summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/CIOCertificateDirectory.java3
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOCertificate.java79
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOCertificateDirectory.java83
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOKey.java53
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOKeyDirectory.java46
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/LtEIDCard.java526
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/LtEIDObjectDirectory.java29
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SEIdentityCard.java319
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java184
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/T0CardChannel.java9
-rw-r--r--smcc/src/main/java/at/gv/egiz/smcc/cio/ObjectDirectory.java17
-rw-r--r--smcc/src/main/resources/at/gv/egiz/smcc/LtEIDCard.properties1
-rw-r--r--smcc/src/main/resources/at/gv/egiz/smcc/SEIdentityCard.properties1
13 files changed, 1272 insertions, 78 deletions
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/CIOCertificateDirectory.java b/smcc/src/main/java/at/gv/egiz/smcc/CIOCertificateDirectory.java
index 122c4e7d..40471e4e 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/CIOCertificateDirectory.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/CIOCertificateDirectory.java
@@ -20,7 +20,6 @@ package at.gv.egiz.smcc;
import at.gv.egiz.smcc.cio.CIOCertificate;
import at.gv.egiz.smcc.util.ISO7816Utils;
import at.gv.egiz.smcc.util.TLVSequence;
-import iaik.me.asn1.ASN1;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
@@ -73,7 +72,9 @@ public class CIOCertificateDirectory {
protected byte[] executeSelect(CardChannel channel) throws CardException {
+
CommandAPDU cmd = new CommandAPDU(0x00, 0xA4, 0x02, ISO7816Utils.P2_FCP, fid, 256);
+
ResponseAPDU resp = channel.transmit(cmd);
byte[] fcx = new TLVSequence(resp.getBytes()).getValue(ISO7816Utils.TAG_FCP);
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOCertificate.java b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOCertificate.java
new file mode 100644
index 00000000..9a8e5a06
--- /dev/null
+++ b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOCertificate.java
@@ -0,0 +1,79 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.smcc;
+
+import iaik.me.asn1.ASN1;
+import iaik.me.security.BigInteger;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import at.gv.egiz.smcc.cio.CIOCertificate;
+
+public class LtEIDCIOCertificate extends CIOCertificate {
+
+ // The Lithuanian eID card stores both certificates in one file.
+ // For each certificate, EF.CD contains an offset and a length that may be used
+ // to extract the certificates from the file.
+ private BigInteger offset;
+ private byte[] length;
+
+ public LtEIDCIOCertificate(byte[] cio) throws IOException {
+
+ super(cio);
+
+ ASN1 x509Certificate = new ASN1(cio);
+
+ //read CONTEXTSPECIFIC manually
+ byte[] ctxSpecific = x509Certificate.getElementAt(x509Certificate.getSize()-1).getEncoded();
+ if ((ctxSpecific[0] & 0xff) == 0xa1) {
+ int ll = ((ctxSpecific[1] & 0xf0) == 0x80)
+ ? (ctxSpecific[1] & 0x0f) + 2 : 2;
+ ASN1 x509CertificateAttributes = new ASN1(Arrays.copyOfRange(ctxSpecific, ll, ctxSpecific.length));
+
+ offset = x509CertificateAttributes.getElementAt(0).getElementAt(1).gvBigInteger();
+
+ // first byte indicates number of relevant bytes in array
+ byte[] lengthValue = x509CertificateAttributes.getElementAt(0).getElementAt(2).gvByteArray();
+ if(lengthValue == null || lengthValue[0] != lengthValue.length-1) {
+
+ throw new IOException("Cannot extract certificate length information. Unexpected format.");
+ }
+
+ length = new byte[lengthValue[0]];
+ System.arraycopy(lengthValue, 1, length, 0, lengthValue[0]);
+
+ }
+ }
+
+ public BigInteger getOffset() {
+ return offset;
+ }
+
+ public void setOffset(BigInteger offset) {
+ this.offset = offset;
+ }
+
+ public byte[] getLength() {
+ return length;
+ }
+
+ public void setLength(byte[] length) {
+ this.length = length;
+ }
+}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOCertificateDirectory.java b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOCertificateDirectory.java
new file mode 100644
index 00000000..efff6cad
--- /dev/null
+++ b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOCertificateDirectory.java
@@ -0,0 +1,83 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.smcc;
+
+import java.io.IOException;
+
+import javax.smartcardio.CardChannel;
+import javax.smartcardio.CardException;
+import javax.smartcardio.CommandAPDU;
+import javax.smartcardio.ResponseAPDU;
+
+import at.gv.egiz.smcc.util.ISO7816Utils;
+import at.gv.egiz.smcc.util.TLVSequence;
+
+public class LtEIDCIOCertificateDirectory extends CIOCertificateDirectory {
+
+ public LtEIDCIOCertificateDirectory(byte[] fid) {
+ super(fid);
+ }
+
+ protected void addCIOCertificate(byte[] cio) throws IOException {
+
+ LtEIDCIOCertificate cioCert = new LtEIDCIOCertificate(cio);
+
+ log.debug("adding {}", cioCert);
+ cios.add(cioCert);
+ }
+
+ @Override
+ protected byte[] executeSelect(CardChannel channel)
+ throws CardException {
+
+ byte[] finalPath = null;
+
+ if (fid != null && fid.length > 2 && fid[0] == (byte) 0x3F
+ && fid[1] == (byte) 0x00) {
+
+ // cut off MF identifier
+ finalPath = new byte[fid.length - 2];
+ System.arraycopy(fid, 2, finalPath, 0, fid.length - 2);
+ } else {
+ finalPath = fid;
+ }
+
+ CommandAPDU apdu = new CommandAPDU((byte) 0x00, (byte) 0xA4,
+ (byte) 0x08, ISO7816Utils.P2_FCP, finalPath);
+
+ ResponseAPDU resp = channel.transmit(apdu);
+
+ if (resp.getSW() != 0x9000) {
+
+ throw new CardException(
+ "Error selecting File - unexpected response from card: "
+ + Integer.toHexString(resp.getSW()));
+ }
+
+ byte[] fcx = new TLVSequence(resp.getBytes()).getValue(ISO7816Utils.TAG_FCP);
