From 32d17447a258188b2d534bcb0bf65a659ba7b7d0 Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 29 Aug 2008 12:11:34 +0000 Subject: Initial import. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/keystore.ks | Bin 0 -> 5635 bytes smcc/pom.xml | 73 +++++ smcc/src/main/java/META-INF/MANIFEST.MF | 3 + smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 310 +++++++++++++++++++ .../at/gv/egiz/smcc/AbstractSignatureCard.java | 259 ++++++++++++++++ .../java/at/gv/egiz/smcc/CancelledException.java | 39 +++ .../at/gv/egiz/smcc/CardNotSupportedException.java | 74 +++++ .../src/main/java/at/gv/egiz/smcc/PINProvider.java | 35 +++ smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java | 85 +++++ .../src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 341 +++++++++++++++++++++ smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 322 +++++++++++++++++++ .../main/java/at/gv/egiz/smcc/SignatureCard.java | 103 +++++++ .../at/gv/egiz/smcc/SignatureCardException.java | 76 +++++ .../java/at/gv/egiz/smcc/SignatureCardFactory.java | 97 ++++++ .../main/java/at/gv/egiz/smcc/util/SMCCHelper.java | 150 +++++++++ .../java/at/gv/egiz/smcc/util/SmartCardIO.java | 196 ++++++++++++ .../gv/egiz/smcc/utils/SingletonPINProvider.java | 38 +++ .../resources/at/gv/egiz/smcc/ACOSCard.properties | 21 ++ .../at/gv/egiz/smcc/ACOSCard_de.properties | 21 ++ .../at/gv/egiz/smcc/ACOSCard_en.properties | 21 ++ .../at/gv/egiz/smcc/STARCOSCard.properties | 20 ++ .../at/gv/egiz/smcc/STARCOSCard_de.properties | 20 ++ .../at/gv/egiz/smcc/STARCOSCard_en.properties | 20 ++ .../test/java/at/gv/egiz/smcc/SMCCApplication.java | 46 +++ smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java | 63 ++++ smcc/src/test/resources/IdentityLink.bin | Bin 0 -> 395 bytes smcc/src/test/resources/log4j.properties | 19 ++ 27 files changed, 2452 insertions(+) create mode 100644 smcc/keystore.ks create mode 100644 smcc/pom.xml create mode 100644 smcc/src/main/java/META-INF/MANIFEST.MF create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/CancelledException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SWCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java create mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard.properties create mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_de.properties create mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_en.properties create mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard.properties create mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_de.properties create mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_en.properties create mode 100644 smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java create mode 100644 smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java create mode 100644 smcc/src/test/resources/IdentityLink.bin create mode 100644 smcc/src/test/resources/log4j.properties (limited to 'smcc') diff --git a/smcc/keystore.ks b/smcc/keystore.ks new file mode 100644 index 00000000..824c3a40 Binary files /dev/null and b/smcc/keystore.ks differ diff --git a/smcc/pom.xml b/smcc/pom.xml new file mode 100644 index 00000000..3e3dfe14 --- /dev/null +++ b/smcc/pom.xml @@ -0,0 +1,73 @@ + + + + bku + at.gv.egiz + 1.0-SNAPSHOT + + 4.0.0 + at.gv.egiz + smcc + smcc + jar + 1.0-SNAPSHOT + http://bku.egiz.gv.at + + + + maven-jar-plugin + + + + sign + + + + + + false + false + + false + + + test-applet signer + keystore.ks + storepass + keypass + true + + + + maven-compiler-plugin + + UTF-8 + + + + maven-resources-plugin + + UTF-8 + + + + + + + commons-logging + commons-logging + + + junit + junit + 3.8.1 + test + + + + \ No newline at end of file diff --git a/smcc/src/main/java/META-INF/MANIFEST.MF b/smcc/src/main/java/META-INF/MANIFEST.MF new file mode 100644 index 00000000..5e949512 --- /dev/null +++ b/smcc/src/main/java/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Class-Path: + diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java new file mode 100644 index 00000000..7269ba7f --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -0,0 +1,310 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import java.nio.charset.Charset; + +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +public class ACOSCard extends AbstractSignatureCard implements SignatureCard { + + public static final byte[] AID_DEC = new byte[] { (byte) 0xA0, (byte) 0x00, + (byte) 0x00, (byte) 0x01, (byte) 0x18, (byte) 0x45, (byte) 0x4E }; + + public static final byte[] DF_DEC = new byte[] { (byte) 0xdf, (byte) 0x71 }; + + public static final byte[] AID_SIG = new byte[] { (byte) 0xA0, (byte) 0x00, + (byte) 0x00, (byte) 0x01, (byte) 0x18, (byte) 0x45, (byte) 0x43 }; + + public static final byte[] DF_SIG = new byte[] { (byte) 0xdf, (byte) 0x70 }; + + public static final byte[] EF_C_CH_EKEY = new byte[] { (byte) 0xc0, + (byte) 0x01 }; + + public static final int EF_C_CH_EKEY_MAX_SIZE = 2000; + + public static final byte[] EF_C_CH_DS = new byte[] { (byte) 0xc0, (byte) 0x02 }; + + public static final int EF_C_CH_DS_MAX_SIZE = 2000; + + public static final byte[] EF_PK_CH_EKEY = new byte[] { (byte) 0xb0, + (byte) 0x01 }; + + public static final byte[] EF_INFOBOX = new byte[] { (byte) 0xc0, (byte) 0x02 }; + + public static final int EF_INFOBOX_MAX_SIZE = 1500; + + public static final byte KID_PIN_SIG = (byte) 0x81; + + public static final byte KID_PIN_DEC = (byte) 0x81; + + public static final byte KID_PIN_INF = (byte) 0x83; + + public static final byte[] DST_SIG = new byte[] { (byte) 0x84, (byte) 0x01, // tag + // , + // length + // ( + // key + // ID + // ) + (byte) 0x88, // SK.CH.SIGN + (byte) 0x80, (byte) 0x01, // tag, length (algorithm ID) + (byte) 0x14 // ECDSA + }; + + public static final byte[] DST_DEC = new byte[] { (byte) 0x84, (byte) 0x01, // tag + // , + // length + // ( + // key + // ID + // ) + (byte) 0x88, // SK.CH.EKEY + (byte) 0x80, (byte) 0x01, // tag, length (algorithm ID) + (byte) 0x01 // RSA // TODO: Not verified yet + }; + + public ACOSCard() { + super("at/gv/egiz/smcc/ACOSCard"); + } + + byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04, + 0x00, fid, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to select file (AID=" + + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + "."); + } else { + return resp.getBytes(); + } + } + + byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, + 0x00, fid, 256)); + if (resp.getSW() == 0x6a82) { + throw new SignatureCardException("Failed to select file (FID=" + + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + ")"); + } else { + return resp.getBytes(); + } + } + + /** + * + * @param pinProvider + * @param spec + * the PIN spec to be given to the pinProvider + * @param kid + * the KID (key identifier) of the PIN to be verified + * @param kfpc + * acutal value of the KFCP (key fault presentation counter) or less + * than 0 if actual value is unknown + * + * @return -1 if the PIN has been verifyed successfully, or else the new value + * of the KFCP (key fault presentation counter) + * + * @throws CancelledException + * if the user canceld the operation + * @throws javax.smartcardio.CardException + * @throws at.gv.egiz.smcc.SignatureCardException + */ + int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) + throws CardException, CancelledException, SignatureCardException { + + CardChannel channel = getCardChannel(); + + // get PIN + String pin = pinProvider.providePIN(spec, kfpc); + if (pin == null) { + // User canceld operation + // throw new CancelledException("User canceld PIN entry"); + return -2; + } + + logger.finest("PIN=" + pin); + + byte[] asciiPIN = pin.getBytes(Charset.forName("ASCII")); + byte[] encodedPIN = new byte[8]; + System.arraycopy(asciiPIN, 0, encodedPIN, 0, Math.min(asciiPIN.length, + encodedPIN.length)); + + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x20, 0x00, + kid, encodedPIN)); + if (resp.getSW1() == (byte) 0x63 && resp.getSW2() >> 4 == (byte) 0xc) { + return resp.getSW2() & (byte) 0x0f; + } else if (resp.getSW() == 0x6983) { + // PIN blocked + throw new SignatureCardException(spec.getLocalizedName() + " blocked."); + } else if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to verify pin: SW=" + + Integer.toHexString(resp.getSW()) + "."); + } else { + return -1; + } + + } + + void mseSetDST(byte[] dst) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, 0x81, + 0xB6, dst)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("MSE:SET DST failed: SW=" + + Integer.toHexString(resp.getSW())); + } + } + + void psoHash(byte[] hash) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x90, + 0x81, hash)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("PSO:HASH