Signatur der Anmeldedaten

From 32d17447a258188b2d534bcb0bf65a659ba7b7d0 Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 29 Aug 2008 12:11:34 +0000 Subject: Initial import. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/META-INF/MANIFEST.MF | 3 + smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 310 +++++++++++++++++++ .../at/gv/egiz/smcc/AbstractSignatureCard.java | 259 ++++++++++++++++ .../java/at/gv/egiz/smcc/CancelledException.java | 39 +++ .../at/gv/egiz/smcc/CardNotSupportedException.java | 74 +++++ .../src/main/java/at/gv/egiz/smcc/PINProvider.java | 35 +++ smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java | 85 +++++ .../src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 341 +++++++++++++++++++++ smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 322 +++++++++++++++++++ .../main/java/at/gv/egiz/smcc/SignatureCard.java | 103 +++++++ .../at/gv/egiz/smcc/SignatureCardException.java | 76 +++++ .../java/at/gv/egiz/smcc/SignatureCardFactory.java | 97 ++++++ .../main/java/at/gv/egiz/smcc/util/SMCCHelper.java | 150 +++++++++ .../java/at/gv/egiz/smcc/util/SmartCardIO.java | 196 ++++++++++++ .../gv/egiz/smcc/utils/SingletonPINProvider.java | 38 +++ 15 files changed, 2128 insertions(+) create mode 100644 smcc/src/main/java/META-INF/MANIFEST.MF create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/CancelledException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SWCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java (limited to 'smcc/src/main/java') diff --git a/smcc/src/main/java/META-INF/MANIFEST.MF b/smcc/src/main/java/META-INF/MANIFEST.MF new file mode 100644 index 00000000..5e949512 --- /dev/null +++ b/smcc/src/main/java/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Class-Path: + diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java new file mode 100644 index 00000000..7269ba7f --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -0,0 +1,310 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import java.nio.charset.Charset; + +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +public class ACOSCard extends AbstractSignatureCard implements SignatureCard { + + public static final byte[] AID_DEC = new byte[] { (byte) 0xA0, (byte) 0x00, + (byte) 0x00, (byte) 0x01, (byte) 0x18, (byte) 0x45, (byte) 0x4E }; + + public static final byte[] DF_DEC = new byte[] { (byte) 0xdf, (byte) 0x71 }; + + public static final byte[] AID_SIG = new byte[] { (byte) 0xA0, (byte) 0x00, + (byte) 0x00, (byte) 0x01, (byte) 0x18, (byte) 0x45, (byte) 0x43 }; + + public static final byte[] DF_SIG = new byte[] { (byte) 0xdf, (byte) 0x70 }; + + public static final byte[] EF_C_CH_EKEY = new byte[] { (byte) 0xc0, + (byte) 0x01 }; + + public static final int EF_C_CH_EKEY_MAX_SIZE = 2000; + + public static final byte[] EF_C_CH_DS = new byte[] { (byte) 0xc0, (byte) 0x02 }; + + public static final int EF_C_CH_DS_MAX_SIZE = 2000; + + public static final byte[] EF_PK_CH_EKEY = new byte[] { (byte) 0xb0, + (byte) 0x01 }; + + public static final byte[] EF_INFOBOX = new byte[] { (byte) 0xc0, (byte) 0x02 }; + + public static final int EF_INFOBOX_MAX_SIZE = 1500; + + public static final byte KID_PIN_SIG = (byte) 0x81; + + public static final byte KID_PIN_DEC = (byte) 0x81; + + public static final byte KID_PIN_INF = (byte) 0x83; + + public static final byte[] DST_SIG = new byte[] { (byte) 0x84, (byte) 0x01, // tag + // , + // length + // ( + // key + // ID + // ) + (byte) 0x88, // SK.CH.SIGN + (byte) 0x80, (byte) 0x01, // tag, length (algorithm ID) + (byte) 0x14 // ECDSA + }; + + public static final byte[] DST_DEC = new byte[] { (byte) 0x84, (byte) 0x01, // tag + // , + // length + // ( + // key + // ID + // ) + (byte) 0x88, // SK.CH.EKEY + (byte) 0x80, (byte) 0x01, // tag, length (algorithm ID) + (byte) 0x01 // RSA // TODO: Not verified yet + }; + + public ACOSCard() { + super("at/gv/egiz/smcc/ACOSCard"); + } + + byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04, + 0x00, fid, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to select file (AID=" + + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + "."); + } else { + return resp.getBytes(); + } + } + + byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, + 0x00, fid, 256)); + if (resp.getSW() == 0x6a82) { + throw new SignatureCardException("Failed to select file (FID=" + + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + ")"); + } else { + return resp.getBytes(); + } + } + + /** + * + * @param pinProvider + * @param spec + * the PIN spec to be given to the pinProvider + * @param kid + * the KID (key identifier) of the PIN to be verified + * @param kfpc + * acutal value of the KFCP (key fault presentation counter) or less + * than 0 if actual value is unknown + * + * @return -1 if the PIN has been verifyed successfully, or else the new value + * of the KFCP (key fault presentation counter) + * + * @throws CancelledException + * if the user canceld the operation + * @throws javax.smartcardio.CardException + * @throws at.gv.egiz.smcc.SignatureCardException + */ + int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) + throws CardException, CancelledException, SignatureCardException { + + CardChannel channel = getCardChannel(); + + // get PIN + String pin = pinProvider.providePIN(spec, kfpc); + if (pin == null) { + // User canceld operation + // throw new CancelledException("User canceld PIN entry"); + return -2; + } + + logger.finest("PIN=" + pin); + + byte[] asciiPIN = pin.getBytes(Charset.forName("ASCII")); + byte[] encodedPIN = new byte[8]; + System.arraycopy(asciiPIN, 0, encodedPIN, 0, Math.min(asciiPIN.length, + encodedPIN.length)); + + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x20, 0x00, + kid, encodedPIN)); + if (resp.getSW1() == (byte) 0x63 && resp.getSW2() >> 4 == (byte) 0xc) { + return resp.getSW2() & (byte) 0x0f; + } else if (resp.getSW() == 0x6983) { + // PIN blocked + throw new SignatureCardException(spec.getLocalizedName() + " blocked."); + } else if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to verify pin: SW=" + + Integer.toHexString(resp.getSW()) + "."); + } else { + return -1; + } + + } + + void mseSetDST(byte[] dst) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, 0x81, + 0xB6, dst)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("MSE:SET DST failed: SW=" + + Integer.toHexString(resp.getSW())); + } + } + + void psoHash(byte[] hash) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x90, + 0x81, hash)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("PSO:HASH failed: SW=" + + Integer.toHexString(resp.getSW())); + } + } + + byte[] psoComputDigitalSiganture() throws CardException, + SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E, + 0x9A, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException( + "PSO: COMPUTE DIGITAL SIGNATRE failed: SW=" + + Integer.toHexString(resp.getSW())); + } else { + return resp.getData(); + } + } + + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException { + + if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + return readTLVFile(AID_SIG, EF_C_CH_DS, EF_C_CH_DS_MAX_SIZE); + } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + return readTLVFile(AID_DEC, EF_C_CH_EKEY, EF_C_CH_EKEY_MAX_SIZE); + } else { + throw new IllegalArgumentException("Keybox " + keyboxName + + " not supported."); + } + + } + + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) + throws SignatureCardException { + + if ("IdentityLink".equals(infobox)) { + + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString( + "inf.pin.name")); + try { + byte[] res = readTLVFilePIN(AID_DEC, EF_INFOBOX, KID_PIN_INF, provider, + spec, EF_INFOBOX_MAX_SIZE); + return res; + } catch (Exception e) { + throw new SecurityException(e); + } + + } else { + throw new IllegalArgumentException("Infobox '" + infobox + + "' not supported."); + } + + } + + public String toString() { + return "a-sign premium"; + } + + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, + PINProvider provider) throws SignatureCardException { + + if (hash.length != 20) { + throw new IllegalArgumentException("Hash value must be of length 20"); + } + + byte[] fid; + byte kid; + byte[] dst; + PINSpec spec; + if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { + fid = DF_SIG; + kid = KID_PIN_SIG; + dst = DST_SIG; + spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString( + "sig.pin.name")); + + } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { + fid = DF_DEC; + kid = KID_PIN_DEC; + dst = DST_DEC; + spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString( + "dec.pin.name")); + + } else { + throw new IllegalArgumentException("KeyboxName '" + keyboxName + + "' not supported."); + } + + try { + + // SELECT DF + selectFileFID(fid); + // VERIFY + int kfpc = -1; + while (true) { + kfpc = verifyPIN(provider, spec, kid, kfpc); + if (kfpc < -1) { + return null; + } else if (kfpc < 0) { + break; + } + } + // MSE: SET DST + mseSetDST(dst); + // PSO: HASH + psoHash(hash); + // PSO: COMPUTE DIGITAL SIGNATURE + byte[] rs = psoComputDigitalSiganture(); + + return rs; + + } catch (CardException e) { + throw new SignatureCardException("Failed to create signature.", e); + } + } +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java new file mode 100644 index 00000000..91c873c9 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -0,0 +1,259 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import java.nio.ByteBuffer; +import java.util.Locale; +import java.util.ResourceBundle; +import java.util.logging.Logger; + +import javax.smartcardio.ATR; +import javax.smartcardio.Card; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +public abstract class AbstractSignatureCard implements SignatureCard { + + static Logger logger = Logger.getLogger(AbstractSignatureCard.class.getName()); + + private ResourceBundle i18n; + private String resourceBundleName; + + private Locale locale = Locale.getDefault(); + + int ifs_ = 254; + + Card card_; + + protected AbstractSignatureCard(String resourceBundleName) { + this.resourceBundleName = resourceBundleName; + } + + String toString(byte[] b) { + StringBuffer sb = new StringBuffer(); + if (b != null && b.length > 0) { + sb.append(Integer.toHexString((b[0] & 240) >> 4)); + sb.append(Integer.toHexString(b[0] & 15)); + } + for(int i = 1; i < b.length; i++) { + sb.append(':'); + sb.append(Integer.toHexString((b[i] & 240) >> 4)); + sb.append(Integer.toHexString(b[i] & 15)); + } + return sb.toString(); + } + + abstract byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException; + + abstract byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException; + + byte[] readBinary(CardChannel channel, int offset, int len) + throws CardException, SignatureCardException { + + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, + 0x7F & (offset >> 8), offset & 0xFF, len)); + if (resp.getSW() == 0x9000) { + return resp.getData(); + } else { + throw new SignatureCardException("Failed to read bytes (" + offset + "+" + + len + "): SW=" + Integer.toHexString(resp.getSW())); + } + + } + + int readBinary(int offset, int len, byte[] b) + throws CardException, SignatureCardException { + + if (b.length < len) { + throw new IllegalArgumentException( + "Length of b must not be less than len."); + } + + CardChannel channel = getCardChannel(); + + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, + 0x7F & (offset >> 8), offset & 0xFF, len)); + if (resp.getSW() == 0x9000) { + System.arraycopy(resp.getData(), 0, b, 0, len); + } + + return resp.getSW(); + + } + + byte[] readBinaryTLV(int maxSize, byte expectedType) throws CardException, SignatureCardException { + + CardChannel channel = getCardChannel(); + + // read first chunk + int len = Math.min(maxSize, ifs_); + byte[] chunk = readBinary(channel, 0, len); + if (chunk.length > 0 && chunk[0] != expectedType) { + return null; + } + int offset = chunk.length; + int actualSize = maxSize; + if (chunk.length > 3) { + if ((chunk[1] & 0x80) > 0) { + int octets = (0x0F & chunk[1]); + actualSize = 2 + octets; + for (int i = 1; i <= octets; i++) { + actualSize += (0xFF & chunk[i + 1]) << ((octets - i) * 8); + } + } else { + actualSize = 2 + chunk[1]; + } + } + ByteBuffer buffer = ByteBuffer.allocate(actualSize); + buffer.put(chunk, 0, Math.min(actualSize, chunk.length)); + while (offset < actualSize) { + len = Math.min(ifs_, actualSize - offset); + chunk = readBinary(channel, offset, len); + buffer.put(chunk); + offset += chunk.length; + } + return buffer.array(); + + } + + abstract int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) throws CardException, SignatureCardException; + + public byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) throws SignatureCardException { + return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength); + } + + public byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, + PINProvider provider, PINSpec spec, int maxLength) throws SignatureCardException { + + try { + + // SELECT FILE (AID) + byte[] rb = selectFileAID(aid); + if (rb[rb.length - 2] != (byte) 0x90 || + rb[rb.length - 1] != (byte) 0x00) { + + throw new SignatureCardException( + "SELECT FILE with " + + "AID=" + toString(aid) + " failed (" + + "SW=" + + Integer.toHexString( + (0xFF & (int) rb[rb.length - 1]) | + (0xFF & (int) rb[rb.length - 2]) << 8) + + ")."); + + } + + // SELECT FILE (EF) + rb = selectFileFID(ef); + if (rb[rb.length - 2] != (byte) 0x90 || + rb[rb.length - 1] != (byte) 0x00) { + + throw new SignatureCardException( + "SELECT FILE with " + + "FID=" + toString(ef) + " failed (" + + "SW=" + + Integer.toHexString( + (0xFF & (int) rb[rb.length - 1]) | + (0xFF & (int) rb[rb.length - 2]) << 8) + + ")."); + } + + // try to READ BINARY + int sw = readBinary(0, 1, new byte[1]); + if (provider != null && sw == 0x6982) { + + // VERIFY + int kfpc = -1; // unknown + while (true) { + kfpc = verifyPIN(provider, spec, kid, kfpc); + if (kfpc < -1) { + return null; + } else if (kfpc < 0) { + break; + } + } + } else if (sw != 0x9000) { + throw new SignatureCardException("READ BINARY failed (SW=" + + Integer.toHexString(sw) + ")."); + } + + // READ BINARY + byte[] data = readBinaryTLV(maxLength, (byte) 0x30); + + return data; + + + } catch (CardException e) { + throw new SignatureCardException("Failed to acces card.", e); + } + + } + + + ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU) throws CardException { + logger.fine(commandAPDU + "\n" + toString(commandAPDU.getBytes())); + long t0 = System.currentTimeMillis(); + ResponseAPDU responseAPDU = channel.transmit(commandAPDU); + long t1 = System.currentTimeMillis(); + logger.fine(responseAPDU + "\n[" + (t1 - t0) + "ms] " + toString(responseAPDU.getBytes())); + return responseAPDU; + } + + public void init(Card card) { + card_ = card; + ATR atr = card.getATR(); + byte[] atrBytes = atr.getBytes(); + if (atrBytes.length >= 6) { + ifs_ = 0xFF & atr.getBytes()[6]; + logger.finer("Setting IFS (information field size) to " + ifs_); + } + } + + CardChannel getCardChannel() { + return card_.getBasicChannel(); + } + + + @Override + public void setLocale(Locale locale) { + if (locale == null) { + throw new NullPointerException("Locale must not be set to null"); + } + this.locale = locale; + } + + protected ResourceBundle getResourceBundle() { + if (i18n == null) { + i18n = ResourceBundle.getBundle(resourceBundleName, locale); + } + return i18n; + } +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/CancelledException.java b/smcc/src/main/java/at/gv/egiz/smcc/CancelledException.java new file mode 100644 index 00000000..347d74c9 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/CancelledException.java @@ -0,0 +1,39 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class CancelledException extends SignatureCardException { + + private static final long serialVersionUID = 1L; + + public CancelledException() { + super(); + } + + public CancelledException(String message, Throwable cause) { + super(message, cause); + } + + public CancelledException(String message) { + super(message); + } + + public CancelledException(Throwable cause) { + super(cause); + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java b/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java new file mode 100644 index 00000000..e2a5fe16 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java @@ -0,0 +1,74 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +public class CardNotSupportedException extends Exception { + + /** + * + */ + private static final long serialVersionUID = 1L; + + /** + * Creates a new instance of this CardNotSupportedException. + * + */ + public CardNotSupportedException() { + super(); + } + + /** + * Creates a new instance of this CardNotSupportedException. + * + * @param message + * @param cause + */ + public CardNotSupportedException(String message, Throwable cause) { + super(message, cause); + } + + /** + * Creates a new instance of this CardNotSupportedException. + * + * @param message + */ + public CardNotSupportedException(String message) { + super(message); + } + + /** + * Creates a new instance of this CardNotSupportedException. + * + * @param cause + */ + public CardNotSupportedException(Throwable cause) { + super(cause); + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java b/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java new file mode 100644 index 00000000..844115a4 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java @@ -0,0 +1,35 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +public interface PINProvider { + + public String providePIN(PINSpec spec, int retries); + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java new file mode 100644 index 00000000..cc54a337 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java @@ -0,0 +1,85 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.smcc; + +import java.util.ResourceBundle; + +/** + * + * @author mcentner + */ +public class PINSpec { + + int minLength_ = 0; + + int maxLength_ = -1; + + String rexepPattern_; + + ResourceBundle resourceBundle_; + + String name_; + + public PINSpec(int minLenght, int maxLength, String rexepPattern, + ResourceBundle resourceBundle, String name) { + + minLength_ = minLenght; + maxLength_ = maxLength; + rexepPattern_ = rexepPattern; + resourceBundle_ = resourceBundle; + name_ = name; + } + + public PINSpec(int minLenght, int maxLength, String rexepPattern, + String name) { + + minLength_ = minLenght; + maxLength_ = maxLength; + rexepPattern_ = rexepPattern; + name_ = name; + } + + + + public String getLocalizedName() { + + return (resourceBundle_ != null) + ? resourceBundle_.getString(name_) + : name_; + + } + + public int getMaxLength() { + return maxLength_; + } + + public int getMinLength() { + return minLength_; + } + + public String getRexepPattern() { + return rexepPattern_; + } + + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java new file mode 100644 index 00000000..79e2663e --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -0,0 +1,341 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import java.math.BigInteger; +import java.util.Arrays; + +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +public class STARCOSCard extends AbstractSignatureCard implements SignatureCard { + + public static final byte[] MF = new byte[] { (byte) 0x3F, (byte) 0x00 }; + + public static final byte[] AID_INFOBOX = new byte[] { (byte) 0xd0, + (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, + (byte) 0x18, (byte) 0x01 }; + + public static final byte[] EF_INFOBOX = new byte[] { (byte) 0xef, (byte) 0x01 }; + + public static final byte[] AID_SVSIG_CERT = new byte[] { (byte) 0xd0, + (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, + (byte) 0x10, (byte) 0x01 }; + + public static final byte[] EF_SVSIG_CERT_CA = new byte[] { (byte) 0x2f, + (byte) 0x01 }; + + public static final byte[] EF_SVSIG_CERT = new byte[] { (byte) 0x2f, + (byte) 0x02 }; + + // Sichere Signatur (SS) + + public static final byte[] AID_DF_SS = new byte[] { (byte) 0xd0, (byte) 0x40, + (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x12, + (byte) 0x01 }; + + public static final byte[] EF_C_X509_CH_DS = new byte[] { (byte) 0xc0, + (byte) 0x00 }; + + public static final byte[] EF_C_X509_CA_CS_DS = new byte[] { (byte) 0xc6, + (byte) 0x08 }; + + public static final byte[] DST_SS = new byte[] { (byte) 0x84, (byte) 0x03, // tag + // , + // length + // ( + // key + // desc + // . + // ) + (byte) 0x80, (byte) 0x02, (byte) 0x00, // local, key ID, key version + (byte) 0x89, (byte) 0x03, // tag, length (algorithm ID) + (byte) 0x13, (byte) 0x35, (byte) 0x10 // ECDSA + }; + + public static final byte KID_PIN_SS = (byte) 0x81; + + // Gew�hnliche Signatur (GS) + + public static final byte[] AID_DF_GS = new byte[] { (byte) 0xd0, (byte) 0x40, + (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x13, + (byte) 0x01 }; + + public static final byte[] EF_C_X509_CH_AUT = new byte[] { (byte) 0x2f, + (byte) 0x01 }; + + public static final byte[] EF_C_X509_CA_CS = new byte[] { (byte) 0x2f, + (byte) 0x02 }; + + public static final byte[] DST_GS = new byte[] { (byte) 0x84, (byte) 0x03, // tag + // , + // length + // ( + // key + // desc + // . + // ) + (byte) 0x80, (byte) 0x02, (byte) 0x00, // local, key ID, key version + (byte) 0x89, (byte) 0x01, // tag, length (algorithm ID) + (byte) 0x14 // ECDSA + }; + + public static final byte KID_PIN_CARD = (byte) 0x01; + + public STARCOSCard() { + super("at/gv/egiz/smcc/STARCOSCard"); + } + + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException { + + if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + return readTLVFile(AID_DF_SS, EF_C_X509_CH_DS, 2000); + } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + return readTLVFile(AID_DF_GS, EF_C_X509_CH_AUT, 2000); + } else { + throw new IllegalArgumentException("Keybox " + keyboxName + + " not supported."); + } + + } + + byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04, + 0x04, fid, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to select file (AID=" + + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + "."); + } else { + return resp.getBytes(); + } + } + + void selectMF() throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, + 0x0C)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to select MF: SW=" + + Integer.toHexString(resp.getSW()) + "."); + } + } + + byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x02, + 0x04, fid, 256)); + if (resp.getSW() == 0x6a82) { + throw new SignatureCardException("Failed to select file (FID=" + + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + "."); + } else { + return resp.getBytes(); + } + } + + void mseSetDST(byte[] dst) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, 0x41, + 0xB6, dst)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("MSE:SET DST failed: SW=" + + Integer.toHexString(resp.getSW())); + } + } + + void psoHash(byte[] hash) throws CardException, SignatureCardException { + byte[] data = new byte[hash.length + 2]; + data[0] = (byte) 0x90; // tag + data[1] = (byte) (hash.length); // length + System.arraycopy(hash, 0, data, 2, hash.length); + + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x90, + 0xA0, data)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("PSO:HASH failed: SW=" + + Integer.toHexString(resp.getSW())); + } + } + + byte[] psoComputDigitalSiganture() throws CardException, + SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E, + 0x9A, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException( + "PSO: COMPUTE DIGITAL SIGNATRE failed: SW=" + + Integer.toHexString(resp.getSW())); + } else { + return resp.getData(); + } + } + + int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) + throws CardException, SignatureCardException { + + CardChannel channel = getCardChannel(); + + // get number of possible retries + ResponseAPDU resp = transmit(channel, + new CommandAPDU(0x00, 0x20, 0x00, kid)); + int retries; + if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) { + retries = resp.getSW2() & 0x0f; + } else if (resp.getSW() == 0x6984) { + // PIN LCS = "Initilized" (not activated) + throw new SignatureCardException(spec.getLocalizedName() + " not set."); + } else { + throw new SignatureCardException("Failed to get PIN retries: SW=" + + Integer.toHexString(resp.getSW())); + } + + // get PIN + String pin = pinProvider.providePIN(spec, retries); + if (pin == null) { + // User canceled operation + // throw new CancelledException("User canceld PIN entry"); + return -2; + } + // PIN length in bytes + int len = (int) Math.ceil(pin.length() / 2); + + // BCD encode PIN and marshal PIN block + byte[] pinBytes = new BigInteger(pin, 16).toByteArray(); + byte[] pinBlock = new byte[8]; + if (len < pinBytes.length) { + System.arraycopy(pinBytes, pinBytes.length - len, pinBlock, 1, len); + } else { + System.arraycopy(pinBytes, 0, pinBlock, len - pinBytes.length + 1, + pinBytes.length); + } + pinBlock[0] = (byte) (0x20 + len * 2); + Arrays.fill(pinBlock, len + 1, 8, (byte) 0xff); + + resp = transmit(channel, new CommandAPDU(0x00, 0x20, 0x00, kid, pinBlock)); + if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) { + return resp.getSW2() & 0x0f; + } else if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to verify pin: SW=" + + Integer.toHexString(resp.getSW())); + } else { + return -1; + } + + } + + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, + PINProvider provider) throws SignatureCardException { + + if (hash.length != 20) { + throw new IllegalArgumentException("Hash value must be of length 20"); + } + + byte[] aid; + byte kid; + byte[] dst; + PINSpec spec; + if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { + aid = AID_DF_SS; + kid = KID_PIN_SS; + dst = DST_SS; + spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); + + } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { + aid = AID_DF_GS; + kid = KID_PIN_CARD; + dst = DST_GS; + spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + + } else { + throw new IllegalArgumentException("KeyboxName '" + keyboxName + + "' not supported."); + } + + try { + + // SELECT MF + selectMF(); + // SELECT DF + selectFileAID(aid); + // VERIFY + int retr = -1; // unknown + while (true) { + retr = verifyPIN(provider, spec, kid, retr); + if (retr < -1) { + return null; + } else if (retr < 0) { + break; + } + } + // MSE: SET DST + mseSetDST(dst); + // PSO: HASH + psoHash(hash); + // PSO: COMPUTE DIGITAL SIGNATURE + byte[] rs = psoComputDigitalSiganture(); + return rs; + + } catch (CardException e) { + throw new SignatureCardException("Failed to create signature.", e); + } + + } + + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) + throws SignatureCardException { + + if ("IdentityLink".equals(infobox)) { + + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + try { + byte[] res = readTLVFilePIN(AID_INFOBOX, EF_INFOBOX, KID_PIN_CARD, + provider, spec, 2000); + return res; + } catch (Exception e) { + throw new SignatureCardException(e); + } + } else { + throw new IllegalArgumentException("Infobox '" + infobox + + "' not supported."); + } + + } + + public String toString() { + return "eCard"; + } + + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java new file mode 100644 index 00000000..f19bc709 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -0,0 +1,322 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.smcc; + +import java.io.ByteArrayOutputStream; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.util.Enumeration; +import java.util.Locale; + +import javax.smartcardio.Card; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author mcentner + */ +public class SWCard implements SignatureCard { + + private static final String BKU_USER_DIR = ".bku"; + + private static final String SWCARD_DIR = "smcc"; + + private static final String KEYSTORE_CERTIFIED_KEYPAIR = "certified.p12"; + + private static final String CERTIFICATE_CERTIFIED_KEYPAIR = "certified.cer"; + + private static final String KEYSTORE_SECURE_KEYPAIR = "secure.p12"; + + private static final String CERTIFICATE_SECURE_KEYPAIR = "secure.cer"; + + private static String swCardDir; + + private static Log log = LogFactory.getLog(SWCard.class); + + private KeyStore certifiedKeyStore; + + private KeyStore secureKeyStore; + + private Certificate certifiedCertificate; + + private Certificate secureCertificate; + + static { + String userHome = System.getProperty("user.home"); + String fs = System.getProperty("file.separator"); + swCardDir = userHome + fs + BKU_USER_DIR + fs + SWCARD_DIR; + } + + /** + * @return the swCardDir + */ + public static String getSwCardDir() { + return swCardDir; + } + + /** + * @param swCardDir the swCardDir to set + */ + public static void setSwCardDir(String swCardDir) { + SWCard.swCardDir = swCardDir; + } + + public void init(Card card) { + } + + private String getFileName(String fileName) { + String fs = System.getProperty("file.separator"); + return swCardDir + fs + fileName; + } + + private Certificate loadCertificate(String certificateFileName) throws SignatureCardException { + + final String certificateType = "x509"; + CertificateFactory factory; + try { + factory = CertificateFactory.getInstance(certificateType); + } catch (CertificateException e) { + String msg = "Failed to get CertificateFactory instance for type '" + certificateType + "'."; + log.error(msg, e); + throw new SignatureCardException(msg, e); + } + + // try to load Certificate file + String fileName = getFileName(certificateFileName); + log.info("Trying to load Certificate from file '" + fileName + "'."); + + FileInputStream certificateFile; + try { + certificateFile = new FileInputStream(fileName); + } catch (FileNotFoundException e) { + String msg = "Certificate file '" + fileName + "' not found."