From 1103be1b14d0ad771386438696cd39bede15c6f6 Mon Sep 17 00:00:00 2001 From: clemenso Date: Tue, 20 Jul 2010 13:06:01 +0000 Subject: Issue #MOCCA-746 - QuoVadis SuisseID integration git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@788 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 4 - .../at/gv/egiz/smcc/AbstractSignatureCard.java | 13 +- smcc/src/main/java/at/gv/egiz/smcc/BELPICCard.java | 7 - smcc/src/main/java/at/gv/egiz/smcc/EstEIDCard.java | 4 - smcc/src/main/java/at/gv/egiz/smcc/ITCard.java | 7 - smcc/src/main/java/at/gv/egiz/smcc/PtEidCard.java | 4 - .../src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 7 - .../java/at/gv/egiz/smcc/SignatureCardFactory.java | 17 +- .../main/java/at/gv/egiz/smcc/SuisseIDCard.java | 326 +++++++++++++++++++++ .../main/java/at/gv/egiz/smcc/SwissSignIDCard.java | 303 ------------------- 10 files changed, 343 insertions(+), 349 deletions(-) create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SuisseIDCard.java delete mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SwissSignIDCard.java (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java index bb913c67..febb8677 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -113,10 +113,6 @@ public class ACOSCard extends AbstractSignatureCard implements PINMgmtSignatureC */ protected int appVersion = -1; - public ACOSCard() { - super("at/gv/egiz/smcc/ACOSCard"); - } - @Override public void init(Card card, CardTerminal cardTerminal) { super.init(card, cardTerminal); diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index 73dadceb..ecf08c54 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -33,17 +33,13 @@ public abstract class AbstractSignatureCard implements SignatureCard { private final Logger log = LoggerFactory.getLogger(AbstractSignatureCard.class); - private ResourceBundle i18n; - private String resourceBundleName; - private Locale locale = Locale.getDefault(); private Card card_; protected CardReader reader; - protected AbstractSignatureCard(String resourceBundleName) { - this.resourceBundleName = resourceBundleName; + protected AbstractSignatureCard() { } protected String toString(byte[] b) { @@ -83,13 +79,6 @@ public abstract class AbstractSignatureCard implements SignatureCard { this.locale = locale; } - protected ResourceBundle getResourceBundle() { - if (i18n == null) { - i18n = ResourceBundle.getBundle(resourceBundleName, locale); - } - return i18n; - } - @Override public void disconnect(boolean reset) { log.debug("Disconnect called"); diff --git a/smcc/src/main/java/at/gv/egiz/smcc/BELPICCard.java b/smcc/src/main/java/at/gv/egiz/smcc/BELPICCard.java index bd42f47c..e9f0db83 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/BELPICCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/BELPICCard.java @@ -68,13 +68,6 @@ public class BELPICCard extends AbstractSignatureCard implements SignatureCard { new PinInfo(4, 12, "[0-9]", "at/gv/egiz/smcc/BELPICCard", "sig.pin", KID, DF_BELPIC, PinInfo.UNKNOWN_RETRIES); - /** - * Creates a new instance. - */ - public BELPICCard() { - super("at/gv/egiz/smcc/BelpicCard"); - } - @Override @Exclusive public byte[] getCertificate(KeyboxName keyboxName) diff --git a/smcc/src/main/java/at/gv/egiz/smcc/EstEIDCard.java b/smcc/src/main/java/at/gv/egiz/smcc/EstEIDCard.java index 9d889d79..f32109c9 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/EstEIDCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/EstEIDCard.java @@ -50,10 +50,6 @@ public class EstEIDCard extends AbstractSignatureCard { private static final PinInfo QS_PIN_SPEC = new PinInfo(5, 12, "[0-9]", "at/gv/egiz/smcc/EstEIDCard", "qs.pin", KID_PIN_2, DF, PinInfo.UNKNOWN_RETRIES); - public EstEIDCard() { - super("at/gv/egiz/smcc/EstEIDCard"); - } - @Override public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException, InterruptedException { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ITCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ITCard.java