failed: SW=" + + Integer.toHexString(resp.getSW())); + } + } + + byte[] psoComputDigitalSiganture() throws CardException, + SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E, + 0x9A, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException( + "PSO: COMPUTE DIGITAL SIGNATRE failed: SW=" + + Integer.toHexString(resp.getSW())); + } else { + return resp.getData(); + } + } + + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException { + + if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + return readTLVFile(AID_SIG, EF_C_CH_DS, EF_C_CH_DS_MAX_SIZE); + } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + return readTLVFile(AID_DEC, EF_C_CH_EKEY, EF_C_CH_EKEY_MAX_SIZE); + } else { + throw new IllegalArgumentException("Keybox " + keyboxName + + " not supported."); + } + + } + + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) + throws SignatureCardException { + + if ("IdentityLink".equals(infobox)) { + + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString( + "inf.pin.name")); + try { + byte[] res = readTLVFilePIN(AID_DEC, EF_INFOBOX, KID_PIN_INF, provider, + spec, EF_INFOBOX_MAX_SIZE); + return res; + } catch (Exception e) { + throw new SecurityException(e); + } + + } else { + throw new IllegalArgumentException("Infobox '" + infobox + + "' not supported."); + } + + } + + public String toString() { + return "a-sign premium"; + } + + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, + PINProvider provider) throws SignatureCardException { + + if (hash.length != 20) { + throw new IllegalArgumentException("Hash value must be of length 20"); + } + + byte[] fid; + byte kid; + byte[] dst; + PINSpec spec; + if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { + fid = DF_SIG; + kid = KID_PIN_SIG; + dst = DST_SIG; + spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString( + "sig.pin.name")); + + } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { + fid = DF_DEC; + kid = KID_PIN_DEC; + dst = DST_DEC; + spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString( + "dec.pin.name")); + + } else { + throw new IllegalArgumentException("KeyboxName '" + keyboxName + + "' not supported."); + } + + try { + + // SELECT DF + selectFileFID(fid); + // VERIFY + int kfpc = -1; + while (true) { + kfpc = verifyPIN(provider, spec, kid, kfpc); + if (kfpc < -1) { + return null; + } else if (kfpc < 0) { + break; + } + } + // MSE: SET DST + mseSetDST(dst); + // PSO: HASH + psoHash(hash); + // PSO: COMPUTE DIGITAL SIGNATURE + byte[] rs = psoComputDigitalSiganture(); + + return rs; + + } catch (CardException e) { + throw new SignatureCardException("Failed to create signature.", e); + } + } +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java new file mode 100644 index 00000000..91c873c9 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -0,0 +1,259 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import java.nio.ByteBuffer; +import java.util.Locale; +import java.util.ResourceBundle; +import java.util.logging.Logger; + +import javax.smartcardio.ATR; +import javax.smartcardio.Card; +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +public abstract class AbstractSignatureCard implements SignatureCard { + + static Logger logger = Logger.getLogger(AbstractSignatureCard.class.getName()); + + private ResourceBundle i18n; + private String resourceBundleName; + + private Locale locale = Locale.getDefault(); + + int ifs_ = 254; + + Card card_; + + protected AbstractSignatureCard(String resourceBundleName) { + this.resourceBundleName = resourceBundleName; + } + + String toString(byte[] b) { + StringBuffer sb = new StringBuffer(); + if (b != null && b.length > 0) { + sb.append(Integer.toHexString((b[0] & 240) >> 4)); + sb.append(Integer.toHexString(b[0] & 15)); + } + for(int i = 1; i < b.length; i++) { + sb.append(':'); + sb.append(Integer.toHexString((b[i] & 240) >> 4)); + sb.append(Integer.toHexString(b[i] & 15)); + } + return sb.toString(); + } + + abstract byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException; + + abstract byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException; + + byte[] readBinary(CardChannel channel, int offset, int len) + throws CardException, SignatureCardException { + + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, + 0x7F & (offset >> 8), offset & 0xFF, len)); + if (resp.getSW() == 0x9000) { + return resp.getData(); + } else { + throw new SignatureCardException("Failed to read bytes (" + offset + "+" + + len + "): SW=" + Integer.toHexString(resp.getSW())); + } + + } + + int readBinary(int offset, int len, byte[] b) + throws CardException, SignatureCardException { + + if (b.length < len) { + throw new IllegalArgumentException( + "Length of b must not be less than len."); + } + + CardChannel channel = getCardChannel(); + + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, + 0x7F & (offset >> 8), offset & 0xFF, len)); + if (resp.getSW() == 0x9000) { + System.arraycopy(resp.getData(), 0, b, 0, len); + } + + return resp.getSW(); + + } + + byte[] readBinaryTLV(int maxSize, byte expectedType) throws CardException, SignatureCardException { + + CardChannel channel = getCardChannel(); + + // read first chunk + int len = Math.min(maxSize, ifs_); + byte[] chunk = readBinary(channel, 0, len); + if (chunk.length > 0 && chunk[0] != expectedType) { + return null; + } + int offset = chunk.length; + int actualSize = maxSize; + if (chunk.length > 3) { + if ((chunk[1] & 0x80) > 0) { + int octets = (0x0F & chunk[1]); + actualSize = 2 + octets; + for (int i = 1; i <= octets; i++) { + actualSize += (0xFF & chunk[i + 1]) << ((octets - i) * 8); + } + } else { + actualSize = 2 + chunk[1]; + } + } + ByteBuffer buffer = ByteBuffer.allocate(actualSize); + buffer.put(chunk, 0, Math.min(actualSize, chunk.length)); + while (offset < actualSize) { + len = Math.min(ifs_, actualSize - offset); + chunk = readBinary(channel, offset, len); + buffer.put(chunk); + offset += chunk.length; + } + return buffer.array(); + + } + + abstract int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) throws CardException, SignatureCardException; + + public byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) throws SignatureCardException { + return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength); + } + + public byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, + PINProvider provider, PINSpec spec, int maxLength) throws SignatureCardException { + + try { + + // SELECT FILE (AID) + byte[] rb = selectFileAID(aid); + if (rb[rb.length - 2] != (byte) 0x90 || + rb[rb.length - 1] != (byte) 0x00) { + + throw new SignatureCardException( + "SELECT FILE with " + + "AID=" + toString(aid) + " failed (" + + "SW=" + + Integer.toHexString( + (0xFF & (int) rb[rb.length - 1]) | + (0xFF & (int) rb[rb.length - 2]) << 8) + + ")."); + + } + + // SELECT FILE (EF) + rb = selectFileFID(ef); + if (rb[rb.length - 2] != (byte) 0x90 || + rb[rb.length - 1] != (byte) 0x00) { + + throw new SignatureCardException( + "SELECT FILE with " + + "FID=" + toString(ef) + " failed (" + + "SW=" + + Integer.toHexString( + (0xFF & (int) rb[rb.length - 1]) | + (0xFF & (int) rb[rb.length - 2]) << 8) + + ")."); + } + + // try to READ BINARY + int sw = readBinary(0, 1, new byte[1]); + if (provider != null && sw == 0x6982) { + + // VERIFY + int kfpc = -1; // unknown + while (true) { + kfpc = verifyPIN(provider, spec, kid, kfpc); + if (kfpc < -1) { + return null; + } else if (kfpc < 0) { + break; + } + } + } else if (sw != 0x9000) { + throw new SignatureCardException("READ BINARY failed (SW=" + + Integer.toHexString(sw) + ")."); + } + + // READ BINARY + byte[] data = readBinaryTLV(maxLength, (byte) 0x30); + + return data; + + + } catch (CardException e) { + throw new SignatureCardException("Failed to acces card.", e); + } + + } + + + ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU) throws CardException { + logger.fine(commandAPDU + "\n" + toString(commandAPDU.getBytes())); + long t0 = System.currentTimeMillis(); + ResponseAPDU responseAPDU = channel.transmit(commandAPDU); + long t1 = System.currentTimeMillis(); + logger.fine(responseAPDU + "\n[" + (t1 - t0) + "ms] " + toString(responseAPDU.getBytes())); + return responseAPDU; + } + + public void init(Card card) { + card_ = card; + ATR atr = card.getATR(); + byte[] atrBytes = atr.getBytes(); + if (atrBytes.length >= 6) { + ifs_ = 0xFF & atr.getBytes()[6]; + logger.finer("Setting IFS (information field size) to " + ifs_); + } + } + + CardChannel getCardChannel() { + return card_.getBasicChannel(); + } + + + @Override + public void setLocale(Locale locale) { + if (locale == null) { + throw new NullPointerException("Locale must not be set to