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + Certificate certificate; + try { + certificate = factory.generateCertificate(certificateFile); + } catch (CertificateException e) { + String msg = "Failed to load Certificate from file '" + fileName + "'."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + return certificate; + + } + + private KeyStore loadKeyStore(String keyStoreFileName, char[] password) throws SignatureCardException { + + final String keyStoreType = "pkcs12"; + KeyStore keyStore; + try { + keyStore = KeyStore.getInstance(keyStoreType); + } catch (KeyStoreException e) { + String msg = "Failed to get KeyStore instance for KeyStore type '" + keyStoreType + "'."; + log.error(msg, e); + throw new SignatureCardException(msg, e); + } + + // try to load KeyStore file + String fileName = getFileName(keyStoreFileName); + log.info("Trying to load KeyStore from file '" + fileName + "'."); + + FileInputStream keyStoreFile; + try { + keyStoreFile = new FileInputStream(fileName); + } catch (FileNotFoundException e) { + String msg = "KeyStore file '"+ fileName + "' not found."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + try { + keyStore.load(keyStoreFile, null); + } catch (Exception e) { + String msg = "Failed to load KeyStore from file '" + fileName + "'."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + return keyStore; + + + } + + private KeyStore getKeyStore(KeyboxName keyboxName, char[] password) throws SignatureCardException { + + if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + if (certifiedKeyStore == null) { + certifiedKeyStore = loadKeyStore(KEYSTORE_CERTIFIED_KEYPAIR, password); + } + return certifiedKeyStore; + } else if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + if (secureKeyStore == null) { + secureKeyStore = loadKeyStore(KEYSTORE_SECURE_KEYPAIR, password); + } + return secureKeyStore; + } else { + throw new SignatureCardException("Keybox of type '" + keyboxName + "' not supported."); + } + + } + + + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException { + + try { + if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + if (certifiedCertificate == null) { + certifiedCertificate = loadCertificate(CERTIFICATE_CERTIFIED_KEYPAIR); + } + return certifiedCertificate.getEncoded(); + } else if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + if (secureCertificate == null) { + secureCertificate = loadCertificate(CERTIFICATE_SECURE_KEYPAIR); + } + return secureCertificate.getEncoded(); + } else { + throw new SignatureCardException("Keybox of type '" + keyboxName + "' not supported."); + } + } catch (CertificateEncodingException e) { + throw new SignatureCardException("Failed to get encoded Certificate.", e); + } + + + } + + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) throws SignatureCardException { + + String fileName = getFileName(infobox + ".ibx"); + FileInputStream file; + try { + file = new FileInputStream(fileName); + } catch (FileNotFoundException e) { + String msg = "Infobox '" + infobox + "' not found."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + ByteArrayOutputStream bytes = new ByteArrayOutputStream(); + try { + byte[] b = new byte[512]; + for(int l; (l = file.read(b)) != -1;) { + bytes.write(b, 0, l); + } + file.close(); + } catch (IOException e) { + String msg = "Failed to read infobox '" + infobox + "'."; + log.error(msg, e); + throw new SignatureCardException(msg, e); + } + + return bytes.toByteArray(); + + } + + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, PINProvider provider) throws SignatureCardException { + + // KeyStore password + PINSpec pinSpec = new PINSpec(0, -1, ".", "KeyStore-Password"); + + KeyStore keyStore = getKeyStore(keyboxName, null); + + PrivateKey privateKey = null; + + try { + for (Enumeration aliases = keyStore.aliases(); aliases + .hasMoreElements() && privateKey == null;) { + String alias = aliases.nextElement(); + log.debug("Found alias '" + alias + "' in keystore"); + if (keyStore.isKeyEntry(alias)) { + Key key = null; + while (key == null) { + try { + String pin = provider.providePIN(pinSpec, -1); + key = keyStore.getKey(alias, pin.toCharArray()); + } catch (UnrecoverableKeyException e) { + log.info("Failed to get Key from KeyStore. Wrong password?", e); + } + } + privateKey = (PrivateKey) key; + } + } + } catch (Exception e) { + String msg = "Failed to get certificate from KeyStore."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + if (privateKey == null) { + String msg = "No private key found in KeyStore."; + log.info(msg); + throw new SignatureCardException(msg); + } + + String algorithm = privateKey.getAlgorithm(); + algorithm = "SHA1with" + algorithm; + try { + Signature signature = Signature.getInstance(algorithm); + signature.initSign(privateKey); + signature.update(hash); + return signature.sign(); + } catch (NoSuchAlgorithmException e) { + String msg = "Algorithm + '" + algorithm + "' not supported for signing."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } catch (SignatureException e) { + String msg = "Signing faild."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } catch (InvalidKeyException e) { + String msg = "Key not valid for algorithm + '" + algorithm + "'."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + } + + @Override + public void setLocale(Locale locale) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Not supported yet."); + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java new file mode 100644 index 00000000..18a63514 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -0,0 +1,103 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import java.util.Locale; + +import javax.smartcardio.Card; + +public interface SignatureCard { + + public static class KeyboxName { + + public static KeyboxName SECURE_SIGNATURE_KEYPAIR = new KeyboxName( + "SecureSignatureKeypair"); + public static KeyboxName CERITIFIED_KEYPAIR = new KeyboxName( + "CertifiedKeypair"); + + private String keyboxName_; + + private KeyboxName(String keyboxName_) { + this.keyboxName_ = keyboxName_; + } + + public static KeyboxName getKeyboxName(String keyBox) { + if (SECURE_SIGNATURE_KEYPAIR.equals(keyBox)) { + return SECURE_SIGNATURE_KEYPAIR; + } else if (CERITIFIED_KEYPAIR.equals(keyBox)) { + return CERITIFIED_KEYPAIR; + } else { + return new KeyboxName(keyBox); + } + } + + public boolean equals(Object obj) { + if (obj instanceof String) { + return obj.equals(keyboxName_); + } + if (obj instanceof KeyboxName) { + return ((KeyboxName) obj).keyboxName_.equals(keyboxName_); + } else { + return super.equals(obj); + } + } + + public String getKeyboxName() { + return keyboxName_; + } + + } + + public void init(Card card); + + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException; + + /** + * + * @param infobox + * @param provider + * @param domainId may be null. + * @return + * @throws SignatureCardException + */ + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) + throws SignatureCardException; + + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, + PINProvider provider) throws SignatureCardException; + + /** + * Sets the local for evtl. required callbacks (e.g. PINSpec) + * @param locale must not be null; + */ + public void setLocale(Locale locale); + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java new file mode 100644 index 00000000..f2a964fe --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java @@ -0,0 +1,76 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +public class SignatureCardException extends Exception { + + /** + * + */ + private static final long serialVersionUID = 1L; + + /** + * Creates a new instance of this SignatureCardException. + * + */ + public SignatureCardException() { + super(); + } + + /** + * Creates a new instance of this SignatureCardException. + * + * @param message + * @param cause + */ + public SignatureCardException(String message, Throwable cause) { + super(message, cause); + } + + /** + * Creates a new instance of this SignatureCardException. + * + * @param message + */ + public SignatureCardException(String message) { + super(message); + } + + /** + * Creates a new instance of this SignatureCardException. + * + * @param cause + */ + public SignatureCardException(Throwable cause) { + super(cause); + } + + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java new file mode 100644 index 00000000..2131a737 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java @@ -0,0 +1,97 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import javax.smartcardio.ATR; +import javax.smartcardio.Card; + +public class SignatureCardFactory { + + public static SignatureCardFactory getInstance() { + return new SignatureCardFactory(); + } + + private SignatureCardFactory() { + + } + + public SignatureCard createSignatureCard(Card card) + throws CardNotSupportedException { + + if(card == null) { + SignatureCard sCard = new SWCard(); + sCard.init(card); + return sCard; + } + + ATR atr = card.getATR(); + byte[] historicalBytes = atr.getHistoricalBytes(); + if(historicalBytes == null || historicalBytes.length < 3) { + throw new CardNotSupportedException("Card not supported: ATR=" + toString(atr.getBytes())); + } + + int t = ((0xFF & (int) historicalBytes[0]) << 16) + + ((0xFF & (int) historicalBytes[1]) << 8) + + (0xFF & (int) historicalBytes[2]); + + SignatureCard sCard; + switch (t) { + case 0x455041 : + case 0x4D4341 : + sCard = new ACOSCard(); + break; + + case 0x805102 : + sCard = new STARCOSCard(); + break; + + default : + throw new CardNotSupportedException("Card not supported: ATR=" + toString(atr.getBytes())); + } + sCard.init(card); + return sCard; + + } + + public static String toString(byte[] b) { + StringBuffer sb = new StringBuffer(); + if (b != null && b.length > 0) { + sb.append(Integer.toHexString((b[0] & 240) >> 4)); + sb.append(Integer.toHexString(b[0] & 15)); + } + for(int i = 1; i < b.length; i++) { + sb.append(':'); + sb.append(Integer.toHexString((b[i] & 240) >> 4)); + sb.append(Integer.toHexString(b[i] & 15)); + } + return sb.toString(); + } + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java new file mode 100644 index 00000000..3d1fd7c7 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java @@ -0,0 +1,150 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.util; + +import java.util.Locale; +import java.util.Map; + +import javax.smartcardio.ATR; +import javax.smartcardio.Card; +import javax.smartcardio.CardTerminal; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.smcc.CardNotSupportedException; +import at.gv.egiz.smcc.SignatureCard; +import at.gv.egiz.smcc.SignatureCardFactory; + +public class SMCCHelper { + + public final static int NO_CARD = 0; + public final static int PC_SC_NOT_SUPPORTED = 1; + public final static int TERMINAL_NOT_PRESENT = 2; + public final static int CARD_NOT_SUPPORTED = 3; + public final static int CARD_FOUND = 4; + + private final static Log log = LogFactory.getLog(SMCCHelper.class); + + protected SmartCardIO smartCardIO = new SmartCardIO(); + protected int resultCode = NO_CARD; + protected SignatureCard signatureCard = null; + protected static boolean useSWCard = false; + + public SMCCHelper() { + update(); + } + + public void update() { + update(-1); + } + + public void update(int sleep) { + SignatureCardFactory factory = SignatureCardFactory.getInstance(); + if (useSWCard) { + try { + signatureCard = factory.createSignatureCard(null); + resultCode = CARD_FOUND; + } catch (CardNotSupportedException e) { + resultCode = CARD_NOT_SUPPORTED; + signatureCard = null; + } + return; + } + signatureCard = null; + resultCode = NO_CARD; + // find pcsc support + if (smartCardIO.isPCSCSupported()) { + // find supported card + if (smartCardIO.isTerminalPresent()) { + Map newCards = null; + if (sleep > 0) { + smartCardIO.waitForInserted(sleep); + + } + newCards = smartCardIO.getCards(); + for (CardTerminal cardTerminal : newCards.keySet()) { + try { + Card c = newCards.get(cardTerminal); + if (c == null) { + throw new CardNotSupportedException(); + } + signatureCard = factory.createSignatureCard(c); + ATR atr = newCards.get(cardTerminal).getATR(); + log.trace("Found supported card (" + signatureCard.toString() + ") " + + "in terminal '" + cardTerminal.getName() + "', ATR = " + + toString(atr.getHistoricalBytes()) + "."); + resultCode = CARD_FOUND; + break; + + } catch (CardNotSupportedException e) { + Card c = newCards.get(cardTerminal); + if (c != null) { + ATR atr = c.getATR(); + log.info("Found unsupported card" + " in terminal '" + + cardTerminal.getName() + "', ATR = " + + toString(atr.getHistoricalBytes()) + "."); + } else { + log.info("Found unsupported card in terminal '" + + cardTerminal.getName() + "' without ATR"); + } + resultCode = CARD_NOT_SUPPORTED; + } + } + } else { + resultCode = TERMINAL_NOT_PRESENT; + } + } else { + resultCode = PC_SC_NOT_SUPPORTED; + } + } + + public SignatureCard getSignatureCard(Locale locale) { + if (signatureCard != null) { + signatureCard.setLocale(locale); + } + return signatureCard; + } + + public int getResultCode() { + return resultCode; + } + + public static String toString(byte[] b) { + StringBuffer sb = new StringBuffer(); + sb.append('['); + if (b != null && b.length > 0) { + sb.append(Integer.toHexString((b[0] & 240) >> 4)); + sb.append(Integer.toHexString(b[0] & 15)); + for (int i = 1; i < b.length; i++) { + sb.append((i % 32 == 0) ? '\n' : ':'); + sb.append(Integer.toHexString((b[i] & 240) >> 4)); + sb.append(Integer.toHexString(b[i] & 15)); + } + } + sb.append(']'); + return sb.toString(); + } + + public static boolean isUseSWCard() { + return useSWCard; + } + + public static void setUseSWCard(boolean useSWCard) { + SMCCHelper.useSWCard = useSWCard; + } +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java new file mode 100644 index 00000000..ffffd3af --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java @@ -0,0 +1,196 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.util; + +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.smartcardio.Card; +import javax.smartcardio.CardException; +import javax.smartcardio.CardTerminal; +import javax.smartcardio.CardTerminals; +import javax.smartcardio.TerminalFactory; +import javax.smartcardio.CardTerminals.State; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author mcentner + */ +public class SmartCardIO { + + private static final int STATE_INITIALIZED = 1; + + private static final int STATE_TERMINAL_FACTORY = 2; + + private static final int STATE_TERMINALS = 3; + + private static Log log = LogFactory.getLog(SmartCardIO.class); + + final Map terminalCard_ = new HashMap(); + + int state_ = STATE_INITIALIZED; + + TerminalFactory terminalFactory_ = null; + + CardTerminals cardTerminals_; + + private void updateTerminalFactory() { + TerminalFactory terminalFactory = TerminalFactory.getDefault(); + log.debug("TerminalFactory : " + terminalFactory); + if ("PC/SC".equals(terminalFactory.getType())) { + terminalFactory_ = terminalFactory; + } + if(state_ < STATE_TERMINAL_FACTORY) { + state_ = STATE_TERMINAL_FACTORY; + } + } + + public boolean isPCSCSupported() { + if(state_ < STATE_TERMINAL_FACTORY) { + updateTerminalFactory(); + } + return terminalFactory_ != null; + } + + private void updateCardTerminals() { + if(terminalFactory_ != null) { + cardTerminals_ = terminalFactory_.terminals(); + } + log.debug("CardTerminals : " + cardTerminals_); + if (state_ < STATE_TERMINALS) { + state_ = STATE_TERMINALS; + } + } + + public CardTerminals getCardTerminals() { + if(state_ < STATE_TERMINAL_FACTORY) { + updateTerminalFactory(); + } + if(state_ < STATE_TERMINALS) { + updateCardTerminals(); + } + return cardTerminals_; + } + + public boolean isTerminalPresent() { + CardTerminals cardTerminals = getCardTerminals(); + if (cardTerminals != null) { + List terminals = null; + try { + terminals = cardTerminals.list(State.ALL); + + // logging + if(log.isInfoEnabled()) { + if (terminals == null || terminals.isEmpty()) { + log.info("No card terminal found."); + } else { + StringBuffer msg = new StringBuffer(); + msg.append("Found " + terminals.size() + " card terminal(s):"); + for (CardTerminal terminal : terminals) { + msg.append("\n " + terminal.getName()); + } + log.info(msg.toString()); + } + } + + return terminals != null && !terminals.isEmpty(); + } catch (CardException e) { + log.info("Failed to list card terminals.", e); + return false; + } + } else { + return false; + } + } + + private Map updateCards() { + + // clear card references if removed + try { + log.trace("terminals.list(State.CARD_REMOVAL)"); + for (CardTerminal terminal : cardTerminals_.list(CardTerminals.State.CARD_REMOVAL)) { + Card card = terminalCard_.remove(terminal); + log.trace("card removed : " + card); + } + } catch (CardException e) { + log.debug(e); + } + + // check inserted cards + Map newCards = new HashMap(); + try { + log.trace("terminals.list(State.CARD_INSERTION)"); + for (CardTerminal terminal : cardTerminals_.list(CardTerminals.State.CARD_INSERTION)) { + + Card card = null; + try { + // try to connect to card + card = terminal.connect("*"); + } catch (CardException e) { + log.trace("Failed to connect to card.", e); + } + + // have we seen this card before? + if (terminalCard_.put(terminal, card) == null) { + terminalCard_.put(terminal, card); + newCards.put(terminal, card); + log.trace("terminal '" + terminal + "' card inserted : " + card); + } + } + } catch (CardException e) { + log.debug(e); + } + return newCards; + + } + + public Map getCards() { + if(state_ < STATE_TERMINAL_FACTORY) { + updateTerminalFactory(); + } + if(state_ < STATE_TERMINALS) { + updateCardTerminals(); + } + updateCards(); + Map terminalCard = new HashMap(); + terminalCard.putAll(terminalCard_); + return Collections.unmodifiableMap(terminalCard); + } + + public Map waitForInserted(int timeout) { + if(state_ < STATE_TERMINAL_FACTORY) { + updateTerminalFactory(); + } + if(state_ < STATE_TERMINALS) { + updateCardTerminals(); + } + try { + // just waiting for a short period of time to allow for abort + cardTerminals_.waitForChange(timeout); + } catch (CardException e) { + log.debug("CardTerminals.waitForChange(" + timeout + ") failed.", e); + } + Map newCards = new HashMap(); + newCards.putAll(updateCards()); + return Collections.unmodifiableMap(newCards); + } +} \ No newline at end of file diff --git a/smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java b/smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java new file mode 100644 index 00000000..e5030da2 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java @@ -0,0 +1,38 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.utils; + +import at.gv.egiz.smcc.PINProvider; +import at.gv.egiz.smcc.PINSpec; + +public class SingletonPINProvider implements PINProvider { + + private String pin; + private boolean pin_already_provided = false; + + public SingletonPINProvider(String pin) { + this.pin = pin; + } + + public String providePIN(PINSpec spec, int retries) { + if (pin_already_provided) + return null; + pin_already_provided = true; + return pin; + } + +} -- cgit v1.2.3 From e21dd5249d5fa19c5619847922cf8cdea95e3145 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 25 Sep 2008 07:29:47 +0000 Subject: improved robustness of http binding processor git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@70 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/bku/local/conf/SpringConfigurator.java | 6 +++- .../gv/egiz/bku/local/conf/defaultConf.properties | 1 + .../gv/egiz/stal/service/impl/STALServiceImpl.java | 2 +- BKUOnline/src/main/webapp/META-INF/MANIFEST.MF | 7 ++-- .../at/gv/egiz/bku/binding/BindingProcessor.java | 4 ++- .../gv/egiz/bku/binding/HTTPBindingProcessor.java | 9 ++++- .../slcommands/impl/InfoboxReadCommandImpl.java | 8 +++-- .../gv/egiz/smcc/utils/SingletonPINProvider.java | 38 ---------------------- .../HTTPURLProtocolHandlerImpl.java | 3 +- .../at/gv/egiz/idlink/IdentityLinkTransformer.java | 30 ++++++++++++----- 10 files changed, 52 insertions(+), 56 deletions(-) delete mode 100644 smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java (limited to 'smcc/src/main/java') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index 43dbf745..46668667 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -128,10 +128,14 @@ public class SpringConfigurator extends Configurator implements if ((proxy == null) || (proxy.equals(""))) { log.info("No proxy configured"); } else { - log.info("Setting proxy to: "+proxy+":"+portString); + log.info("Setting proxy to: " + proxy + ":" + portString); System.setProperty("proxyHost", proxy); System.setProperty("proxyPort", portString); } + String timeout = getProperty("DefaultSocketTimeout"); + if ((timeout != null) && (!timeout.equals(""))) { + System.setProperty("sun.net.client.defaultConnectTimeout", timeout); + } } private Set getCACerts() throws IOException, diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties index 6d59ec21..29bdd1ed 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -54,6 +54,7 @@ ValidateHashDataInputs=true HTTPProxyHost= HTTPProxyPort= +DefaultSocketTimeout=200 diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java index 385888e9..d3d6c8db 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java @@ -248,6 +248,6 @@ public class STALServiceImpl implements STALPortType { ServletContext sCtx = (ServletContext) mCtx.get(MessageContext.SERVLET_CONTEXT); BindingProcessorManager bpMgr = (BindingProcessorManager) sCtx.getAttribute(BINDING_PROCESSOR_MANAGER); BindingProcessor bp = bpMgr.getBindingProcessor(sessionId); - return (bp == null) ? null : (STALRequestBroker) bp.getSTAL(); + return (bp == null) ? null : (bp.isFinished() ? null : (STALRequestBroker) bp.getSTAL()); } } diff --git a/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF b/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF index 5e949512..ca7c7604 100644 --- a/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF +++ b/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF @@ -1,3 +1,6 @@ Manifest-Version: 1.0 -Class-Path: - +Archiver-Version: Plexus Archiver +Created-By: Apache Maven +Built-By: wbauer +Build-Jdk: 1.6.0_10-beta +Implementation-Build: 1.0-SNAPSHOT-r31 \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessor.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessor.java index c386508d..2569bf85 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessor.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessor.java @@ -71,5 +71,7 @@ public interface BindingProcessor extends Runnable { * If the locale is not set the default locale will be used. * @param locale must not be null. */ - public void setLocale(Locale locale); + public void setLocale(Locale locale); + + public boolean isFinished(); } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java index 8f72c3ee..5e44e82b 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java @@ -115,6 +115,7 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements protected int responseCode = 200; protected Map responseHeaders = Collections.EMPTY_MAP; protected Locale locale = Locale.getDefault(); + protected boolean finished = false; /** * @@ -246,6 +247,7 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements commandInvoker.setCommand(slCommand); responseCode = 200; responseHeaders = Collections.EMPTY_MAP; + dataUrlResponse = null; try { commandInvoker.invoke(srcContex); } catch (SLException e) { @@ -253,7 +255,6 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements bindingProcessorError = e; currentState = State.TRANSFORM; } - dataUrlResponse = null; if (getDataUrl() != null) { log.debug("Data Url set to: " + getDataUrl()); currentState = State.DATAURL; @@ -495,6 +496,7 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements sendSTALQuit(); log.info("Terminating Bindingprocessor; Thread: " + Thread.currentThread().getId()); + finished = true; } // -- END Methods that handle the http binding activities as defined in the @@ -620,6 +622,7 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements currentState = State.FINISHED; } log.debug("Terminated http binding processor"); + finished = true; } @Override @@ -805,4 +808,8 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements this.locale = locale; } + @Override + public boolean isFinished() { + return finished; + } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java index 4d64ae36..b6c89e5b 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java @@ -371,12 +371,12 @@ public class InfoboxReadCommandImpl extends SLCommandImpl certificates = getCertificatesFromResponses(); @@ -413,10 +413,12 @@ public class InfoboxReadCommandImpl extends SLCommandImpl>(); } - private synchronized IdLTransformer getFreeTransfomer(String stylesheetURL) throws TransformerConfigurationException, IOException { + private IdLTransformer getFreeTransfomer(String stylesheetURL) throws TransformerConfigurationException, IOException { IdLTransformer transformer = null; @@ -260,9 +271,12 @@ public class IdentityLinkTransformer { } - public void transformIdLink(String stylesheetURL, Source source, Result result) throws IOException, TransformerException { - IdLTransformer transformer = getFreeTransfomer(stylesheetURL); - transformer.transform(source, result); + public void transformIdLink(String stylesheetURL, Source source, Result result) throws IOException, TransformerException { + log.trace("Trying to get free IdentityLinkTransformer for issuer template '" + stylesheetURL + "'."); + IdLTransformer transformer = getFreeTransfomer(stylesheetURL); + log.trace("Trying to transform IdentityLink."); + transformer.transform(source, result); + log.trace("IdentityLink transformed successfully. " + getStatistics()); } public String getStatistics() { -- cgit v1.2.3 From 62dffe15b09010e64a886a936d549239f441cd31 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 10 Oct 2008 09:12:11 +0000 Subject: added a reset command git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@96 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 2 - .../at/gv/egiz/smcc/AbstractSignatureCard.java | 229 +++++++++++---------- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 6 + .../main/java/at/gv/egiz/smcc/SignatureCard.java | 2 + 4 files changed, 131 insertions(+), 108 deletions(-) (limited to 'smcc/src/main/java') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java index 7269ba7f..abe086ee 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -153,8 +153,6 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { return -2; } - logger.finest("PIN=" + pin); - byte[] asciiPIN = pin.getBytes(Charset.forName("ASCII")); byte[] encodedPIN = new byte[8]; System.arraycopy(asciiPIN, 0, encodedPIN, 0, Math.min(asciiPIN.length, diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index 91c873c9..ab6932d7 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -40,40 +40,45 @@ import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + public abstract class AbstractSignatureCard implements SignatureCard { - static Logger logger = Logger.getLogger(AbstractSignatureCard.class.getName()); - + private static Log log = LogFactory.getLog(AbstractSignatureCard.class); + private ResourceBundle i18n; private String resourceBundleName; private Locale locale = Locale.getDefault(); - + int ifs_ = 254; - + Card card_; - + protected AbstractSignatureCard(String resourceBundleName) { this.resourceBundleName = resourceBundleName; } - + String toString(byte[] b) { StringBuffer sb = new StringBuffer(); if (b != null && b.length > 0) { sb.append(Integer.toHexString((b[0] & 240) >> 4)); sb.append(Integer.toHexString(b[0] & 15)); } - for(int i = 1; i < b.length; i++) { + for (int i = 1; i < b.length; i++) { sb.append(':'); sb.append(Integer.toHexString((b[i] & 240) >> 4)); sb.append(Integer.toHexString(b[i] & 15)); } return sb.toString(); } - - abstract byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException; - abstract byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException; + abstract byte[] selectFileAID(byte[] fid) throws CardException, + SignatureCardException; + + abstract byte[] selectFileFID(byte[] fid) throws CardException, + SignatureCardException; byte[] readBinary(CardChannel channel, int offset, int len) throws CardException, SignatureCardException { @@ -88,31 +93,32 @@ public abstract class AbstractSignatureCard