diff options
Diffstat (limited to 'smcc/src/main/java/at/gv/egiz/smcc/cio')
6 files changed, 621 insertions, 0 deletions
diff --git a/smcc/src/main/java/at/gv/egiz/smcc/cio/CIO.java b/smcc/src/main/java/at/gv/egiz/smcc/cio/CIO.java new file mode 100644 index 00000000..a7ffb9c7 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/cio/CIO.java @@ -0,0 +1,62 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package at.gv.egiz.smcc.cio; + +/** + * + * @author clemens + */ +public abstract class CIO { + + /** CommonObjectAttributes */ + protected String label; + protected byte[] authId; + + /** + * @return the authId + */ + public byte[] getAuthId() { + return authId; + } + + public String getLabel() { + return label; + } + + /** + * @deprecated + * @param label the label to set + */ + public void setLabel(String label) { + this.label = label; + } + + /** + * @deprecated + * @param authId the authId to set + */ + public void setAuthId(byte[] authId) { + this.authId = authId; + } + + @Override + public String toString() { + return "CIO " + label; + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/cio/CIOCertificate.java b/smcc/src/main/java/at/gv/egiz/smcc/cio/CIOCertificate.java new file mode 100644 index 00000000..1a9090ad --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/cio/CIOCertificate.java @@ -0,0 +1,118 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package at.gv.egiz.smcc.cio; + +import iaik.me.asn1.ASN1; +import java.io.IOException; +import java.util.Arrays; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * + * @author clemens + */ +public class CIOCertificate extends CIO { + + protected static final Logger log = LoggerFactory.getLogger(CIOCertificate.class); + + /** CommonCertificateAttributes */ + private byte[] iD; + + /** X509CertificateAttributes*/ + private byte[] efidOrPath; + private int serialNumber; + + public CIOCertificate(byte[] cio) throws IOException { + + ASN1 x509Certificate = new ASN1(cio); + ASN1 commonObjAttrs = x509Certificate.getElementAt(0); + label = commonObjAttrs.getElementAt(0).gvString(); + try { + // FINeID does not provide authId + authId = commonObjAttrs.getElementAt(2).gvByteArray(); + } catch (IOException e) { + log.info("failed to get authId from CommonObjectAttributes: {}", e.getMessage()); + } + + iD = x509Certificate.getElementAt(1).getElementAt(0).gvByteArray(); + + //read CONTEXTSPECIFIC manually + byte[] ctxSpecific = x509Certificate.getElementAt(x509Certificate.getSize()-1).getEncoded(); + if ((ctxSpecific[0] & 0xff) == 0xa1) { + int ll = ((ctxSpecific[1] & 0xf0) == 0x80) + ? (ctxSpecific[1] & 0x0f) + 2 : 2; + ASN1 x509CertificateAttributes = new ASN1(Arrays.copyOfRange(ctxSpecific, ll, ctxSpecific.length)); + + efidOrPath = x509CertificateAttributes.getElementAt(0).getElementAt(0).gvByteArray(); + + } else { + log.warn("expected CONTEXTSPECIFIC, got 0x{}", + Integer.toHexString(ctxSpecific[0])); + } + + } + + /** + * @return the iD + */ + public byte[] getiD() { + return iD; + } + + /** + * @param iD the iD to set + */ + public void setiD(byte[] iD) { + this.iD = iD; + } + + /** + * @return the efidOrPath + */ + public byte[] getEfidOrPath() { + return efidOrPath; + } + + /** + * @deprecated + * @param efidOrPath the efidOrPath to set + */ + public void setEfidOrPath(byte[] efidOrPath) { + this.efidOrPath = efidOrPath; + } + + /** + * @deprecated + * @return the serialNumber + */ + public int getSerialNumber() { + return serialNumber; + } + + /** + * @deprecated + * @param serialNumber the serialNumber to set + */ + public void setSerialNumber(int serialNumber) { + this.serialNumber = serialNumber; + } + + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/cio/CIOCertificateDirectory.java b/smcc/src/main/java/at/gv/egiz/smcc/cio/CIOCertificateDirectory.java new file mode 100644 index 00000000..67e183fd --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/cio/CIOCertificateDirectory.java @@ -0,0 +1,57 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.smcc.cio; + +import at.gv.egiz.smcc.SignatureCardException; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; + +/** + * + * @author clemens + */ +public abstract class CIOCertificateDirectory extends CIODirectoryFile { + + protected List<CIOCertificate> cios; + + public CIOCertificateDirectory(List<byte[]> DF_FIDs) { + super(DF_FIDs); + } + + @Override + protected void addCIO(byte[] cio) throws IOException { + + CIOCertificate cioCert = new CIOCertificate(cio); + + log.debug("adding {}", cioCert); + cios.add(cioCert); + + } + + @Override + public List<CIOCertificate> getCIOs(CardChannel channel) throws CardException, SignatureCardException, IOException { + if (cios == null) { + cios = new ArrayList<CIOCertificate>(); + readCIOs(channel); + } + return cios; + } +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/cio/CIODirectoryFile.java b/smcc/src/main/java/at/gv/egiz/smcc/cio/CIODirectoryFile.java new file mode 100644 index 00000000..2d2fd03d --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/cio/CIODirectoryFile.java @@ -0,0 +1,128 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.smcc.cio; + +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.util.ISO7816Utils; +import at.gv.egiz.smcc.util.TLVSequence; +import java.io.IOException; +import java.util.Arrays; +import java.util.List; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * + * @author clemens + */ +public abstract class CIODirectoryFile { + + protected static final Logger log = LoggerFactory.getLogger(CIODirectoryFile.class); + + protected List<byte[]> DF_FIDs; + + public CIODirectoryFile(List<byte[]> DF_FIDs) { + this.DF_FIDs = DF_FIDs; + } + + /** + * assume DF.CIA selected + * (one of) CIO.CD selected afterwards + * + * TODO: make abstract, implementation knows how to read file. only provide utility methods + * + * @param channel + * @throws CardException + * @throws SignatureCardException + * @throws IOException if ASN.1 structure cannot be parsed + */ + public void readCIOs(CardChannel channel) + throws CardException, SignatureCardException, IOException { + + for (byte[] fid : DF_FIDs) { + byte[] fd = selectDirectoryFile(channel, fid); + if ((fd[0] & 0x04) > 0) { + readCIOsFromRecords(channel, fd); + } else if ((fd[0] & 0x05) == 0x01) { + readCIOsFromTransparentFile(channel); + } + } + } + + /** + * card specific implementation to select a CIO DF file and return its file descriptor + * @param channel + * @param fid + * @return file descriptor + * @throws CardException + */ + protected abstract byte[] selectDirectoryFile(CardChannel channel, byte[] fid) throws CardException; + + + protected void readCIOsFromRecords(CardChannel channel, byte[] fd) throws CardException, SignatureCardException, IOException { + + for (int r = 1; r < fd[fd.length - 1]; r++) { + log.trace("read CIO record {}", r); + byte[] record = ISO7816Utils.readRecord(channel, r); + addCIO(record); + } + } + + + protected void readCIOsFromTransparentFile(CardChannel channel) throws CardException, SignatureCardException, IOException { + + byte[] ef = ISO7816Utils.readTransparentFile(channel, -1); + + int i = 0; + int j; + + do { + int length = 0; + int ll = 0; + if ((ef[i + 1] & 0xf0) == 0x80) { + ll = ef[i + 1] & 0x7f; + for (int it = 0; it < ll; it++) { + length = (length << 8) + (ef[i + it + 2] & 0xff); + } + } else { + length = (ef[i + 1] & 0xff); + } + + log.trace("read CIO transparent file entry: tag 0x{}, length 0x{}", + Integer.toHexString(ef[i]), + Integer.toHexString(length)); + + j = i + 2 + ll + length; + addCIO(Arrays.copyOfRange(ef, i, j)); + i = j; + } while (i < ef.length && ef[i] > 0); + + } + + + + /** + * CIO specific (Cert/PrK/AO/... CIO) + * @param cio + */ + protected abstract void addCIO(byte[] cio) throws IOException; + + public abstract List<? extends CIO> getCIOs(CardChannel channel) throws CardException, SignatureCardException, IOException; +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/cio/LIEZertifikatCertificateDirectory.java b/smcc/src/main/java/at/gv/egiz/smcc/cio/LIEZertifikatCertificateDirectory.java new file mode 100644 index 00000000..40d5c7b9 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/cio/LIEZertifikatCertificateDirectory.java @@ -0,0 +1,48 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.smcc.cio; + +import at.gv.egiz.smcc.cio.CIOCertificateDirectory; +import at.gv.egiz.smcc.util.ISO7816Utils; +import at.gv.egiz.smcc.util.TLVSequence; +import java.util.List; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +/** + * + * @author clemens + */ +public class LIEZertifikatCertificateDirectory extends CIOCertificateDirectory { + + public LIEZertifikatCertificateDirectory(List<byte[]> DF_FIDs) { + super(DF_FIDs); + } + + @Override + protected byte[] selectDirectoryFile(CardChannel channel, byte[] fid) throws CardException { + + CommandAPDU cmd = new CommandAPDU(0x00, 0xA4, 0x02, ISO7816Utils.P2_FCP, fid, 256); + ResponseAPDU resp = channel.transmit(cmd); + + byte[] fcp = new TLVSequence(resp.getBytes()).getValue(ISO7816Utils.TAG_FCP); + return