null"); + } + this.locale = locale; + } + + protected ResourceBundle getResourceBundle() { + if (i18n == null) { + i18n = ResourceBundle.getBundle(resourceBundleName, locale); + } + return i18n; + } +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/CancelledException.java b/smcc/src/main/java/at/gv/egiz/smcc/CancelledException.java new file mode 100644 index 00000000..347d74c9 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/CancelledException.java @@ -0,0 +1,39 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class CancelledException extends SignatureCardException { + + private static final long serialVersionUID = 1L; + + public CancelledException() { + super(); + } + + public CancelledException(String message, Throwable cause) { + super(message, cause); + } + + public CancelledException(String message) { + super(message); + } + + public CancelledException(Throwable cause) { + super(cause); + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java b/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java new file mode 100644 index 00000000..e2a5fe16 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/CardNotSupportedException.java @@ -0,0 +1,74 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +public class CardNotSupportedException extends Exception { + + /** + * + */ + private static final long serialVersionUID = 1L; + + /** + * Creates a new instance of this CardNotSupportedException. + * + */ + public CardNotSupportedException() { + super(); + } + + /** + * Creates a new instance of this CardNotSupportedException. + * + * @param message + * @param cause + */ + public CardNotSupportedException(String message, Throwable cause) { + super(message, cause); + } + + /** + * Creates a new instance of this CardNotSupportedException. + * + * @param message + */ + public CardNotSupportedException(String message) { + super(message); + } + + /** + * Creates a new instance of this CardNotSupportedException. + * + * @param cause + */ + public CardNotSupportedException(Throwable cause) { + super(cause); + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java b/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java new file mode 100644 index 00000000..844115a4 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java @@ -0,0 +1,35 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +public interface PINProvider { + + public String providePIN(PINSpec spec, int retries); + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java new file mode 100644 index 00000000..cc54a337 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java @@ -0,0 +1,85 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.smcc; + +import java.util.ResourceBundle; + +/** + * + * @author mcentner + */ +public class PINSpec { + + int minLength_ = 0; + + int maxLength_ = -1; + + String rexepPattern_; + + ResourceBundle resourceBundle_; + + String name_; + + public PINSpec(int minLenght, int maxLength, String rexepPattern, + ResourceBundle resourceBundle, String name) { + + minLength_ = minLenght; + maxLength_ = maxLength; + rexepPattern_ = rexepPattern; + resourceBundle_ = resourceBundle; + name_ = name; + } + + public PINSpec(int minLenght, int maxLength, String rexepPattern, + String name) { + + minLength_ = minLenght; + maxLength_ = maxLength; + rexepPattern_ = rexepPattern; + name_ = name; + } + + + + public String getLocalizedName() { + + return (resourceBundle_ != null) + ? resourceBundle_.getString(name_) + : name_; + + } + + public int getMaxLength() { + return maxLength_; + } + + public int getMinLength() { + return minLength_; + } + + public String getRexepPattern() { + return rexepPattern_; + } + + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java new file mode 100644 index 00000000..79e2663e --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -0,0 +1,341 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import java.math.BigInteger; +import java.util.Arrays; + +import javax.smartcardio.CardChannel; +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +public class STARCOSCard extends AbstractSignatureCard implements SignatureCard { + + public static final byte[] MF = new byte[] { (byte) 0x3F, (byte) 0x00 }; + + public static final byte[] AID_INFOBOX = new byte[] { (byte) 0xd0, + (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, + (byte) 0x18, (byte) 0x01 }; + + public static final byte[] EF_INFOBOX = new byte[] { (byte) 0xef, (byte) 0x01 }; + + public static final byte[] AID_SVSIG_CERT = new byte[] { (byte) 0xd0, + (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, + (byte) 0x10, (byte) 0x01 }; + + public static final byte[] EF_SVSIG_CERT_CA = new byte[] { (byte) 0x2f, + (byte) 0x01 }; + + public static final byte[] EF_SVSIG_CERT = new byte[] { (byte) 0x2f, + (byte) 0x02 }; + + // Sichere Signatur (SS) + + public static final byte[] AID_DF_SS = new byte[] { (byte) 0xd0, (byte) 0x40, + (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x12, + (byte) 0x01 }; + + public static final byte[] EF_C_X509_CH_DS = new byte[] { (byte) 0xc0, + (byte) 0x00 }; + + public static final byte[] EF_C_X509_CA_CS_DS = new byte[] { (byte) 0xc6, + (byte) 0x08 }; + + public static final byte[] DST_SS = new byte[] { (byte) 0x84, (byte) 0x03, // tag + // , + // length + // ( + // key + // desc + // . + // ) + (byte) 0x80, (byte) 0x02, (byte) 0x00, // local, key ID, key version + (byte) 0x89, (byte) 0x03, // tag, length (algorithm ID) + (byte) 0x13, (byte) 0x35, (byte) 0x10 // ECDSA + }; + + public static final byte KID_PIN_SS = (byte) 0x81; + + // Gew�hnliche Signatur (GS) + + public static final byte[] AID_DF_GS = new byte[] { (byte) 0xd0, (byte) 0x40, + (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x13, + (byte) 0x01 }; + + public static final byte[] EF_C_X509_CH_AUT = new byte[] { (byte) 0x2f, + (byte) 0x01 }; + + public static final byte[] EF_C_X509_CA_CS = new byte[] { (byte) 0x2f, + (byte) 0x02 }; + + public static final byte[] DST_GS = new byte[] { (byte) 0x84, (byte) 0x03, // tag + // , + // length + // ( + // key + // desc + // . + // ) + (byte) 0x80, (byte) 0x02, (byte) 0x00, // local, key ID, key version + (byte) 0x89, (byte) 0x01, // tag, length (algorithm ID) + (byte) 0x14 // ECDSA + }; + + public static final byte KID_PIN_CARD = (byte) 0x01; + + public STARCOSCard() { + super("at/gv/egiz/smcc/STARCOSCard"); + } + + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException { + + if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + return readTLVFile(AID_DF_SS, EF_C_X509_CH_DS, 2000); + } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + return readTLVFile(AID_DF_GS, EF_C_X509_CH_AUT, 2000); + } else { + throw new IllegalArgumentException("Keybox " + keyboxName + + " not supported."); + } + + } + + byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04, + 0x04, fid, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to select file (AID=" + + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + "."); + } else { + return resp.getBytes(); + } + } + + void selectMF() throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, + 0x0C)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to select MF: SW=" + + Integer.toHexString(resp.getSW()) + "."); + } + } + + byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x02, + 0x04, fid, 256)); + if (resp.getSW() == 0x6a82) { + throw new SignatureCardException("Failed to select file (FID=" + + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + "."); + } else { + return resp.getBytes(); + } + } + + void mseSetDST(byte[] dst) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, 0x41, + 0xB6, dst)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("MSE:SET DST failed: SW=" + + Integer.toHexString(resp.getSW())); + } + } + + void psoHash(byte[] hash) throws CardException, SignatureCardException { + byte[] data = new byte[hash.length + 2]; + data[0] = (byte) 0x90; // tag + data[1] = (byte) (hash.length); // length + System.arraycopy(hash, 0, data, 2, hash.length); + + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x90, + 0xA0, data)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("PSO:HASH failed: SW=" + + Integer.toHexString(resp.getSW())); + } + } + + byte[] psoComputDigitalSiganture() throws CardException, + SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E, + 0x9A, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException( + "PSO: COMPUTE DIGITAL SIGNATRE failed: SW=" + + Integer.toHexString(resp.getSW())); + } else { + return resp.getData(); + } + } + + int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) + throws CardException, SignatureCardException { + + CardChannel channel = getCardChannel(); + + // get number of