+ byte[] fd = new TLVSequence(fcx).getValue(0x82);
+
+ return fd;
+ }
+
+ @Override
+ protected byte[] doReadTransparentFile(CardChannel channel) throws CardException, SignatureCardException {
+
+ return ISO7816Utils.readTransparentFile(channel, 0xEE);
+ }
+}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOKey.java b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOKey.java
new file mode 100644
index 00000000..cab5a491
--- /dev/null
+++ b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOKey.java
@@ -0,0 +1,53 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.smcc;
+
+import iaik.me.asn1.ASN1;
+import iaik.me.security.BigInteger;
+
+import java.io.IOException;
+
+public class LtEIDCIOKey {
+
+ private byte[] iD;
+ private BigInteger keyReference;
+
+ public LtEIDCIOKey(byte[] cio) throws IOException {
+
+ ASN1 asn1 = new ASN1(cio);
+
+ iD = asn1.getElementAt(1).getElementAt(0).gvByteArray();
+ keyReference = asn1.getElementAt(1).getElementAt(3).gvBigInteger();
+ }
+
+ public byte[] getID() {
+ return iD;
+ }
+
+ public void setID(byte[] id) {
+ iD = id;
+ }
+
+ public BigInteger getKeyReference() {
+ return keyReference;
+ }
+
+ public void setKeyReference(BigInteger keyReference) {
+ this.keyReference = keyReference;
+ }
+}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOKeyDirectory.java b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOKeyDirectory.java
new file mode 100644
index 00000000..dfb8e9eb
--- /dev/null
+++ b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCIOKeyDirectory.java
@@ -0,0 +1,46 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.smcc;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class LtEIDCIOKeyDirectory extends LtEIDCIOCertificateDirectory {
+
+ protected List<LtEIDCIOKey> keys;
+
+ public LtEIDCIOKeyDirectory(byte[] fid) {
+
+ super(fid);
+ keys = new ArrayList<LtEIDCIOKey>();
+ }
+
+ protected void addCIOCertificate(byte[] cio) throws IOException {
+
+ LtEIDCIOKey cioKey = new LtEIDCIOKey(cio);
+
+ log.debug("adding {}", cioKey);
+ keys.add(cioKey);
+ }
+
+ public List<LtEIDCIOKey> getKeys() {
+
+ return this.keys;
+ }
+}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCard.java b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCard.java
new file mode 100644
index 00000000..e37f4018
--- /dev/null
+++ b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDCard.java
@@ -0,0 +1,526 @@
+/*
+ * Copyright 2009 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package at.gv.egiz.smcc;
+
+import java.io.ByteArrayOutputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.smartcardio.CardChannel;
+import javax.smartcardio.CardException;
+import javax.smartcardio.CommandAPDU;
+import javax.smartcardio.ResponseAPDU;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.smcc.cio.CIOCertificate;
+import at.gv.egiz.smcc.pin.gui.PINGUI;
+import at.gv.egiz.smcc.util.ISO7816Utils;
+import at.gv.egiz.smcc.util.SMCCHelper;
+
+public class LtEIDCard extends AbstractSignatureCard implements SignatureCard {
+
+ private static final byte[] AID = new byte[] {
+
+ (byte) 0xA0, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x18,
+ (byte) 0x0C, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x63,
+ (byte) 0x42, (byte) 0x00 };
+
+ private static final String CERT_LABEL_IDENTIFIER = "DigitalSignature";
+
+ private static final PinInfo QS_PIN_SPEC = new PinInfo(8, 8, ".",
+ "at/gv/egiz/smcc/LtEIDCard", "qs.pin", (byte) 0x81, AID,
+ PinInfo.UNKNOWN_RETRIES);
+
+ private final Logger log = LoggerFactory.getLogger(LtEIDCard.class);
+
+ @Override
+ public byte[] createSignature(InputStream input, KeyboxName keyboxName,
+ PINGUI pinGUI, String alg) throws SignatureCardException,
+ InterruptedException, IOException {
+
+ CardChannel channel = getCardChannel();
+
+ // select AID
+ try {
+ selectApplication(channel);
+ } catch (CardException e) {
+
+ throw new SignatureCardException("Error selecting AID.", e);
+ }
+
+ try {
+ // read certificate info to get key id
+ byte[] signCertAndKeyID = null;
+
+ LtEIDObjectDirectory efod = new LtEIDObjectDirectory();
+
+ efod.selectAndRead(channel);
+
+ if (efod.getCDReferences() == null
+ || efod.getCDReferences().size() < 1) {
+
+ throw new SignatureCardException(
+ "EF.CD not found - cannot get certificate information.");
+ }
+
+ LtEIDCIOCertificateDirectory efcd = new LtEIDCIOCertificateDirectory(
+ efod.getCDReferences().get(0));
+ efcd.selectAndRead(channel);
+
+ List<CIOCertificate> cioList = efcd.getCIOs();
+
+ LtEIDCIOCertificate sigCertInfo = null;
+ for (CIOCertificate cert : cioList) {
+
+ if (cert instanceof LtEIDCIOCertificate
+ && cert.getLabel().contains(CERT_LABEL_IDENTIFIER)) {
+
+ sigCertInfo = (LtEIDCIOCertificate) cert;
+ signCertAndKeyID = sigCertInfo.getiD();
+ }
+ }
+
+ // verify PIN
+ // Note: PIN verify is required prior to read PrKD
+ // verifyPIN(channel);
+
+ log.debug("Starting real PIN Verification..");
+ // TODO: Test real PIN Verification
+ verifyPINLoop(channel, QS_PIN_SPEC, pinGUI);
+
+ if (efod.getPrKDReferences() == null
+ || efod.getPrKDReferences().size() < 1) {
+
+ throw new SignatureCardException(
+ "EF.PrKD not found - cannot get key information.");
+ }
+
+ List<byte[]> prKDReferences = efod.getPrKDReferences();
+
+ LtEIDCIOKeyDirectory efprkd = new LtEIDCIOKeyDirectory(efod
+ .getPrKDReferences().get(0));
+ efprkd.selectAndRead(channel);
+
+ LtEIDCIOKey signKey = null;
+
+ for (LtEIDCIOKey key : efprkd.getKeys()) {
+
+ if (signCertAndKeyID != null
+ && Arrays.equals(key.getID(), signCertAndKeyID)) {
+
+ signKey = key;
+ }
+ }
+
+ if (signKey == null) {
+
+ throw new SignatureCardException(
+ "Unable to determine required key information.");
+ }
+
+ execMSESet(channel, signKey.getKeyReference().intValue());
+ execPSOHash(channel, input);
+
+ return execPSOComputeDigitalSignature(channel);
+
+ } catch (CardException e) {
+