index 9ed65d53..357fc845 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ITCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ITCard.java @@ -52,13 +52,6 @@ public class ITCard extends AbstractSignatureCard { "at/gv/egiz/smcc/ITCard", "sig.pin", (byte) 0x10, new byte[] { (byte) 0x11, (byte) 0x00 }, PinInfo.UNKNOWN_RETRIES); - /** - * Creates a new instance. - */ - public ITCard() { - super("at/gv/egiz/smcc/ITCard"); - } - @Override @Exclusive public byte[] getCertificate(KeyboxName keyboxName) diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PtEidCard.java b/smcc/src/main/java/at/gv/egiz/smcc/PtEidCard.java index 8bd49e01..f9f9af9e 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PtEidCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PtEidCard.java @@ -62,10 +62,6 @@ public class PtEidCard extends AbstractSignatureCard { new PinInfo(4, 4, "[0-9]", "at/gv/egiz/smcc/PtEidCard", "sig.pin", (byte) 0x82, DF_ISSUES, PinInfo.UNKNOWN_RETRIES); - protected PtEidCard() { - super("at/gv/egiz/smcc/PtEidCard"); - } - @Override public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException, InterruptedException { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index 7eb86601..d619dc39 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -137,13 +137,6 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu protected PinInfo cardPinInfo; protected PinInfo ssPinInfo; - /** - * Creates a new instance. - */ - public STARCOSCard() { - super("at/gv/egiz/smcc/STARCOSCard"); - } - /* (non-Javadoc) * @see at.gv.egiz.smcc.AbstractSignatureCard#init(javax.smartcardio.Card, javax.smartcardio.CardTerminal) */ diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java index c57b8c3a..efb99820 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java @@ -393,8 +393,23 @@ public class SignatureCardFactory { (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff}, - "at.gv.egiz.smcc.SwissSignIDCard")); + "at.gv.egiz.smcc.SuisseIDCard")); + supportedCards.add(new SupportedCard( + // ATR 3b:f2:18:00:02:c1:0a:31:fe:58:c8:08:74 + new byte[] { (byte) 0x3b, (byte) 0xf2, (byte) 0x18, + (byte) 0x00, (byte) 0x02, (byte) 0xc1, (byte) 0x0a, + (byte) 0x31, (byte) 0xfe, (byte) 0x58, (byte) 0xc8, + (byte) 0x08, (byte) 0x74}, + // mask + new byte[] { + (byte) 0xff, (byte) 0xff, (byte) 0xff, + (byte) 0xff, (byte) 0xff, (byte) 0xff, + (byte) 0xff, (byte) 0xff, (byte) 0xff, + (byte) 0xff, (byte) 0xff, (byte) 0xff, + (byte) 0xff}, + "at.gv.egiz.smcc.SuisseIDCard")); + } /** diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SuisseIDCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SuisseIDCard.java new file mode 100644 index 00000000..f0f78318 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SuisseIDCard.java @@ -0,0 +1,326 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + + +package at.gv.egiz.smcc; + +import at.gv.egiz.smcc.pin.gui.PINGUI; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import javax.smartcardio.ATR; + +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.smcc.util.ISO7816Utils; +import at.gv.egiz.smcc.util.SMCCHelper; +import javax.smartcardio.Card; +import javax.smartcardio.CardTerminal; + +public class SuisseIDCard extends AbstractSignatureCard implements SignatureCard { + + /** + * Logging facility. + */ + private final Logger log = LoggerFactory.getLogger(SuisseIDCard.class); + + public static final byte[] MF = new byte[] { (byte) 0x3F, (byte) 0x00 }; + + public static final byte[] AID_SIG = new byte[] { (byte) 0xd2, (byte) 0x76, + (byte) 0x00, (byte) 0x00, (byte) 0x66, (byte) 0x01 }; + + public static final byte[] PATH_SIGN_CERT = new byte[] { (byte) 0x3F, + (byte) 0x00, (byte) 0x50, (byte) 0x15, (byte) 0x43, (byte) 0x04, + (byte) 0x43, (byte) 0x05 }; + + public static final byte KID = (byte) 0x81; + + protected PinInfo pinInfo; + protected String name = "SuisseID"; + + @Override + public void init(Card card, CardTerminal