + +  @Test +  public void testSignSIG() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    char[] pin = "123456".toCharArray(); + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplSIG appl = (ACOSApplSIG) card.getApplication(ACOSAppl.AID_SIG); +    appl.setPin(ACOSApplSIG.KID_PIN_SIG, pin); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    byte[] signature = signatureCard.createSignature(hash, +        KeyboxName.SECURE_SIGNATURE_KEYPAIR, new TestPINProvider(pin)); + +    assertNotNull(signature); + +  } + +  @Test +  public void testSignDEC() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    char[] pin = "1234".toCharArray(); + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplDEC appl = (ACOSApplDEC) card.getApplication(ACOSAppl.AID_DEC); +    appl.setPin(ACOSApplDEC.KID_PIN_DEC, pin); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    byte[] signature = signatureCard.createSignature(hash, +        KeyboxName.CERITIFIED_KEYPAIR, new TestPINProvider(pin)); + +    assertNotNull(signature); + +  } + +  @Test(expected = LockedException.class) +  public void testSignSIGInvalidPin() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    SignatureCard signatureCard = createSignatureCard(); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    TestPINProvider pinProvider = new TestPINProvider("000000".toCharArray()); + +    signatureCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, +        pinProvider); + +  } + +  @Test(expected = LockedException.class) +  public void testSignDECInvalidPin() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    SignatureCard signatureCard = createSignatureCard(); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    TestPINProvider pinProvider = new TestPINProvider("0000".toCharArray()); + +    signatureCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, +        pinProvider); + +  } + +  @Test(expected = LockedException.class) +  public void testSignSIGBlockedPin() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplSIG appl = (ACOSApplSIG) card.getApplication(ACOSAppl.AID_SIG); +    appl.setPin(ACOSApplSIG.KID_PIN_SIG, null); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    TestPINProvider pinProvider = new TestPINProvider("000000".toCharArray()); + +    signatureCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, +        pinProvider); + +  } + +  @Test(expected = LockedException.class) +  public void testSignDECBlockedPin() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    ACOSApplDEC appl = (ACOSApplDEC) card.getApplication(ACOSAppl.AID_DEC); +    appl.setPin(ACOSApplDEC.KID_PIN_DEC, null); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    TestPINProvider pinProvider = new TestPINProvider("0000".toCharArray()); + +    signatureCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, +        pinProvider); + +  } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardTestSuite.java b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardTestSuite.java new file mode 100644 index 00000000..101f7edc --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/acos/ACOSCardTestSuite.java @@ -0,0 +1,27 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.acos; + +import org.junit.runner.RunWith; +import org.junit.runners.Suite; +import org.junit.runners.Suite.SuiteClasses; + +@RunWith(Suite.class) +@SuiteClasses( { A03CardTest.class, A04CardTest.class }) +public class ACOSCardTestSuite { + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSAppl.java b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSAppl.java new file mode 100644 index 00000000..2ca63eea --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSAppl.java @@ -0,0 +1,95 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.starcos; + +import java.io.UnsupportedEncodingException; +import java.math.BigInteger; +import java.util.Arrays; +import java.util.Iterator; + +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.AbstractAppl; +import at.gv.egiz.smcc.CardAppl; +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.PIN; + +@SuppressWarnings("restriction") +public abstract class STARCOSAppl extends AbstractAppl implements CardAppl { + +  public static byte[] AID_SichereSignatur = new byte[] { (byte) 0xD0, (byte) 0x40, +        (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x12, (byte) 0x01 }; +   +  public static byte[] FID_SichereSignatur = new byte[] { (byte) 0x3F, (byte) 0x04 }; +   +  public static byte[] AID_Infobox = new byte[] { (byte) 0xD0, (byte) 0x40, +    (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x18, (byte) 0x01 }; + +  public static byte[] FID_Infobox = new byte[] { (byte) 0x3F, (byte) 0x06 }; + +  public static byte[] AID_GewoehnlicheSignatur = new byte[] { (byte) 0xD0, (byte) 0x40, +    (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x13, (byte) 0x01 }; + +  public static byte[] FID_GewoehnlicheSignatur = new byte[] { (byte) 0x3F, (byte) 0x05 }; +   +  protected STARCOSCardChannelEmul channel; +   +  protected byte[] securityEnv; + +  protected byte[] hash; + +  public STARCOSAppl(STARCOSCardChannelEmul channel) { +    this.channel = channel; +  } + +  @Override +  public ResponseAPDU cmdINTERNAL_AUTHENTICATE(CommandAPDU command, CardChannelEmul channel) { +    return new ResponseAPDU(new byte[] {(byte) 0x6D, (byte) 0x00}); +  } + +  @Override +  public void leaveApplContext() { +    Iterator<PIN> pin = pins.values().iterator(); +    while (pin.hasNext()) { +      pin.next().state = PIN.STATE_RESET; +    } +  } +   +  public void setPin(int kid, char[] value) { +    PIN pin = pins.get(kid); +    if (pin != null) { +      if (value == null) { +        pin.pin = null; +      } else { +        byte[] b = new byte[8]; +        b[0] = (byte) (0x20 | value.length); +        for(int i = 1, j = 0; i < b.length; i++) { +          int h = ((j < value.length)  +                  ? Character.digit(value[j++], 10)  +                  : 0x0F); +          int l = ((j < value.length)  +                  ? Character.digit(value[j++], 10)  +                  : 0x0F); +          b[i] = (byte) ((h << 4) | l); +        } +        pin.pin = b; +      } +    } +  } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSApplGewoehnlicheSignatur.java b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSApplGewoehnlicheSignatur.java new file mode 100644 index 00000000..cec305da --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSApplGewoehnlicheSignatur.java @@ -0,0 +1,332 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.starcos; + +import java.io.UnsupportedEncodingException; +import java.util.Arrays; +import java.util.Random; + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.File; +import at.gv.egiz.smcc.PIN; + +@SuppressWarnings("restriction") +public class STARCOSApplGewoehnlicheSignatur extends STARCOSAppl { + +  private static byte[] FCI = new byte[] { (byte) 0x6f, (byte) 0x14, +      (byte) 0x84, (byte) 0x08, (byte) 0xd0, (byte) 0x40, (byte) 0x00, +      (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x13, (byte) 0x01, +      (byte) 0xa5, (byte) 0x08, (byte) 0x53, (byte) 0x02, (byte) 0x01, +      (byte) 0x10, (byte) 0x54, (byte) 0x02, (byte) 0x01, (byte) 0x00 }; +   +  protected static byte[] FID_EF_C_X509_CH_AUT = new byte[] { (byte) 0x2f, +      (byte) 0x01 }; +   +  protected static byte[] FCI_EF_C_X509_CH_AUT = new byte[] { (byte) 0x62, +      (byte) 0x16, (byte) 0x80, (byte) 0x02, (byte) 0x04, (byte) 0x9c, +      (byte) 0x82, (byte) 0x01, (byte) 0x01, (byte) 0x83, (byte) 0x02, +      (byte) 0x2f, (byte) 0x01, (byte) 0x88, (byte) 0x01, (byte) 0x08, +      (byte) 0x8a, (byte) 0x01, (byte) 0x05, (byte) 0xa1, (byte) 0x03, +      (byte) 0x8b, (byte) 0x01, (byte) 0x08 }; +   +  protected static byte[] C_X509_CH_AUT = new byte[] { +    (byte) 0x30, (byte) 0x82, (byte) 0x04, (byte) 0x98, (byte) 0x30, (byte) 0x82, (byte) 0x03, (byte) 0x80,  +    (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x03, (byte) 0x02,  +    (byte) 0x06, (byte) 0x5f, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86,  +    (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05,  +    (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0x95, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09,  +    (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41,  +    (byte) 0x54, (byte) 0x31, (byte) 0x48, (byte) 0x30, (byte) 0x46, (byte) 0x06, (byte) 0x03, (byte) 0x55,  +    (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x3f, (byte) 0x41, (byte) 0x2d, (byte) 0x54, (byte) 0x72,  +    (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x73, (byte) 0x2e,  +    (byte) 0x20, (byte) 0x66, (byte) 0x2e, (byte) 0x20, (byte) 0x53, (byte) 0x69, (byte) 0x63, (byte) 0x68,  +    (byte) 0x65, (byte) 0x72, (byte) 0x68, (byte) 0x65, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x73,  +    (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x6d, (byte) 0x65, (byte) 0x20, (byte) 0x69,  +    (byte) 0x6d, (byte) 0x20, (byte) 0x65, (byte) 0x6c, (byte) 0x65, (byte) 0x6b, (byte) 0x74, (byte) 0x72,  +    (byte) 0x2e, (byte) 0x20, (byte) 0x44, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x6e, (byte) 0x76,  +    (byte) 0x65, (byte) 0x72, (byte) 0x6b, (byte) 0x65, (byte) 0x68, (byte) 0x72, (byte) 0x20, (byte) 0x47,  +    (byte) 0x6d, (byte) 0x62, (byte) 0x48, (byte) 0x31, (byte) 0x1d, (byte) 0x30, (byte) 0x1b, (byte) 0x06,  +    (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x14, (byte) 0x61, (byte) 0x2d,  +    (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x74, (byte) 0x6f, (byte) 0x6b,  +    (byte) 0x65, (byte) 0x6e, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d,  +    (byte) 0x30, (byte) 0x33, (byte) 0x31, (byte) 0x1d, (byte) 0x30, (byte) 0x1b, (byte) 0x06, (byte) 0x03,  +    (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x14, (byte) 0x61, (byte) 0x2d, (byte) 0x73,  +    (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x74, (byte) 0x6f, (byte) 0x6b, (byte) 0x65,  +    (byte) 0x6e, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x30,  +    (byte) 0x33, (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x30, (byte) 0x39, (byte) 0x30,  +    (byte) 0x33, (byte) 0x30, (byte) 0x36, (byte) 0x31, (byte) 0x35, (byte) 0x32, (byte) 0x32, (byte) 0x33,  +    (byte) 0x38, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x33,  +    (byte) 0x30, (byte) 0x36, (byte) 0x31, (byte) 0x35, (byte) 0x32, (byte) 0x32, (byte) 0x33, (byte) 0x38,  +    (byte) 0x5a, (byte) 0x30, (byte) 0x72, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06,  +    (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x54,  +    (byte) 0x31, (byte) 0x20, (byte) 0x30, (byte) 0x1e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,  +    (byte) 0x03, (byte) 0x0c, (byte) 0x17, (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0xc5, (byte) 0x90,  +    (byte) 0x7a, (byte) 0x67, (byte) 0xc3, (byte) 0xbc, (byte) 0x72, (byte) 0x20, (byte) 0x58, (byte) 0x58,  +    (byte) 0x58, (byte) 0x54, (byte) 0xc3, (byte) 