+ throw new SignatureCardException("Error creating signature.", e);
+ }
+ }
+
+ @Override
+ public byte[] getCertificate(KeyboxName keyboxName, PINGUI pinGUI)
+ throws SignatureCardException, InterruptedException {
+
+ CardChannel channel = getCardChannel();
+
+ // select AID
+ try {
+ selectApplication(channel);
+ } catch (CardException e) {
+
+ throw new SignatureCardException("Error selecting AID.", e);
+ }
+
+ LtEIDObjectDirectory efod = new LtEIDObjectDirectory();
+ try {
+ efod.selectAndRead(channel);
+
+ if (efod.getCDReferences() == null
+ || efod.getCDReferences().size() < 1) {
+
+ throw new SignatureCardException(
+ "EF.CD not found - cannot get certificate information.");
+ }
+
+ LtEIDCIOCertificateDirectory efcd = new LtEIDCIOCertificateDirectory(
+ efod.getCDReferences().get(0));
+ efcd.selectAndRead(channel);
+
+ List<CIOCertificate> cioList = efcd.getCIOs();
+
+ LtEIDCIOCertificate sigCertInfo = null;
+ for (CIOCertificate cert : cioList) {
+
+ if (cert instanceof LtEIDCIOCertificate
+ && cert.getLabel().contains(CERT_LABEL_IDENTIFIER)) {
+
+ sigCertInfo = (LtEIDCIOCertificate) cert;
+ }
+ }
+
+ if (sigCertInfo == null) {
+
+ throw new SignatureCardException(
+ "Unable to determine signature certificate.");
+ }
+
+ if (sigCertInfo.getOffset() == null
+ || sigCertInfo.getLength() == null
+ || sigCertInfo.getEfidOrPath() == null) {
+
+ throw new SignatureCardException(
+ "Unable to retrieve required certificate information.");
+ }
+
+ // select file with cert
+ byte[] fci = selectFile(channel, sigCertInfo.getEfidOrPath());
+
+ byte[] certFile = executeReadBinary(channel, ISO7816Utils
+ .getLengthFromFCx(fci));
+ byte[] sigCert = new byte[toInt(sigCertInfo.getLength())];
+ System.arraycopy(certFile, sigCertInfo.getOffset().intValue(),
+ sigCert, 0, sigCert.length);
+
+ return sigCert;
+
+ } catch (CardException e) {
+ throw new SignatureCardException(
+ "Unable to retrieve certificate from card.", e);
+ } catch (FileNotFoundException e) {
+ throw new SignatureCardException(
+ "Unable to retrieve certificate from card.", e);
+ } catch (IOException e) {
+ throw new SignatureCardException(
+ "Unable to retrieve certificate from card.", e);
+ }
+
+ }
+
+ private void execMSESet(CardChannel channel, int keyReference)
+ throws CardException {
+
+ // Note: AlgoID (tag 0x80) has to be 0x12
+ CommandAPDU apdu = new CommandAPDU((byte) 0x00, (byte) 0x22,
+ (byte) 0x41, (byte) 0xB6, new byte[] { (byte) 0x80,
+ (byte) 0x01, (byte) 0x12, (byte) 0x84, (byte) 0x01,
+ (byte) keyReference });
+
+ ResponseAPDU resp = channel.transmit(apdu);
+
+ if (resp.getSW() != 0x9000) {
+
+ throw new CardException(
+ "Error executing MSE-SET. Unexpected response: "
+ + Integer.toHexString(resp.getSW()));
+ }
+ }
+
+ private void execPSOHash(CardChannel channel, InputStream input)
+ throws SignatureCardException {
+
+ MessageDigest md;
+ try {
+ md = MessageDigest.getInstance("SHA-1");
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Failed to get MessageDigest.", e);
+ throw new SignatureCardException(e);
+ }
+ // calculate message digest
+ ByteArrayOutputStream data = new ByteArrayOutputStream();
+
+ try {
+ byte[] digest = new byte[md.getDigestLength()];
+ for (int l; (l = input.read(digest)) != -1;) {
+ md.update(digest, 0, l);
+ }
+ digest = md.digest();
+
+ data.write(new byte[] { (byte) 0x90, (byte) 0x14 });
+ data.write(digest);
+
+ } catch (IOException e) {
+ throw new SignatureCardException("Error computing hash.", e);
+ }
+
+ try {
+
+ CommandAPDU apdu = new CommandAPDU((byte) 0x00, (byte) 0x2A,
+ (byte) 0x90, (byte) 0xA0, data.toByteArray());
+
+ ResponseAPDU resp = channel.transmit(apdu);
+
+ log.debug("Answer to PSO-HASH: "
+ + Integer.toHexString(resp.getSW()));
+
+ if (resp.getSW() != 0x9000) {
+
+ throw new SignatureCardException(
+ "Error setting hash. Unexpected answer from card: "
+ + Integer.toHexString(resp.getSW()));
+ }
+
+ } catch (CardException e) {
+ throw new SignatureCardException("Error setting hash.", e);
+ }
+ }
+
+ private byte[] execPSOComputeDigitalSignature(CardChannel channel)
+ throws SignatureCardException {
+
+ // Note: Le is mandatory to ensure correct functionality
+ CommandAPDU apdu = new CommandAPDU(new byte[] { (byte) 0x00,
+ (byte) 0x2A, (byte) 0x9E, (byte) 0x9A, (byte) 0x00 });
+
+ try {
+ ResponseAPDU resp = channel.transmit(apdu);
+
+ log.debug("Answer to PSO-Compute Digital Signature: "
+ + Integer.toHexString(resp.getSW()));
+
+ if (resp.getSW() != 0x9000) {
+
+ throw new SignatureCardException(
+ "Error computing signature. Unexpected answer from card: "
+ + Integer.toHexString(resp.getSW()));
+ }
+
+ return resp.getData();
+
+ } catch (CardException e) {
+ throw new SignatureCardException("Error computing signature.", e);
+ }
+
+ }
+
+ protected void verifyPINLoop(CardChannel channel, PinInfo spec,
+ PINGUI provider) throws LockedException, NotActivatedException,
+ SignatureCardException, InterruptedException, CardException {
+
+ int retries = -1;
+ do {
+ retries = verifyPIN(channel, spec, provider, retries);
+ } while (retries >= -1);
+ }
+
+ protected int verifyPIN(CardChannel channel, PinInfo pinSpec,
+ PINGUI provider, int retries) throws SignatureCardException,
+ LockedException, NotActivatedException, InterruptedException,
+ CardException {
+
+ VerifyAPDUSpec apduSpec = new VerifyAPDUSpec(new byte[] { (byte) 0x00,
+ (byte) 0x20, (byte) 0x00, pinSpec.getKID(), (byte) 0x10,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 }, 0,
+ VerifyAPDUSpec.PIN_FORMAT_ASCII, 16);
+
+ ResponseAPDU resp = reader.verify(channel, apduSpec, provider, pinSpec,
+ retries);
+
+ if (resp.getSW() == 0x9000) {
+ return -2;
+ }
+ if (resp.getSW() >> 4 == 0x63c) {
+ return 0x0f & resp.getSW();
+ }
+
+ switch (resp.getSW()) {
+ case 0x6300:
+ // incorrect PIN, number of retries not provided
+ return -1;
+ case 0x6400:
+ // ?