implements SignatureCard { } } - - int readBinary(int offset, int len, byte[] b) - throws CardException, SignatureCardException { - if (b.length < len) { - throw new IllegalArgumentException( - "Length of b must not be less than len."); - } + int readBinary(int offset, int len, byte[] b) throws CardException, + SignatureCardException { - CardChannel channel = getCardChannel(); - - ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, - 0x7F & (offset >> 8), offset & 0xFF, len)); - if (resp.getSW() == 0x9000) { - System.arraycopy(resp.getData(), 0, b, 0, len); - } - - return resp.getSW(); + if (b.length < len) { + throw new IllegalArgumentException( + "Length of b must not be less than len."); + } + + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, + 0x7F & (offset >> 8), offset & 0xFF, len)); + if (resp.getSW() == 0x9000) { + System.arraycopy(resp.getData(), 0, b, 0, len); } - byte[] readBinaryTLV(int maxSize, byte expectedType) throws CardException, SignatureCardException { + return resp.getSW(); + + } + + byte[] readBinaryTLV(int maxSize, byte expectedType) throws CardException, + SignatureCardException { CardChannel channel = getCardChannel(); - + // read first chunk int len = Math.min(maxSize, ifs_); byte[] chunk = readBinary(channel, 0, len); @@ -141,89 +147,88 @@ public abstract class AbstractSignatureCard implements SignatureCard { offset += chunk.length; } return buffer.array(); - + } - - abstract int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) throws CardException, SignatureCardException; - public byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) throws SignatureCardException { - return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength); - } - - public byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, - PINProvider provider, PINSpec spec, int maxLength) throws SignatureCardException { - - try { - - // SELECT FILE (AID) - byte[] rb = selectFileAID(aid); - if (rb[rb.length - 2] != (byte) 0x90 || - rb[rb.length - 1] != (byte) 0x00) { - - throw new SignatureCardException( - "SELECT FILE with " + - "AID=" + toString(aid) + " failed (" + - "SW=" + - Integer.toHexString( - (0xFF & (int) rb[rb.length - 1]) | - (0xFF & (int) rb[rb.length - 2]) << 8) + - ")."); - - } - - // SELECT FILE (EF) - rb = selectFileFID(ef); - if (rb[rb.length - 2] != (byte) 0x90 || - rb[rb.length - 1] != (byte) 0x00) { - - throw new SignatureCardException( - "SELECT FILE with " + - "FID=" + toString(ef) + " failed (" + - "SW=" + - Integer.toHexString( - (0xFF & (int) rb[rb.length - 1]) | - (0xFF & (int) rb[rb.length - 2]) << 8) + - ")."); - } - - // try to READ BINARY - int sw = readBinary(0, 1, new byte[1]); - if (provider != null && sw == 0x6982) { - - // VERIFY - int kfpc = -1; // unknown - while (true) { - kfpc = verifyPIN(provider, spec, kid, kfpc); - if (kfpc < -1) { - return null; - } else if (kfpc < 0) { - break; - } - } - } else if (sw != 0x9000) { - throw new SignatureCardException("READ BINARY failed (SW=" + - Integer.toHexString(sw) + ")."); - } - - // READ BINARY - byte[] data = readBinaryTLV(maxLength, (byte) 0x30); - - return data; - - - } catch (CardException e) { - throw new SignatureCardException("Failed to acces card.", e); + abstract int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, + int kfpc) throws CardException, SignatureCardException; + + public byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) + throws SignatureCardException { + return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength); + } + + public byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, + PINProvider provider, PINSpec spec, int maxLength) + throws SignatureCardException { + + try { + + // SELECT FILE (AID) + byte[] rb = selectFileAID(aid); + if (rb[rb.length - 2] != (byte) 0x90 || rb[rb.length - 1] != (byte) 0x00) { + + throw new SignatureCardException("SELECT FILE with " + + "AID=" + + toString(aid) + + " failed (" + + "SW=" + + Integer.toHexString((0xFF & (int) rb[rb.length - 1]) + | (0xFF & (int) rb[rb.length - 2]) << 8) + ")."); + + } + + // SELECT FILE (EF) + rb = selectFileFID(ef); + if (rb[rb.length - 2] != (byte) 0x90 || rb[rb.length - 1] != (byte) 0x00) { + + throw new SignatureCardException("SELECT FILE with " + + "FID=" + + toString(ef) + + " failed (" + + "SW=" + + Integer.toHexString((0xFF & (int) rb[rb.length - 1]) + | (0xFF & (int) rb[rb.length - 2]) << 8) + ")."); + } + + // try to READ BINARY + int sw = readBinary(0, 1, new byte[1]); + if (provider != null && sw == 0x6982) { + + // VERIFY + int kfpc = -1; // unknown + while (true) { + kfpc = verifyPIN(provider, spec, kid, kfpc); + if (kfpc < -1) { + return null; + } else if (kfpc < 0) { + break; + } } + } else if (sw != 0x9000) { + throw new SignatureCardException("READ BINARY failed (SW=" + + Integer.toHexString(sw) + ")."); + } + + // READ BINARY + byte[] data = readBinaryTLV(maxLength, (byte) 0x30); + return data; + + } catch (CardException e) { + throw new SignatureCardException("Failed to acces card.", e); } - - ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU) throws CardException { - logger.fine(commandAPDU + "\n" + toString(commandAPDU.getBytes())); + } + + ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU) + throws CardException { + log.trace(commandAPDU + "\n" + toString(commandAPDU.getBytes())); long t0 = System.currentTimeMillis(); ResponseAPDU responseAPDU = channel.transmit(commandAPDU); long t1 = System.currentTimeMillis(); - logger.fine(responseAPDU + "\n[" + (t1 - t0) + "ms] " + toString(responseAPDU.getBytes())); + log.trace(responseAPDU + "\n[" + (t1 - t0) + "ms] " + + toString(responseAPDU.getBytes())); return responseAPDU; } @@ -233,15 +238,14 @@ public abstract class AbstractSignatureCard implements SignatureCard { byte[] atrBytes = atr.getBytes(); if (atrBytes.length >= 6) { ifs_ = 0xFF & atr.getBytes()[6]; - logger.finer("Setting IFS (information field size) to " + ifs_); + log.trace("Setting IFS (information field size) to " + ifs_); } } CardChannel getCardChannel() { return card_.getBasicChannel(); } - - + @Override public void setLocale(Locale locale) { if (locale == null) { @@ -249,11 +253,24 @@ public abstract class AbstractSignatureCard implements SignatureCard { } this.locale = locale; } - + protected ResourceBundle getResourceBundle() { if (i18n == null) { i18n = ResourceBundle.getBundle(resourceBundleName, locale); } return i18n; } + + @Override + public void reset() { + log.debug("Resetting card"); + if (card_ != null) { + try { + card_.disconnect(true); + } catch (CardException e) { + log.info("Error while resetting card", e); + } + } + } + } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index f19bc709..28cce350 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -319,4 +319,10 @@ public class SWCard implements SignatureCard { throw new UnsupportedOperationException("Not supported yet."); } + @Override + public void reset() { + // TODO Auto-generated method stub + + } + } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java index 18a63514..5e859d52 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -78,6 +78,8 @@ public interface SignatureCard { public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException; + + public void reset(); /** * -- cgit v1.2.3 From 8852be703a5cacaf271575ccee04bbe27612d16b Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 10 Oct 2008 12:35:07 +0000 Subject: Improved Quit Handling for multiple applet instances git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@101 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/bku/online/applet/BKUApplet.java | 4 + .../at/gv/egiz/bku/online/applet/BKUWorker.java | 125 ++++++++++++--------- .../bku/online/applet/MultiInstanceHandler.java | 49 ++++++++ .../at/gv/egiz/bku/online/applet/QuitHandler.java | 37 ++++++ .../at/gv/egiz/smcc/AbstractSignatureCard.java | 6 +- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 4 +- .../main/java/at/gv/egiz/smcc/SignatureCard.java | 2 +- .../at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java | 4 +- 8 files changed, 167 insertions(+), 64 deletions(-) create mode 100644 BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/MultiInstanceHandler.java create mode 100644 BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/QuitHandler.java (limited to 'smcc/src/main/java') diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java index 6a781729..ab38c163 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java @@ -30,6 +30,9 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.gui.BKUGUIFacade; import at.gv.egiz.bku.gui.BKUGUIFactory; +import at.gv.egiz.bku.smccstal.AbstractSMCCSTAL; +import at.gv.egiz.stal.QuitRequest; + import java.net.URL; /** @@ -56,6 +59,7 @@ public class BKUApplet extends JApplet { public void init() { log.info("Welcome to MOCCA\n"); log.debug("Called init()"); + AbstractSMCCSTAL.addRequestHandler(QuitRequest.class, QuitHandler.getInstance()); HttpsURLConnection.setDefaultSSLSocketFactory(InternalSSLSocketFactory.getInstance()); String localeString = getMyAppletParameter(LOCALE_PARAM_KEY); if (localeString != null) { diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java index 12eb9d00..fbf74162 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java @@ -48,7 +48,7 @@ import at.gv.egiz.stal.service.types.ResponseType; import at.gv.egiz.stal.util.STALTranslator; public class BKUWorker extends AbstractSMCCSTAL implements Runnable, - ActionListener, SMCCSTALRequestHandler { + ActionListener, SMCCSTALRequestHandler { private static Log log = LogFactory.getLog(BKUWorker.class); protected BKUGUIFacade gui; @@ -65,15 +65,15 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, * must not be null */ public BKUWorker(BKUGUIFacade gui, BKUApplet parent, - ResourceBundle errorMessageBundle) { + ResourceBundle errorMessageBundle) { if ((gui == null) || (parent == null) || (errorMessageBundle == null)) { throw new NullPointerException("Parameter must not be set to null"); } this.gui = gui; this.parent = parent; this.errorMessages = errorMessageBundle; - addRequestHandler(QuitRequest.class, this); - // register SignRequestHandler once we have a webservice port + QuitHandler.getInstance().registerHandlerInstance(this); + // register SignRequestHandler once we have a webservice port } /** @@ -85,7 +85,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, protected BKUWorker(BKUGUIFacade gui, ResourceBundle errorMessageBundle) { this.gui = gui; this.errorMessages = errorMessageBundle; - addRequestHandler(QuitRequest.class, this); + QuitHandler.getInstance().registerHandlerInstance(this); } private STALPortType getSTALPort() throws MalformedURLException { @@ -111,7 +111,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, } log.debug("Found WSDL url: " + wsdlURL); QName endpointName = new QName("http://www.egiz.gv.at/wsdl/stal", - "STALService"); + "STALService"); STALService stal = new STALService(wsdlURL, endpointName); return stal.getSTALPort(); } @@ -126,7 +126,8 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, log.fatal("Failed to call STAL service.", e); actionCommandList.clear(); actionCommandList.add("ok"); - gui.showErrorDialog(BKUGUIFacade.ERR_SERVICE_UNREACHABLE, new Object[] {e.getMessage()}); + gui.showErrorDialog(BKUGUIFacade.ERR_SERVICE_UNREACHABLE, + new Object[] { e.getMessage() }); try { waitForAction(); } catch (InterruptedException e1) { @@ -140,13 +141,16 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, // use the testsession for testing sessionId = "TestSession"; } - addRequestHandler(at.gv.egiz.stal.SignRequest.class, new WSSignRequestHandler(sessionId, stalPort)); + addRequestHandler(at.gv.egiz.stal.SignRequest.class, + new WSSignRequestHandler(sessionId, stalPort)); ObjectFactory of = new ObjectFactory(); GetNextRequestResponseType nextRequestResp = stalPort.connect(sessionId); do { - List requests = nextRequestResp.getInfoboxReadRequestOrSignRequestOrQuitRequest(); - List stalRequests = STALTranslator.translateRequests(requests); + List requests = nextRequestResp + .getInfoboxReadRequestOrSignRequestOrQuitRequest(); + List stalRequests = STALTranslator + .translateRequests(requests); if (log.isInfoEnabled()) { StringBuilder sb = new StringBuilder("Received "); @@ -190,27 +194,33 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, responses = new ArrayList(1); ErrorResponseType err = new ErrorResponseType(); err.setErrorCode(6002); -// err.setErrorMessage(); + // err.setErrorMessage(); responses.add(err); } if (!finished) { + log.info("Not finished yet (BKUWorker: " + this + + "), sending responses"); GetNextRequestType nextRequest = of.createGetNextRequestType(); nextRequest.setSessionId(sessionId); - nextRequest.getInfoboxReadResponseOrSignResponseOrErrorResponse().addAll(responses); + nextRequest.getInfoboxReadResponseOrSignResponseOrErrorResponse() + .addAll(responses); nextRequestResp = stalPort.getNextRequest(nextRequest); } } while (!finished); log.info("Done " + Thread.currentThread().getName()); } catch (Exception ex) { log.error(ex.getMessage(), ex); - gui.showErrorDialog(BKUGUIFacade.ERR_UNKNOWN, new Object[] {ex.getMessage()}); + gui.showErrorDialog(BKUGUIFacade.ERR_UNKNOWN, new Object[] { ex + .getMessage() }); try { waitForAction(); } catch (InterruptedException e) { log.error(e); } } + signatureCard.disconnect(false); + QuitHandler.getInstance().unregisterHandlerInstance(this); sendRedirect(); } @@ -222,17 +232,20 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, URL url = null; if (redirectURL != null) { try { - url = new URL(parent.getCodeBase(), redirectURL + ";jsessionid=" + parent.getMyAppletParameter(BKUApplet.SESSION_ID)); + url = new URL(parent.getCodeBase(), redirectURL + ";jsessionid=" + + parent.getMyAppletParameter(BKUApplet.SESSION_ID)); } catch (MalformedURLException ex) { - log.warn("Parameter 'redirectURL': " + redirectURL + " not a valid URL.", ex); - // gui.showErrorDialog(errorMsg, okListener, actionCommand) + log.warn("Parameter 'redirectURL': " + redirectURL + + " not a valid URL.", ex); + // gui.showErrorDialog(errorMsg, okListener, actionCommand) } if (url != null) { if (redirectTarget == null) { log.info("Done. Trying to redirect to " + url + " ..."); parent.getAppletContext().showDocument(url); } else { - log.info("Done. Trying to redirect to " + url + " (target=" + redirectTarget + ") ..."); + log.info("Done. Trying to redirect to " + url + " (target=" + + redirectTarget + ") ..."); parent.getAppletContext().showDocument(url, redirectTarget); } } @@ -276,46 +289,46 