possible retries + ResponseAPDU resp = transmit(channel, + new CommandAPDU(0x00, 0x20, 0x00, kid)); + int retries; + if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) { + retries = resp.getSW2() & 0x0f; + } else if (resp.getSW() == 0x6984) { + // PIN LCS = "Initilized" (not activated) + throw new SignatureCardException(spec.getLocalizedName() + " not set."); + } else { + throw new SignatureCardException("Failed to get PIN retries: SW=" + + Integer.toHexString(resp.getSW())); + } + + // get PIN + String pin = pinProvider.providePIN(spec, retries); + if (pin == null) { + // User canceled operation + // throw new CancelledException("User canceld PIN entry"); + return -2; + } + // PIN length in bytes + int len = (int) Math.ceil(pin.length() / 2); + + // BCD encode PIN and marshal PIN block + byte[] pinBytes = new BigInteger(pin, 16).toByteArray(); + byte[] pinBlock = new byte[8]; + if (len < pinBytes.length) { + System.arraycopy(pinBytes, pinBytes.length - len, pinBlock, 1, len); + } else { + System.arraycopy(pinBytes, 0, pinBlock, len - pinBytes.length + 1, + pinBytes.length); + } + pinBlock[0] = (byte) (0x20 + len * 2); + Arrays.fill(pinBlock, len + 1, 8, (byte) 0xff); + + resp = transmit(channel, new CommandAPDU(0x00, 0x20, 0x00, kid, pinBlock)); + if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) { + return resp.getSW2() & 0x0f; + } else if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to verify pin: SW=" + + Integer.toHexString(resp.getSW())); + } else { + return -1; + } + + } + + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, + PINProvider provider) throws SignatureCardException { + + if (hash.length != 20) { + throw new IllegalArgumentException("Hash value must be of length 20"); + } + + byte[] aid; + byte kid; + byte[] dst; + PINSpec spec; + if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { + aid = AID_DF_SS; + kid = KID_PIN_SS; + dst = DST_SS; + spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); + + } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { + aid = AID_DF_GS; + kid = KID_PIN_CARD; + dst = DST_GS; + spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + + } else { + throw new IllegalArgumentException("KeyboxName '" + keyboxName + + "' not supported."); + } + + try { + + // SELECT MF + selectMF(); + // SELECT DF + selectFileAID(aid); + // VERIFY + int retr = -1; // unknown + while (true) { + retr = verifyPIN(provider, spec, kid, retr); + if (retr < -1) { + return null; + } else if (retr < 0) { + break; + } + } + // MSE: SET DST + mseSetDST(dst); + // PSO: HASH + psoHash(hash); + // PSO: COMPUTE DIGITAL SIGNATURE + byte[] rs = psoComputDigitalSiganture(); + return rs; + + } catch (CardException e) { + throw new SignatureCardException("Failed to create signature.", e); + } + + } + + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) + throws SignatureCardException { + + if ("IdentityLink".equals(infobox)) { + + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + try { + byte[] res = readTLVFilePIN(AID_INFOBOX, EF_INFOBOX, KID_PIN_CARD, + provider, spec, 2000); + return res; + } catch (Exception e) { + throw new SignatureCardException(e); + } + } else { + throw new IllegalArgumentException("Infobox '" + infobox + + "' not supported."); + } + + } + + public String toString() { + return "eCard"; + } + + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java new file mode 100644 index 00000000..f19bc709 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -0,0 +1,322 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.smcc; + +import java.io.ByteArrayOutputStream; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.util.Enumeration; +import java.util.Locale; + +import javax.smartcardio.Card; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author mcentner + */ +public class SWCard implements SignatureCard { + + private static final String BKU_USER_DIR = ".bku"; + + private static final String SWCARD_DIR = "smcc"; + + private static final String KEYSTORE_CERTIFIED_KEYPAIR = "certified.p12"; + + private static final String CERTIFICATE_CERTIFIED_KEYPAIR = "certified.cer"; + + private static final String KEYSTORE_SECURE_KEYPAIR = "secure.p12"; + + private static final String CERTIFICATE_SECURE_KEYPAIR = "secure.cer"; + + private static String swCardDir; + + private static Log log = LogFactory.getLog(SWCard.class); + + private KeyStore certifiedKeyStore; + + private KeyStore secureKeyStore; + + private Certificate certifiedCertificate; + + private Certificate secureCertificate; + + static { + String userHome = System.getProperty("user.home"); + String fs = System.getProperty("file.separator"); + swCardDir = userHome + fs + BKU_USER_DIR + fs + SWCARD_DIR; + } + + /** + * @return the swCardDir + */ + public static String getSwCardDir() { + return swCardDir; + } + + /** + * @param swCardDir the swCardDir to set + */ + public static void setSwCardDir(String swCardDir) { + SWCard.swCardDir = swCardDir; + } + + public void init(Card card) { + } + + private String getFileName(String fileName) { + String fs = System.getProperty("file.separator"); + return swCardDir + fs + fileName; + } + + private Certificate loadCertificate(String certificateFileName) throws SignatureCardException { + + final String certificateType = "x509"; + CertificateFactory factory; + try { + factory = CertificateFactory.getInstance(certificateType); + } catch (CertificateException e) { + String msg = "Failed to get CertificateFactory instance for type '" + certificateType + "'."; + log.error(msg, e); + throw new SignatureCardException(msg, e); + } + + // try to load Certificate file + String fileName = getFileName(certificateFileName); + log.info("Trying to load Certificate from file '" + fileName + "'."); + + FileInputStream certificateFile; + try { + certificateFile = new FileInputStream(fileName); + } catch (FileNotFoundException e) { + String msg = "Certificate file '" + fileName + "' not found."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + Certificate certificate; + try { + certificate = factory.generateCertificate(certificateFile); + } catch (CertificateException e) { + String msg = "Failed to load Certificate from file '" + fileName + "'."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + return certificate; + + } + + private KeyStore loadKeyStore(String keyStoreFileName, char[] password) throws SignatureCardException { + + final String keyStoreType = "pkcs12"; + KeyStore keyStore; + try { + keyStore = KeyStore.getInstance(keyStoreType); + } catch (KeyStoreException e) { + String msg = "Failed to get KeyStore instance for KeyStore type '" + keyStoreType + "'."; + log.error(msg, e); + throw new SignatureCardException(msg, e); + } + + // try to load KeyStore file + String fileName = getFileName(keyStoreFileName); + log.info("Trying to load KeyStore from file '" + fileName + "'."); + + FileInputStream keyStoreFile; + try { + keyStoreFile = new FileInputStream(fileName); + } catch (FileNotFoundException e) { + String msg = "KeyStore file '"+ fileName + "' not found."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + try { + keyStore.load(keyStoreFile, null); + } catch (Exception e) { + String msg = "Failed to load KeyStore from file '" + fileName + "'."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + return keyStore; + + + } + + private KeyStore getKeyStore(KeyboxName keyboxName, char[] password) throws SignatureCardException { + + if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + if (certifiedKeyStore == null) { + certifiedKeyStore = loadKeyStore(KEYSTORE_CERTIFIED_KEYPAIR, password); + } + return certifiedKeyStore; + } else if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + if (secureKeyStore == null) { + secureKeyStore = loadKeyStore(KEYSTORE_SECURE_KEYPAIR, password); + } + return secureKeyStore; + } else { + throw new SignatureCardException("Keybox of type '" + keyboxName + "' not supported."); + } + + } + + + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException { + + try { + if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + if (certifiedCertificate == null) { + certifiedCertificate = loadCertificate(CERTIFICATE_CERTIFIED_KEYPAIR); + } + return certifiedCertificate.getEncoded(); + } else if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + if (secureCertificate == null) { + secureCertificate = loadCertificate(CERTIFICATE_SECURE_KEYPAIR); + } + return secureCertificate.getEncoded(); + } else { + throw new SignatureCardException("Keybox of type '" + keyboxName + "' not supported."); + } + } catch (CertificateEncodingException e) { + throw new SignatureCardException("Failed to get encoded Certificate.", e); + } + + + } + + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) throws SignatureCardException { + + String fileName = getFileName(infobox + ".ibx"); + FileInputStream file; + try { + file = new FileInputStream(fileName); + } catch (FileNotFoundException e) { + String msg = "Infobox '" + infobox + "' not found."