+ throw new TimeoutException();
+ case 0x6983:
+ // authentication method blocked
+ throw new LockedException();
+ case 0x6984:
+ // reference data not usable
+ throw new NotActivatedException();
+ case 0x6985:
+ // conditions of use not satisfied
+ throw new NotActivatedException();
+
+ default:
+ String msg = "VERIFY failed. SW="
+ + Integer.toHexString(resp.getSW());
+ log.info(msg);
+ throw new SignatureCardException(msg);
+ }
+
+ }
+
+ @Override
+ public byte[] getInfobox(String infobox, PINGUI pinGUI, String domainId)
+ throws SignatureCardException, InterruptedException {
+
+ throw new IllegalArgumentException("Infobox '" + infobox
+ + "' not supported.");
+
+ }
+
+ private void selectApplication(CardChannel channel) throws CardException {
+
+ CommandAPDU apdu = new CommandAPDU((byte) 0x00, (byte) 0xA4,
+ (byte) 0x04, (byte) 0x00, AID);
+
+ ResponseAPDU resp = channel.transmit(apdu);
+
+ if (resp.getSW() != 0x9000) {
+
+ throw new CardException(
+ "Error selecting AID - unexpected response from card: "
+ + Integer.toHexString(resp.getSW()));
+ }
+ }
+
+ private byte[] selectFile(CardChannel channel, byte[] path)
+ throws CardException {
+
+ byte[] finalPath = null;
+
+ if (path != null && path.length > 2 && path[0] == (byte) 0x3F
+ && path[1] == (byte) 0x00) {
+
+ // cut off MF identifier
+ finalPath = new byte[path.length - 2];
+ System.arraycopy(path, 2, finalPath, 0, path.length - 2);
+ } else {
+ finalPath = path;
+ }
+
+ CommandAPDU apdu = new CommandAPDU((byte) 0x00, (byte) 0xA4,
+ (byte) 0x08, (byte) 0x00, finalPath);
+
+ ResponseAPDU resp = channel.transmit(apdu);
+
+ if (resp.getSW() != 0x9000) {
+
+ throw new CardException(
+ "Error selecting File - unexpected response from card: "
+ + Integer.toHexString(resp.getSW()));
+ }
+
+ return resp.getData();
+
+ }
+
+ private byte[] executeReadBinary(CardChannel channel, int bytes2read)
+ throws CardException {
+
+ ByteArrayOutputStream bof = new ByteArrayOutputStream();
+
+ // int bytes2read = (lengthHi * 256) + lengthLo;
+ int bytesRead = 0;
+
+ boolean done = false;
+
+ int offset = 0;
+ int len = 0;
+
+ while (!done) {
+
+ if (bytes2read - bytesRead > 0xef) {
+ len = 0xef;
+ } else {
+ len = bytes2read - bytesRead;
+ }
+
+ byte[] offsetBytes = SMCCHelper.toByteArray(offset);
+ ResponseAPDU resp = readFromCard(channel, offsetBytes[0],
+ offsetBytes[1], (byte) len);
+
+ if (resp.getSW1() == (byte) 0x6C) {
+
+ // handle case: card returns 6CXX (wrong number of bytes
+ // requested)
+
+ resp = readFromCard(channel, offsetBytes[0], offsetBytes[1],
+ (byte) resp.getSW2());
+
+ // this has to be the final iteration
+ done = true;
+ }
+
+ try {
+ bof.write(resp.getData());
+ } catch (IOException e) {
+ log.error("Error executing secure read binary.", e);
+ throw new CardException("Error reading data from card", e);
+ }
+
+ bytesRead = bytesRead + resp.getData().length;
+ offset = bytesRead;
+
+ if (bytesRead == bytes2read) {
+
+ done = true;
+ }
+ }
+
+ return bof.toByteArray();
+ }
+
+ private ResponseAPDU readFromCard(CardChannel channel, byte offsetHi,
+ byte offsetLo, byte numBytes) throws CardException {
+
+ byte[] apdu = new byte[] {
+
+ (byte) 0x00, (byte) 0xB0, offsetHi, offsetLo, numBytes };
+
+ CommandAPDU command = new CommandAPDU(apdu);
+ ResponseAPDU resp = channel.transmit(command);
+
+ return resp;
+
+ }
+
+ private int toInt(byte[] array) {
+
+ int len = array.length;
+ int result = 0;
+
+ for (int i = len - 1; i >= 0; i--) {
+
+ result = (int) (result + array[i] * Math.pow(256, len - i - 1));
+ }
+
+ return result;
+ }
+
+}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/LtEIDObjectDirectory.java b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDObjectDirectory.java
new file mode 100644
index 00000000..624b8f3e
--- /dev/null
+++ b/smcc/src/main/java/at/gv/egiz/smcc/LtEIDObjectDirectory.java
@@ -0,0 +1,29 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.smcc;
+
+import at.gv.egiz.smcc.cio.ObjectDirectory;
+
+public class LtEIDObjectDirectory extends ObjectDirectory {
+
+ public LtEIDObjectDirectory() {
+
+ super(new byte[]{(byte)0x50, (byte)0x00, (byte)0x50, (byte)0x31});
+ this.setP1((byte)0x08);
+ }
+}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SEIdentityCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SEIdentityCard.java
new file mode 100644
index 00000000..4538ecca
--- /dev/null
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SEIdentityCard.java
@@ -0,0 +1,319 @@
+package at.gv.egiz.smcc;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.smartcardio.CommandAPDU;
+import javax.smartcardio.ResponseAPDU;
+import javax.smartcardio.CardChannel;
+import javax.smartcardio.CardException;
+
+import at.gv.egiz.smcc.pin.gui.PINGUI;
+import at.gv.egiz.smcc.util.ISO7816Utils;
+import at.gv.egiz.smcc.util.SMCCHelper;
+
+// TODO: This class uses predefined IDs and path to communicate with the Swedish e-ID card.