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, int oldValue = SMCCHelper.PC_SC_NOT_SUPPORTED; // this is a save default while ((signatureCard == null) && (!actionPerformed)) { switch (smccHelper.getResultCode()) { - case SMCCHelper.PC_SC_NOT_SUPPORTED: + case SMCCHelper.PC_SC_NOT_SUPPORTED: + actionCommandList.clear(); + actionCommandList.add("ok"); + gui.showErrorDialog(BKUGUIFacade.ERR_NO_PCSC, null, this, "ok"); + try { + waitForAction(); + } catch (InterruptedException e) { + log.error(e); + } + return true; + case SMCCHelper.TERMINAL_NOT_PRESENT: + actionCommandList.clear(); + actionCommandList.add("ok"); + gui.showErrorDialog(BKUGUIFacade.ERR_NO_CARDTERMINAL, null, this, "ok"); + try { + waitForAction(); + } catch (InterruptedException e) { + log.error(e); + } + return true; + case SMCCHelper.CARD_NOT_SUPPORTED: + if (oldValue != SMCCHelper.CARD_NOT_SUPPORTED) { actionCommandList.clear(); - actionCommandList.add("ok"); - gui.showErrorDialog(BKUGUIFacade.ERR_NO_PCSC, null, this, "ok"); - try { - waitForAction(); - } catch (InterruptedException e) { - log.error(e); - } - return true; - case SMCCHelper.TERMINAL_NOT_PRESENT: + actionCommandList.add("cancel"); + gui.showCardNotSupportedDialog(this, "cancel"); + oldValue = SMCCHelper.CARD_NOT_SUPPORTED; + } + break; + case SMCCHelper.NO_CARD: + if (oldValue != SMCCHelper.NO_CARD) { actionCommandList.clear(); - actionCommandList.add("ok"); - gui.showErrorDialog(BKUGUIFacade.ERR_NO_CARDTERMINAL,null,this,"ok"); - try { - waitForAction(); - } catch (InterruptedException e) { - log.error(e); - } - return true; - case SMCCHelper.CARD_NOT_SUPPORTED: - if (oldValue != SMCCHelper.CARD_NOT_SUPPORTED) { - actionCommandList.clear(); - actionCommandList.add("cancel"); - gui.showCardNotSupportedDialog(this, "cancel"); - oldValue = SMCCHelper.CARD_NOT_SUPPORTED; - } - break; - case SMCCHelper.NO_CARD: - if (oldValue != SMCCHelper.NO_CARD) { - actionCommandList.clear(); - actionCommandList.add("cancel"); - gui.showInsertCardDialog(this, "cancel"); - oldValue = SMCCHelper.NO_CARD; - } - break; - case SMCCHelper.CARD_FOUND: - // gui.showWaitDialog(null); - signatureCard = smccHelper.getSignatureCard(errorMessages.getLocale()); - return false; + actionCommandList.add("cancel"); + gui.showInsertCardDialog(this, "cancel"); + oldValue = SMCCHelper.NO_CARD; + } + break; + case SMCCHelper.CARD_FOUND: + // gui.showWaitDialog(null); + signatureCard = smccHelper.getSignatureCard(errorMessages.getLocale()); + return false; } smccHelper.update(3000); } @@ -325,6 +338,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, @Override public STALResponse handleRequest(STALRequest request) { if (request instanceof QuitRequest) { + log.info("Setting state to: finished for BKUWorker " + this); finished = true; } else { log.error("Unexpected request to handle: " + request); @@ -350,4 +364,5 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, protected BKUGUIFacade getGUI() { return gui; } + } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/MultiInstanceHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/MultiInstanceHandler.java new file mode 100644 index 00000000..a07df559 --- /dev/null +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/MultiInstanceHandler.java @@ -0,0 +1,49 @@ +package at.gv.egiz.bku.online.applet; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; +import at.gv.egiz.smcc.SignatureCard; +import at.gv.egiz.stal.QuitRequest; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; + +public abstract class MultiInstanceHandler implements SMCCSTALRequestHandler { + + private static Log log = LogFactory.getLog(MultiInstanceHandler.class); + + protected List handlerList = new ArrayList(); + + + + protected MultiInstanceHandler() { + } + + public void registerHandlerInstance(SMCCSTALRequestHandler handler) { + handlerList.add(handler); + } + + public void unregisterHandlerInstance(SMCCSTALRequestHandler handler) { + handlerList.remove(handler); + } + + + @Override + public void init(SignatureCard sc, BKUGUIFacade gui) { + } + + @Override + public SMCCSTALRequestHandler newInstance() { + return this; + } + + @Override + public boolean requireCard() { + return false; + } +} diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/QuitHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/QuitHandler.java new file mode 100644 index 00000000..ab07e1a8 --- /dev/null +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/QuitHandler.java @@ -0,0 +1,37 @@ +package at.gv.egiz.bku.online.applet; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; +import at.gv.egiz.stal.QuitRequest; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; + +public class QuitHandler extends MultiInstanceHandler { + + private static Log log = LogFactory.getLog(QuitHandler.class); + + private static QuitHandler instance = new QuitHandler(); + + private QuitHandler() { + } + + public static QuitHandler getInstance() { + return instance; + } + + @Override + public STALResponse handleRequest(STALRequest request) { + if (request instanceof QuitRequest) { + log.info("Received QuitCommand"); + for (SMCCSTALRequestHandler handler : handlerList) { + handler.handleRequest(request); + } + } else { + log.error("Unexpected request to handle: " + request); + } + return null; + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index ab6932d7..7f3a3b1c 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -262,11 +262,11 @@ public abstract class AbstractSignatureCard implements SignatureCard { } @Override - public void reset() { - log.debug("Resetting card"); + public void disconnect(boolean reset) { + log.debug("Disconnect called"); if (card_ != null) { try { - card_.disconnect(true); + card_.disconnect(reset); } catch (CardException e) { log.info("Error while resetting card", e); } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index 28cce350..68a6f6df 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -320,9 +320,7 @@ public class SWCard implements SignatureCard { } @Override - public void reset() { - // TODO Auto-generated method stub - + public void disconnect(boolean reset) { } } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java index 5e859d52..37bd7cf9 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -79,7 +79,7 @@ public interface SignatureCard { public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException; - public void reset(); + public void disconnect(boolean reset); /** * diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java index 9e47aeb8..b7697db1 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java @@ -91,7 +91,7 @@ public abstract class AbstractSMCCSTAL implements STAL { log.info("Got an error response"); if (++retryCounter < maxRetries) { log.info("Retrying"); - signatureCard.reset(); + signatureCard.disconnect(true); signatureCard = null; } else { responseList.add(response); @@ -109,7 +109,7 @@ public abstract class AbstractSMCCSTAL implements STAL { log.info("Error while handling STAL request:" + e); if (++retryCounter < maxRetries) { log.info("Retrying"); - signatureCard.reset(); + signatureCard.disconnect(true); signatureCard = null; } else { responseList.add(new ErrorResponse(6000)); -- cgit v1.2.3 From ef8dc449ddc60008bce9264c73b4162cc487c174 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 16 Oct 2008 07:51:13 +0000 Subject: Changed STAL Handler from static registration to one Object per STAL instance git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@121 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/bku/online/applet/BKUApplet.java | 8 +--- .../at/gv/egiz/bku/online/applet/BKUWorker.java | 17 +++----- .../applet/ExternalDisplaySignRequestHandler.java | 12 ++---- .../bku/online/applet/MultiInstanceHandler.java | 49 ---------------------- .../at/gv/egiz/bku/online/applet/QuitHandler.java | 37 ---------------- .../applet/WebServiceSignRequestHandler.java | 24 +++++------ .../bku/local/stal/LocalSignRequestHandler.java | 5 --- .../java/at/gv/egiz/bku/local/stal/SMCCSTAL.java | 2 +- .../at/gv/egiz/bku/local/stal/SMCCSTALFactory.java | 5 +-- .../java/at/gv/egiz/bku/local/app/BKULauncher.java | 2 - .../at/gv/egiz/smcc/AbstractSignatureCard.java | 2 +- .../main/java/at/gv/egiz/smcc/util/SMCCHelper.java | 6 +-- .../at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java | 21 ++++------ .../bku/smccstal/InfoBoxReadRequestHandler.java | 5 --- .../egiz/bku/smccstal/SMCCSTALRequestHandler.java | 2 - 15 files changed, 35 insertions(+), 162 deletions(-) delete mode 100644 BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/MultiInstanceHandler.java delete mode 100644 BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/QuitHandler.java (limited to 'smcc/src/main/java') diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java index 96c0e7eb..97b5869f 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java @@ -17,11 +17,10 @@ package at.gv.egiz.bku.online.applet; import java.net.MalformedURLException; +import java.net.URL; import java.util.Locale; import java.util.ResourceBundle; -import java.util.logging.Level; -import java.util.logging.Logger; import javax.net.ssl.HttpsURLConnection; import javax.swing.JApplet; @@ -30,10 +29,6 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.gui.BKUGUIFacade; import at.gv.egiz.bku.gui.BKUGUIFactory; -import at.gv.egiz.bku.smccstal.AbstractSMCCSTAL; -import at.gv.egiz.stal.QuitRequest; - -import java.net.URL; /** * Note: all swing code is executed by the event dispatch thread (see @@ -66,7 +61,6 @@ public class BKUApplet extends JApplet { public void init() { log.info("Welcome to MOCCA\n"); log.debug("Called init()"); - AbstractSMCCSTAL.addRequestHandler(QuitRequest.class, QuitHandler.getInstance()); HttpsURLConnection.setDefaultSSLSocketFactory(InternalSSLSocketFactory.getInstance()); String localeString = getMyAppletParameter(LOCALE_PARAM_KEY); if (localeString != null) { diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java index 3f64de3d..f708826d 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java @@ -37,16 +37,15 @@ import at.gv.egiz.smcc.util.SMCCHelper; import at.gv.egiz.stal.QuitRequest; import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; -import at.gv.egiz.stal.service.types.GetNextRequestResponseType; -import at.gv.egiz.stal.service.types.GetNextRequestType; -import at.gv.egiz.stal.service.types.ObjectFactory; import at.gv.egiz.stal.service.STALPortType; import at.gv.egiz.stal.service.STALService; import at.gv.egiz.stal.service.types.ErrorResponseType; +import at.gv.egiz.stal.service.types.GetNextRequestResponseType; +import at.gv.egiz.stal.service.types.GetNextRequestType; +import at.gv.egiz.stal.service.types.ObjectFactory; import at.gv.egiz.stal.service.types.RequestType; import at.gv.egiz.stal.service.types.ResponseType; import at.gv.egiz.stal.util.STALTranslator; -import java.applet.AppletContext; public class BKUWorker extends AbstractSMCCSTAL implements Runnable, ActionListener, SMCCSTALRequestHandler { @@ -74,7 +73,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, this.gui = gui; this.parent = parent; this.errorMessages = errorMessageBundle; - QuitHandler.getInstance().registerHandlerInstance(this); + addRequestHandler(QuitRequest.class, this); // register SignRequestHandler once we have a webservice port } @@ -87,7 +86,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, protected BKUWorker(BKUGUIFacade gui, ResourceBundle errorMessageBundle) { this.gui = gui; this.errorMessages = errorMessageBundle; - QuitHandler.getInstance().registerHandlerInstance(this); + addRequestHandler(QuitRequest.class, this); } private STALPortType getSTALPort() throws MalformedURLException { @@ -252,7 +251,6 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, if (signatureCard != null) { signatureCard.disconnect(false); } - QuitHandler.getInstance().unregisterHandlerInstance(this); sendRedirect(); } @@ -382,11 +380,6 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, public void init(SignatureCard sc, BKUGUIFacade gui) { } - @Override - public SMCCSTALRequestHandler newInstance() { - return this; - } - @Override public boolean requireCard() { return false; diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java index a9bbc559..2ac1bc62 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/ExternalDisplaySignRequestHandler.java @@ -5,15 +5,16 @@ package at.gv.egiz.bku.online.applet; -import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; -import at.gv.egiz.bku.smccstal.SignRequestHandler; -import at.gv.egiz.stal.signedinfo.ReferenceType; import java.applet.AppletContext; import java.net.URL; import java.util.List; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.signedinfo.ReferenceType; + /** * * @author clemens @@ -30,11 +31,6 @@ public class ExternalDisplaySignRequestHandler extends SignRequestHandler { this.hashDataURL = hashDataURL; } - @Override - public SMCCSTALRequestHandler newInstance() { - return new ExternalDisplaySignRequestHandler(ctx, hashDataURL); - } - @Override public void displayHashDataInputs(List signedReferences) throws Exception { //TODO pass reference Id's to servlet (TODO servlet) diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/MultiInstanceHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/MultiInstanceHandler.java deleted file mode 100644 index a07df559..00000000 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/MultiInstanceHandler.java +++ /dev/null @@ -1,49 +0,0 @@ -package at.gv.egiz.bku.online.applet; - -import java.util.ArrayList; -import java.util.List; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.gui.BKUGUIFacade; -import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; -import at.gv.egiz.smcc.SignatureCard; -import at.gv.egiz.stal.QuitRequest; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; - -public abstract class MultiInstanceHandler implements SMCCSTALRequestHandler { - - private static Log log = LogFactory.getLog(MultiInstanceHandler.class); - - protected List handlerList = new ArrayList(); - - - - protected MultiInstanceHandler() { - } - - public void registerHandlerInstance(SMCCSTALRequestHandler handler) { - handlerList.add(handler); - } - - public void unregisterHandlerInstance(SMCCSTALRequestHandler handler) { - handlerList.remove(handler); - } - - - @Override - public void init(SignatureCard sc, BKUGUIFacade gui) { - } - - @Override - public SMCCSTALRequestHandler newInstance() { - return this; - } - - @Override - public boolean requireCard() { - return