0xbc, (byte) 0x7a, (byte) 0x65, (byte) 0x6b, (byte) 0xc3,  +    (byte) 0xa7, (byte) 0x69, (byte) 0x31, (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03,  +    (byte) 0x55, (byte) 0x04, (byte) 0x04, (byte) 0x0c, (byte) 0x0c, (byte) 0x58, (byte) 0x58, (byte) 0x58,  +    (byte) 0x54, (byte) 0xc3, (byte) 0xbc, (byte) 0x7a, (byte) 0x65, (byte) 0x6b, (byte) 0xc3, (byte) 0xa7,  +    (byte) 0x69, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55,  +    (byte) 0x04, (byte) 0x2a, (byte) 0x0c, (byte) 0x0a, (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0xc5,  +    (byte) 0x90, (byte) 0x7a, (byte) 0x67, (byte) 0xc3, (byte) 0xbc, (byte) 0x72, (byte) 0x31, (byte) 0x15,  +    (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x05, (byte) 0x13,  +    (byte) 0x0c, (byte) 0x37, (byte) 0x30, (byte) 0x34, (byte) 0x38, (byte) 0x37, (byte) 0x31, (byte) 0x30,  +    (byte) 0x35, (byte) 0x30, (byte) 0x30, (byte) 0x30, (byte) 0x38, (byte) 0x30, (byte) 0x49, (byte) 0x30,  +    (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d,  +    (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce,  +    (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0x03, (byte) 0x32, (byte) 0x00, (byte) 0x04,  +    (byte) 0x02, (byte) 0x55, (byte) 0x51, (byte) 0xf9, (byte) 0x2a, (byte) 0xea, (byte) 0x6f, (byte) 0xd3,  +    (byte) 0xf5, (byte) 0xda, (byte) 0xa9, (byte) 0x7a, (byte) 0x22, (byte) 0xfc, (byte) 0xb4, (byte) 0x38,  +    (byte) 0xe9, (byte) 0x5c, (byte) 0xdc, (byte) 0x6b, (byte) 0x86, (byte) 0xa6, (byte) 0x77, (byte) 0xa7,  +    (byte) 0x90, (byte) 0xf3, (byte) 0x36, (byte) 0xe0, (byte) 0xc4, (byte) 0xde, (byte) 0x72, (byte) 0xf2,  +    (byte) 0x1a, (byte) 0x07, (byte) 0xfa, (byte) 0xd0, (byte) 0xc8, (byte) 0x1c, (byte) 0xa0, (byte) 0xc8,  +    (byte) 0x8b, (byte) 0x5d, (byte) 0xde, (byte) 0x9e, (byte) 0xf8, (byte) 0x3b, (byte) 0x7c, (byte) 0x8c,  +    (byte) 0xa3, (byte) 0x82, (byte) 0x01, (byte) 0xec, (byte) 0x30, (byte) 0x82, (byte) 0x01, (byte) 0xe8,  +    (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04,  +    (byte) 0x0c, (byte) 0x30, (byte) 0x0a, (byte) 0x80, (byte) 0x08, (byte) 0x47, (byte) 0x7e, (byte) 0x5b,  +    (byte) 0xdb, (byte) 0x37, (byte) 0x33, (byte) 0xb1, (byte) 0xfa, (byte) 0x30, (byte) 0x7e, (byte) 0x06,  +    (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x01,  +    (byte) 0x01, (byte) 0x04, (byte) 0x72, (byte) 0x30, (byte) 0x70, (byte) 0x30, (byte) 0x2c, (byte) 0x06,  +    (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x30,  +    (byte) 0x01, (byte) 0x86, (byte) 0x20, (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a,  +    (byte) 0x2f, (byte) 0x2f, (byte) 0x6f, (byte) 0x63, (byte) 0x73, (byte) 0x70, (byte) 0x2d, (byte) 0x74,  +    (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72,  +    (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x6f,  +    (byte) 0x63, (byte) 0x73, (byte) 0x70, (byte) 0x30, (byte) 0x40, (byte) 0x06, (byte) 0x08, (byte) 0x2b,  +    (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x30, (byte) 0x02, (byte) 0x86,  +    (byte) 0x34, (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f,  +    (byte) 0x77, (byte) 0x77, (byte) 0x77, (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72,  +    (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x63,  +    (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x73, (byte) 0x2f, (byte) 0x61, (byte) 0x2d, (byte) 0x73,  +    (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x74, (byte) 0x6f, (byte) 0x6b, (byte) 0x65,  +    (byte) 0x6e, (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x30,  +    (byte) 0x33, (byte) 0x2e, (byte) 0x63, (byte) 0x72, (byte) 0x74, (byte) 0x30, (byte) 0x81, (byte) 0x86,  +    (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x20, (byte) 0x04, (byte) 0x7f, (byte) 0x30,  +    (byte) 0x7d, (byte) 0x30, (byte) 0x7b, (byte) 0x06, (byte) 0x06, (byte) 0x2a, (byte) 0x28, (byte) 0x00,  +    (byte) 0x11, (byte) 0x01, (byte) 0x03, (byte) 0x30, (byte) 0x71, (byte) 0x30, (byte) 0x35, (byte) 0x06,  +    (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x02,  +    (byte) 0x01, (byte) 0x16, (byte) 0x29, (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a,  +    (byte) 0x2f, (byte) 0x2f, (byte) 0x77, (byte) 0x77, (byte) 0x77, (byte) 0x2e, (byte) 0x61, (byte) 0x2d,  +    (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74,  +    (byte) 0x2f, (byte) 0x64, (byte) 0x6f, (byte) 0x63, (byte) 0x73, (byte) 0x2f, (byte) 0x63, (byte) 0x70,  +    (byte) 0x2f, (byte) 0x61, (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d,  +    (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x30, (byte) 0x38, (byte) 0x06, (byte) 0x08,  +    (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x02, (byte) 0x02,  +    (byte) 0x30, (byte) 0x2c, (byte) 0x1a, (byte) 0x2a, (byte) 0x44, (byte) 0x69, (byte) 0x65, (byte) 0x73,  +    (byte) 0x65, (byte) 0x73, (byte) 0x20, (byte) 0x5a, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69,  +    (byte) 0x66, (byte) 0x69, (byte) 0x6b, (byte) 0x61, (byte) 0x74, (byte) 0x20, (byte) 0x64, (byte) 0x69,  +    (byte) 0x65, (byte) 0x6e, (byte) 0x74, (byte) 0x20, (byte) 0x6e, (byte) 0x75, (byte) 0x72, (byte) 0x20,  +    (byte) 0x7a, (byte) 0x75, (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x7a,  +    (byte) 0x77, (byte) 0x65, (byte) 0x63, (byte) 0x6b, (byte) 0x65, (byte) 0x6e, (byte) 0x30, (byte) 0x81,  +    (byte) 0x99, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x1f, (byte) 0x04, (byte) 0x81,  +    (byte) 0x91, (byte) 0x30, (byte) 0x81, (byte) 0x8e, (byte) 0x30, (byte) 0x81, (byte) 0x8b, (byte) 0xa0,  +    (byte) 0x81, (byte) 0x88, (byte) 0xa0, (byte) 0x81, (byte) 0x85, (byte) 0x86, (byte) 0x81, (byte) 0x82,  +    (byte) 0x6c, (byte) 0x64, (byte) 0x61, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x6c,  +    (byte) 0x64, (byte) 0x61, (byte) 0x70, (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74,  +    (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74,  +    (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x6f, (byte) 0x75, (byte) 0x3d, (byte) 0x61,  +    (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x74, (byte) 0x6f,  +    (byte) 0x6b, (byte) 0x65, (byte) 0x6e, (byte) 0x2d, (byte) 0x30, (byte) 0x33, (byte) 0x2c, (byte) 0x6f,  +    (byte) 0x3d, (byte) 0x41, (byte) 0x2d, (byte) 0x54, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74,  +    (byte) 0x2c, (byte) 0x63, (byte) 0x3d, (byte) 0x41, (byte) 0x54, (byte) 0x3f, (byte) 0x63, (byte) 0x65,  +    (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, (byte) 0x74,  +    (byte) 0x65, (byte) 0x72, (byte) 0x65, (byte) 0x76, (byte) 0x6f, (byte) 0x63, (byte) 0x61, (byte) 0x74,  +    (byte) 0x69, (byte) 0x6f, (byte) 0x6e, (byte) 0x6c, (byte) 0x69, (byte) 0x73, (byte) 0x74, (byte) 0x3f,  +    (byte) 0x62, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x3f, (byte) 0x6f, (byte) 0x62, (byte) 0x6a,  +    (byte) 0x65, (byte) 0x63, (byte) 0x74, (byte) 0x63, (byte) 0x6c, (byte) 0x61, (byte) 0x73, (byte) 0x73,  +    (byte) 0x3d, (byte) 0x65, (byte) 0x69, (byte) 0x64, (byte) 0x43, (byte) 0x65, (byte) 0x72, (byte) 0x74,  +    (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f,  +    (byte) 0x6e, (byte) 0x41, (byte) 0x75, (byte) 0x74, (byte) 0x68, (byte) 0x6f, (byte) 0x72, (byte) 0x69,  +    (byte) 0x74, (byte) 0x79, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d,  +    (byte) 0x0e, (byte) 0x04, (byte) 0x0a, (byte) 0x04, (byte) 0x08, (byte) 0x4a, (byte) 0x43, (byte) 0x51,  +    (byte) 0x30, (byte) 0x45, (byte) 0xfc, (byte) 0x2a, (byte) 0x00, (byte) 0x30, (byte) 0x0e, (byte) 0x06,  +    (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04,  +    (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x04, (byte) 0xb0, (byte) 0x30, (byte) 0x09, (byte) 0x06,  +    (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00,  +    (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86,  +    (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x00, (byte) 0x03,  +    (byte) 0x82, (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x31, (byte) 0xdc, (byte) 0xf3, (byte) 0x43,  +    (byte) 0x79, (byte) 0xdd, (byte) 0xa9, (byte) 0x2a, (byte) 0xdc, (byte) 0x21, (byte) 0xf9, (byte) 0xd9,  +    (byte) 0x8f, (byte) 0x9a, (byte) 0x4e, (byte) 0x01, (byte) 0x40, (byte) 0x9a, (byte) 0xf1, (byte) 0x14,  +    (byte) 0x8d, (byte) 0x3a, (byte) 0x5e, (byte) 0x88, (byte) 0x36, (byte) 0x45, (byte) 0x1f, (byte) 0x16,  +    (byte) 0x3e, (byte) 0xeb, (byte) 0xa2, (byte) 0xef, (byte) 0xbf, (byte) 0x55, (byte) 0xbd, (byte) 0x5e,  +    (byte) 0x0e, (byte) 0x19, (byte) 0xc7, (byte) 0x0c, (byte) 0xbd, (byte) 0xed, (byte) 0xdf, (byte) 0xb8,  +    (byte) 0x75, (byte) 0x4e, (byte) 0x6a, (byte) 0x3a, (byte) 0x9a, (byte) 0x10, (byte) 0xfa, (byte) 0x49,  +    (byte) 0xc1, (byte) 0xd2, (byte) 0x35, (byte) 0xc5, (byte) 0x9a, (byte) 0xd7, (byte) 0xf4, (byte) 0xf0,  +    (byte) 0xcd, (byte) 0x13, (byte) 0xd1, (byte) 0x24, (byte) 0x06, (byte) 0xf8, (byte) 0x1f, (byte) 0xea,  +    (byte) 0xd6, (byte) 0x7a, (byte) 0xcb, (byte) 0x4f, (byte) 0xb5, (byte) 0x3e, (byte) 0x6c, (byte) 0xb2,  +    (byte) 0xfc, (byte) 0xe3, (byte) 0xaa, (byte) 0x2b, (byte) 0x20, (byte) 0x91, (byte) 0xf5, (byte) 0x5b,  +    (byte) 0xf1, (byte) 0x94, (byte) 0x0e, (byte) 0x06, (byte) 0x0a, (byte) 0xfd, (byte) 0x25, (byte) 0x71,  +    (byte) 0x11, (byte) 0xfc, (byte) 0x84, (byte) 0x46, (byte) 0xef, (byte) 0x5b, (byte) 0x0b, (byte) 0xa4,  +    (byte) 0x4a, (byte) 0x5d, (byte) 0x42, (byte) 0x99, (byte) 0xc8, (byte) 0x4e, (byte) 0x51, (byte) 0xd8,  +    (byte) 0x63, (byte) 0xd1, (byte) 0xbd, (byte) 0x00, (byte) 0xa3, (byte) 0xdd, (byte) 0x8f, (byte) 0x12,  +    (byte) 0x42, (byte) 0xbe, (byte) 0xca, (byte) 0x15, (byte) 0x37, (byte) 0x4c, (byte) 0xd2, (byte) 0xc9,  +    (byte) 0xa7, (byte) 0x37, (byte) 0xb2, (byte) 0x76, (byte) 0xb7, (byte) 0x34, (byte) 0x92, (byte) 0x98,  +    (byte) 0x60, (byte) 0xe7, (byte) 0x3d, (byte) 0x55, (byte) 0xa2, (byte) 0x6c, (byte) 0xb6, (byte) 0x66,  +    (byte) 0x67, (byte) 0xe1, (byte) 0xe4, (byte) 0x8f, (byte) 0xe3, (byte) 0xa5, (byte) 0xb8, (byte) 0xb5,  +    (byte) 0xc8, (byte) 0x8f, (byte) 0x9e, (byte) 0xe3, (byte) 0xf1, (byte) 0xaa, (byte) 0x8e, (byte) 0xe6,  +    (byte) 0xe2, (byte) 0x47, (byte) 0x49, (byte) 0x3d, (byte) 0xbe, (byte) 0x8c, (byte) 0xdd, (byte) 0xce,  +    (byte) 0x8d, (byte) 0x52, (byte) 0xac, (byte) 0xb9, (byte) 0x83, (byte) 0xe9, (byte) 0x9d, (byte) 0x98,  +    (byte) 0x7b, (byte) 0xda, (byte) 0x2b, (byte) 0xbc, (byte) 0x83, (byte) 0xcb, (byte) 0x74, (byte) 0x64,  +    (byte) 0x17, (byte) 0x4c, (byte) 0x33, (byte) 0xbb, (byte) 0x88, (byte) 0xc2, (byte) 0xdd, (byte) 0x08,  +    (byte) 0x69, (byte) 0xd8, (byte) 0xa2, (byte) 0xac, (byte) 0x95, (byte) 0x71, (byte) 0xd3, (byte) 0xf8,  +    (byte) 0xc9, (byte) 0xd1, (byte) 0xd6, (byte) 0x0e, (byte) 0xc3, (byte) 0x67, (byte) 0xa1, (byte) 0xdb,  +    (byte) 0xca, (byte) 0x58, (byte) 0xaa, (byte) 0x4b, (byte) 0xec, (byte) 0x37, (byte) 0x46, (byte) 0x73,  +    (byte) 0xc3, (byte) 0xa3, (byte) 