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + ByteArrayOutputStream bytes = new ByteArrayOutputStream(); + try { + byte[] b = new byte[512]; + for(int l; (l = file.read(b)) != -1;) { + bytes.write(b, 0, l); + } + file.close(); + } catch (IOException e) { + String msg = "Failed to read infobox '" + infobox + "'."; + log.error(msg, e); + throw new SignatureCardException(msg, e); + } + + return bytes.toByteArray(); + + } + + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, PINProvider provider) throws SignatureCardException { + + // KeyStore password + PINSpec pinSpec = new PINSpec(0, -1, ".", "KeyStore-Password"); + + KeyStore keyStore = getKeyStore(keyboxName, null); + + PrivateKey privateKey = null; + + try { + for (Enumeration aliases = keyStore.aliases(); aliases + .hasMoreElements() && privateKey == null;) { + String alias = aliases.nextElement(); + log.debug("Found alias '" + alias + "' in keystore"); + if (keyStore.isKeyEntry(alias)) { + Key key = null; + while (key == null) { + try { + String pin = provider.providePIN(pinSpec, -1); + key = keyStore.getKey(alias, pin.toCharArray()); + } catch (UnrecoverableKeyException e) { + log.info("Failed to get Key from KeyStore. Wrong password?", e); + } + } + privateKey = (PrivateKey) key; + } + } + } catch (Exception e) { + String msg = "Failed to get certificate from KeyStore."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + if (privateKey == null) { + String msg = "No private key found in KeyStore."; + log.info(msg); + throw new SignatureCardException(msg); + } + + String algorithm = privateKey.getAlgorithm(); + algorithm = "SHA1with" + algorithm; + try { + Signature signature = Signature.getInstance(algorithm); + signature.initSign(privateKey); + signature.update(hash); + return signature.sign(); + } catch (NoSuchAlgorithmException e) { + String msg = "Algorithm + '" + algorithm + "' not supported for signing."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } catch (SignatureException e) { + String msg = "Signing faild."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } catch (InvalidKeyException e) { + String msg = "Key not valid for algorithm + '" + algorithm + "'."; + log.info(msg, e); + throw new SignatureCardException(msg, e); + } + + } + + @Override + public void setLocale(Locale locale) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Not supported yet."); + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java new file mode 100644 index 00000000..18a63514 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -0,0 +1,103 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import java.util.Locale; + +import javax.smartcardio.Card; + +public interface SignatureCard { + + public static class KeyboxName { + + public static KeyboxName SECURE_SIGNATURE_KEYPAIR = new KeyboxName( + "SecureSignatureKeypair"); + public static KeyboxName CERITIFIED_KEYPAIR = new KeyboxName( + "CertifiedKeypair"); + + private String keyboxName_; + + private KeyboxName(String keyboxName_) { + this.keyboxName_ = keyboxName_; + } + + public static KeyboxName getKeyboxName(String keyBox) { + if (SECURE_SIGNATURE_KEYPAIR.equals(keyBox)) { + return SECURE_SIGNATURE_KEYPAIR; + } else if (CERITIFIED_KEYPAIR.equals(keyBox)) { + return CERITIFIED_KEYPAIR; + } else { + return new KeyboxName(keyBox); + } + } + + public boolean equals(Object obj) { + if (obj instanceof String) { + return obj.equals(keyboxName_); + } + if (obj instanceof KeyboxName) { + return ((KeyboxName) obj).keyboxName_.equals(keyboxName_); + } else { + return super.equals(obj); + } + } + + public String getKeyboxName() { + return keyboxName_; + } + + } + + public void init(Card card); + + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException; + + /** + * + * @param infobox + * @param provider + * @param domainId may be null. + * @return + * @throws SignatureCardException + */ + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) + throws SignatureCardException; + + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, + PINProvider provider) throws SignatureCardException; + + /** + * Sets the local for evtl. required callbacks (e.g. PINSpec) + * @param locale must not be null; + */ + public void setLocale(Locale locale); + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java new file mode 100644 index 00000000..f2a964fe --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java @@ -0,0 +1,76 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +public class SignatureCardException extends Exception { + + /** + * + */ + private static final long serialVersionUID = 1L; + + /** + * Creates a new instance of this SignatureCardException. + * + */ + public SignatureCardException() { + super(); + } + + /** + * Creates a new instance of this SignatureCardException. + * + * @param message + * @param cause + */ + public SignatureCardException(String message, Throwable cause) { + super(message, cause); + } + + /** + * Creates a new instance of this SignatureCardException. + * + * @param message + */ + public SignatureCardException(String message) { + super(message); + } + + /** + * Creates a new instance of this SignatureCardException. + * + * @param cause + */ + public SignatureCardException(Throwable cause) { + super(cause); + } + + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java new file mode 100644 index 00000000..2131a737 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java @@ -0,0 +1,97 @@ +//Copyright (C) 2002 IAIK +//http://jce.iaik.at +// +//Copyright (C) 2003 Stiftung Secure Information and +// Communication Technologies SIC +//http://www.sic.st +// +//All rights reserved. +// +//This source is provided for inspection purposes and recompilation only, +//unless specified differently in a contract with IAIK. This source has to +//be kept in strict confidence and must not be disclosed to any third party +//under any circumstances. Redistribution in source and binary forms, with +//or without modification, are permitted in any case! +// +//THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +//ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +//IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +//ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +//FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +//DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +//OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +//HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +//LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +//OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +//SUCH DAMAGE. +// +// +package at.gv.egiz.smcc; + +import javax.smartcardio.ATR; +import javax.smartcardio.Card; + +public class SignatureCardFactory { + + public static SignatureCardFactory getInstance() { + return new SignatureCardFactory(); + } + + private SignatureCardFactory() { + + } + + public SignatureCard createSignatureCard(Card card) + throws CardNotSupportedException { + + if(card == null) { + SignatureCard sCard = new SWCard(); + sCard.init(card); + return sCard; + } + + ATR atr = card.getATR(); + byte[] historicalBytes = atr.getHistoricalBytes(); + if(historicalBytes == null || historicalBytes.length < 3) { + throw new CardNotSupportedException("Card not supported: ATR=" + toString(atr.getBytes())); + } + + int t = ((0xFF & (int) historicalBytes[0]) << 16) + + ((0xFF & (int) historicalBytes[1]) << 8) + + (0xFF & (int) historicalBytes[2]); + + SignatureCard sCard; + switch (t) { + case 0x455041 : + case 0x4D4341 : + sCard = new ACOSCard(); + break; + + case 0x805102 : + sCard = new STARCOSCard(); + break; + + default : + throw new CardNotSupportedException("Card not supported: ATR=" + toString(atr.getBytes())); + } + sCard.init(card); + return sCard; + + } + + public static String toString(byte[] b) { + StringBuffer sb = new StringBuffer(); + if (b != null && b.length > 0) { + sb.append(Integer.toHexString((b[0] & 240) >> 4)); + sb.append(Integer.toHexString(b[0] & 15)); + } + for(int i = 1; i < b.length; i++) { + sb.append(':'); + sb.append(Integer.toHexString((b[i] & 240) >> 4)); + sb.append(Integer.toHexString(b[i] & 15)); + } + return sb.toString(); + } + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java new file mode 100644 index 00000000..3d1fd7c7 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java @@ -0,0 +1,150 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.util; + +import