false; - } -} diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/QuitHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/QuitHandler.java deleted file mode 100644 index ab07e1a8..00000000 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/QuitHandler.java +++ /dev/null @@ -1,37 +0,0 @@ -package at.gv.egiz.bku.online.applet; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; -import at.gv.egiz.stal.QuitRequest; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; - -public class QuitHandler extends MultiInstanceHandler { - - private static Log log = LogFactory.getLog(QuitHandler.class); - - private static QuitHandler instance = new QuitHandler(); - - private QuitHandler() { - } - - public static QuitHandler getInstance() { - return instance; - } - - @Override - public STALResponse handleRequest(STALRequest request) { - if (request instanceof QuitRequest) { - log.info("Received QuitCommand"); - for (SMCCSTALRequestHandler handler : handlerList) { - handler.handleRequest(request); - } - } else { - log.error("Unexpected request to handle: " + request); - } - return null; - } - -} diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java index 4a87b8b5..b417fd33 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WebServiceSignRequestHandler.java @@ -16,24 +16,25 @@ */ package at.gv.egiz.bku.online.applet; -import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; -import at.gv.egiz.bku.smccstal.SignRequestHandler; -import at.gv.egiz.stal.HashDataInput; -import at.gv.egiz.stal.impl.ByteArrayHashDataInput; -import at.gv.egiz.stal.service.STALPortType; -import at.gv.egiz.stal.service.types.GetHashDataInputResponseType; -import at.gv.egiz.stal.service.types.GetHashDataInputType; -import at.gv.egiz.stal.signedinfo.DigestMethodType; -import at.gv.egiz.stal.signedinfo.ReferenceType; import java.security.DigestException; import java.security.MessageDigest; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; +import at.gv.egiz.stal.service.STALPortType; +import at.gv.egiz.stal.service.types.GetHashDataInputResponseType; +import at.gv.egiz.stal.service.types.GetHashDataInputType; +import at.gv.egiz.stal.signedinfo.DigestMethodType; +import at.gv.egiz.stal.signedinfo.ReferenceType; + /** * @author clemens */ @@ -159,9 +160,4 @@ public class WebServiceSignRequestHandler extends SignRequestHandler { gui.showHashDataInputDialog(hashDataInputs, this, "ok"); } - - @Override - public SMCCSTALRequestHandler newInstance() { - return new WebServiceSignRequestHandler(this.sessId, this.stalPort); - } } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java index 4330f570..d5702e0e 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java @@ -113,11 +113,6 @@ public class LocalSignRequestHandler extends SignRequestHandler { gui.showHashDataInputDialog(selectedHashDataInputs, this, "ok"); } - @Override - public SMCCSTALRequestHandler newInstance() { - return new LocalSignRequestHandler(); - } - private ByteArrayHashDataInput getByteArrayHashDataInput(HashDataInput hashDataInput) throws IOException { InputStream hdIs = hashDataInput.getHashDataInput(); diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java index 4bc921aa..1bbb2e3c 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java @@ -27,7 +27,7 @@ public class SMCCSTAL extends BKUWorker { public List handleRequest(List requestList) { signatureCard = null; List responses = super.handleRequest(requestList); - //container.setVisible(false); + // container.setVisible(false); return responses; } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java index c5736648..e1d434e3 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java @@ -27,9 +27,6 @@ import javax.swing.WindowConstants; import at.gv.egiz.bku.gui.BKUGUIFacade; import at.gv.egiz.bku.gui.BKUGUIFactory; import at.gv.egiz.bku.online.applet.BKUApplet; -import at.gv.egiz.bku.online.applet.QuitHandler; -import at.gv.egiz.bku.smccstal.AbstractSMCCSTAL; -import at.gv.egiz.stal.QuitRequest; import at.gv.egiz.stal.STAL; import at.gv.egiz.stal.STALFactory; @@ -39,7 +36,7 @@ public class SMCCSTALFactory implements STALFactory { @Override public STAL createSTAL() { - AbstractSMCCSTAL.addRequestHandler(QuitRequest.class, QuitHandler.getInstance()); + SMCCSTAL stal; JDialog dialog; ResourceBundle resourceBundle; diff --git a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java index 54d595fa..23a893b4 100644 --- a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java +++ b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java @@ -181,9 +181,7 @@ public class BKULauncher implements BKUControllerInterface { * @param args */ public static void main(String[] args) { - try { - BKULauncher launcher = new BKULauncher(); launcher.initStart(); launcher.checkConfig(args); diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index 7f3a3b1c..77a3e2ea 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -267,7 +267,7 @@ public abstract class AbstractSignatureCard implements SignatureCard { if (card_ != null) { try { card_.disconnect(reset); - } catch (CardException e) { + } catch (Exception e) { log.info("Error while resetting card", e); } } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java index 3d1fd7c7..15971497 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java @@ -49,11 +49,11 @@ public class SMCCHelper { update(); } - public void update() { + public synchronized void update() { update(-1); } - public void update(int sleep) { + public synchronized void update(int sleep) { SignatureCardFactory factory = SignatureCardFactory.getInstance(); if (useSWCard) { try { @@ -113,7 +113,7 @@ public class SMCCHelper { } } - public SignatureCard getSignatureCard(Locale locale) { + public synchronized SignatureCard getSignatureCard(Locale locale) { if (signatureCard != null) { signatureCard.setLocale(locale); } diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java index b48388db..cf524737 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java @@ -37,19 +37,17 @@ import at.gv.egiz.stal.SignRequest; public abstract class AbstractSMCCSTAL implements STAL { private static Log log = LogFactory.getLog(AbstractSMCCSTAL.class); - + public final static int DEFAULT_MAX_RETRIES = 3; protected Locale locale = Locale.getDefault(); - // protected SMCCHelper smccHelper = new SMCCHelper(); protected SignatureCard signatureCard = null; - protected static Map handlerMap = new HashMap(); - + protected Map handlerMap = new HashMap(); + protected int maxRetries = DEFAULT_MAX_RETRIES; - static { + protected AbstractSMCCSTAL() { addRequestHandler(InfoboxReadRequest.class, new InfoBoxReadRequestHandler()); - // addRequestHandler(SignRequest.class, new SignRequestHandler()); } /** @@ -72,7 +70,7 @@ public abstract class AbstractSMCCSTAL implements STAL { log.info("Processing: " + request.getClass()); int retryCounter = 0; while (retryCounter < maxRetries) { - log.info("Number of retries: "+retryCounter); + log.info("Number of retries: " + retryCounter); SMCCSTALRequestHandler handler = null; handler = handlerMap.get(request.getClass().getSimpleName()); if (handler != null) { @@ -83,7 +81,6 @@ public abstract class AbstractSMCCSTAL implements STAL { } } try { - handler = handler.newInstance(); handler.init(signatureCard, getGUI()); STALResponse response = handler.handleRequest(request); if (response != null) { @@ -91,7 +88,7 @@ public abstract class AbstractSMCCSTAL implements STAL { log.info("Got an error response"); ErrorResponse err = (ErrorResponse) response; if (err.getErrorCode() == 6001) { - retryCounter = Integer.MAX_VALUE-1; + retryCounter = Integer.MAX_VALUE - 1; } if (++retryCounter < maxRetries) { log.info("Retrying"); @@ -128,13 +125,13 @@ public abstract class AbstractSMCCSTAL implements STAL { return responseList; } - public static void addRequestHandler(Class id, + public void addRequestHandler(Class id, SMCCSTALRequestHandler handler) { log.debug("Registering STAL request handler: " + id.getSimpleName()); handlerMap.put(id.getSimpleName(), handler); } - public static SMCCSTALRequestHandler getRequestHandler( + public SMCCSTALRequestHandler getRequestHandler( Class request) { return handlerMap.get(request.getSimpleName()); } @@ -150,5 +147,5 @@ public abstract class AbstractSMCCSTAL implements STAL { public void setMaxRetries(int maxRetries) { this.maxRetries = maxRetries; } - + } diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java index 25085b16..b48d6d50 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/InfoBoxReadRequestHandler.java @@ -133,9 +133,4 @@ public class InfoBoxReadRequestHandler extends AbstractRequestHandler implements } return new String(gui.getPin()); } - - @Override - public SMCCSTALRequestHandler newInstance() { - return new InfoBoxReadRequestHandler(); - } } diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SMCCSTALRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SMCCSTALRequestHandler.java index 6f303f76..94ab7a5b 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SMCCSTALRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SMCCSTALRequestHandler.java @@ -30,6 +30,4 @@ public interface SMCCSTALRequestHandler { public boolean requireCard(); - public SMCCSTALRequestHandler newInstance(); - } -- cgit v1.2.3 From c2ae3db1bc6dcb8ba3eb3461c05e293917c004ca Mon Sep 17 00:00:00 2001 From: mcentner Date: Thu, 30 Oct 2008 10:33:29 +0000 Subject: Updated SMCC to use exclusive access and to throw exceptions upon locked or not activated cards. Improved locale support in the security layer request and response processing. Fixed issue in STAL which prevented the use of RSA-SHA1 signatures. Added additional parameters to the applet test pages. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@128 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../main/java/at/gv/egiz/bku/gui/PinDocument.java | 2 +- .../egiz/bku/online/webapp/BKURequestHandler.java | 20 +- BKUOnline/src/main/webapp/HTTP-ohne.html | 11 +- BKUOnline/src/main/webapp/appletPage.jsp | 29 +- .../at/gv/egiz/stal/util/JCEAlgorithmNames.java | 4 +- .../gv/egiz/bku/binding/HTTPBindingProcessor.java | 3 +- .../gv/egiz/bku/slcommands/SLCommandContext.java | 17 +- .../impl/CreateXMLSignatureCommandImpl.java | 4 +- .../egiz/bku/slcommands/impl/ErrorResultImpl.java | 42 ++- .../slcommands/impl/InfoboxReadCommandImpl.java | 2 +- .../gv/egiz/bku/slcommands/impl/SLResultImpl.java | 8 +- .../bku/slcommands/impl/ErrorResultImplTest.java | 3 +- smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 348 ++++++++++++--------- .../at/gv/egiz/smcc/AbstractSignatureCard.java | 169 +++++++--- .../at/gv/egiz/smcc/FileNotFoundException.java | 38 +++ .../main/java/at/gv/egiz/smcc/LockedException.java | 38 +++ .../at/gv/egiz/smcc/NotActivatedException.java | 44 +++ .../src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 339 ++++++++++++-------- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 79 ++++- .../at/gv/egiz/smcc/SignatureCardException.java | 2 +- .../java/at/gv/egiz/smcc/SignatureCardFactory.java | 223 +++++++++++-- .../java/at/gv/egiz/smcc/util/SmartCardIO.java | 3 +- .../test/java/at/gv/egiz/smcc/STARCOSCardTest.java | 92 ++++++ .../bku/smccstal/InfoBoxReadRequestHandler.java | 8 + .../gv/egiz/bku/smccstal/SignRequestHandler.java | 10 +- 25 files changed, 1149 insertions(+), 389 deletions(-) create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/FileNotFoundException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/LockedException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/NotActivatedException.java create mode 100644 smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java (limited to 'smcc/src/main/java') diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/PinDocument.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/PinDocument.java index 8ae9d7a3..2054ae86 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/PinDocument.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/PinDocument.java @@ -46,7 +46,7 @@ class PINDocument extends PlainDocument { @Override public void insertString(int offs, String str, AttributeSet a) throws BadLocationException { - if (pinSpec.getMaxLength() >= (getLength() + str.length())) { + if (pinSpec.getMaxLength() < 0 || pinSpec.getMaxLength() >= (getLength() + str.length())) { boolean matches = true; for (int i = 0; i < str.length(); i++) { Matcher m = pinPattern.matcher(str.substring(i, i + 1)); diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java index 6f3b9d7f..9092e3f9 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java @@ -44,6 +44,8 @@ import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; */ public class BKURequestHandler extends SpringBKUServlet { + private static final long serialVersionUID = 1L; + public final static String REDIRECT_URL = "appletPage.jsp"; protected Log log = LogFactory.getLog(BKURequestHandler.class); @@ -105,6 +107,8 @@ public class BKURequestHandler extends SpringBKUServlet { String width = getStringFromStream(bindingProcessor.getFormData("appletWidth"), charset); String height = getStringFromStream(bindingProcessor.getFormData("appletHeight"), charset); String background = getStringFromStream(bindingProcessor.getFormData("appletBackground"), charset); + String guiStyle = getStringFromStream(bindingProcessor.getFormData("appletGuiStyle"), charset); + String hashDataDisplay = getStringFromStream(bindingProcessor.getFormData("appletHashDataDisplay"), charset); if (width != null) { try { log.trace("Found applet width parameter: " + width); @@ -124,12 +128,16 @@ public class BKURequestHandler extends SpringBKUServlet { } } if (background != null) { - try { - log.trace("Found applet background parameter: " + background); - session.setAttribute("appletBackground", background); - } catch (NumberFormatException nfe) { - log.warn(nfe); - } + log.trace("Found applet background parameter: " + background); + session.setAttribute("appletBackground", background); + } + if (guiStyle != null) { + log.trace("Found applet GUI style parameter: " + guiStyle); + session.setAttribute("appletGuiStyle", guiStyle); + } + if (hashDataDisplay != null) { + log.trace("Found applet hash data display parameter: " + hashDataDisplay); + session.setAttribute("appletHashDataDisplay", hashDataDisplay); } resp.sendRedirect(REDIRECT_URL); diff --git a/BKUOnline/src/main/webapp/HTTP-ohne.html b/BKUOnline/src/main/webapp/HTTP-ohne.html index 1923113e..044432ce 100644 --- a/BKUOnline/src/main/webapp/HTTP-ohne.html +++ b/BKUOnline/src/main/webapp/HTTP-ohne.html @@ -92,8 +92,17 @@ legend { name="appletHeight" value="130" id="appletHeight">