+// Key and certificate IDs / paths should instead be read out from files defined by ISO 7816-15
+
+public class SEIdentityCard extends AbstractSignatureCard implements
+ SignatureCard {
+
+ private static final byte[] SIGDATA_PREFIX = new byte[] { (byte) 0x30, (byte) 0x21, (byte) 0x30,
+ (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2B,
+ (byte) 0x0E, (byte) 0x03, (byte) 0x02, (byte) 0x1A,
+ (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x14 };
+
+ private static final PinInfo PIN_SPEC = new PinInfo(6, 8, ".",
+ "at/gv/egiz/smcc/SEIdentityCard", "pin", (byte) 0x82, null,
+ PinInfo.UNKNOWN_RETRIES);
+
+ private final Logger log = LoggerFactory.getLogger(SEIdentityCard.class);
+
+ @Override
+ public byte[] createSignature(InputStream input, KeyboxName keyboxName,
+ PINGUI pinGUI, String alg) throws SignatureCardException,
+ InterruptedException, IOException {
+
+ log.debug("Trying to create signature..");
+
+ CardChannel channel = getCardChannel();
+
+ // SELECT FILE
+ try {
+ selectFile(channel, new byte[] { (byte) 0x50, (byte) 0x15,
+ (byte) 0x50, (byte) 0x16, (byte) 0x4B, (byte) 0x02 });
+ } catch (CardException e) {
+
+ throw new SignatureCardException("Error selecting file.", e);
+ }
+
+ // VERIFY PIN
+ try {
+ verifyPINLoop(channel, PIN_SPEC, pinGUI);
+ } catch (CardException e1) {
+
+ throw new SignatureCardException("Error verifying PIN.", e1);
+ }
+
+ // SET MSE
+ setMSE(channel);
+
+ // CREATE SIGNATURE
+
+ MessageDigest md;
+ try {
+ md = MessageDigest.getInstance("SHA-1");
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Failed to get MessageDigest.", e);
+ throw new SignatureCardException(e);
+ }
+ // calculate message digest
+ try {
+ byte[] digest = new byte[md.getDigestLength()];
+ for (int l; (l = input.read(digest)) != -1;) {
+ md.update(digest, 0, l);
+ }
+ digest = md.digest();
+
+ byte[] sigData = new byte[SIGDATA_PREFIX.length + digest.length];
+ System.arraycopy(SIGDATA_PREFIX, 0, sigData, 0, SIGDATA_PREFIX.length);
+ System.arraycopy(digest, 0, sigData, SIGDATA_PREFIX.length, digest.length);
+
+ CommandAPDU apdu = new CommandAPDU((byte) 0x00, (byte) 0x2A,
+ (byte) 0x9E, (byte) 0x9A, sigData);
+
+ ResponseAPDU resp = channel.transmit(apdu);
+
+ if (resp.getSW() != 0x9000) {
+
+ throw new SignatureCardException("Error creating signature: "
+ + Integer.toHexString(resp.getSW()));
+ }
+
+ return resp.getData();
+
+
+ } catch (IOException e) {
+ throw new SignatureCardException("Error creating signature.", e);
+ } catch (CardException e) {
+ throw new SignatureCardException("Error creating signature.", e);
+ }
+ }
+
+ @Override
+ public byte[] getCertificate(KeyboxName keyboxName, PINGUI pinGUI)
+ throws SignatureCardException, InterruptedException {
+
+ log.debug("Trying to fetch certificate..");
+
+ CardChannel channel = getCardChannel();
+
+ byte[] fci = null;
+
+ try {
+ fci = selectFile(channel, new byte[] { (byte) 0x50, (byte) 0x15,
+ (byte) 0x50, (byte) 0x16, (byte) 0x43, (byte) 0x32 });
+ } catch (CardException e) {
+
+ throw new SignatureCardException("Error selecting card file.", e);
+ }
+
+ if (fci == null) {
+ throw new SignatureCardException(
+ "Could not retireve FCI for certificate file.");
+ }
+
+ byte[] cert = null;
+
+ try {
+ cert = executeReadBinary(channel, ISO7816Utils
+ .getLengthFromFCx(fci));
+ } catch (CardException e) {
+ throw new SignatureCardException(
+ "Error reading certificate from card.", e);
+ }
+
+ return cert;
+ }
+
+ @Override
+ public byte[] getInfobox(String infobox, PINGUI pinGUI, String domainId)
+ throws SignatureCardException, InterruptedException {
+
+ throw new IllegalArgumentException("Infobox '" + infobox
+ + "' not supported.");
+ }
+
+ private void setMSE(CardChannel channel) throws SignatureCardException {
+
+ byte[] dst = new byte[] { (byte) 0x80, (byte) 0x01, (byte) 0x02,
+ (byte) 0x81, (byte) 0x02, (byte) 0x4B, (byte) 0x02 };
+
+ CommandAPDU apdu = new CommandAPDU((byte) 0x00, (byte) 0x22,
+ (byte) 0x41, (byte) 0xB6, dst);
+
+ try {
+ ResponseAPDU resp = channel.transmit(apdu);
+
+ if (resp.getSW() != 0x9000) {
+ throw new SignatureCardException("Error setting DST: "
+ + Integer.toHexString(resp.getSW()));
+ }
+
+ } catch (CardException e) {
+
+ throw new SignatureCardException("Error setting DST.", e);
+ }
+
+ }
+
+ private byte[] selectFile(CardChannel channel, byte[] fid)
+ throws CardException, SignatureCardException {
+
+ CommandAPDU apdu = new CommandAPDU((byte) 0x00, (byte) 0xA4,
+ (byte) 0x08, (byte) 0x00, fid);
+
+ ResponseAPDU resp = channel.transmit(apdu);
+
+ if (resp.getSW() != 0x9000) {
+
+ throw new SignatureCardException("Unexpected result from card: "
+ + Integer.toHexString(resp.getSW()));
+ }
+
+ return resp.getData();
+ }
+
+ private byte[] executeReadBinary(CardChannel channel, int bytes2read)
+ throws CardException {
+
+ ByteArrayOutputStream bof = new ByteArrayOutputStream();
+
+ int bytesRead = 0;
+
+ boolean done = false;
+
+ int offset = 0;
+ int len = 0;
+
+ while (!done) {
+
+ if (bytes2read - bytesRead > 0xef) {
+ len = 0xef;
+ } else {
+ len = bytes2read - bytesRead;
+ }
+
+ byte[] offsetBytes = SMCCHelper.toByteArray(offset);
+ ResponseAPDU resp = readFromCard(channel, offsetBytes[0],
+ offsetBytes[1], (byte) len);
+
+ if (resp.getSW1() == (byte) 0x6C) {
+
+ // handle case: card returns 6CXX (wrong number of bytes
+ // requested)
+
+ resp = readFromCard(channel, offsetBytes[0], offsetBytes[1],
+ (byte) resp.getSW2());