0x7b, (byte) 0x1e, (byte) 0xdd, (byte) 0xf9, (byte) 0xb3, (byte) 0xbb,  +    (byte) 0xe0, (byte) 0x16, (byte) 0x39, (byte) 0xaf, (byte) 0xa0, (byte) 0x19, (byte) 0x9e, (byte) 0x89,  +    (byte) 0x37, (byte) 0x1e, (byte) 0x6e, (byte) 0x41, (byte) 0x59, (byte) 0xe1, (byte) 0x86, (byte) 0xea,  +    (byte) 0x0b, (byte) 0x39, (byte) 0x03, (byte) 0x89, (byte) 0xd2, (byte) 0xba, (byte) 0xd5, (byte) 0x0c,  +    (byte) 0x84, (byte) 0x09, (byte) 0xdd, (byte) 0xc7, (byte) 0x00, (byte) 0x2c, (byte) 0x2e, (byte) 0x1a,  +    (byte) 0x69, (byte) 0xeb, (byte) 0xdf, (byte) 0xb1 +  }; +   + +  protected byte[] EF_C_X509_CH_AUT = new byte[2000]; +   +  public STARCOSApplGewoehnlicheSignatur(STARCOSCardChannelEmul channel) { +    super(channel); +    // Files +    System.arraycopy(C_X509_CH_AUT, 0, EF_C_X509_CH_AUT, 0, C_X509_CH_AUT.length); +    putFile(new File(FID_EF_C_X509_CH_AUT, EF_C_X509_CH_AUT, FCI_EF_C_X509_CH_AUT)); +  } + +  @Override +  public byte[] getAID() { +    return AID_GewoehnlicheSignatur; +  } + +  @Override +  public byte[] getFID() { +    return FID_GewoehnlicheSignatur; +  } + +  @Override +  public byte[] getFCI() { +    return FCI; +  } + +  public void clearCert() { +    Arrays.fill(EF_C_X509_CH_AUT, (byte) 0x00); +  } + +  @Override +  public ResponseAPDU cmdMANAGE_SECURITY_ENVIRONMENT(CommandAPDU command, CardChannelEmul channel) throws CardException { + +    checkINS(command, 0x22); + +    switch (command.getP2()) { +    case 0xA4: +      switch (command.getP1()) { +      case 0x41: +        // INTERNAL AUTHENTICATE +      case 0x81: +        // EXTERNAL AUTHENTICATE +      } +    case 0xB6: +      switch (command.getP1()) { +      case 0x41: { +        // PSO - COMPUTE DIGITAL SIGNATURE +        byte[] dst = new byte[] { (byte) 0x84, (byte) 0x03, (byte) 0x80, +            (byte) 0x02, (byte) 0x00, (byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10}; +        if (Arrays.equals(dst, command.getData())) { +          securityEnv = command.getData(); +          return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x80}); +        } +      } +      case 0x81: +        // PSO - VERIFY DGITAL SIGNATURE +      } +    case 0xB8: +      switch (command.getP1()) { +      case 0x41: +        // PSO � DECIPHER +      case 0x81: +        // PSO � ENCIPHER +      } +    default: +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81}); +    } + +     +  } + +  @Override +  public ResponseAPDU cmdPERFORM_SECURITY_OPERATION(CommandAPDU command, CardChannelEmul channel) throws CardException { +     +    checkINS(command, 0x2A); +   +    if (command.getP1() == 0x90 && command.getP2() == 0xA0) { +       +      // HASH +      byte[] data = command.getData(); +      if (data[0] == (byte) 0x90 && data[1] == (byte) 0x14) { +        hash = Arrays.copyOfRange(data, 2, data.length); +        return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +      } else { +        throw new CardException("HASH command only supports complete hash."); +      } +       +    } else if (command.getP1() == 0x9E && command.getP2() == 0x9A) { +       +      // COMPUTE DIGITAL SIGNATURE +      if (securityEnv == null) { +        // No security environment +        return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +      } +      if (hash == null) { +        // Command sequence not correct +        return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x03}); +      } +      if (hash.length != 20) { +        // Invalid hash length +        return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x80}); +      } +      STARCOSCardChannelEmul c = (STARCOSCardChannelEmul) channel; +      if (c.globalPins.get(STARCOSCardChannelEmul.KID_PIN_Glob).state != PIN.STATE_PIN_VERIFIED) { +        // Security Status not satisfied +        return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x82}); +      } +       +      byte[] signature = new byte[48];  +       +      // TODO replace by signature creation +      Random random = new Random(); +      random.nextBytes(signature); +       +      byte[] response = new byte[signature.length + 2]; +      System.arraycopy(signature, 0, response, 0, signature.length); +      response[signature.length] = (byte) 0x90; +      response[signature.length + 1] = (byte) 0x00; +       +      hash = null; +       +      return new ResponseAPDU(response); +       +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x00}); +    } +     +  } + +   +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSApplInfobox.java b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSApplInfobox.java new file mode 100644 index 00000000..b7835a43 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSApplInfobox.java @@ -0,0 +1,160 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.starcos; + +import java.util.Arrays; + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.File; + +@SuppressWarnings("restriction") +public class STARCOSApplInfobox extends STARCOSAppl { + +  public static final byte[] IDLINK = new byte[] { +    (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x11, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x0c,  +    (byte) 0x26, (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f,  +    (byte) 0x77, (byte) 0x77, (byte) 0x77, (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72,  +    (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x7a,  +    (byte) 0x6d, (byte) 0x72, (byte) 0x2f, (byte) 0x70, (byte) 0x65, (byte) 0x72, (byte) 0x73, (byte) 0x62,  +    (byte) 0x32, (byte) 0x30, (byte) 0x34, (byte) 0x2e, (byte) 0x78, (byte) 0x73, (byte) 0x6c, (byte) 0x0c,  +    (byte) 0x29, (byte) 0x73, (byte) 0x7a, (byte) 0x72, (byte) 0x2e, (byte) 0x62, (byte) 0x6d, (byte) 0x69,  +    (byte) 0x2e, (byte) 0x67, (byte) 0x76, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2d, (byte) 0x41,  +    (byte) 0x73, (byte) 0x73, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e,  +    (byte) 0x49, (byte) 0x44, (byte) 0x31, (byte) 0x32, (byte) 0x33, (byte) 0x36, (byte) 0x33, (byte) 0x35,  +    (byte) 0x36, (byte) 0x33, (byte) 0x36, (byte) 0x36, (byte) 0x37, (byte) 0x39, (byte) 0x39, (byte) 0x39,  +    (byte) 0x31, (byte) 0x39, (byte) 0x0c, (byte) 0x19, (byte) 0x32, (byte) 0x30, (byte) 0x30, (byte) 0x39,  +    (byte) 0x2d, (byte) 0x30, (byte) 0x33, (byte) 0x2d, (byte) 0x30, (byte) 0x36, (byte) 0x54, (byte) 0x31,  +    (byte) 0x36, (byte) 0x3a, (byte) 0x31, (byte) 0x39, (byte) 0x3a, (byte) 0x32, (byte) 0x36, (byte) 0x2b,  +    (byte) 0x30, (byte) 0x31, (byte) 0x3a, (byte) 0x30, (byte) 0x30, (byte) 0xa0, (byte) 0x42, (byte) 0x30,  +    (byte) 0x40, (byte) 0x0c, (byte) 0x18, (byte) 0x45, (byte) 0x68, (byte) 0x42, (byte) 0x53, (byte) 0x36,  +    (byte) 0x54, (byte) 0x6f, (byte) 0x31, (byte) 0x49, (byte) 0x6c, (byte) 0x54, (byte) 0x4b, (byte) 0x4f,  +    (byte) 0x4a, (byte) 0x45, (byte) 0x39, (byte) 0x75, (byte) 0x62, (byte) 0x74, (byte) 0x48, (byte) 0x69,  +    (byte) 0x51, (byte) 0x3d, (byte) 0x3d, (byte) 0x0c, (byte) 0x0a, (byte) 0x58, (byte) 0x58, (byte) 0x58,  +    (byte) 0xc5, (byte) 0x90, (byte) 0x7a, (byte) 0x67, (byte) 0xc3, (byte) 0xbc, (byte) 0x72, (byte) 0x0c,  +    (byte) 0x0c, (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0x54, (byte) 0xc3, (byte) 0xbc, (byte) 0x7a,  +    (byte) 0x65, (byte) 0x6b, (byte) 0xc3, (byte) 0xa7, (byte) 0x69, (byte) 0x0c, (byte) 0x0a, (byte) 0x31,  +    (byte) 0x39, (byte) 0x37, (byte) 0x33, (byte) 0x2d, (byte) 0x30, (byte) 0x36, (byte) 0x2d, (byte) 0x30,  +    (byte) 0x34, (byte) 0x30, (byte) 0x0a, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x00,  +    (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x03, (byte) 0x82, (byte) 0x01,  +    (byte) 0x01, (byte) 0x00, (byte) 0x9f, (byte) 0xa5, (byte) 0x68, (byte) 0xa9, (byte) 0x14, (byte) 0x4c,  +    (byte) 0xa4, (byte) 0x5d, (byte) 0x9d, (byte) 0x09, (byte) 0x99, (byte) 0x2e, (byte) 0xe7, (byte) 0x45,  +    (byte) 0x2e, (byte) 0x42, (byte) 0x49, (byte) 0x02, (byte) 0x16, (byte) 0xd9, (byte) 0xcb, (byte) 0x90,  +    (byte) 0x43, (byte) 0x27, (byte) 0x03, (byte) 0x43, (byte) 0x6d, (byte) 0xb4, (byte) 0x8c, (byte) 0xdc,  +    (byte) 0x1c, (byte) 0x77, (byte) 0xd4, (byte) 0x2e, (byte) 0xa1, (byte) 0x40, (byte) 0xe7, (byte) 0xe0,  +    (byte) 0x03, (byte) 0x60, (byte) 0x15, (byte) 0xf7, (byte) 0xdb, (byte) 0x03, (byte) 0x5e, (byte) 0xca,  +    (byte) 0xe4, (byte) 0x35, (byte) 0xba, (byte) 0x2b, (byte) 0xfd, (byte) 0xe6, (byte) 0xb8, (byte) 0xd8,  +    (byte) 0xb7, (byte) 0x2a, (byte) 0x80, (byte) 0xdd, (byte) 0x38, (byte) 0xe0, (byte) 0x8a, (byte) 0x69,  +    (byte) 0xad, (byte) 0x67, (byte) 0x60, (byte) 0x65, (byte) 0x42, (byte) 0xc9, (byte) 0x41, (byte) 0x60,  +    (byte) 0x94, (byte) 0xde, (byte) 0x84, (byte) 0x54, (byte) 0xad, (byte) 0xb3, (byte) 0xf4, (byte) 0xf7,  +    (byte) 0x44, (byte) 0xd5, (byte) 0xf3, (byte) 0xd3, (byte) 0xb6, (byte) 0x87, (byte) 0x8a, (byte) 0x22,  +    (byte) 0x38, (byte) 0x00, (byte) 0xcb, (byte) 0xa4, (byte) 0x4f, (byte) 0x96, (byte) 0xc2, (byte) 0x28,  +    (byte) 0xc2, (byte) 0x8d, (byte) 0x91, (byte) 0x95, (byte) 0xb4, (byte) 0xea, (byte) 0x00, (byte) 0x59,  +    (byte) 0x2e, (byte) 0xec, (byte) 0x78, (byte) 0xd8, (byte) 0x0f, (byte) 0x26, (byte) 0x04, (byte) 0xee,  +    (byte) 0xed, (byte) 0x13, (byte) 0xbf, (byte) 0x81, (byte) 0x68, (byte) 0x81, (byte) 0x43, (byte) 0xbe,  +    (byte) 0x15, (byte) 0x0e, (byte) 0xba, (byte) 0xf9, (byte) 0x6a, (byte) 0x18, (byte) 0xeb, (byte) 0x95,  +    (byte) 0xad, (byte) 0xb4, (byte) 0x0f, (byte) 0x3c, (byte) 0x94, (byte) 0x63, (byte) 0x32, (byte) 0x81,  +    (byte) 0x90, (byte) 0xcf, (byte) 0x3f, (byte) 0x95, (byte) 0xff, (byte) 0x8d, (byte) 0x86, (byte) 0xed,  +    (byte) 0xe4, (byte) 0x75, (byte) 0xd5, (byte) 0x09, (byte) 0x32, (byte) 0x17, (byte) 0x38, (byte) 0xb2,  +    (byte) 0x68, (byte) 0x35, (byte) 0x49, (byte) 0x8c, (byte) 0xa6, (byte) 0xd0, (byte) 0x3e, (byte) 0xde,  +    (byte) 0x6e, (byte) 0x47, (byte) 0x68, (byte) 0xbf, (byte) 0x98, (byte) 0x33, (byte) 0xae, (byte) 0x59,  +    (byte) 0x9f, (byte) 0xe0, (byte) 0x19, (byte) 0x9b, (byte) 0x5b, (byte) 0x1b, (byte) 0x8f, (byte) 0x74,  +    (byte) 0xd2, (byte) 0x9c, (byte) 0x01, (byte) 0x1a, (byte) 0xdf, (byte) 0xaf, (byte) 0xf8, (byte) 0x96,  +    (byte) 0x91, (byte) 0xcb, (byte) 0xf8, (byte) 0xbf, (byte) 0x06, (byte) 0xc7, (byte) 0xd5, (byte) 0x17,  +    (byte) 0x95, (byte) 0xef, (byte) 0xc5, (byte) 0x97, (byte) 0x37, (byte) 0x1b, (byte) 0xb0, (byte) 0xa1,  +    (byte) 0x4f, (byte) 0x9f, (byte) 0x01, (byte) 0x82, (byte) 0x90, (byte) 0x4a, (byte) 0x6a, (byte) 0x04,  +    (byte) 0xdb, (byte) 0x31, (byte) 0x1a, (byte) 0x58, (byte) 0xeb, (byte) 0xcd, (byte) 0x68, (byte) 0xe3,  +    (byte) 0x68, (byte) 0x0b, (byte) 0xa0, (byte) 0x11, (byte) 0x44, (byte) 0x08, (byte) 0xa0, (byte) 0x5c,  +    (byte) 0xfc, (byte) 0x61, (byte) 0x15, (byte) 0x1f, (byte) 0xbb, (byte) 0x22, (byte) 0x87, (byte) 0x18,  +    (byte) 0xa3, (byte) 0x07, (byte) 0x9b, (byte) 0x0d, (byte) 0x13, (byte) 0x7c, (byte) 0xff, (byte) 0x30,  +    (byte) 0xcf, (byte) 0xf3, (byte) 0xaf, (byte) 