Applet Background +

+ GUI Style + simple + advanced +

+ GUI Style + external + internal +

- - + diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java index e7fb928a..5e3a1a99 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java @@ -85,7 +85,7 @@ public class STALRequestBrokerImpl implements STALRequestBroker { * @pre requests: either single SignRequest, QuitRequest or multiple ReadInfoboxRequests */ @Override - public List handleRequest(List stalRequests) { + public List handleRequest(List stalRequests) { if (interrupted) { return null; } diff --git a/STAL/src/main/java/at/gv/egiz/stal/STAL.java b/STAL/src/main/java/at/gv/egiz/stal/STAL.java index de29de9a..7fa7cb45 100644 --- a/STAL/src/main/java/at/gv/egiz/stal/STAL.java +++ b/STAL/src/main/java/at/gv/egiz/stal/STAL.java @@ -32,7 +32,7 @@ public interface STAL { * @param aRequestList * @return */ - public List handleRequest(List aRequestList); + public List handleRequest(List aRequestList); /** * Sets the preferred locale for userinteraction (e.g. PIN dialogs). diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java index 9c98ef8a..bec2b253 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandFactory.java @@ -17,6 +17,7 @@ package at.gv.egiz.bku.slcommands; import java.io.IOException; +import java.io.Reader; import java.net.URL; import java.util.HashMap; import java.util.Map; @@ -41,10 +42,12 @@ import org.apache.commons.logging.LogFactory; import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; +import at.buergerkarte.namespaces.cardchannel.ObjectFactory; import at.gv.egiz.bku.slexceptions.SLCommandException; import at.gv.egiz.bku.slexceptions.SLExceptionMessages; import at.gv.egiz.bku.slexceptions.SLRequestException; import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.bku.utils.DebugReader; import at.gv.egiz.slbinding.RedirectEventFilter; import at.gv.egiz.slbinding.RedirectUnmarshallerListener; @@ -163,8 +166,9 @@ public class SLCommandFactory { if (jaxbContext == null) { try { String slPkg = at.buergerkarte.namespaces.securitylayer._1.ObjectFactory.class.getPackage().getName(); - String xmldsigPkg = org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName(); - setJaxbContext(JAXBContext.newInstance(slPkg + ":" + xmldsigPkg)); + String xmldsigPkg = org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName(); + String cardChannelPkg = at.buergerkarte.namespaces.cardchannel.ObjectFactory.class.getPackage().getName(); + setJaxbContext(JAXBContext.newInstance(slPkg + ":" + xmldsigPkg + ":" + cardChannelPkg)); } catch (JAXBException e) { log.error("Failed to setup JAXBContext security layer request.", e); throw new SLRuntimeException(e); @@ -325,12 +329,31 @@ public class SLCommandFactory { */ @SuppressWarnings("unchecked") public SLCommand createSLCommand(Source source, SLCommandContext context) - throws SLCommandException, SLRuntimeException, SLRequestException { + throws SLCommandException, SLRuntimeException, SLRequestException { + + DebugReader dr = null; + if (log.isTraceEnabled() && source instanceof StreamSource) { + StreamSource streamSource = (StreamSource) source; + if (streamSource.getReader() != null) { + dr = new DebugReader(streamSource.getReader(), "SLCommand unmarshalled from:\n"); + streamSource.setReader(dr); + } + } - Object object = unmarshal(source); + Object object; + try { + object = unmarshal(source); + } catch (SLRequestException e) { + throw e; + } finally { + if (dr != null) { + log.trace(dr.getCachedString()); + } + } + if (!(object instanceof JAXBElement)) { // invalid request - log.info("Invalid security layer request. " + object.toString()); + log.info("Invalid security layer request. " + object.toString()); throw new SLRequestException(3002, SLExceptionMessages.EC3002_INVALID, new Object[]{object.toString()}); } @@ -343,7 +366,9 @@ public class SLCommandFactory { throw new SLCommandException(4011, SLExceptionMessages.EC4011_NOTIMPLEMENTED, new Object[]{qName.toString()}); } - + + + // try to instantiate SLCommand slCommand; try { @@ -360,6 +385,7 @@ public class SLCommandFactory { e); throw new SLRuntimeException(e); } + slCommand.init(context, (JAXBElement) object); return slCommand; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java index 07ca639c..23394bd5 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractBinaryFileInfobox.java @@ -37,7 +37,7 @@ public abstract class AbstractBinaryFileInfobox extends AbstractInfoboxImpl impl /** * Is this infobox' content an XML entity? */ - private boolean isXMLEntity = false; + protected boolean isXMLEntity = false; /** * @return true if this infobox' content is an XML entity or false otherwise. @@ -61,8 +61,6 @@ public abstract class AbstractBinaryFileInfobox extends AbstractInfoboxImpl impl } } - - } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java index 305769a8..8a7edb71 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxCommandImpl.java @@ -52,4 +52,13 @@ public abstract class AbstractInfoboxCommandImpl extends SLCommandImpl { */ protected abstract String getInfoboxIdentifier(T request); + + public String getInfoboxIdentifier() { + if (infobox != null) { + return infobox.getIdentifier(); + } else { + return null; + } + } + } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java index e5c7afcc..564cb8ff 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/AbstractInfoboxImpl.java @@ -16,6 +16,13 @@ */ package at.gv.egiz.bku.slcommands.impl; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxUpdateRequestType; +import at.gv.egiz.bku.slcommands.InfoboxReadResult; +import at.gv.egiz.bku.slcommands.InfoboxUpdateResult; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slexceptions.SLCommandException; + /** * An abstract base class for {@link Infobox} implementations. * @@ -23,4 +30,16 @@ package at.gv.egiz.bku.slcommands.impl; */ public abstract class AbstractInfoboxImpl implements Infobox { + @Override + public InfoboxReadResult read(InfoboxReadRequestType request, + SLCommandContext cmdCtx) throws SLCommandException { + throw new SLCommandException(4011); + } + + @Override + public InfoboxUpdateResult update(InfoboxUpdateRequestType request, + SLCommandContext cmdCtx) throws SLCommandException { + throw new SLCommandException(4011); + } + } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CardChannelInfoboxImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CardChannelInfoboxImpl.java new file mode 100644 index 00000000..4b1cc779 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CardChannelInfoboxImpl.java @@ -0,0 +1,235 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.slcommands.impl; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.UnsupportedEncodingException; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.WeakHashMap; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.buergerkarte.namespaces.cardchannel.ATRType; +import at.buergerkarte.namespaces.cardchannel.CommandAPDUType; +import at.buergerkarte.namespaces.cardchannel.ObjectFactory; +import at.buergerkarte.namespaces.cardchannel.ResetType; +import at.buergerkarte.namespaces.cardchannel.ResponseAPDUType; +import at.buergerkarte.namespaces.cardchannel.ResponseType; +import at.buergerkarte.namespaces.cardchannel.ScriptType; +import at.buergerkarte.namespaces.cardchannel.VerifyAPDUType; +import at.buergerkarte.namespaces.securitylayer._1.Base64XMLContentType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxReadRequestType; +import at.buergerkarte.namespaces.securitylayer._1.InfoboxUpdateRequestType; +import at.buergerkarte.namespaces.securitylayer._1.XMLContentType; +import at.gv.egiz.bku.slcommands.InfoboxReadResult; +import at.gv.egiz.bku.slcommands.InfoboxUpdateResult; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slexceptions.SLCommandException; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.ext.APDUScriptRequest; +import at.gv.egiz.stal.ext.APDUScriptResponse; +import at.gv.egiz.stal.ext.APDUScriptRequest.RequestScriptElement; +import at.gv.egiz.stal.ext.APDUScriptResponse.ResponseScriptElement; + +public class CardChannelInfoboxImpl extends AbstractBinaryFileInfobox { + + private static Log log = LogFactory.getLog(CardChannelInfoboxImpl.class); + + private static WeakHashMap> scriptResults = new WeakHashMap>(); + + private static JAXBContext jaxbContext; + + static { + try { + jaxbContext = JAXBContext.newInstance(ObjectFactory.class.getPackage().getName()); + } catch (JAXBException e) { + throw new SLRuntimeException("Failed to initalize CardChannel infobox.", e); + } + } + + public CardChannelInfoboxImpl() { + isXMLEntity = true; + } + + @Override + public String getIdentifier() { + return "CardChannel"; + } + + @Override + public InfoboxReadResult read(InfoboxReadRequestType request, + SLCommandContext cmdCtx) throws SLCommandException { + + at.buergerkarte.namespaces.securitylayer._1.ObjectFactory objectFactory + = new at.buergerkarte.namespaces.securitylayer._1.ObjectFactory(); + + Base64XMLContentType content = objectFactory.createBase64XMLContentType(); + XMLContentType xmlContent = objectFactory.createXMLContentType(); + content.setXMLContent(xmlContent); + + JAXBElement response = scriptResults.get(cmdCtx.getSTAL()); + if (response != null) { + xmlContent.getContent().add(response); + } + + return new InfoboxReadResultImpl(content); + + } + + @SuppressWarnings("unchecked") + @Override + public InfoboxUpdateResult update(InfoboxUpdateRequestType request, + SLCommandContext cmdCtx) throws SLCommandException { + + Base64XMLContentType binaryFileParameters = request.getBinaryFileParameters(); + + if (binaryFileParameters.getBase64Content() != null) { + log.info("Got Base64Content but ContentIsXMLEntity is true."); + throw new SLCommandException(4010); + } + + XMLContentType content = binaryFileParameters.getXMLContent(); + if (content instanceof at.gv.egiz.slbinding.impl.XMLContentType) { + + ByteArrayOutputStream redirectedStream = ((at.gv.egiz.slbinding.impl.XMLContentType) content).getRedirectedStream(); + if (redirectedStream != null) { + + if (log.isDebugEnabled()) { + + StringBuilder sb = new StringBuilder(); + sb.append("CardChannel script:\n"); + try { + sb.append(new String(redirectedStream.toByteArray(), "UTF-8")); + } catch (UnsupportedEncodingException e) { + sb.append(e.getMessage()); + } + log.debug(sb.toString()); + } + + Object object; + try { + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + object = unmarshaller.unmarshal(new ByteArrayInputStream(redirectedStream.toByteArray())); + } catch (JAXBException e) { + log.info("Failed to parse CardChannel script.", e); + throw new SLCommandException(4011); + } + + if (object instanceof JAXBElement) { + executeCardChannelScript(((JAXBElement) object).getValue(), cmdCtx); + return new InfoboxUpdateResultImpl(); + } + + } + + + } + log.info("Infobox identifier is '" + getIdentifier() + "' but XMLContent does not contain 'Script'."); + throw new SLCommandException(4010); + + } + + protected void executeCardChannelScript(ScriptType script, + SLCommandContext cmdCtx) throws SLCommandException { + + List

Signatur der Anmeldedaten

Mit meiner elektronischen Signatur beantrage ich, + + , geboren am . . , in der Rolle als (OID***= ), den Zugang zur gesicherten Anwendung.

Datum und Uhrzeit: . . , : + : +

HPI(**):

wbPK(*):

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. +
wbPK(*) des Vollmachtgebers:
+ +

wbPK(*) des Vollmachtgebers:

Signatur der Anmeldedaten

Mit meiner elektronischen Signatur beantrage ich, + + , geboren am . . , in der Rolle als (OID***= ), den Zugang zur gesicherten Anwendung.

Datum und Uhrzeit: . . , : + : +

HPI(**):

wbPK(*):

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. +
wbPK(*) des Vollmachtgebers:
+ +

wbPK(*) des Vollmachtgebers:

() wbPK: Das wirtschaftsbereichsspezifische + Personenkennzeichen* wird aus den jeweiligen + Stammzahlen des Bürgers und des Wirtschaftsunternehmens + berechnet und ermöglicht eine eindeutige Zuordnung des + Bürgers zum Wirtschaftsunternehmen.

(**) HPI: Der eHealth Professional Identifier + wird aus den jeweiligen Stammzahlen der + Gesundheitsdiensteanbieterinnen / + Gesundheitsdiensteanbieter berechnet und ermöglicht eine + eindeutige Zuordnung der Gesundheitsdiensteanbieterin / + des Gesundheitsdiensteanbieters im + Gesundheitsbereich.

(***) OID: Object Identifier sind standardisierte + Objekt-Bezeichner und beschreiben eindeutig die Rollen + des GDA-Token Inhabers.

Online-Hilfe

Die Karte wird nicht unterstützt

Online-Hilfe

Die Karte wird nicht unterstützt

Online-Hilfe

Bitte die Bürgerkarte in den Kartenleser stecken

Online-Hilfe

Bitte warten ...

Online-Hilfe

Willkommen

Online-Hilfe

Bitte die Bürgerkarte in den Kartenleser stecken

Online-Hilfe

Bitte warten ...

Online-Hilfe

Willkommen

Signatur der Anmeldedaten

Mit meiner elektronischen Signatur beantrage ich, + + , geboren am . . , in der Rolle als (OID***= ), den Zugang zur gesicherten Anwendung.

Datum und Uhrzeit: . . , : + : +

HPI(**):

wbPK(*):

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. + wbPK(*) des Vollmachtgebers: + +

wbPK(*) des Vollmachtgebers:

Signatur der Anmeldedaten

Mit meiner elektronischen Signatur beantrage ich, + + , geboren am . . , in der Rolle als (OID***= ), den Zugang zur gesicherten Anwendung.

Datum und Uhrzeit: . . , : + : +

HPI(**):

wbPK(*):

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. + wbPK(*) des Vollmachtgebers: + +

wbPK(*) des Vollmachtgebers:

(*) wbPK: Das wirtschaftsbereichsspezifische + Personenkennzeichen wird aus den jeweiligen + Stammzahlen des Bürgers und des Wirtschaftsunternehmens + berechnet und ermöglicht eine eindeutige Zuordnung des + Bürgers zum Wirtschaftsunternehmen.

(***) OID: Object Identifier sind standardisierte + Objekt-Bezeichner und beschreiben eindeutig die Rollen + des GDA-Token Inhabers.

Online-Hilfe

Die Karte wird nicht unterstützt

Online-Hilfe

Die Karte wird nicht unterstützt

Online-Hilfe

Bitte die Bürgerkarte in den Kartenleser stecken

Online-Hilfe

Bitte warten ...

Online-Hilfe

Willkommen

Online-Hilfe

Bitte die Bürgerkarte in den Kartenleser stecken

Online-Hilfe

Bitte warten ...

Online-Hilfe

Willkommen

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. +
wbPK(*) des Vollmachtgebers:
+ +

Ich bin weiters ermächtigt als von + , geboren am . . + + , + , in deren Auftrag zu handeln. +
wbPK(*) des Vollmachtgebers:
+ +

() wbPK: Das wirtschaftsbereichsspezifische + Personenkennzeichen* wird aus den jeweiligen + Stammzahlen des Bürgers und des Wirtschaftsunternehmens + berechnet und ermöglicht eine eindeutige Zuordnung des + Bürgers zum Wirtschaftsunternehmen.