cardTerminal) { + super.init(card, cardTerminal); + + byte[] atr = card.getATR().getBytes(); + if (atr[11] == 'S' && + atr[12] == 'w' && + atr[13] == 'i' && + atr[14] == 's' && + atr[15] == 's' && + atr[16] == 'S' && + atr[17] == 'i' && + atr[18] == 'g' && + atr[19] == 'n') { + name = "SwissSign SuisseID"; + pinInfo = new PinInfo(5, 12, "[0-9]", + "at/gv/egiz/smcc/SwissSignIDCard", "pin", KID, AID_SIG, PinInfo.UNKNOWN_RETRIES); + + } else { + name = "QuoVadis SuisseID"; + pinInfo = new PinInfo(6, 12, "[0-9]", + "at/gv/egiz/smcc/QuoVadisIDCard", "pin", KID, AID_SIG, PinInfo.UNKNOWN_RETRIES); + } + + log.debug("initializing {} for ATR {}", name, toString(atr)); + } + + @Override + public String toString() { + return name; + } + + @Override + @Exclusive + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException { + + if (keyboxName != KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + throw new IllegalArgumentException("Keybox " + keyboxName + + " not supported"); + } + + try { + CardChannel channel = getCardChannel(); + // SELECT MF + execSELECT_PATH(channel, PATH_SIGN_CERT); + // READ BINARY + byte[] certificate = ISO7816Utils.readTransparentFileTLV(channel, -1, (byte) 0x30); + if (certificate == null) { + throw new NotActivatedException(); + } + return certificate; + } catch (FileNotFoundException e) { + throw new NotActivatedException(); + } catch (CardException e) { + log.info("Failed to get certificate.", e); + throw new SignatureCardException(e); + } + + } + + @Override + @Exclusive + public byte[] getInfobox(String infobox, PINGUI provider, String domainId) + throws SignatureCardException, InterruptedException { + + throw new IllegalArgumentException("Infobox '" + infobox + + "' not supported."); + } + + @Override + @Exclusive + public byte[] createSignature(InputStream input, KeyboxName keyboxName, + PINGUI provider, String alg) throws SignatureCardException, InterruptedException, IOException { + + if (KeyboxName.SECURE_SIGNATURE_KEYPAIR != keyboxName) { + throw new SignatureCardException("Card does not support key " + keyboxName + "."); + } + if (!"http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg)) { + throw new SignatureCardException("Card does not support algorithm " + alg + "."); + } + + MessageDigest md; + try { + md = MessageDigest.getInstance("SHA-1"); + } catch (NoSuchAlgorithmException e) { + log.error("Failed to get MessageDigest.", e); + throw new SignatureCardException(e); + } + // calculate message digest + byte[] digest = new byte[md.getDigestLength()]; + for (int l; (l = input.read(digest)) != -1;) { + md.update(digest, 0, l); + } + digest = md.digest(); + + byte[] oid = new byte[] { (byte) 0x30, (byte) 0x21, (byte) 0x30, + (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2b, + (byte) 0x0e, (byte) 0x03, (byte) 0x02, (byte) 0x1a, + (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x14 }; + + ByteArrayOutputStream data = new ByteArrayOutputStream(); + + try { + // oid + data.write(oid); + // hash + data.write(digest); + } catch (IOException e) { + throw new SignatureCardException(e); + } + + try { + + CardChannel channel = getCardChannel(); + + // SELECT AID + execSELECT_AID(channel, AID_SIG); + // MANAGE SECURITY ENVIRONMENT : RESTORE SE + execMSE_RESOTRE(channel, 0x01); + // VERIFY + verifyPINLoop(channel, pinInfo, provider); + // PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATURE + return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel, data.toByteArray()); + + } catch (CardException e) { + log.warn("Failed to execute command.", e); + throw new SignatureCardException("Failed to access card.", e); + } + + } + + protected void verifyPINLoop(CardChannel channel, PinInfo spec, + PINGUI provider) throws LockedException, NotActivatedException, + SignatureCardException, InterruptedException, CardException { + + int retries = -1; //verifyPIN(channel, spec, null, -1); + do { + retries = verifyPIN(channel, spec, provider, retries); + } while (retries > 0); + } + + protected int verifyPIN(CardChannel channel, PinInfo pinSpec, + PINGUI provider, int retries) throws SignatureCardException, + LockedException, NotActivatedException, InterruptedException, + CardException { + + VerifyAPDUSpec apduSpec = new VerifyAPDUSpec( + new byte[] { + (byte) 0x00, (byte) 0x20, (byte) 0x00, pinSpec.getKID()}, + 0, VerifyAPDUSpec.PIN_FORMAT_ASCII, 0); + + ResponseAPDU resp = reader.verify(channel, apduSpec, provider, pinSpec, retries); + + if (resp.getSW() == 0x9000) { + return -1; + } + if (resp.getSW() >> 4 == 0x63c) { + return 0x0f & resp.getSW(); + } + + switch (resp.getSW()) { + case 0x6983: + // authentication method blocked + throw new LockedException(); + case 0x6984: + // reference data not usable + throw new NotActivatedException(); + case 0x6985: + // conditions of use not satisfied + throw new NotActivatedException(); + + default: + String msg = "VERIFY failed. SW=" + Integer.toHexString(resp.getSW()); + log.info(msg); + throw new SignatureCardException(msg); + } + + } + + protected byte[] execSELECT_AID(CardChannel channel, byte[] aid) + throws SignatureCardException, CardException { + + ResponseAPDU resp = channel.transmit( + new CommandAPDU(0x00, 0xA4, 0x04, 0x00, aid, 256)); + + if (resp.getSW() == 0x6A82) { + String msg = "File or application not found AID=" + + SMCCHelper.toString(aid) + " SW=" + + Integer.toHexString(resp.getSW()) + "."; + log.info(msg); + throw new FileNotFoundException(msg); + } else if (resp.getSW() != 0x9000) { + String msg = "Failed to select application FID=" + + SMCCHelper.toString(aid) + " SW=" + + Integer.toHexString(resp.getSW()) + "."; + log.error(msg); + throw new SignatureCardException(msg); + } else { + return resp.getBytes(); + } + + } + + protected byte[] execSELECT_PATH(CardChannel channel, byte[] path) + throws SignatureCardException, CardException { + + int p1 = (path.length > 1 && path[0] == 0x3F && path[1] == 0x00) ? 0x08 : 0x09; + + ResponseAPDU resp = channel.transmit( + new CommandAPDU(0x00, 0xA4, p1, 0x00, path, 256)); + + if (resp.getSW() == 0x6A82) { + String msg = "File or application not found PATH=" + + SMCCHelper.toString(path) + " SW=" + + Integer.toHexString(resp.getSW()) + "."; + log.info(msg); + throw new FileNotFoundException(msg); + } else if (resp.getSW() != 0x9000) { + String msg = "Failed to select PATH=" + + SMCCHelper.toString(path) + " SW=" + + Integer.toHexString(resp.getSW()) + "."; + log.error(msg); + throw new SignatureCardException(msg); + } else { + return resp.getBytes(); + } + + } + + + protected void execMSE_RESOTRE(CardChannel channel, int seid) + throws CardException, SignatureCardException { + ResponseAPDU resp = channel.transmit( + new CommandAPDU(0x00, 0x22, 0xf3, seid)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("MSE:RESTORE failed: SW=" + + Integer.toHexString(resp.getSW())); + } + } + + protected byte[] execPSO_COMPUTE_DIGITAL_SIGNATURE(CardChannel channel, byte[] hash) + throws CardException, SignatureCardException { + ResponseAPDU resp; + resp = channel.transmit( + new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, hash, 256)); + if (resp.getSW() == 0x6982) { + throw new SecurityStatusNotSatisfiedException(); + } else if (resp.getSW() == 0x6983) { + throw new LockedException(); + } else if (resp.getSW() != 0x9000) { + throw new SignatureCardException( + "PSO: COMPUTE DIGITAL SIGNATRE failed: SW=" + + Integer.toHexString(resp.getSW())); + } else { + return resp.getData(); + } + } + + + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SwissSignIDCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SwissSignIDCard.java deleted file mode 100644 index f2eea0ae..00000000 --- a/smcc/src/main/java/at/gv/egiz/smcc/SwissSignIDCard.java +++ /dev/null @@ -1,303 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ - - -package at.gv.egiz.smcc; - -import at.gv.egiz.smcc.pin.gui.PINGUI; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; - -import