java.util.Locale; +import java.util.Map; + +import javax.smartcardio.ATR; +import javax.smartcardio.Card; +import javax.smartcardio.CardTerminal; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.smcc.CardNotSupportedException; +import at.gv.egiz.smcc.SignatureCard; +import at.gv.egiz.smcc.SignatureCardFactory; + +public class SMCCHelper { + + public final static int NO_CARD = 0; + public final static int PC_SC_NOT_SUPPORTED = 1; + public final static int TERMINAL_NOT_PRESENT = 2; + public final static int CARD_NOT_SUPPORTED = 3; + public final static int CARD_FOUND = 4; + + private final static Log log = LogFactory.getLog(SMCCHelper.class); + + protected SmartCardIO smartCardIO = new SmartCardIO(); + protected int resultCode = NO_CARD; + protected SignatureCard signatureCard = null; + protected static boolean useSWCard = false; + + public SMCCHelper() { + update(); + } + + public void update() { + update(-1); + } + + public void update(int sleep) { + SignatureCardFactory factory = SignatureCardFactory.getInstance(); + if (useSWCard) { + try { + signatureCard = factory.createSignatureCard(null); + resultCode = CARD_FOUND; + } catch (CardNotSupportedException e) { + resultCode = CARD_NOT_SUPPORTED; + signatureCard = null; + } + return; + } + signatureCard = null; + resultCode = NO_CARD; + // find pcsc support + if (smartCardIO.isPCSCSupported()) { + // find supported card + if (smartCardIO.isTerminalPresent()) { + Map newCards = null; + if (sleep > 0) { + smartCardIO.waitForInserted(sleep); + + } + newCards = smartCardIO.getCards(); + for (CardTerminal cardTerminal : newCards.keySet()) { + try { + Card c = newCards.get(cardTerminal); + if (c == null) { + throw new CardNotSupportedException(); + } + signatureCard = factory.createSignatureCard(c); + ATR atr = newCards.get(cardTerminal).getATR(); + log.trace("Found supported card (" + signatureCard.toString() + ") " + + "in terminal '" + cardTerminal.getName() + "', ATR = " + + toString(atr.getHistoricalBytes()) + "."); + resultCode = CARD_FOUND; + break; + + } catch (CardNotSupportedException e) { + Card c = newCards.get(cardTerminal); + if (c != null) { + ATR atr = c.getATR(); + log.info("Found unsupported card" + " in terminal '" + + cardTerminal.getName() + "', ATR = " + + toString(atr.getHistoricalBytes()) + "."); + } else { + log.info("Found unsupported card in terminal '" + + cardTerminal.getName() + "' without ATR"); + } + resultCode = CARD_NOT_SUPPORTED; + } + } + } else { + resultCode = TERMINAL_NOT_PRESENT; + } + } else { + resultCode = PC_SC_NOT_SUPPORTED; + } + } + + public SignatureCard getSignatureCard(Locale locale) { + if (signatureCard != null) { + signatureCard.setLocale(locale); + } + return signatureCard; + } + + public int getResultCode() { + return resultCode; + } + + public static String toString(byte[] b) { + StringBuffer sb = new StringBuffer(); + sb.append('['); + if (b != null && b.length > 0) { + sb.append(Integer.toHexString((b[0] & 240) >> 4)); + sb.append(Integer.toHexString(b[0] & 15)); + for (int i = 1; i < b.length; i++) { + sb.append((i % 32 == 0) ? '\n' : ':'); + sb.append(Integer.toHexString((b[i] & 240) >> 4)); + sb.append(Integer.toHexString(b[i] & 15)); + } + } + sb.append(']'); + return sb.toString(); + } + + public static boolean isUseSWCard() { + return useSWCard; + } + + public static void setUseSWCard(boolean useSWCard) { + SMCCHelper.useSWCard = useSWCard; + } +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java new file mode 100644 index 00000000..ffffd3af --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java @@ -0,0 +1,196 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.util; + +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.smartcardio.Card; +import javax.smartcardio.CardException; +import javax.smartcardio.CardTerminal; +import javax.smartcardio.CardTerminals; +import javax.smartcardio.TerminalFactory; +import javax.smartcardio.CardTerminals.State; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author mcentner + */ +public class SmartCardIO { + + private static final int STATE_INITIALIZED = 1; + + private static final int STATE_TERMINAL_FACTORY = 2; + + private static final int STATE_TERMINALS = 3; + + private static Log log = LogFactory.getLog(SmartCardIO.class); + + final Map terminalCard_ = new HashMap(); + + int state_ = STATE_INITIALIZED; + + TerminalFactory terminalFactory_ = null; + + CardTerminals cardTerminals_; + + private void updateTerminalFactory() { + TerminalFactory terminalFactory = TerminalFactory.getDefault(); + log.debug("TerminalFactory : " + terminalFactory); + if ("PC/SC".equals(terminalFactory.getType())) { + terminalFactory_ = terminalFactory; + } + if(state_ < STATE_TERMINAL_FACTORY) { + state_ = STATE_TERMINAL_FACTORY; + } + } + + public boolean isPCSCSupported() { + if(state_ < STATE_TERMINAL_FACTORY) { + updateTerminalFactory(); + } + return terminalFactory_ != null; + } + + private void updateCardTerminals() { + if(terminalFactory_ != null) { + cardTerminals_ = terminalFactory_.terminals(); + } + log.debug("CardTerminals : " + cardTerminals_); + if (state_ < STATE_TERMINALS) { + state_ = STATE_TERMINALS; + } + } + + public CardTerminals getCardTerminals() { + if(state_ < STATE_TERMINAL_FACTORY) { + updateTerminalFactory(); + } + if(state_ < STATE_TERMINALS) { + updateCardTerminals(); + } + return cardTerminals_; + } + + public boolean isTerminalPresent() { + CardTerminals cardTerminals = getCardTerminals(); + if (cardTerminals != null) { + List terminals = null; + try { + terminals = cardTerminals.list(State.ALL); + + // logging + if(log.isInfoEnabled()) { + if (terminals == null || terminals.isEmpty()) { + log.info("No card terminal found."); + } else { + StringBuffer msg = new StringBuffer(); + msg.append("Found " + terminals.size() + " card terminal(s):"); + for (CardTerminal terminal : terminals) { + msg.append("\n " + terminal.getName()); + } + log.info(msg.toString()); + } + } + + return terminals != null && !terminals.isEmpty(); + } catch (CardException e) { + log.info("Failed to list card terminals.", e); + return false; + } + } else { + return false; + } + } + + private Map updateCards() { + + // clear card references if removed + try { + log.trace("terminals.list(State.CARD_REMOVAL)"); + for (CardTerminal terminal : cardTerminals_.list(CardTerminals.State.CARD_REMOVAL)) { + Card card = terminalCard_.remove(terminal); + log.trace("card removed : " + card); + } + } catch (CardException e) { + log.debug(e); + } + + // check inserted cards + Map newCards = new HashMap(); + try { + log.trace("terminals.list(State.CARD_INSERTION)"); + for (CardTerminal terminal : cardTerminals_.list(CardTerminals.State.CARD_INSERTION)) { + + Card card = null; + try { + // try to connect to card + card = terminal.connect("*"); + } catch (CardException e) { + log.trace("Failed to connect to card.", e); + } + + // have we seen this card before? + if (terminalCard_.put(terminal, card) == null) { + terminalCard_.put(terminal, card); + newCards.put(terminal, card); + log.trace("terminal '" + terminal + "' card inserted : " + card); + } + } + } catch (CardException e) { + log.debug(e); + } + return newCards; + + } + + public Map getCards() { + if(state_ < STATE_TERMINAL_FACTORY) { + updateTerminalFactory(); + } + if(state_ < STATE_TERMINALS) { + updateCardTerminals(); + } + updateCards(); + Map terminalCard = new HashMap(); + terminalCard.putAll(terminalCard_); + return Collections.unmodifiableMap(terminalCard); + } + + public Map waitForInserted(int timeout) { + if(state_ < STATE_TERMINAL_FACTORY) { + updateTerminalFactory(); + } + if(state_ < STATE_TERMINALS) { + updateCardTerminals(); + } + try { + // just waiting for a short period of time to allow for abort + cardTerminals_.waitForChange(timeout); + } catch (CardException e) { + log.debug("CardTerminals.waitForChange(" + timeout + ") failed.", e); + } + Map newCards = new HashMap(); + newCards.putAll(updateCards()); + return Collections.unmodifiableMap(newCards); + } +} \ No newline at end of file diff --git a/smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java b/smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java new file mode 100644 index 00000000..e5030da2 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java @@ -0,0 +1,38 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc.utils; + +import at.gv.egiz.smcc.PINProvider; +import at.gv.egiz.smcc.PINSpec; + +public class SingletonPINProvider implements PINProvider { + + private String pin; + private boolean pin_already_provided = false; + + public SingletonPINProvider(String pin) { + this.pin = pin; + } + + public