+
+ // this has to be the final iteration
+ done = true;
+ }
+
+ try {
+ bof.write(resp.getData());
+ } catch (IOException e) {
+ log.error("Error executing secure read binary.", e);
+ throw new CardException("Error reading data from card", e);
+ }
+
+ bytesRead = bytesRead + resp.getData().length;
+ offset = bytesRead;
+
+ if (bytesRead == bytes2read) {
+
+ done = true;
+ }
+ }
+
+ return bof.toByteArray();
+ }
+
+ private ResponseAPDU readFromCard(CardChannel channel, byte offsetHi,
+ byte offsetLo, byte numBytes) throws CardException {
+
+ byte[] apdu = new byte[] {
+
+ (byte) 0x00, (byte) 0xB0, offsetHi, offsetLo, numBytes };
+
+ CommandAPDU command = new CommandAPDU(apdu);
+ ResponseAPDU resp = channel.transmit(command);
+
+ return resp;
+
+ }
+
+ protected void verifyPINLoop(CardChannel channel, PinInfo spec,
+ PINGUI provider) throws LockedException, NotActivatedException,
+ SignatureCardException, InterruptedException, CardException {
+
+ int retries = -1;
+ do {
+ retries = verifyPIN(channel, spec, provider, retries);
+ } while (retries >= -1);
+ }
+
+ protected int verifyPIN(CardChannel channel, PinInfo pinSpec,
+ PINGUI provider, int retries) throws SignatureCardException,
+ LockedException, NotActivatedException, InterruptedException,
+ CardException {
+
+ VerifyAPDUSpec apduSpec = new VerifyAPDUSpec(new byte[] { (byte) 0x00,
+ (byte) 0x20, (byte) 0x00, pinSpec.getKID(), (byte) 0x08,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00}, 0,
+ VerifyAPDUSpec.PIN_FORMAT_ASCII, 8);
+
+ ResponseAPDU resp = reader.verify(channel, apduSpec, provider, pinSpec,
+ retries);
+
+ if (resp.getSW() == 0x9000) {
+ return -2;
+ }
+ if (resp.getSW() >> 4 == 0x63c) {
+ return 0x0f & resp.getSW();
+ }
+
+ switch (resp.getSW()) {
+ case 0x6300:
+ // incorrect PIN, number of retries not provided
+ return -1;
+ case 0x6400:
+ // ?
+ throw new TimeoutException();
+ case 0x6983:
+ // authentication method blocked
+ throw new LockedException();
+ case 0x6984:
+ // reference data not usable
+ throw new NotActivatedException();
+ case 0x6985:
+ // conditions of use not satisfied
+ throw new NotActivatedException();
+
+ default:
+ String msg = "VERIFY failed. SW="
+ + Integer.toHexString(resp.getSW());
+ log.info(msg);
+ throw new SignatureCardException(msg);
+ }
+
+ }
+
+}
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java
index e189267c..156aca23 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java
@@ -151,32 +151,33 @@ public class SignatureCardFactory {
}
/**
- * Returns true if the historical bytes of the given ATR contain the historical bytes pattern of this
- * SupportedCard object.
+ * Returns true if the historical bytes of the given ATR contain the
+ * historical bytes pattern of this SupportedCard object.
*
* @param atr
* the ATR
*
- * @return <code>true</code> if the historical bytes of the given ATR contain the historical bytes pattern
- * of this SupportedCard object, or <code>false</code>
- * otherwise.
+ * @return <code>true</code> if the historical bytes of the given ATR
+ * contain the historical bytes pattern of this SupportedCard
+ * object, or <code>false</code> otherwise.
*/
public boolean matchesHistoricalBytesPattern(ATR atr) {
-
+
byte[] historicalBytes = atr.getHistoricalBytes();
- if (historicalBytes == null ||
- this.historicalBytesPattern == null ||
- this.historicalBytesPattern.length > historicalBytes.length) {
-
+ if (historicalBytes == null
+ || this.historicalBytesPattern == null
+ || this.historicalBytesPattern.length > historicalBytes.length) {
+
return false;
}
-
+
int[] failure = computeFailure(this.historicalBytesPattern);
int j = 0;
for (int i = 0; i < historicalBytes.length; i++) {
- while (j > 0 && this.historicalBytesPattern[j] != historicalBytes[i]) {
+ while (j > 0
+ && this.historicalBytesPattern[j] != historicalBytes[i]) {
j = failure[j - 1];
}
if (this.historicalBytesPattern[j] == historicalBytes[i]) {
@@ -426,7 +427,7 @@ public class SignatureCardFactory {
(byte) 0x69, (byte) 0x6E, (byte) 0x45, (byte) 0x49,
(byte) 0x44 },
// historical bytes pattern
- new byte[] {'F','i','n','E','I','D'},
+ new byte[] { 'F', 'i', 'n', 'E', 'I', 'D' },
// mask (ff:ff:ff:ff:ff:ff:ff:00:ff:ff:ff:ff:ff:ff:ff:ff) -
// ignore card OS minor version
new byte[] { (byte) 0xff, (byte) 0xff, (byte) 0xff,
@@ -435,6 +436,44 @@ public class SignatureCardFactory {
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff }, "at.gv.egiz.smcc.FINEIDCard"));
+ // LT eID
+ supportedCards.add(new SupportedCard(
+ // ATR [3b:7D:94:00:00:80:31:80:65:B0:83:11:C0:A9:83:00:90:00]
+ new byte[] { (byte) 0x3b, (byte) 0x7D, (byte) 0x94,
+ (byte) 0x00, (byte) 0x00, (byte) 0x80, (byte) 0x31,
+ (byte) 0x80, (byte) 0x65, (byte) 0xB0, (byte) 0x83,
+ (byte) 0x11, (byte) 0xC0, (byte) 0xA9, (byte) 0x83,
+ (byte) 0x00, (byte) 0x90, (byte) 0x00 },
+ // mask (ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff)
+ // -
+ // ignore card OS minor version
+ new byte[] { (byte) 0xff, (byte) 0xff, (byte) 0xff,
+ (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
+ (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
+ (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
+ (byte) 0xff, (byte) 0xff, (byte) 0xff },
+ "at.gv.egiz.smcc.LtEIDCard"));
+
+ // SE eID
+ supportedCards.add(new SupportedCard(
+ // ATR
+ // [3B:9F:94:80:1F:C3:00:68:10:44:05:01:46:49:53:45:31:C8:07:90:00:18]
+ new byte[] { (byte) 0x3b, (byte) 0x9F, (byte) 0x90,