javax.smartcardio.CardChannel; -import javax.smartcardio.CardException; -import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.gv.egiz.smcc.util.ISO7816Utils; -import at.gv.egiz.smcc.util.SMCCHelper; - -public class SwissSignIDCard extends AbstractSignatureCard implements SignatureCard { - - /** - * Logging facility. - */ - private final Logger log = LoggerFactory.getLogger(SwissSignIDCard.class); - - public static final byte[] MF = new byte[] { (byte) 0x3F, (byte) 0x00 }; - - public static final byte[] AID_SIG = new byte[] { (byte) 0xd2, (byte) 0x76, - (byte) 0x00, (byte) 0x00, (byte) 0x66, (byte) 0x01 }; - - public static final byte[] PATH_SIGN_CERT = new byte[] { (byte) 0x3F, - (byte) 0x00, (byte) 0x50, (byte) 0x15, (byte) 0x43, (byte) 0x04, - (byte) 0x43, (byte) 0x05 }; - - public static final byte KID = (byte) 0x81; - - protected PinInfo pinInfo = - new PinInfo(5, 12, "[0-9]", - "at/gv/egiz/smcc/SwissSignIDCard", "pin", KID, AID_SIG, PinInfo.UNKNOWN_RETRIES); - - /** - * Creates a new instance. - */ - public SwissSignIDCard() { - super("at/gv/egiz/smcc/SwissSignIDCard"); - } - - @Override - @Exclusive - public byte[] getCertificate(KeyboxName keyboxName) - throws SignatureCardException { - - if (keyboxName != KeyboxName.SECURE_SIGNATURE_KEYPAIR) { - throw new IllegalArgumentException("Keybox " + keyboxName - + " not supported"); - } - - try { - CardChannel channel = getCardChannel(); - // SELECT MF - execSELECT_PATH(channel, PATH_SIGN_CERT); - // READ BINARY - byte[] certificate = ISO7816Utils.readTransparentFileTLV(channel, -1, (byte) 0x30); - if (certificate == null) { - throw new NotActivatedException(); - } - return certificate; - } catch (FileNotFoundException e) { - throw new NotActivatedException(); - } catch (CardException e) { - log.info("Failed to get certificate.", e); - throw new SignatureCardException(e); - } - - } - - @Override - @Exclusive - public byte[] getInfobox(String infobox, PINGUI provider, String domainId) - throws SignatureCardException, InterruptedException { - - throw new IllegalArgumentException("Infobox '" + infobox - + "' not supported."); - } - - @Override - @Exclusive - public byte[] createSignature(InputStream input, KeyboxName keyboxName, - PINGUI provider, String alg) throws SignatureCardException, InterruptedException, IOException { - - if (KeyboxName.SECURE_SIGNATURE_KEYPAIR != keyboxName) { - throw new SignatureCardException("Card does not support key " + keyboxName + "."); - } - if (!"http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(alg)) { - throw new SignatureCardException("Card does not support algorithm " + alg + "."); - } - - MessageDigest md; - try { - md = MessageDigest.getInstance("SHA-1"); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to get MessageDigest.", e); - throw new SignatureCardException(e); - } - // calculate message digest - byte[] digest = new byte[md.getDigestLength()]; - for (int l; (l = input.read(digest)) != -1;) { - md.update(digest, 0, l); - } - digest = md.digest(); - - byte[] oid = new byte[] { (byte) 0x30, (byte) 0x21, (byte) 0x30, - (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2b, - (byte) 0x0e, (byte) 0x03, (byte) 0x02, (byte) 0x1a, - (byte) 0x05, (byte) 0x00, (byte) 0x04, (byte) 0x14 }; - - ByteArrayOutputStream data = new ByteArrayOutputStream(); - - try { - // oid - data.write(oid); - // hash - data.write(digest); - } catch (IOException e) { - throw new SignatureCardException(e); - } - - try { - - CardChannel channel = getCardChannel(); - - // SELECT AID - execSELECT_AID(channel, AID_SIG); - // MANAGE SECURITY ENVIRONMENT : RESTORE SE - execMSE_RESOTRE(channel, 0x01); - // VERIFY - verifyPINLoop(channel, pinInfo, provider); - // PERFORM SECURITY OPERATION : COMPUTE DIGITAL SIGNATURE - return execPSO_COMPUTE_DIGITAL_SIGNATURE(channel, data.toByteArray()); - - } catch (CardException e) { - log.warn("Failed to execute command.", e); - throw new SignatureCardException("Failed to