new TLVSequence(fcp).getValue(0x82); + + } +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/cio/ObjectDirectory.java b/smcc/src/main/java/at/gv/egiz/smcc/cio/ObjectDirectory.java new file mode 100644 index 00000000..3ab954ee --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/cio/ObjectDirectory.java @@ -0,0 +1,208 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.smcc.cio; + +import at.gv.egiz.smcc.SignatureCardException; +import at.gv.egiz.smcc.util.ISO7816Utils; +import at.gv.egiz.smcc.util.TLV; +import at.gv.egiz.smcc.util.TLVSequence; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * TODO ObjectDirectory has access to card filesystem (to readTransparentFile(fid)) + * + * @author clemens + */ +public class ObjectDirectory { + + protected static final Logger log = LoggerFactory + .getLogger(ObjectDirectory.class); + + protected byte[] fid; + + protected CIOCertificateDirectory efCD; + /** TODO */ + protected CIOCertificateDirectory efPrKD; + + /** References to CIO EFs */ + private List<byte[]> PrKD_refs; + private List<byte[]> PuKD_refs; + private List<byte[]> AOD_refs; + private List<byte[]> CD_refs; + + private Integer padding; + private int P1 = 0x02; + + public ObjectDirectory() { + fid = new byte[] { (byte) 0x50, (byte) 0x31 }; + } + + public ObjectDirectory(byte[] fid) { + this.fid = fid; + } + + /** + * @deprecated check while reading if tag is valid + * @param padding + */ + public ObjectDirectory(int padding, int p1) { + + fid = new byte[] { (byte) 0x50, (byte) 0x31 }; + this.padding = padding; + this.P1 = p1; + } + + /** + * assume DF.CIA selected EF.OD selected afterwards + * + * @deprecated will be made private, use getCD/... instead + * + * @param channel + * @throws CardException + * @throws SignatureCardException + */ + public void selectAndRead(CardChannel channel) throws CardException, + SignatureCardException { + + CommandAPDU cmd = new CommandAPDU(0x00, 0xA4, P1, 0x00, fid, 256); + ResponseAPDU resp = channel.transmit(cmd); + + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("SELECT EF.OD failed: SW=0x" + + Integer.toHexString(resp.getSW())); + } + + byte[] efod = ISO7816Utils.readTransparentFile(channel, -1); + + PrKD_refs = new ArrayList<byte[]>(); + PuKD_refs = new ArrayList<byte[]>(); + AOD_refs = new ArrayList<byte[]>(); + CD_refs = new ArrayList<byte[]>(); + + for (TLV cio : new TLVSequence(efod)) { + int tag = cio.getTag(); + + //TODO FIN EID: check if unknown tag and tag length > array + if (padding != null && tag == padding) { + // reached padding - quit record extraction + break; + } + + byte[] seq = cio.getValue(); + + if ((tag & 0xf0) == 0xa0 && seq.length >= 4) { + + byte[] path = Arrays.copyOfRange(seq, 4, 4 + seq[3]); + + switch (cio.getTag() & 0x0f) { + case 0: + PrKD_refs.add(path); + break; + case 1: + PuKD_refs.add(path); + break; + case 4: + CD_refs.add(path); + break; + case 8: + AOD_refs.add(path); + break; + default: + log.warn("CIOChoice 0x{} not supported: ", + (cio.getTag() & 0x0f)); + } + } else { + log.trace("ignoring invalid CIO reference entry: {}", seq); + } + } + } + + /** + * + * @return the CertificateDirectory CIO file referenced in this EF.OD. + * If multiple directory files are referenced, the returned CD covers + * all of them. + */ + public CIOCertificateDirectory getCD(CardChannel channel) throws CardException, SignatureCardException { + + if (efCD == null) { + + if (CD_refs == null) { + selectAndRead(channel); + } + efCD = new LIEZertifikatCertificateDirectory(CD_refs); + } + return efCD; + } + + public CIOCertificateDirectory getPrKD(CardChannel channel) throws CardException, SignatureCardException { + + if (efPrKD == null) { + + if (PrKD_refs == null) { + selectAndRead(channel); + } + efPrKD = new LIEZertifikatCertificateDirectory(PrKD_refs); + } + return efPrKD; + } + + + + /** + * @deprecated use getPrKD instead + * @return the references (FIDs) of the CIO files + */ + public List<byte[]> getPrKDReferences() { + return PrKD_refs; + } + + /** + * @deprecated use getPuKD instead + * @return the references (FIDs) of the CIO files + */ + public List<byte[]> getPuKDReferences() { + return PuKD_refs; + } + + /** + * @deprecated use getAOD instead + * @return the references (FIDs) of the CIO files + */ + public List<byte[]> getAODReferences() { + return AOD_refs; + } + + /** + * @deprecated use getCD instead + * @return the references (FIDs) of the CIO files + */ + public List<byte[]> getCDReferences() { + return CD_refs; + } +} |