+ (byte) 0x80, (byte) 0x1F, (byte) 0xC0, (byte) 0x00,
+ (byte) 0x68, (byte) 0x00, (byte) 0x00, (byte) 0x05,
+ (byte) 0x00, (byte) 0x46, (byte) 0x49, (byte) 0x53,
+ (byte) 0x45, (byte) 0x31, (byte) 0xC8, (byte) 0x00,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00 },
+ // mask
+ // (ff:ff:f0:ff:ff:f0:ff:ff:00:00:ff:f0:ff:ff:ff:ff:ff:ff:F0:00:00:00)
+ new byte[] { (byte) 0xff, (byte) 0xff, (byte) 0xf0,
+ (byte) 0xff, (byte) 0xff, (byte) 0xf0, (byte) 0xff,
+ (byte) 0xff, (byte) 0x00, (byte) 0x00, (byte) 0xff,
+ (byte) 0xf0, (byte) 0xff, (byte) 0xff, (byte) 0xff,
+ (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xf0,
+ (byte) 0x00, (byte) 0x00, (byte) 0x00 },
+ "at.gv.egiz.smcc.SEIdentityCard"));
+
// ITCards
supportedCards.add(new SupportedCard(
// ATR =
@@ -493,8 +532,8 @@ public class SignatureCardFactory {
(byte) 0xff, 'E', 's', 't', 'E', 'I', 'D', ' ', 'v',
'e', 'r', ' ', '1', '.', '0' },
// historical bytes pattern
- new byte[] {'E', 's', 't', 'E', 'I', 'D', ' ', 'v',
- 'e', 'r', ' ', '1', '.', '0'},
+ new byte[] { 'E', 's', 't', 'E', 'I', 'D', ' ', 'v', 'e', 'r',
+ ' ', '1', '.', '0' },
// mask
// (ff:00:00:00:00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff)
new byte[] { (byte) 0xff, (byte) 0x00, (byte) 0x00,
@@ -513,8 +552,8 @@ public class SignatureCardFactory {
'E', 's', 't', 'E', 'I', 'D', ' ', 'v', 'e', 'r', ' ',
'1', '.', '0', (byte) 0x2b },
// historical bytes pattern
- new byte[] {'E', 's', 't', 'E', 'I', 'D', ' ', 'v',
- 'e', 'r', ' ', '1', '.', '0'},
+ new byte[] { 'E', 's', 't', 'E', 'I', 'D', ' ', 'v', 'e', 'r',
+ ' ', '1', '.', '0' },
// mask
// (ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff)
new byte[] { (byte) 0xff, (byte) 0xff, (byte) 0xff,
@@ -534,8 +573,8 @@ public class SignatureCardFactory {
'E', 's', 't', 'E', 'I', 'D', ' ', 'v', 'e', 'r', ' ',
'1', '.', '0', (byte) 0x43 },
// historical bytes pattern
- new byte[] {'E', 's', 't', 'E', 'I', 'D', ' ', 'v',
- 'e', 'r', ' ', '1', '.', '0'},
+ new byte[] { 'E', 's', 't', 'E', 'I', 'D', ' ', 'v', 'e', 'r',
+ ' ', '1', '.', '0' },
// mask
// (ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:00:00:00:00)
new byte[] { (byte) 0xff, (byte) 0xff, (byte) 0xff,
@@ -572,8 +611,8 @@ public class SignatureCardFactory {
(byte) 0x31, (byte) 0xfe, (byte) 0x58, (byte) 0x4b,
'S', 'w', 'i', 's', 's', 'S', 'i', 'g', 'n',
(byte) 0x89 },
- // historical bytes pattern
- new byte[]{'S', 'w', 'i', 's', 's', 'S', 'i', 'g', 'n'},
+ // historical bytes pattern
+ new byte[] { 'S', 'w', 'i', 's', 's', 'S', 'i', 'g', 'n' },
// mask
new byte[] { (byte) 0xff, (byte) 0xff, (byte) 0xff,
(byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff,
@@ -647,44 +686,55 @@ public class SignatureCardFactory {
SupportedCard supportedCard = cards.next();
if (supportedCard.matches(atr)) {
- return instantiateSignatureCard(cardTerminal, card, supportedCard);
+ return instantiateSignatureCard(cardTerminal, card,
+ supportedCard);
}
}
-
- // if no matching implementation has been found yet, check for pattern match in historical bytes
- log.trace("No card matching complete ATR found - checking candidates with historical bytes matches.");
+
+ // if no matching implementation has been found yet, check for pattern
+ // match in historical bytes
+ log
+ .trace("No card matching complete ATR found - checking candidates with historical bytes matches.");
Iterator<SupportedCard> cardsIterator = supportedCards.iterator();
List<SupportedCard> historicalBytesCandidates = new ArrayList<SupportedCard>();
while (cardsIterator.hasNext()) {
SupportedCard supportedCard = cardsIterator.next();
-
- if(supportedCard.matchesHistoricalBytesPattern(atr)) {
-
+
+ if (supportedCard.matchesHistoricalBytesPattern(atr)) {
+
historicalBytesCandidates.add(supportedCard);
}
- }
+ }
historicalBytesCandidates = reduceCandidateList(historicalBytesCandidates);
- if(historicalBytesCandidates.size() != 1) {
-
- log.warn("Found {} cards with matching historical bytes pattern.", historicalBytesCandidates.size());
+ if (historicalBytesCandidates.size() != 1) {
+
+ log.warn("Found {} cards with matching historical bytes pattern.",
+ historicalBytesCandidates.size());
} else {
-
- log.trace("Instantiating class " + historicalBytesCandidates.get(0).getImplementationClassName() + " according to historical bytes pattern match.");
- return instantiateSignatureCard(cardTerminal, card, historicalBytesCandidates.get(0));
+
+ log.trace("Instantiating class "
+ + historicalBytesCandidates.get(0)
+ .getImplementationClassName()
+ + " according to historical bytes pattern match.");
+ return instantiateSignatureCard(cardTerminal, card,
+ historicalBytesCandidates.get(0));
}
-
+
throw new CardNotSupportedException("Card not supported: ATR="
+ toString(atr.getBytes()));
}
- private SignatureCard instantiateSignatureCard(CardTerminal cardTerminal, Card card, SupportedCard supportedCard) throws CardNotSupportedException {
-
+ private SignatureCard instantiateSignatureCard(CardTerminal cardTerminal,
+ Card card, SupportedCard supportedCard)
+ throws CardNotSupportedException {
+
ClassLoader cl = SignatureCardFactory.class.getClassLoader();
SignatureCard sc;
try {
- Class<?> scClass = cl.loadClass(supportedCard.getImplementationClassName());
+ Class<?> scClass = cl.loadClass(supportedCard
+ .getImplementationClassName());
sc = (SignatureCard) scClass.newInstance();
sc = ExclSignatureCardProxy.newInstance(sc);