access card.", e); - } - - } - - public String toString() { - return "Belpic Card"; - } - - protected void verifyPINLoop(CardChannel channel, PinInfo spec, - PINGUI provider) throws LockedException, NotActivatedException, - SignatureCardException, InterruptedException, CardException { - - int retries = -1; //verifyPIN(channel, spec, null, -1); - do { - retries = verifyPIN(channel, spec, provider, retries); - } while (retries > 0); - } - - protected int verifyPIN(CardChannel channel, PinInfo pinSpec, - PINGUI provider, int retries) throws SignatureCardException, - LockedException, NotActivatedException, InterruptedException, - CardException { - - VerifyAPDUSpec apduSpec = new VerifyAPDUSpec( - new byte[] { - (byte) 0x00, (byte) 0x20, (byte) 0x00, pinSpec.getKID()}, - 0, VerifyAPDUSpec.PIN_FORMAT_ASCII, 0); - - ResponseAPDU resp = reader.verify(channel, apduSpec, provider, pinSpec, retries); - - if (resp.getSW() == 0x9000) { - return -1; - } - if (resp.getSW() >> 4 == 0x63c) { - return 0x0f & resp.getSW(); - } - - switch (resp.getSW()) { - case 0x6983: - // authentication method blocked - throw new LockedException(); - case 0x6984: - // reference data not usable - throw new NotActivatedException(); - case 0x6985: - // conditions of use not satisfied - throw new NotActivatedException(); - - default: - String msg = "VERIFY failed. SW=" + Integer.toHexString(resp.getSW()); - log.info(msg); - throw new SignatureCardException(msg); - } - - } - - protected byte[] execSELECT_AID(CardChannel channel, byte[] aid) - throws SignatureCardException, CardException { - - ResponseAPDU resp = channel.transmit( - new CommandAPDU(0x00, 0xA4, 0x04, 0x00, aid, 256)); - - if (resp.getSW() == 0x6A82) { - String msg = "File or application not found AID=" - + SMCCHelper.toString(aid) + " SW=" - + Integer.toHexString(resp.getSW()) + "."; - log.info(msg); - throw new FileNotFoundException(msg); - } else if (resp.getSW() != 0x9000) { - String msg = "Failed to select application FID=" - + SMCCHelper.toString(aid) + " SW=" - + Integer.toHexString(resp.getSW()) + "."; - log.error(msg); - throw new SignatureCardException(msg); - } else { - return resp.getBytes(); - } - - } - - protected byte[] execSELECT_PATH(CardChannel channel, byte[] path) - throws SignatureCardException, CardException { - - int p1 = (path.length > 1 && path[0] == 0x3F && path[1] == 0x00) ? 0x08 : 0x09; - - ResponseAPDU resp = channel.transmit( - new CommandAPDU(0x00, 0xA4, p1, 0x00, path, 256)); - - if (resp.getSW() == 0x6A82) { - String msg = "File or application not found PATH=" - + SMCCHelper.toString(path) + " SW=" - + Integer.toHexString(resp.getSW()) + "."; - log.info(msg); - throw new FileNotFoundException(msg); - } else if (resp.getSW() != 0x9000) { - String msg = "Failed to select PATH=" - + SMCCHelper.toString(path) + " SW=" - + Integer.toHexString(resp.getSW()) + "."; - log.error(msg); - throw new SignatureCardException(msg); - } else { - return resp.getBytes(); - } - - } - - - protected void execMSE_RESOTRE(CardChannel channel, int seid) - throws CardException, SignatureCardException { - ResponseAPDU resp = channel.transmit( - new CommandAPDU(0x00, 0x22, 0xf3, seid)); - if (resp.getSW() != 0x9000) { - throw new SignatureCardException("MSE:RESTORE failed: SW=" - + Integer.toHexString(resp.getSW())); - } - } - - protected byte[] execPSO_COMPUTE_DIGITAL_SIGNATURE(CardChannel channel, byte[] hash) - throws CardException, SignatureCardException { - ResponseAPDU resp; - resp = channel.transmit( - new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, hash, 256)); - if (resp.getSW() == 0x6982) { - throw new SecurityStatusNotSatisfiedException(); - } else if (resp.getSW() == 0x6983) { - throw new LockedException(); - } else if (resp.getSW() != 0x9000) { - throw new SignatureCardException( - "PSO: COMPUTE DIGITAL SIGNATRE failed: SW=" - + Integer.toHexString(resp.getSW())); - } else { - return resp.getData(); - } - } - - - - -} -- cgit v1.2.3