0xe4, (byte) 0x45, (byte) 0x05, (byte) 0xa0, (byte) 0x8e,  +    (byte) 0x6b, (byte) 0xef, (byte) 0x70, (byte) 0xf5, (byte) 0x4b, (byte) 0x68, (byte) 0x8f, (byte) 0x61,  +    (byte) 0xd6, (byte) 0xf5, (byte) 0xa0, (byte) 0x17, (byte) 0x03, (byte) 0x15, (byte) 0x00, (byte) 0x8e,  +    (byte) 0xa8, (byte) 0xdf, (byte) 0xa9, (byte) 0x77, (byte) 0xfd, (byte) 0x9b, (byte) 0x4b, (byte) 0x91,  +    (byte) 0x89, (byte) 0x34, (byte) 0x84, (byte) 0xf3, (byte) 0x24, (byte) 0xb2, (byte) 0x5a, (byte) 0x39,  +    (byte) 0xa9, (byte) 0xf2, (byte) 0x17, (byte) 0xa1, (byte) 0x17, (byte) 0x03, (byte) 0x15, (byte) 0x00,  +    (byte) 0xdb, (byte) 0xa2, (byte) 0xfd, (byte) 0xa4, (byte) 0xe7, (byte) 0x65, (byte) 0x2e, (byte) 0x7e,  +    (byte) 0xb0, (byte) 0xc8, (byte) 0xfa, (byte) 0x4d, (byte) 0x13, (byte) 0x28, (byte) 0xdf, (byte) 0xb1,  +    (byte) 0x58, (byte) 0x3b, (byte) 0x9e, (byte) 0x29, (byte) 0xa2, (byte) 0x17, (byte) 0x03, (byte) 0x15,  +    (byte) 0x00, (byte) 0x68, (byte) 0xa0, (byte) 0x17, (byte) 0x18, (byte) 0xb7, (byte) 0xb3, (byte) 0xc3,  +    (byte) 0x60, (byte) 0x77, (byte) 0x82, (byte) 0x8d, (byte) 0xf1, (byte) 0x5e, (byte) 0x10, (byte) 0xc3,  +    (byte) 0x2d, (byte) 0x78, (byte) 0x2c, (byte) 0x11, (byte) 0x0b +  }; +   +  private static byte[] FCP = new byte[] { (byte) 0x6f, (byte) 0x14, +      (byte) 0x84, (byte) 0x08, (byte) 0xd0, (byte) 0x40, (byte) 0x00, +      (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x18, (byte) 0x01, +      (byte) 0xa5, (byte) 0x08, (byte) 0x53, (byte) 0x02, (byte) 0x01, +      (byte) 0x11, (byte) 0x54, (byte) 0x02, (byte) 0x01, (byte) 0x00 }; +   +  protected static byte[] FID_EF_IdentityLink = new byte[] { (byte) 0xef, (byte) 0x01 }; +   +  protected static byte[] FCP_EF_IdentityLink = new byte[] { (byte) 0x62, +      (byte) 0x16, (byte) 0x80, (byte) 0x02, (byte) 0x04, (byte) 0x00, +      (byte) 0x82, (byte) 0x01, (byte) 0x01, (byte) 0x83, (byte) 0x02, +      (byte) 0xef, (byte) 0x01, (byte) 0x88, (byte) 0x01, (byte) 0x08, +      (byte) 0x8a, (byte) 0x01, (byte) 0x05, (byte) 0xa1, (byte) 0x03, +      (byte) 0x8b, (byte) 0x01, (byte) 0x02 }; +   +  protected static byte[] EF_IdentityLink = new byte[1500]; + +  public STARCOSApplInfobox(STARCOSCardChannelEmul channel) { +    super(channel); +    System.arraycopy(IDLINK, 0, EF_IdentityLink, 0, IDLINK.length); +    putFile(new File(FID_EF_IdentityLink, EF_IdentityLink, FCP_EF_IdentityLink, 0x01)); +  } + +  @Override +  public byte[] getAID() { +    return AID_Infobox; +  } + +  @Override +  public byte[] getFID() { +    return FID_Infobox; +  } + +  @Override +  public byte[] getFCI() { +    return FCP; +  } + +  public void clearInfobox() { +    Arrays.fill(EF_IdentityLink, (byte) 0x00); +  } +   +  public void setInfoboxHeader(byte b) { +    EF_IdentityLink[0] = b; +  } +   +  @Override +  public ResponseAPDU cmdMANAGE_SECURITY_ENVIRONMENT(CommandAPDU command, CardChannelEmul channel) +      throws CardException { +    throw new CardException("Not supported."); +  } + +  @Override +  public ResponseAPDU cmdPERFORM_SECURITY_OPERATION(CommandAPDU command, CardChannelEmul channel) +      throws CardException { +    throw new CardException("Not supported."); +  } + +   +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSApplSichereSignatur.java b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSApplSichereSignatur.java new file mode 100644 index 00000000..9fb5ad37 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSApplSichereSignatur.java @@ -0,0 +1,347 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.starcos; + +import java.io.UnsupportedEncodingException; +import java.util.Arrays; +import java.util.Random; + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.File; +import at.gv.egiz.smcc.PIN; + +@SuppressWarnings("restriction") +public class STARCOSApplSichereSignatur extends STARCOSAppl { + +  private static byte[] FCI = new byte[] { (byte) 0x6f, (byte) 0x16, +      (byte) 0x84, (byte) 0x08, (byte) 0xd0, (byte) 0x40, (byte) 0x00, +      (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x12, (byte) 0x01, +      (byte) 0xa5, (byte) 0x0a, (byte) 0x53, (byte) 0x02, (byte) 0x01, +      (byte) 0x10, (byte) 0x54, (byte) 0x04, (byte) 0x01, (byte) 0x00, +      (byte) 0x03, (byte) 0x00 }; +   +  protected static byte[] FID_EF_C_X509_CH_DS = new byte[] { (byte) 0xc0, +      (byte) 0x00 }; +   +  protected static byte[] FCI_EF_C_X509_CH_DS = new byte[] { (byte) 0x62, +      (byte) 0x16, (byte) 0x80, (byte) 0x02, (byte) 0x04, (byte) 0xef, +      (byte) 0x82, (byte) 0x01, (byte) 0x01, (byte) 0x83, (byte) 0x02, +      (byte) 0xc0, (byte) 0x00, (byte) 0x88, (byte) 0x01, (byte) 0x08, +      (byte) 0x8a, (byte) 0x01, (byte) 0x05, (byte) 0xa1, (byte) 0x03, +      (byte) 0x8b, (byte) 0x01, (byte) 0x0e }; +   +  protected static byte[] C_X509_CH_DS = new byte[] { +    (byte) 0x30, (byte) 0x82, (byte) 0x04, (byte) 0xeb, (byte) 0x30, (byte) 0x82, (byte) 0x03, (byte) 0xd3,  +    (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x03, (byte) 0x02,  +    (byte) 0x06, (byte) 0x5e, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86,  +    (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x05,  +    (byte) 0x00, (byte) 0x30, (byte) 0x81, (byte) 0xa1, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09,  +    (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41,  +    (byte) 0x54, (byte) 0x31, (byte) 0x48, (byte) 0x30, (byte) 0x46, (byte) 0x06, (byte) 0x03, (byte) 0x55,  +    (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x3f, (byte) 0x41, (byte) 0x2d, (byte) 0x54, (byte) 0x72,  +    (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x47, (byte) 0x65, (byte) 0x73, (byte) 0x2e,  +    (byte) 0x20, (byte) 0x66, (byte) 0x2e, (byte) 0x20, (byte) 0x53, (byte) 0x69, (byte) 0x63, (byte) 0x68,  +    (byte) 0x65, (byte) 0x72, (byte) 0x68, (byte) 0x65, (byte) 0x69, (byte) 0x74, (byte) 0x73, (byte) 0x73,  +    (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x6d, (byte) 0x65, (byte) 0x20, (byte) 0x69,  +    (byte) 0x6d, (byte) 0x20, (byte) 0x65, (byte) 0x6c, (byte) 0x65, (byte) 0x6b, (byte) 0x74, (byte) 0x72,  +    (byte) 0x2e, (byte) 0x20, (byte) 0x44, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x6e, (byte) 0x76,  +    (byte) 0x65, (byte) 0x72, (byte) 0x6b, (byte) 0x65, (byte) 0x68, (byte) 0x72, (byte) 0x20, (byte) 0x47,  +    (byte) 0x6d, (byte) 0x62, (byte) 0x48, (byte) 0x31, (byte) 0x23, (byte) 0x30, (byte) 0x21, (byte) 0x06,  +    (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x1a, (byte) 0x61, (byte) 0x2d,  +    (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72, (byte) 0x65,  +    (byte) 0x6d, (byte) 0x69, (byte) 0x75, (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73,  +    (byte) 0x74, (byte) 0x2d, (byte) 0x53, (byte) 0x69, (byte) 0x67, (byte) 0x2d, (byte) 0x30, (byte) 0x32,  +    (byte) 0x31, (byte) 0x23, (byte) 0x30, (byte) 0x21, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,  +    (byte) 0x03, (byte) 0x0c, (byte) 0x1a, (byte) 0x61, (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67,  +    (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72, (byte) 0x65, (byte) 0x6d, (byte) 0x69, (byte) 0x75,  +    (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x53,  +    (byte) 0x69, (byte) 0x67, (byte) 0x2d, (byte) 0x30, (byte) 0x32, (byte) 0x30, (byte) 0x1e, (byte) 0x17,  +    (byte) 0x0d, (byte) 0x30, (byte) 0x39, (byte) 0x30, (byte) 0x33, (byte) 0x30, (byte) 0x36, (byte) 0x31,  +    (byte) 0x35, (byte) 0x32, (byte) 0x32, (byte) 0x33, (byte) 0x37, (byte) 0x5a, (byte) 0x17, (byte) 0x0d,  +    (byte) 0x31, (byte) 0x32, (byte) 0x30, (byte) 0x33, (byte) 0x30, (byte) 0x36, (byte) 0x31, (byte) 0x35,  +    (byte) 0x32, (byte) 0x32, (byte) 0x33, (byte) 0x37, (byte) 0x5a, (byte) 0x30, (byte) 0x72, (byte) 0x31,  +    (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06,  +    (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x54, (byte) 0x31, (byte) 0x20, (byte) 0x30, (byte) 0x1e,  +    (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x17, (byte) 0x58,  +    (byte) 0x58, (byte) 0x58, (byte) 0xc5, (byte) 0x90, (byte) 0x7a, (byte) 0x67, (byte) 0xc3, (byte) 0xbc,  +    (byte) 0x72, (byte) 0x20, (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0x54, (byte) 0xc3, (byte) 0xbc,  +    (byte) 0x7a, (byte) 0x65, (byte) 0x6b, (byte) 0xc3, (byte) 0xa7, (byte) 0x69, (byte) 0x31, (byte) 0x15,  +    (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x04, (byte) 0x0c,  +    (byte) 0x0c, (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0x54, (byte) 0xc3, (byte) 0xbc, (byte) 0x7a,  +    (byte) 0x65, (byte) 0x6b, (byte) 0xc3, (byte) 0xa7, (byte) 0x69, (byte) 0x31, (byte) 0x13, (byte) 0x30,  +    (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x2a, (byte) 0x0c, (byte) 0x0a,  +    (byte) 0x58, (byte) 0x58, (byte) 0x58, (byte) 0xc5, (byte) 0x90, (byte) 0x7a, (byte) 0x67, (byte) 0xc3,  +    (byte) 0xbc, (byte) 0x72, (byte) 0x31, (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03,  +    (byte) 0x55, (byte) 0x04, (byte) 0x05, (byte) 0x13, (byte) 0x0c, (byte) 0x37, (byte) 0x30, (byte) 0x34,  +    (byte) 0x38, (byte) 0x37, (byte) 0x31, (byte) 0x30, (byte) 0x35, (byte) 0x30, (byte) 0x30, (byte) 0x30,  +    (byte) 0x38, (byte) 0x30, (byte) 0x49, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a,  +    (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08,  +    (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x01,  +    (byte) 0x03, (byte) 0x32, (byte) 0x00, (byte) 0x04, (byte) 0xde, (byte) 0x75, (byte) 0x22, (byte) 0x4c,  +    (byte) 0xc4, (byte) 0xd4, (byte) 0x14, (byte) 0x16, (byte) 0x48, (byte) 0x4a, (byte) 0x65, (byte) 0x9d,  +    (byte) 0x5a, (byte) 0x39, (byte) 0x71, (byte) 0x11, (byte) 0x1c, (byte) 0x33, (byte) 0x7e, (byte) 0x7f,  +    (byte) 0xb4, (byte) 0x06, (byte) 0x33, (byte) 0x74, (byte) 0xe6, (byte) 0xf3, (byte) 0xc2, (byte) 0x56,  +    (byte) 0x46, (byte) 0x18, (byte) 0x39, (byte) 0xb9, (byte) 0xc4, (byte) 0x47, (byte) 0x84, (byte) 0xf5,  +    (byte) 0x46, (byte) 0x41, (byte) 0x60, (byte) 0x78, (byte) 0x81, (byte) 0x45, (byte) 0x4a, (byte) 0x0f,  +    (byte) 0x67, (byte) 0x77, (byte) 0x77, (byte) 0xb2, (byte) 0xa3, (byte) 0x82, (byte) 0x02, (byte) 0x33,  +    (byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x2f, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03,  +    (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x0c, (byte) 0x30, (byte) 0x0a, (byte) 0x80,  +    (byte) 0x08, (byte) 0x46, (byte) 0x06, (byte) 0x9f, (byte) 0x8e, (byte) 0x41, (byte) 0x8e, (byte) 0x15,  +    (byte) 0xbd, (byte) 0x30, (byte) 0x27, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01,  +    (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x01, (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff,  +    (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x30, (byte) 0x08, (byte) 0x06, (byte) 0x06,  +    (byte) 0x04, (byte) 0x00, (byte) 0x8e, (byte) 0x46, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0a,  +    (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07,  +    (byte) 0x0b, (byte) 0x01, (byte) 0x30, (byte) 0x81, (byte) 0x84, (byte) 0x06, (byte) 0x08, (byte) 0x2b,  +    (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x01, (byte) 0x01, (byte) 0x04,  +    (byte) 0x78, (byte) 0x30, (byte) 0x76, (byte) 0x30, (byte) 0x2c, (byte) 0x06, (byte) 0x08, (byte) 0x2b,  +    (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x30, (byte) 0x01, (byte) 0x86,  +    (byte) 0x20, (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f,  +    (byte) 0x6f, (byte) 0x63, (byte) 0x73, (byte) 0x70, (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73,  +    (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73,  +    (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x6f, (byte) 0x63, (byte) 0x73,  +    (byte) 0x70, (byte) 0x30, (byte) 0x46, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06, (byte) 0x01,  +    (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x30, (byte) 0x02, (byte) 0x86, (byte) 0x3a, (byte) 0x68,  +    (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x77, (byte) 0x77,  +    (byte) 0x77, (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73,  +    (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x63, (byte) 0x65, (byte) 0x72,  +    (byte) 0x74, (byte) 0x73, (byte) 0x2f, (byte) 0x61, (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67,  +    (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72, (byte) 0x65, (byte) 0x6d, (byte) 0x69, (byte) 0x75,  +    (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x53,  +    (byte) 0x69, (byte) 0x67, (byte) 0x2d, (byte) 0x30, (byte) 0x32, (byte) 0x2e, (byte) 0x63, (byte) 0x72,  +    (byte) 0x74, (byte) 0x30, (byte) 0x81, (byte) 0x92, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d,  +    (byte) 0x20, (byte) 0x04, (byte) 0x81, (byte) 0x8a, (byte) 0x30, (byte) 0x81, (byte) 0x87, (byte) 0x30,  +    (byte) 0x7b, (byte) 0x06, (byte) 0x06, (byte) 0x2a, (byte) 0x28, (byte) 0x00, (byte) 0x11, (byte) 0x01,  +    (byte) 0x03, (byte) 0x30, (byte) 0x71, (byte) 0x30, (byte) 0x35, (byte) 0x06, (byte) 0x08, (byte) 0x2b,  +    (byte) 0x06, (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x02, (byte) 0x01, (byte) 0x16,  +    (byte) 0x29, (byte) 0x68, (byte) 0x74, (byte) 0x74, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f,  +    (byte) 0x77, (byte) 0x77, (byte) 0x77, (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72,  +    (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x64,  +    (byte) 0x6f, (byte) 0x63, (byte) 0x73, (byte) 0x2f, (byte) 0x63, (byte) 0x70, (byte) 0x2f, (byte) 0x61,  +    (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x74, (byte) 0x65,  +    (byte) 0x73, (byte) 0x74, (byte) 0x30, (byte) 0x38, (byte) 0x06, (byte) 0x08, (byte) 0x2b, (byte) 0x06,  +    (byte) 0x01, (byte) 0x05, (byte) 0x05, (byte) 0x07, (byte) 0x02, (byte) 0x02, (byte) 0x30, (byte) 0x2c,  +    (byte) 0x1a, (byte) 0x2a, (byte) 0x44, (byte) 0x69, (byte) 0x65, (byte) 0x73, (byte) 0x65, (byte) 0x73,  +    (byte) 0x20, (byte) 0x5a, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69,  +    (byte) 0x6b, (byte) 0x61, (byte) 0x74, (byte) 0x20, (byte) 0x64, (byte) 0x69, (byte) 0x65, (byte) 0x6e,  +    (byte) 0x74, (byte) 0x20, (byte) 0x6e, (byte) 0x75, (byte) 0x72, (byte) 0x20, (byte) 0x7a, (byte) 0x75,  +    (byte) 0x20, (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x7a, (byte) 0x77, (byte) 0x65,  +    (byte) 0x63, (byte) 0x6b, (byte) 0x65, (byte) 0x6e, (byte) 0x30, (byte) 0x08, (byte) 0x06, (byte) 0x06,  +    (byte) 0x04, (byte) 0x00, (byte) 0x8b, (byte) 0x30, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x81,  +    (byte) 0xa4, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x1f, (byte) 0x04, (byte) 0x81,  +    (byte) 0x9c, (byte) 0x30, (byte) 0x81, (byte) 0x99, (byte) 0x30, (byte) 0x81, (byte) 0x96, (byte) 0xa0,  +    (byte) 0x81, (byte) 0x93, (byte) 0xa0, (byte) 0x81, (byte) 0x90, (byte) 0x86, (byte) 0x81, (byte) 0x8d,  +    (byte) 0x6c, (byte) 0x64, (byte) 0x61, (byte) 0x70, (byte) 0x3a, (byte) 0x2f, (byte) 0x2f, (byte) 0x6c,  +    (byte) 0x64, (byte) 0x61, (byte) 0x70, (byte) 0x2d, (byte) 0x74, (byte) 0x65, (byte) 0x73, (byte) 0x74,  +    (byte) 0x2e, (byte) 0x61, (byte) 0x2d, (byte) 0x74, (byte) 0x72, (byte) 0x75, (byte) 0x73, (byte) 0x74,  +    (byte) 0x2e, (byte) 0x61, (byte) 0x74, (byte) 0x2f, (byte) 0x6f, (byte) 0x75, (byte) 0x3d, (byte) 0x61,  +    (byte) 0x2d, (byte) 0x73, (byte) 0x69, (byte) 0x67, (byte) 0x6e, (byte) 0x2d, (byte) 0x50, (byte) 0x72,  +    (byte) 0x65, (byte) 0x6d, (byte) 0x69, (byte) 0x75, (byte) 0x6d, (byte) 0x2d, (byte) 0x54, (byte) 0x65,  +    (byte) 0x73, (byte) 0x74, (byte) 0x2d, (byte) 0x53, (byte) 0x69, (byte) 0x67, (byte) 0x2d, (byte) 0x30,  +    (byte) 0x32, (byte) 0x2c, (byte) 0x6f, (byte) 0x3d, (byte) 0x41, (byte) 0x2d, (byte) 0x54, (byte) 0x72,  +    (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x2c, (byte) 0x63, (byte) 0x3d, (byte) 0x41, (byte) 0x54,  +    (byte) 0x3f, (byte) 0x63, (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69,  +    (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x65, (byte) 0x72, (byte) 0x65, (byte) 0x76, (byte) 0x6f,  +    (byte) 0x63, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, (byte) 0x6c, (byte) 0x69,  +    (byte) 0x73, (byte) 0x74, (byte) 0x3f, (byte) 0x62, (byte) 0x61, (byte) 0x73, (byte) 0x65, (byte) 0x3f,  +    (byte) 0x6f, (byte) 0x62, (byte) 0x6a, (byte) 0x65, (byte) 0x63, (byte) 0x74, (byte) 0x63, (byte) 0x6c,  +    (byte) 0x61, (byte) 0x73, (byte) 0x73, (byte) 0x3d, (byte) 0x65, (byte) 0x69, (byte) 0x64, (byte) 0x43,  +    (byte) 0x65, (byte) 0x72, (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61,  +    (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, (byte) 0x41, (byte) 0x75, (byte) 0x74, (byte) 0x68,  +    (byte) 0x6f, (byte) 0x72, (byte) 0x69, (byte) 0x74, (byte) 0x79, (byte) 0x30, (byte) 0x11, (byte) 0x06,  +    (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x0a, (byte) 0x04, (byte) 0x08,  +    (byte) 0x47, (byte) 0x64, (byte) 0x6e, (byte) 0xbb, (byte) 0x92, (byte) 0xa0, (byte) 0xf6, (byte) 0xf4,  +    (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0f, (byte) 0x01,  +    (byte) 0x01, (byte) 0xff, (byte) 0x04, (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x06, (byte) 0xc0,  +    (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, (byte) 0x04,  +    (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a,  +    (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x05,  +    (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x82, (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0x06,  +    (byte) 0x63, (byte) 0x76, (byte) 0x0a, (byte) 0xd5, (byte) 0x54, (byte) 0xfa, (byte) 0x51, (byte) 0x2a,  +    (byte) 0xb0, (byte) 0x41, (byte) 0xdc, (byte) 0xa4, (byte) 0x9b, (byte) 0x52, (byte) 0x1c, (byte) 0x0e,  +    (byte) 0x1d, (byte) 0x65, (byte) 0x46, (byte) 0x2b, (byte) 0xa3, (byte) 0xcd, (byte) 0xd4, (byte) 0x46,  +    (byte) 0x36, (byte) 0x40, (byte) 0xc3, (byte) 0x49, (byte) 0xe8, (byte) 0xa4, (byte) 0xdc, (byte) 0x01,  +    (byte) 0xde, (byte) 0x70, (byte) 0x97, (byte) 0x31, (byte) 0xb0, (byte) 0xcd, (byte) 0xdf, (byte) 0x69,  +    (byte) 0xf8, (byte) 0xc3, (byte) 0x83, (byte) 0xee, (byte) 0xc6, (byte) 0xed, (byte) 0xe3, (byte) 0x18,  +    (byte) 0x1a, (byte) 0x80, (byte) 0xc1, (byte) 0x30, (byte) 0xa9, (byte) 0xd6, (byte) 0xb1, (byte) 0xb8,  +    (byte) 0xa8, (byte) 0xe0, (byte) 0x3d, (byte) 0xb1, (byte) 0x8e, (byte) 0x2c, (byte) 0xc9, (byte) 0xa6,  +    (byte) 0x05, (byte) 0x6e, (byte) 0x4a, (byte) 0xd2, (byte) 0xb2, (byte) 0x03, (byte) 0xa4, (byte) 0x2b,  +    (byte) 0xa2, (byte) 0xad, (byte) 0xad, (byte) 0xe5, (byte) 0xba, (byte) 0x0d, (byte) 0x54, (byte) 0x8d,  +    (byte) 0x92, (byte) 0x51, (byte) 0xda, (byte) 0x58, (byte) 0xed, (byte) 0xd3, (byte) 0x8d, (byte) 0x61,  +    (byte) 0xa1, (byte) 0xfc, (byte) 0x49, (byte) 0xf6, (byte) 0x80, (byte) 0xdb, (byte) 0x65, (byte) 0x92,  +    (byte) 0xe0, (byte) 0xd5, (byte) 0x23, (byte) 0x69, (byte) 0x0f, (byte) 0x38, (byte) 0x11, (byte) 0x61,  +    (byte) 0x1e, (byte) 0xcd, (byte) 0xa2, (byte) 0x8e, (byte) 0x68, (byte) 0xec, (byte) 0x70, (byte) 0xfb,  +    (byte) 0x55, (byte) 0x95, (byte) 0xcb, (byte) 0xb4, (byte) 0x18, (byte) 0x6b, (byte) 0x3a, (byte) 0x25,  +    (byte) 0x4a, (byte) 0x3e, (byte) 0x07, (byte) 0xb0, (byte) 0x18, (byte) 0x26, (byte) 0x51, (byte) 0x39,  +    (byte) 0x46, (byte) 0xfa, (byte) 0xe2, (byte) 0xae, (byte) 0xe6, (byte) 0x1c, (byte) 0xd2, (byte) 0xcb,  +    (byte) 0x28, (byte) 0xa1, (byte) 0x8b, (byte) 0x56, (byte) 0xbb, (byte) 0xe9, (byte) 0x6c, (byte) 0xf7,  +    (byte) 0x0b, (byte) 0x84, (byte) 0xdd, (byte) 0x7f, (byte) 0x64, (byte) 0x8b, (byte) 0x43, (byte) 0x93,  +    (byte) 0x62, (byte) 0x39, (byte) 0xfb, (byte) 0x91, (byte) 0xfa, (byte) 0x3a, (byte) 0x57, (byte) 0x56,  +    (byte) 0x4a, (byte) 0xaa, (byte) 0x99, (byte) 0x1e, (byte) 0x9b, (byte) 0xcc, (byte) 0xa4, (byte) 0xc0,  +    (byte) 0x18, (byte) 0x46, (byte) 0xae, (byte) 0x15, (byte) 0x24, (byte) 0xf5, (byte) 0xf3, (byte) 0xe6,  +    (byte) 0x36, (byte) 0x55, (byte) 0x29, (byte) 0xa8, (byte) 0xa9, (byte) 0xaf, (byte) 0x7b, (byte) 0x44,  +    (byte) 0x19, (byte) 0xda, (byte) 0x66, (byte) 0x4d, (byte) 0x11, (byte) 0x89, (byte) 0x28, (byte) 0x34,  +    (byte) 0x01, (byte) 0x15, (byte) 0x24, (byte) 0x93, (byte) 0x43, (byte) 0x6a, (byte) 0x8f, (byte) 0xe4,  +    (byte) 0x54, (byte) 0x3a, (byte) 0x3d, (byte) 0x9b, (byte) 0x2f, (byte) 0xc3, (byte) 0xdb, (byte) 0x7e,  +    (byte) 0x5e, (byte) 0x12, (byte) 0x00, (byte) 0xaa, (byte) 0xe7, (byte) 0xc1, (byte) 0x82, (byte) 0x1c,  +    (byte) 0x1d, (byte) 0x1d, (byte) 0x23, (byte) 0x1d, (byte) 0xa3, (byte) 0xcc, (byte) 0x59, (byte) 0xe4,  +    (byte) 0x7a, (byte) 0xf0, (byte) 0x14, (byte) 0x17, (byte) 0xfb, (byte) 0x96, (byte) 0x90, (byte) 0xc1,  +    (byte) 0xc0, (byte) 0xde, (byte) 0xdb, (byte) 0x91, (byte) 0xfb, (byte) 0x49, (byte) 0x39, (byte) 0x70,  +    (byte) 0x76, (byte) 0x2f, (byte) 0x7b, (byte) 0x22, (byte) 0xcd, (byte) 0x35, (byte) 0xcb, (byte) 0xed,  +    (byte) 0x8f, (byte) 0xb3, (byte) 0x66, (byte) 0xae, (byte) 0x95, (byte) 0x49, (byte) 0x75 +  }; +   +  protected static final int KID_PIN_SS = 0x81; + +  protected byte[] EF_C_X509_CH_DS = new byte[2000]; +   +  public STARCOSApplSichereSignatur(STARCOSCardChannelEmul channel) { +    super(channel); +    // Files +    System.arraycopy(C_X509_CH_DS, 0, EF_C_X509_CH_DS, 0, C_X509_CH_DS.length); +    putFile(new File(FID_EF_C_X509_CH_DS, EF_C_X509_CH_DS, FCI_EF_C_X509_CH_DS)); +     +    // PINs +    pins.put(KID_PIN_SS, new PIN(new byte[] { (byte) 0x24, (byte) 0x12, +        (byte) 0x34, (byte) 0x56, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, +        (byte) 0xFF }, KID_PIN_SS, 3)); +  } + +  @Override +  public byte[] getAID() { +    return AID_SichereSignatur; +  } + +  @Override +  public byte[] getFID() { +    return FID_SichereSignatur; +  } + +  @Override +  public byte[] getFCI() { +    return FCI; +  } + +  @Override +  public ResponseAPDU cmdPERFORM_SECURITY_OPERATION(CommandAPDU command, CardChannelEmul channel) throws CardException { +     +    checkINS(command, 0x2A); +   +    if (command.getP1() == 0x90 && command.getP2() == 0xA0) { +       +      // HASH +      byte[] data = command.getData(); +      if (data[0] == (byte) 0x90 && data[1] == (byte) 0x14) { +        hash = Arrays.copyOfRange(data, 2, data.length); +        return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +      } else { +        throw new CardException("HASH command only supports complete hash."); +      } +       +    } else if (command.getP1() == 0x9E && command.getP2() == 0x9A) { +       +      // COMPUTE DIGITAL SIGNATURE +      if (securityEnv == null) { +        // No security environment +        return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +      } +      if (hash == null) { +        // Command sequence not correct +        return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x03}); +      } +      if (hash.length != 20) { +        // Invalid hash length +        return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x80}); +      } +      if (pins.get(KID_PIN_SS).state != PIN.STATE_PIN_VERIFIED) { +        // Security Status not satisfied +        return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x82}); +      } +       +      byte[] signature = new byte[48];  +       +      // TODO replace by signature creation +      Random random = new Random(); +      random.nextBytes(signature); +       +      byte[] response = new byte[signature.length + 2]; +      System.arraycopy(signature, 0, response, 0, signature.length); +      response[signature.length] = (byte) 0x90; +      response[signature.length + 1] = (byte) 0x00; +       +      hash = null; +      pins.get(KID_PIN_SS).state = PIN.STATE_RESET; +       +      return new ResponseAPDU(response); +       +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x00}); +    } +     +  } +   +  public void clearCert() { +    Arrays.fill(EF_C_X509_CH_DS, (byte) 0x00); +  } + +  @Override +  public ResponseAPDU cmdMANAGE_SECURITY_ENVIRONMENT(CommandAPDU command, CardChannelEmul channel) throws CardException { + +    checkINS(command, 0x22); + +    switch (command.getP2()) { +    case 0xA4: +      switch (command.getP1()) { +      case 0x41: +        // INTERNAL AUTHENTICATE +      case 0x81: +        // EXTERNAL AUTHENTICATE +      } +    case 0xB6: +      switch (command.getP1()) { +      case 0x41: { +        // PSO - COMPUTE DIGITAL SIGNATURE +        byte[] dst = new byte[] { (byte) 0x84, (byte) 0x03, (byte) 0x80, +            (byte) 0x02, (byte) 0x00, (byte) 0x89, (byte) 0x03, (byte) 0x13, (byte) 0x35, (byte) 0x10}; +        if (Arrays.equals(dst, command.getData())) { +          securityEnv = command.getData(); +          return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x80}); +        } +      } +      case 0x81: +        // PSO - VERIFY DGITAL SIGNATURE +      } +    case 0xB8: +      switch (command.getP1()) { +      case 0x41: +        // PSO � DECIPHER +      case 0x81: +        // PSO � ENCIPHER +      } +    default: +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x81}); +    } +   +  } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSCardChannelEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSCardChannelEmul.java new file mode 100644 index 00000000..89030894 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSCardChannelEmul.java @@ -0,0 +1,375 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.starcos; + +import java.io.UnsupportedEncodingException; +import java.util.Arrays; +import java.util.HashMap; + +import javax.smartcardio.Card; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.AbstractAppl; +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.CardEmul; +import at.gv.egiz.smcc.File; +import at.gv.egiz.smcc.PIN; + +@SuppressWarnings("restriction") +public class STARCOSCardChannelEmul extends CardChannelEmul { + +  public static final int KID_PIN_Glob = 0x01; +   +  /** +   *  +   */ +  protected CardEmul cardEmul; +   +  public final HashMap<Integer, PIN> globalPins = new HashMap<Integer, PIN>(); + +  public STARCOSCardChannelEmul(CardEmul cardEmul) { +    this.cardEmul = cardEmul; +    globalPins.put(KID_PIN_Glob, new PIN(new byte[] { (byte) 0x24, (byte) 0x00, +        (byte) 0x00, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, +        (byte) 0xFF }, KID_PIN_Glob, 10)); + } + +  @Override +  public Card getCard() { +    return cardEmul; +  } + +  protected ResponseAPDU cmdSELECT(CommandAPDU command) throws CardException { +   +    byte[] fid = command.getData(); +     +    switch (command.getP1()) { +    case 0x00: // MF +      if (fid.length !=0) { +        return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x80});  +      } else { +        currentFile = null; +        currentAppl = null; +        return new ResponseAPDU(new byte[] {(byte) 0x90, (byte) 0x00}); +      } + +    case 0x01: // Lower-level DF +      throw new CardException("Not supported."); +       +    case 0x02: // EF in current DF +      if (currentAppl != null) { +        if (command.getP2() != 0x04) { +          throw new CardException("Not supported."); +        } +        for (File file : currentAppl.getFiles()) { +          if (Arrays.equals(fid, file.fid)) { +            currentFile = file; +            byte[] response = new byte[file.fcx.length + 2]; +            System.arraycopy(file.fcx, 0, response, 0, file.fcx.length); +            response[file.fcx.length] = (byte) 0x90; +            response[file.fcx.length + 1] = (byte) 0x00; +            return new ResponseAPDU(response); +          } +        } +        return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x82}); +      } else { +        throw new CardException("Not supported."); +      } +       +    case 0x03: // Higher-level DF +      throw new CardException("Not supported."); +       +    case 0x04: // Selection by DF name +      AbstractAppl appl = cardEmul.getApplication(fid); +      if (appl != null) { +        if (command.getP2() != 0x00) { +          throw new CardException("Not supported."); +        } +        if (currentAppl != null && currentAppl != appl) { +          currentAppl.leaveApplContext(); +          currentFile = null; +        } +        currentAppl = appl; + +        byte[] fci = currentAppl.getFCI(); +        byte[] response = new byte[fci.length + 2]; +        System.arraycopy(fci, 0, response, 0, fci.length); +        response[fci.length] = (byte) 0x90; +        response[fci.length + 1] = (byte) 0x00; +        return new ResponseAPDU(response); +      } +       +    default: +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x86}); +    } +     +  } +   +  protected ResponseAPDU cmdREAD_BINARY(CommandAPDU command) throws CardException { + +    if (command.getINS() != 0xB0) { +      throw new IllegalArgumentException("INS has to be 0xB0."); +    } + +    if (currentFile == null) { +      return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x86});  +    } +     +    if ((command.getP1() & 0x80) > 0) { +      throw new CardException("Not implemented."); +    } +     +    int offset = command.getP2() + (command.getP1() << 8); +    if (offset > currentFile.file.length) { +      // Wrong length +      return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +    } +     +    if (command.getNe() == 0) { +      throw new CardException("Not implemented."); +    } +     +    if (currentFile.kid != -1) { +      PIN pin; +      if ((currentFile.kid & 0x80) > 0) { +        if (currentAppl == null +            || (pin = currentAppl.pins.get(currentFile.kid)) == null +            || pin.state != PIN.STATE_PIN_VERIFIED) { +          return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x82}); +        } +      } else { +        if ((pin = globalPins.get(currentFile.kid)) == null +          || pin.state != PIN.STATE_PIN_VERIFIED) { +          return new ResponseAPDU(new byte[] {(byte) 0x69, (byte) 0x82}); +        } +      } +    } +     +    if (command.getNe() == 256 || command.getNe() <= currentFile.file.length - offset) { +      int len = Math.min(command.getNe(), currentFile.file.length - offset); +      byte[] response = new byte[len + 2]; +      System.arraycopy(currentFile.file, offset, response, 0, len); +      response[len] = (byte) 0x90; +      response[len + 1] = (byte) 0x00; +      return new ResponseAPDU(response); +    } else if (command.getNe() >= currentFile.file.length - offset) { +      return new ResponseAPDU(new byte[] {(byte) 0x62, (byte) 0x82}); +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +    } +     +  } + +   +  @Override +  public ResponseAPDU transmit(CommandAPDU command) throws CardException { +   +    if (command.getCLA() == 0x00) { +   +      switch (command.getINS()) { +   +      // SELECT +      case 0xA4: +        return cmdSELECT(command); +       +      // READ BINARY +      case 0xB0: +        return cmdREAD_BINARY(command); +       +      // VERIFY +      case 0x20: +        return cmdVERIFY(command); +       +      // MANAGE SECURITY ENVIRONMENT +      case 0x22: { +        if (currentAppl != null) { +          return currentAppl.cmdMANAGE_SECURITY_ENVIRONMENT(command, this); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05});  +        } +      } +       +      // CHANGE REFERENCE DATA +      case 0x24: { +        return cmdCHANGE_REFERENCE_DATA(command); +      } +       +      // PERFORM SECURITY OPERATION +      case 0x2A: { +        if (currentAppl != null) { +          return currentAppl.cmdPERFORM_SECURITY_OPERATION(command, this); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +        } +      } +   +      // INTERNAL AUTHENTICATE +      case 0x88: { +        if (currentAppl != null) { +          return currentAppl.cmdINTERNAL_AUTHENTICATE(command, this); +        } else { +          return new ResponseAPDU(new byte[] {(byte) 0x6F, (byte) 0x05}); +        } +      } +       +      default: +        return new ResponseAPDU(new byte[] { (byte) 0x6D, (byte) 0x00}); +      } +   +    } else { +      return new ResponseAPDU(new byte[] { (byte) 0x6E, (byte) 0x00});  +    } +   +  } + +  protected ResponseAPDU verifyPin(int kid, byte[] reference) { +     +    PIN pin; +    if ((kid & 0x80) > 0 && currentAppl != null) { +      pin = currentAppl.pins.get(kid); +    } else { +      pin = globalPins.get(kid); +    } +     +    if (pin != null) { +   +      if (reference.length == 0) { +        return new ResponseAPDU(new byte[] { (byte) 0x63, (byte) (pin.kfpc | 0xC0)}); +      } +       +      if (reference.length != 8) { +        return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +      } +       +      if (Arrays.equals(reference, pin.pin)) { +        switch (pin.state) { +        case PIN.STATE_PIN_BLOCKED: +          return new ResponseAPDU(new byte[] { (byte) 0x69, (byte) 0x83 }); +   +        case PIN.STATE_RESET: +          pin.state = PIN.STATE_PIN_VERIFIED; +           +        default: +          pin.kfpc = 10; +          return new ResponseAPDU(new byte[] { (byte) 0x90, (byte) 0x00 }); +        } +      } else { +        switch (pin.state) { +        case PIN.STATE_PIN_BLOCKED: +          return new ResponseAPDU(new byte[] { (byte) 0x69, (byte) 0x83 }); +         +        default: +          if (--pin.kfpc > 0) { +            return new ResponseAPDU(new byte[] { (byte) 0x63, (byte) (pin.kfpc | 0xC0)}); +          } else { +            pin.state = PIN.STATE_PIN_BLOCKED; +            return new ResponseAPDU(new byte[] { (byte) 0x69, (byte) 0x83 }); +          } +        } +         +      } +       +    } else { +      return new ResponseAPDU(new byte[] {(byte) 0x6A, (byte) 0x00}); +    } +     +  } + +  protected ResponseAPDU cmdVERIFY(CommandAPDU command) throws CardException { +     +    if (command.getINS() != 0x20) { +      throw new IllegalArgumentException("INS has to be 0x20."); +    } +     +    if (command.getP1() != 00) { +      return new ResponseAPDU(new byte[] {(byte) 0x6B, (byte) 0x00}); +    } +     +    return verifyPin(command.getP2(), command.getData()); +   +  } + +  protected ResponseAPDU cmdCHANGE_REFERENCE_DATA(CommandAPDU command) { +     +    if (command.getINS() != 0x24) { +      throw new IllegalArgumentException("INS has to be 0x24."); +    } + +    byte[] data = command.getData(); + +    ResponseAPDU response; +     +    if (command.getP1() == 0x01) { +     +      if (data.length != 8) { +        return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +      } +       +      response = verifyPin(0xFF & command.getP2(), data); + +    } else if (command.getP1() == 0x00) { +       +      if (data.length != 16) { +        return new ResponseAPDU(new byte[] {(byte) 0x67, (byte) 0x00}); +      } +   +      response = verifyPin(0xFF & command.getP2(), Arrays.copyOf(data, 8)); +     +    } else { +      return new ResponseAPDU(new byte[] { (byte) 0x6A, (byte) 0x81 }); +    } +      +    if (response.getSW() == 0x9000) { +      PIN pin; +      if (currentAppl != null) { +        pin = currentAppl.pins.get(command.getP2()); +      } else { +        pin = globalPins.get(command.getP2()); +      } +      pin.pin = Arrays.copyOfRange(data, 8, 16); +    } + +    return response; +     +  } +   +  public void setPin(int kid, char[] value) { +    PIN pin = globalPins.get(kid); +    if (pin != null) { +      if (value == null) { +        pin.pin = null; +      } else { +        byte[] b = new byte[8]; +        b[0] = (byte) (0x20 | value.length); +        for(int i = 1, j = 0; i < b.length; i++) { +          int h = ((j < value.length)  +                  ? Character.digit(value[j++], 10)  +                  : 0x0F); +          int l = ((j < value.length)  +                  ? Character.digit(value[j++], 10)  +                  : 0x0F); +          b[i] = (byte) ((h << 4) | l); +        } +        pin.pin = b; +      } +    } +  } + + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSCardEmul.java b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSCardEmul.java new file mode 100644 index 00000000..7b2f3fbe --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSCardEmul.java @@ -0,0 +1,50 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.starcos; + + +import javax.smartcardio.ATR; + +import at.gv.egiz.smcc.CardChannelEmul; +import at.gv.egiz.smcc.CardEmul; + +@SuppressWarnings("restriction") +public class STARCOSCardEmul extends CardEmul { +   +  protected static ATR ATR = new ATR(new byte[] { +      (byte) 0x3b, (byte) 0xbd, (byte) 0x18, (byte) 0x00, (byte) 0x81, (byte) 0x31, (byte) 0xfe, (byte) 0x45,  +      (byte) 0x80, (byte) 0x51, (byte) 0x02, (byte) 0x67, (byte) 0x05, (byte) 0x18, (byte) 0xb1, (byte) 0x02,  +      (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x81, (byte) 0x05, (byte) 0x31 +  }); +   +  public STARCOSCardEmul() { +    applications.add(new STARCOSApplSichereSignatur((STARCOSCardChannelEmul) channel)); +    applications.add(new STARCOSApplInfobox((STARCOSCardChannelEmul) channel)); +    applications.add(new STARCOSApplGewoehnlicheSignatur((STARCOSCardChannelEmul) channel)); +  } + +  @Override +  public ATR getATR() { +    return ATR; +  } + +  @Override +  protected CardChannelEmul newCardChannel(CardEmul cardEmul) { +    return new STARCOSCardChannelEmul(this); +  } + +}
\ No newline at end of file diff --git a/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSCardTest.java new file mode 100644 index 00000000..0fb4f62d --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/starcos/STARCOSCardTest.java @@ -0,0 +1,297 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.starcos; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import java.io.UnsupportedEncodingException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; + +import javax.smartcardio.CardChannel; + +import org.junit.Test; + +import at.gv.egiz.smcc.CancelledException; +import at.gv.egiz.smcc.CardEmul; +import at.gv.egiz.smcc.CardNotSupportedException; +import at.gv.egiz.smcc.CardTerminalEmul; +import at.gv.egiz.smcc.CardTest; +import at.gv.egiz.smcc.LockedException; +import at.gv.egiz.smcc.NotActivatedException; +import at.gv.egiz.smcc.PINFormatException; +import at.gv.egiz.smcc.PINMgmtSignatureCard; +import at.gv.egiz.smcc.PINSpec; +import at.gv.egiz.smcc.STARCOSCard; +import at.gv.egiz.smcc.SignatureCard; +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.SignatureCardFactory; +import at.gv.egiz.smcc.CardTest.TestChangePINProvider; +import at.gv.egiz.smcc.CardTest.TestPINProvider; +import at.gv.egiz.smcc.SignatureCard.KeyboxName; +import at.gv.egiz.smcc.acos.A03ApplDEC; +import at.gv.egiz.smcc.acos.A04ApplDEC; +import at.gv.egiz.smcc.acos.A04ApplSIG; +import at.gv.egiz.smcc.acos.ACOSAppl; +import at.gv.egiz.smcc.acos.ACOSApplDEC; +import at.gv.egiz.smcc.acos.ACOSApplSIG; + +public class STARCOSCardTest extends CardTest { + +  @Override +  protected SignatureCard createSignatureCard() +      throws CardNotSupportedException { +    SignatureCardFactory factory = SignatureCardFactory.getInstance(); +    STARCOSCardEmul card = new STARCOSCardEmul(); +    SignatureCard signatureCard = factory.createSignatureCard(card, +        new CardTerminalEmul(card)); +    assertTrue(signatureCard instanceof PINMgmtSignatureCard); +    return signatureCard; +  } +   +  @Test +  public void testGetInfoboxIdentityLinkEmpty() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    char[] pin = "0000".toCharArray(); +     +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    STARCOSApplInfobox appl = (STARCOSApplInfobox) card.getApplication(STARCOSAppl.AID_Infobox); +    appl.clearInfobox(); + +    byte[] idlink = signatureCard.getInfobox("IdentityLink", +        new TestPINProvider(pin), null); +    assertNull(idlink); + +  } + +  @Test(expected = SignatureCardException.class) +  public void testGetInfoboxIdentityInvalid() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    char[] pin = "0000".toCharArray(); +     +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    STARCOSApplInfobox appl = (STARCOSApplInfobox) card.getApplication(STARCOSAppl.AID_Infobox); +    appl.setInfoboxHeader((byte) 0xFF); + +    signatureCard.getInfobox("IdentityLink", new TestPINProvider(pin), null); + +  } +  +  @Test +  public void testGetCerts() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    SignatureCard signatureCard = createSignatureCard(); + +    byte[] cert; + +    cert = signatureCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); +    assertNotNull(cert); +    assertTrue(Arrays.equals(cert, STARCOSApplSichereSignatur.C_X509_CH_DS)); + +    cert = signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); +    assertNotNull(cert); +    assertTrue(Arrays.equals(cert, STARCOSApplGewoehnlicheSignatur.C_X509_CH_AUT)); + +  } + +  @Test(expected = NotActivatedException.class) +  public void testGetDSCertEmpty() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    STARCOSApplSichereSignatur appl = (STARCOSApplSichereSignatur) card.getApplication(STARCOSApplSichereSignatur.AID_SichereSignatur); +    appl.clearCert(); + +    signatureCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); + +  } + +  @Test(expected = NotActivatedException.class) +  public void testGetAUTCertEmpty() throws SignatureCardException, +      InterruptedException, CardNotSupportedException { + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    STARCOSApplGewoehnlicheSignatur appl = (STARCOSApplGewoehnlicheSignatur) card.getApplication(STARCOSApplGewoehnlicheSignatur.AID_GewoehnlicheSignatur); +    appl.clearCert(); + +    signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); + +  } +   +  @Test +  public void testSignSichereSignatur() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    char[] pin = "123456".toCharArray(); + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    STARCOSApplSichereSignatur appl = (STARCOSApplSichereSignatur) card.getApplication(STARCOSApplSichereSignatur.AID_SichereSignatur); +    appl.setPin(STARCOSApplSichereSignatur.KID_PIN_SS, pin); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    byte[] signature = signatureCard.createSignature(hash, +        KeyboxName.SECURE_SIGNATURE_KEYPAIR, new TestPINProvider(pin)); + +    assertNotNull(signature); + +  } + +  @Test +  public void testSignGewoehnlicheSignatur() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    char[] pin = "1234".toCharArray(); + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    STARCOSCardChannelEmul channel = (STARCOSCardChannelEmul) card.getBasicChannel(); +    channel.setPin(STARCOSCardChannelEmul.KID_PIN_Glob, pin); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    byte[] signature = signatureCard.createSignature(hash, +        KeyboxName.CERITIFIED_KEYPAIR, new TestPINProvider(pin)); + +    assertNotNull(signature); + +  } +   +  @Test(expected = LockedException.class) +  public void testSignSichereSignaturInvalidPin() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    SignatureCard signatureCard = createSignatureCard(); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    TestPINProvider pinProvider = new TestPINProvider("000000".toCharArray()); + +    signatureCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, +        pinProvider); + +  } + +  @Test(expected = LockedException.class) +  public void testSignGewoehnlicheSignaturInvalidPin() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    SignatureCard signatureCard = createSignatureCard(); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    TestPINProvider pinProvider = new TestPINProvider("1234".toCharArray()); + +    signatureCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, +        pinProvider); + +  } + +  @Test(expected = LockedException.class) +  public void testSignSichereSignaturBlockedPin() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    STARCOSApplSichereSignatur appl = (STARCOSApplSichereSignatur) card.getApplication(STARCOSApplSichereSignatur.AID_SichereSignatur); +    appl.setPin(STARCOSApplSichereSignatur.KID_PIN_SS, null); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    TestPINProvider pinProvider = new TestPINProvider("000000".toCharArray()); +    assertTrue(pinProvider.getProvided() <= 0); + +    signatureCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, +        pinProvider); + +  } + +  @Test(expected = LockedException.class) +  public void testSignGewoehnlicheSignaturBlockedPin() throws SignatureCardException, +      InterruptedException, CardNotSupportedException, +      NoSuchAlgorithmException, UnsupportedEncodingException { + +    SignatureCard signatureCard = createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    STARCOSCardChannelEmul channel = (STARCOSCardChannelEmul) card.getBasicChannel(); +    channel.setPin(STARCOSCardChannelEmul.KID_PIN_Glob, null); + +    MessageDigest md = MessageDigest.getInstance("SHA-1"); +    byte[] hash = md.digest("MOCCA".getBytes("ASCII")); + +    TestPINProvider pinProvider = new TestPINProvider("0000".toCharArray()); + +    signatureCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, +        pinProvider); + +  } +   +  @Test +  public void testChangePin() throws CardNotSupportedException, +      LockedException, NotActivatedException, CancelledException, +      PINFormatException, SignatureCardException, InterruptedException { + +    char[] defaultPin = "123456".toCharArray(); + +    PINMgmtSignatureCard signatureCard = (PINMgmtSignatureCard) createSignatureCard(); +    CardEmul card = (CardEmul) signatureCard.getCard(); +    STARCOSCardChannelEmul channel = (STARCOSCardChannelEmul) card.getBasicChannel(); +    channel.setPin(STARCOSCardChannelEmul.KID_PIN_Glob, defaultPin); +    STARCOSApplSichereSignatur appl = (STARCOSApplSichereSignatur) card.getApplication(STARCOSApplSichereSignatur.AID_SichereSignatur); +    appl.setPin(STARCOSApplSichereSignatur.KID_PIN_SS, defaultPin); +     +    for (PINSpec pinSpec : signatureCard.getPINSpecs()) { + +      char[] pin = defaultPin; + +      for (int i = pinSpec.getMinLength(); i <= pinSpec.getMaxLength(); i++) { +        signatureCard.verifyPIN(pinSpec, new TestPINProvider(pin)); +        char[] newPin = new char[i]; +        Arrays.fill(newPin, '0'); +        signatureCard +            .changePIN(pinSpec, new TestChangePINProvider(pin, newPin)); +        signatureCard.verifyPIN(pinSpec, new TestPINProvider(newPin)); +        pin = newPin; +      } + +    } + +  } + + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/util/ISO7816UtilsTest.java b/smcc/src/test/java/at/gv/egiz/smcc/util/ISO7816UtilsTest.java new file mode 100644 index 00000000..679f2c02 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/util/ISO7816UtilsTest.java @@ -0,0 +1,175 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +*     http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.util; + +import java.util.Arrays; + +import javax.smartcardio.CommandAPDU; + +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; + +import at.gv.egiz.smcc.VerifyAPDUSpec; +import at.gv.egiz.smcc.util.ISO7816Utils; +import static org.junit.Assert.*; + +public class ISO7816UtilsTest { +   +  @Test +  public void testFormatPIN() { +     +    formatPIN(VerifyAPDUSpec.PIN_FORMAT_BINARY, +        VerifyAPDUSpec.PIN_JUSTIFICATION_LEFT, 7, "1234", +        new byte[] { +        (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x00, (byte) 0x00, (byte) 0x00 +        }, +        new byte[] { +        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x00, (byte) 0x00 +        } +    ); + +    formatPIN(VerifyAPDUSpec.PIN_FORMAT_BINARY, +        VerifyAPDUSpec.PIN_JUSTIFICATION_RIGHT, 7, "12345", +        new byte[] { +        (byte) 0x00, (byte) 0x00, (byte) 0x05, (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x01 +        }, +        new byte[] { +        (byte) 0x00, (byte) 0x00, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff +        } +    ); + +    formatPIN(VerifyAPDUSpec.PIN_FORMAT_BCD, +        VerifyAPDUSpec.PIN_JUSTIFICATION_LEFT, 7, "12345", +        new byte[] { +        (byte) 0x12, (byte) 0x34, (byte) 0x50, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 +        }, +        new byte[] { +        (byte) 0xff, (byte) 0xff, (byte) 0xf0, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 +        } +    ); + +    formatPIN(VerifyAPDUSpec.PIN_FORMAT_BCD, +        VerifyAPDUSpec.PIN_JUSTIFICATION_RIGHT, 7, "1234567", +        new byte[] { +        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x07, (byte) 0x65, (byte) 0x43, (byte) 0x21 +        }, +        new byte[] { +        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x0f, (byte) 0xff, (byte) 0xff, (byte) 0xff +        } +    ); + +    formatPIN(VerifyAPDUSpec.PIN_FORMAT_ASCII, +        VerifyAPDUSpec.PIN_JUSTIFICATION_LEFT, 7, "1234", +        new byte[] { +        (byte) 0x31, (byte) 0x32, (byte) 0x33, (byte) 0x34, (byte) 0x00, (byte) 0x00, (byte) 0x00 +        }, +        new byte[] { +        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x00, (byte) 0x00 +        } +    ); + +    formatPIN(VerifyAPDUSpec.PIN_FORMAT_ASCII, +        VerifyAPDUSpec.PIN_JUSTIFICATION_RIGHT, 7, "12345", +        new byte[] { +        (byte) 0x00, (byte) 0x00, (byte) 0x35, (byte) 0x34, (byte) 0x33, (byte) 0x32, (byte) 0x31 +        }, +        new byte[] { +        (byte) 0x00, (byte) 0x00, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff +        } +    ); + +     +  } +   +  private void formatPIN(int pinFormat, int pinJusitification, int pinLength, String pin, byte[] rfpin, byte[] rmask) { + +    byte[] fpin = new byte[pinLength]; +    byte[] mask = new byte[pinLength]; +     +    ISO7816Utils.formatPIN(pinFormat, pinJusitification, fpin, mask, pin.toCharArray()); +     +//    System.out.println(toString(fpin)); +//    System.out.println(toString(mask)); +     +    assertTrue(Arrays.equals(fpin, rfpin)); +    assertTrue(Arrays.equals(mask, rmask)); +     +  } +   +  @Test +  public void testCreateVerifyAPDU() { +     +    VerifyAPDUSpec verifyAPDUSpec; +    CommandAPDU apdu; +    byte[] ref; +     +    verifyAPDUSpec = new VerifyAPDUSpec( +        new byte[] { +            (byte) 0x00, (byte) 0x20, (byte) 0x00, (byte) 0x80, (byte) 0x08, +            (byte) 0x20, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, +            (byte) 0xff, (byte) 0xff, (byte) 0xff },  +        1, VerifyAPDUSpec.PIN_FORMAT_BCD, 7, 4, 4); +     +    apdu = ISO7816Utils.createVerifyAPDU(verifyAPDUSpec, "1234".toCharArray()); +     +//    System.out.println(toString(apdu.getBytes())); +     +    ref = new byte[] { (byte) 0x00, (byte) 0x20, (byte) 0x00, (byte) 0x80, +        (byte) 0x08, (byte) 0x24, (byte) 0x12, (byte) 0x34, (byte) 0xff, +        (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff }; +     +    assertTrue(Arrays.equals(apdu.getBytes(), ref)); +     +    ref = new byte[] { (byte) 0x00, (byte) 0x20, (byte) 0x00, (byte) 0x80, +        (byte) 0x08, (byte) 0x31, (byte) 0x32, (byte) 0x33, (byte) 0x34, +        (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 }; +     +    verifyAPDUSpec = new VerifyAPDUSpec( +        new byte[] { +            (byte) 0x00, (byte) 0x20, (byte) 0x00, (byte) 0x80, (byte) 0x08, +            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,  +            (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 },  +        0, VerifyAPDUSpec.PIN_FORMAT_ASCII, 8); + +    apdu = ISO7816Utils.createVerifyAPDU(verifyAPDUSpec, "1234".toCharArray()); + +//    System.out.println(toString(apdu.getBytes())); +     +    assertTrue(Arrays.equals(apdu.getBytes(), ref)); + +  } +   +  private String toString(byte[] b) { +    StringBuffer sb = new StringBuffer(); +    if (b != null && b.length > 0) { +      sb.append(Integer.toHexString((b[0] & 240) >> 4)); +      sb.append(Integer.toHexString(b[0] & 15)); +    } +    for (int i = 1; i < b.length; i++) { +      sb.append(':'); +      sb.append(Integer.toHexString((b[i] & 240) >> 4)); +      sb.append(Integer.toHexString(b[i] & 15)); +    } +    return sb.toString(); +  } + + +} diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java index eeb97290..32e990c5 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java @@ -53,8 +53,8 @@ public class InfoBoxReadRequestHandler extends AbstractRequestHandler {                    .getCardPINProvider(),                    infoBox.getDomainIdentifier());            if (resp == null) { -            log.info("Got null as result->user cancelled"); -            return new ErrorResponse(6001); +            log.info("Infobox doesn't contain any data. Assume card is not activated."); +            throw new NotActivatedException();            } else {              try {                resp = DomainIdConverter.convertDomainId(resp, infoBox diff --git a/smccSTAL/src/test/java/at/gv/egiz/smcc/AbstractSMCCSTALTest.java b/smccSTAL/src/test/java/at/gv/egiz/smcc/AbstractSMCCSTALTest.java index 1c1cb833..36880e68 100644 --- a/smccSTAL/src/test/java/at/gv/egiz/smcc/AbstractSMCCSTALTest.java +++ b/smccSTAL/src/test/java/at/gv/egiz/smcc/AbstractSMCCSTALTest.java @@ -1,6 +1,5 @@  package at.gv.egiz.smcc;
 -import at.gv.egiz.smcc.ccid.CCID;
  import java.util.ArrayList;
  import java.util.List;
  import java.util.Locale;
 @@ -10,17 +9,18 @@ import javax.smartcardio.CardTerminal;  import org.junit.Assert;
  import org.junit.Before;
 +import org.junit.Ignore;
  import org.junit.Test;
  import at.gv.egiz.bku.gui.BKUGUIFacade;
  import at.gv.egiz.bku.smccstal.AbstractSMCCSTAL;
  import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler;
 +import at.gv.egiz.smcc.ccid.CCID;
  import at.gv.egiz.stal.ErrorResponse;
  import at.gv.egiz.stal.InfoboxReadRequest;
  import at.gv.egiz.stal.InfoboxReadResponse;
  import at.gv.egiz.stal.STALRequest;
  import at.gv.egiz.stal.STALResponse;
 -import org.junit.Ignore;
  public class AbstractSMCCSTALTest extends AbstractSMCCSTAL implements
      SMCCSTALRequestHandler {
 @@ -87,32 +87,11 @@ public class AbstractSMCCSTALTest extends AbstractSMCCSTAL implements      }
 -
 -      @Override
 -      public List<PINSpec> getPINSpecs() {
 -        return new ArrayList<PINSpec>();
 -      }
 -
 -      @Override
 -      public void verifyPIN(PINSpec pinSpec, PINProvider pinProvider) {
 -      }
 -
 -      @Override
 -      public void changePIN(PINSpec pinSpec, ChangePINProvider pinProvider) {
 -      }
 -
 -      @Override
 -      public void activatePIN(PINSpec pinSpec, PINProvider pinProvider) {
 -      }
 -
 -      @Override
 -      public void unblockPIN(PINSpec pinSpec, PINProvider pukProvider) {
 -      }
 -
 -      @Override
 -      public CCID getReader() {
 -        throw new UnsupportedOperationException("Not supported yet.");
 -      }
 +    @Override
 +    public CCID getReader() {
 +      // TODO Auto-generated method stub
 +      return null;
 +    }
     };
      return false;
 | 
