From 68651bf67987905980734f5c2199f337a232f427 Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Thu, 12 Nov 2009 20:48:57 +0000
Subject: Added support for enforcing a PIN length in a CHANGE REFERENCE DATA
 to match the recommended PIN length via Applet parameter.

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@541 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java')

diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
index a63d4076..1ed5a177 100644
--- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
+++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java
@@ -116,6 +116,14 @@ public class ACOSCard extends AbstractSignatureCard implements PINMgmtSignatureC
   private static final PINSpec INF_PIN_SPEC = new PINSpec(0, 8, "[0-9]",
       "at/gv/egiz/smcc/ACOSCard", "inf.pin", KID_PIN_INF, AID_DEC);
   
+  static {
+    if (SignatureCardFactory.ENFORCE_RECOMMENDED_PIN_LENGTH) {
+      DEC_PIN_SPEC.setRecLength(4);
+      SIG_PIN_SPEC.setRecLength(6);
+      INF_PIN_SPEC.setRecLength(4);
+    }
+  }
+  
   /**
    * The version of the card's digital signature application.
    */
@@ -390,10 +398,12 @@ public class ACOSCard extends AbstractSignatureCard implements PINMgmtSignatureC
     
     MessageDigest md;
     try {
-      if ("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg)) {
+      if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)
+          && (alg == null || "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1".equals(alg))) {
         dst.write((byte) 0x14); // SHA-1/ECC
         md = MessageDigest.getInstance("SHA-1");
-      } else if ("http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg)) {
+      } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)
+          && (alg == null || "http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg))) {
         dst.write((byte) 0x12); // SHA-1 with padding according to PKCS#1 block type 01
         md = MessageDigest.getInstance("SHA-1");
       } else if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)
@@ -401,7 +411,7 @@ public class ACOSCard extends AbstractSignatureCard implements PINMgmtSignatureC
           && "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256".equals(alg)) {
         dst.write((byte) 0x44); // SHA-256/ECC
         md = MessageDigest.getInstance("SHA256");
-      } else if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)
+      } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)
           && appVersion >= 2
           && "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256".equals(alg)) {
         dst.write((byte) 0x41); // SHA-256 with padding according to PKCS#1
-- 
cgit v1.2.3