String providePIN(PINSpec spec, int retries) { + if (pin_already_provided) + return null; + pin_already_provided = true; + return pin; + } + +} diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard.properties b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard.properties new file mode 100644 index 00000000..9142841c --- /dev/null +++ b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard.properties @@ -0,0 +1,21 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# To change this template, choose Tools | Templates +# and open the template in the editor. + +dec.pin.name=Geheimhaltungs-PIN +sig.pin.name=Signature-PIN +inf.pin.name=Infobox-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_de.properties b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_de.properties new file mode 100644 index 00000000..d2bbe4f9 --- /dev/null +++ b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_de.properties @@ -0,0 +1,21 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# To change this template, choose Tools | Templates +# and open the template in the editor. + +dec.pin.name=Geheimhaltungs-PIN +sig.pin.name=Signatur-PIN +inf.pin.name=Infobox-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_en.properties b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_en.properties new file mode 100644 index 00000000..9142841c --- /dev/null +++ b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_en.properties @@ -0,0 +1,21 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# To change this template, choose Tools | Templates +# and open the template in the editor. + +dec.pin.name=Geheimhaltungs-PIN +sig.pin.name=Signature-PIN +inf.pin.name=Infobox-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard.properties b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard.properties new file mode 100644 index 00000000..77935333 --- /dev/null +++ b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard.properties @@ -0,0 +1,20 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# To change this template, choose Tools | Templates +# and open the template in the editor. + +sig.pin.name=Signature-PIN +card.pin.name=Card-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_de.properties b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_de.properties new file mode 100644 index 00000000..6fa5f0fa --- /dev/null +++ b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_de.properties @@ -0,0 +1,20 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# To change this template, choose Tools | Templates +# and open the template in the editor. + +sig.pin.name=Signatur-PIN +card.pin.name=Karten-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_en.properties b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_en.properties new file mode 100644 index 00000000..77935333 --- /dev/null +++ b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_en.properties @@ -0,0 +1,20 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# To change this template, choose Tools | Templates +# and open the template in the editor. + +sig.pin.name=Signature-PIN +card.pin.name=Card-PIN diff --git a/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java b/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java new file mode 100644 index 00000000..5f4bb67e --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java @@ -0,0 +1,46 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.util.Locale; + +import at.gv.egiz.smcc.util.SMCCHelper; + +public class SMCCApplication { + + /** + * @param args + */ + public static void main(String[] args) { + + SignatureCard sc = null; + SMCCHelper smccHelper = new SMCCHelper(); + while (smccHelper.getResultCode() != SMCCHelper.CARD_FOUND) { + System.out.println("Did not get a signature card ... "+smccHelper.getResultCode()); + smccHelper.update(); + try { + Thread.sleep(1000); + } catch (InterruptedException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + sc = smccHelper.getSignatureCard(Locale.getDefault()); + System.out.println("Found supported siganture card: "+sc); + } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java new file mode 100644 index 00000000..5448fee2 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java @@ -0,0 +1,63 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +import at.gv.egiz.smcc.SignatureCard.KeyboxName; + +public class SWCardTest implements PINProvider { + + SWCard swCard = new SWCard(); + + public static void main(String[] args) throws Exception { + + SWCardTest swCardTest = new SWCardTest(); + swCardTest.test(); + + } + + public void test() throws SignatureCardException, NoSuchAlgorithmException { + + swCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); + swCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); + + BigInteger t = BigInteger.valueOf(System.currentTimeMillis()); + + MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); + byte[] hash = messageDigest.digest(t.toByteArray()); + + byte[] signature; + signature = swCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, this); + System.out.println(SignatureCardFactory.toString(signature)); + + signature = swCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, this); + System.out.println(SignatureCardFactory.toString(signature)); + + byte[] infobox = swCard.getInfobox("IdentityLink", this, null); + System.out.println(SignatureCardFactory.toString(infobox)); + + } + + @Override + public String providePIN(PINSpec spec, int retries) { + return "buerger"; + } + +} diff --git a/smcc/src/test/resources/IdentityLink.bin b/smcc/src/test/resources/IdentityLink.bin new file mode 100644 index 00000000..16c7375b Binary files /dev/null and b/smcc/src/test/resources/IdentityLink.bin differ diff --git a/smcc/src/test/resources/log4j.properties b/smcc/src/test/resources/log4j.properties new file mode 100644 index 00000000..94662fd2 --- /dev/null +++ b/smcc/src/test/resources/log4j.properties @@ -0,0 +1,19 @@ +# loglever DEBUG, appender STDOUT +log4j.rootLogger=DEBUG, STDOUT +#log4j.logger.at.gv.egiz.slbinding.RedirectEventFilter=DEBUG, STDOUT + +# STDOUT appender +log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender +log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout +#log4j.appender.STDOUT.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n +#log4j.appender.STDOUT.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n +log4j.appender.STDOUT.layout.ConversionPattern=%-5p |%d | %t | %c %x- %m%n + +### FILE appender +#log4j.appender.file=org.apache.log4j.RollingFileAppender +#log4j.appender.file.maxFileSize=100KB +#log4j.appender.file.maxBackupIndex=9 +#log4j.appender.file.File=egovbus_ca.log +#log4j.appender.file.threshold=info +#log4j.appender.file.layout=org.apache.log4j.PatternLayout +#log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n \ No newline at end of file -- cgit v1.2.3 From e21dd5249d5fa19c5619847922cf8cdea95e3145 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 25 Sep 2008 07:29:47 +0000 Subject: improved robustness of http binding processor git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@70 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/smcc/utils/SingletonPINProvider.java | 38 ---------------------- 1 file changed, 38 deletions(-) delete mode 100644 smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java b/smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java deleted file mode 100644 index e5030da2..00000000 --- a/smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java +++ /dev/null @@ -1,38 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.smcc.utils; - -import at.gv.egiz.smcc.PINProvider; -import at.gv.egiz.smcc.PINSpec; - -public class SingletonPINProvider implements PINProvider { - - private String pin; - private boolean pin_already_provided = false; - - public SingletonPINProvider(String pin) { - this.pin = pin; - } - - public String providePIN(PINSpec spec, int retries) { - if (pin_already_provided) - return null; - pin_already_provided = true; - return pin; - } - -} -- cgit v1.2.3 From 62dffe15b09010e64a886a936d549239f441cd31 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 10 Oct 2008 09:12:11 +0000 Subject: added a reset command git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@96 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 2 - .../at/gv/egiz/smcc/AbstractSignatureCard.java | 229 +++++++++++---------- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 6 + .../main/java/at/gv/egiz/smcc/SignatureCard.java | 2 + 4 files changed, 131 insertions(+), 108 deletions(-) (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java index 7269ba7f..abe086ee 