@@ -694,55 +744,45 @@ public class SignatureCardFactory {
return sc;
} catch (ClassNotFoundException e) {
- log.warn(
- "Cannot find signature card implementation class.",
- e);
+ log.warn("Cannot find signature card implementation class.", e);
throw new CardNotSupportedException(
- "Cannot find signature card implementation class.",
- e);
+ "Cannot find signature card implementation class.", e);
} catch (InstantiationException e) {
- log
- .warn(
- "Failed to instantiate signature card implementation.",
- e);
+ log.warn("Failed to instantiate signature card implementation.", e);
throw new CardNotSupportedException(
- "Failed to instantiate signature card implementation.",
- e);
+ "Failed to instantiate signature card implementation.", e);
} catch (IllegalAccessException e) {
- log
- .warn(
- "Failed to instantiate signature card implementation.",
- e);
+ log.warn("Failed to instantiate signature card implementation.", e);
throw new CardNotSupportedException(
- "Failed to instantiate signature card implementation.",
- e);
- }
+ "Failed to instantiate signature card implementation.", e);
+ }
}
-
- private List<SupportedCard> reduceCandidateList(List<SupportedCard> candidates) {
-
+
+ private List<SupportedCard> reduceCandidateList(
+ List<SupportedCard> candidates) {
+
List<SupportedCard> result = new ArrayList<SupportedCard>();
-
- for(SupportedCard current : candidates) {
-
+
+ for (SupportedCard current : candidates) {
+
String implName = current.getImplementationClassName();
boolean alreadyPresent = false;
-
- for(SupportedCard card : result) {
-
- if(card.getImplementationClassName().equals(implName)) {
-
+
+ for (SupportedCard card : result) {
+
+ if (card.getImplementationClassName().equals(implName)) {
+
alreadyPresent = true;
}
}
-
- if(!alreadyPresent) {
+
+ if (!alreadyPresent) {
result.add(current);
}
- }
+ }
return result;
}
-
+
public static String toString(byte[] b) {
StringBuffer sb = new StringBuffer();
if (b != null && b.length > 0) {
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/T0CardChannel.java b/smcc/src/main/java/at/gv/egiz/smcc/T0CardChannel.java
index 65bcd84b..5ec0b4b0 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/T0CardChannel.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/T0CardChannel.java
@@ -8,6 +8,8 @@ import javax.smartcardio.CardException;
import javax.smartcardio.CommandAPDU;
import javax.smartcardio.ResponseAPDU;
+import at.gv.egiz.smcc.util.SMCCHelper;
+
public class T0CardChannel extends LogCardChannel {
public T0CardChannel(CardChannel channel) {
@@ -22,7 +24,7 @@ public class T0CardChannel extends LogCardChannel {
if(resp.getSW1() == (byte)0x61) {
- byte[] data = executeGetResponse(channel, (byte)resp.getSW2());
+ byte[] data = executeGetResponse((byte)resp.getSW2());
byte[] result = new byte[data.length + 2];
System.arraycopy(data, 0, result, 0, data.length);
@@ -38,7 +40,7 @@ public class T0CardChannel extends LogCardChannel {
}
}
- private byte[] executeGetResponse(CardChannel channel, byte sw2)
+ private byte[] executeGetResponse(byte sw2)
throws CardException {
boolean done = false;
@@ -48,7 +50,8 @@ public class T0CardChannel extends LogCardChannel {
CommandAPDU command = new CommandAPDU(new byte[] { (byte) 0x00,
(byte) 0xC0, (byte) 0x00, (byte) 0x00, (byte) sw2 });
- ResponseAPDU resp = channel.transmit(command);
+// ResponseAPDU resp = channel.transmit(command);
+ ResponseAPDU resp = super.transmit(command);
try {
bof.write(resp.getData());
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/cio/ObjectDirectory.java b/smcc/src/main/java/at/gv/egiz/smcc/cio/ObjectDirectory.java
index 3ab954ee..d1bd6144 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/cio/ObjectDirectory.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/cio/ObjectDirectory.java
@@ -56,7 +56,7 @@ public class ObjectDirectory {
private List<byte[]> CD_refs;
private Integer padding;
- private int P1 = 0x02;
+ private int P1 = 0x02;
public ObjectDirectory() {
fid = new byte[] { (byte) 0x50, (byte) 0x31 };
@@ -99,6 +99,7 @@ public class ObjectDirectory {
byte[] efod = ISO7816Utils.readTransparentFile(channel, -1);
+
PrKD_refs = new ArrayList<byte[]>();
PuKD_refs = new ArrayList<byte[]>();
AOD_refs = new ArrayList<byte[]>();
@@ -107,7 +108,7 @@ public class ObjectDirectory {
for (TLV cio : new TLVSequence(efod)) {
int tag = cio.getTag();
- //TODO FIN EID: check if unknown tag and tag length > array
+ //TODO FIN EID: check if unknown tag and tag length > array
if (padding != null && tag == padding) {
// reached padding - quit record extraction
break;
@@ -205,4 +206,16 @@ public class ObjectDirectory {
public List<byte[]> getCDReferences() {
return CD_refs;
}
+
+ public int getP1() {
+ return P1;
+ }
+
+ public void setP1(int p1) {
+ P1 = p1;
+ }
+
+
+
+
}
diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/LtEIDCard.properties b/smcc/src/main/resources/at/gv/egiz/smcc/LtEIDCard.properties
new file mode 100644
index 00000000..52fe8292
--- /dev/null
+++ b/smcc/src/main/resources/at/gv/egiz/smcc/LtEIDCard.properties
@@ -0,0 +1 @@
+qs.pin.name=User PIN \ No newline at end of file
diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/SEIdentityCard.properties b/smcc/src/main/resources/at/gv/egiz/smcc/SEIdentityCard.properties
new file mode 100644
index 00000000..70994cc7
--- /dev/null
+++ b/smcc/src/main/resources/at/gv/egiz/smcc/SEIdentityCard.properties
@@ -0,0 +1 @@
+pin.name=PIN \ No newline at end of file