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -153,8 +153,6 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { return -2; } - logger.finest("PIN=" + pin); - byte[] asciiPIN = pin.getBytes(Charset.forName("ASCII")); byte[] encodedPIN = new byte[8]; System.arraycopy(asciiPIN, 0, encodedPIN, 0, Math.min(asciiPIN.length, diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index 91c873c9..ab6932d7 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -40,40 +40,45 @@ import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + public abstract class AbstractSignatureCard implements SignatureCard { - static Logger logger = Logger.getLogger(AbstractSignatureCard.class.getName()); - + private static Log log = LogFactory.getLog(AbstractSignatureCard.class); + private ResourceBundle i18n; private String resourceBundleName; private Locale locale = Locale.getDefault(); - + int ifs_ = 254; - + Card card_; - + protected AbstractSignatureCard(String resourceBundleName) { this.resourceBundleName = resourceBundleName; } - + String toString(byte[] b) { StringBuffer sb = new StringBuffer(); if (b != null && b.length > 0) { sb.append(Integer.toHexString((b[0] & 240) >> 4)); sb.append(Integer.toHexString(b[0] & 15)); } - for(int i = 1; i < b.length; i++) { + for (int i = 1; i < b.length; i++) { sb.append(':'); sb.append(Integer.toHexString((b[i] & 240) >> 4)); sb.append(Integer.toHexString(b[i] & 15)); } return sb.toString(); } - - abstract byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException; - abstract byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException; + abstract byte[] selectFileAID(byte[] fid) throws CardException, + SignatureCardException; + + abstract byte[] selectFileFID(byte[] fid) throws CardException, + SignatureCardException; byte[] readBinary(CardChannel channel, int offset, int len) throws CardException, SignatureCardException { @@ -88,31 +93,32 @@ public abstract class AbstractSignatureCard implements SignatureCard { } } - - int readBinary(int offset, int len, byte[] b) - throws CardException, SignatureCardException { - if (b.length < len) { - throw new IllegalArgumentException( - "Length of b must not be less than len."); - } + int readBinary(int offset, int len, byte[] b) throws CardException, + SignatureCardException { - CardChannel channel = getCardChannel(); - - ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, - 0x7F & (offset >> 8), offset & 0xFF, len)); - if (resp.getSW() == 0x9000) { - System.arraycopy(resp.getData(), 0, b, 0, len); - } - - return resp.getSW(); + if (b.length < len) { + throw new IllegalArgumentException( + "Length of b must not be less than len."); + } + + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, + 0x7F & (offset >> 8), offset & 0xFF, len)); + if (resp.getSW() == 0x9000) { + System.arraycopy(resp.getData(), 0, b, 0, len); } - byte[] readBinaryTLV(int maxSize, byte expectedType) throws CardException, SignatureCardException { + return resp.getSW(); + + } + + byte[] readBinaryTLV(int maxSize, byte expectedType) throws CardException, + SignatureCardException { CardChannel channel = getCardChannel(); - + // read first chunk int len = Math.min(maxSize, ifs_); byte[] chunk = readBinary(channel, 0, len); @@ -141,89 +147,88 @@ public abstract class AbstractSignatureCard implements SignatureCard { offset += chunk.length; } return buffer.array(); - + } - - abstract int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) throws CardException, SignatureCardException; - public byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) throws SignatureCardException { - return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength); - } - - public byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, - PINProvider provider, PINSpec spec, int maxLength) throws SignatureCardException { - - try { - - // SELECT FILE (AID) - byte[] rb = selectFileAID(aid); - if (rb[rb.length - 2] != (byte) 0x90 || - rb[rb.length - 1] != (byte) 0x00) { - - throw new SignatureCardException( - "SELECT FILE with " + - "AID=" + toString(aid) + " failed (" + - "SW=" + - Integer.toHexString( - (0xFF & (int) rb[rb.length - 1]) | - (0xFF & (int) rb[rb.length - 2]) << 8) + - ")."); - - } - - // SELECT FILE (EF) - rb = selectFileFID(ef); - if (rb[rb.length - 2] != (byte) 0x90 || - rb[rb.length - 1] != (byte) 0x00) { - - throw new SignatureCardException( - "SELECT FILE with " + - "FID=" + toString(ef) + " failed (" + - "SW=" + - Integer.toHexString( - (0xFF & (int) rb[rb.length - 1]) | - (0xFF & (int) rb[rb.length - 2]) << 8) + - ")."); - } - - // try to READ BINARY - int sw = readBinary(0, 1, new byte[1]); - if (provider != null && sw == 0x6982) { - - // VERIFY - int kfpc = -1; // unknown - while (true) { - kfpc = verifyPIN(provider, spec, kid, kfpc); - if (kfpc < -1) { - return null; - } else if (kfpc < 0) { - break; - } - } - } else if (sw != 0x9000) { - throw new SignatureCardException("READ BINARY failed (SW=" + - Integer.toHexString(sw) + ")."); - } - - // READ BINARY - byte[] data = readBinaryTLV(maxLength, (byte) 0x30); - - return data; - - - } catch (CardException e) { - throw new SignatureCardException("Failed to acces card.", e); + abstract int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, + int kfpc) throws CardException, SignatureCardException; + + public byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) + throws SignatureCardException { + return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength); + } + + public byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, + PINProvider provider, PINSpec spec, int maxLength) + throws SignatureCardException { + + try { + + // SELECT FILE (AID) + byte[] rb = selectFileAID(aid); + if (rb[rb.length - 2] != (byte) 0x90 || rb[rb.length - 1] != (byte) 0x00) { + + throw new SignatureCardException("SELECT FILE with " + + "AID=" + + toString(aid) + + " failed (" + + "SW=" + + Integer.toHexString((0xFF & (int) rb[rb.length - 1]) + | (0xFF & (int) rb[rb.length - 2]) << 8) + ")."); + + } + + // SELECT FILE (EF) + rb = selectFileFID(ef); + if (rb[rb.length - 2] != (byte) 0x90 || rb[rb.length - 1] != (byte) 0x00) { + + throw new SignatureCardException("SELECT FILE with " + + "FID=" + + toString(ef) + + " failed (" + + "SW=" + + Integer.toHexString((0xFF & (int) rb[rb.length - 1]) + | (0xFF & (int) rb[rb.length - 2]) << 8) + ")."); + } + + // try to READ BINARY + int sw = readBinary(0, 1, new byte[1]); + if (provider != null && sw == 0x6982) { + + // VERIFY + int kfpc = -1; // unknown + while (true) { + kfpc = verifyPIN(provider, spec, kid, kfpc); + if (kfpc < -1) { + return null; + } else if (kfpc < 0) { + break; + } } + } else if (sw != 0x9000) { + throw new SignatureCardException("READ BINARY failed (SW=" + + Integer.toHexString(sw) + ")."); + } + + // READ BINARY + byte[] data = readBinaryTLV(maxLength, (byte) 0x30); + return data; + + } catch (CardException e) { + throw new SignatureCardException("Failed to acces card.", e); } - - ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU) throws CardException { - logger.fine(commandAPDU + "\n" + toString(commandAPDU.getBytes())); + } + + ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU) + throws CardException { + log.trace(commandAPDU + "\n" + toString(commandAPDU.getBytes())); long t0 = System.currentTimeMillis(); ResponseAPDU responseAPDU = channel.transmit(commandAPDU); long t1 = System.currentTimeMillis(); - logger.fine(responseAPDU + "\n[" + (t1 - t0) + "ms] " + toString(responseAPDU.getBytes())); + log.trace(responseAPDU + "\n[" + (t1 - t0) + "ms] " + + toString(responseAPDU.getBytes())); return responseAPDU; } @@ -233,15 +238,14 @@ public abstract class AbstractSignatureCard implements SignatureCard { byte[] atrBytes = atr.getBytes(); if (atrBytes.length >= 6) { ifs_ = 0xFF & atr.getBytes()[6]; - logger.finer("Setting IFS (information field size) to " + ifs_); + log.trace("Setting IFS (information field size) to " + ifs_); } } CardChannel getCardChannel() { return card_.getBasicChannel(); } - - + @Override public void setLocale(Locale locale) { if (locale == null) { @@ -249,11 +253,24 @@ public abstract class AbstractSignatureCard implements SignatureCard { } this.locale = locale; } - + protected ResourceBundle getResourceBundle() { if (i18n == null) { i18n = ResourceBundle.getBundle(resourceBundleName, locale); } return i18n; } + + @Override + public void reset() { + log.debug("Resetting card"); + if (card_ != null) { + try { + card_.disconnect(true); + } catch (CardException e) { + log.info("Error while resetting card", e); + } + } + } + } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index f19bc709..28cce350 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -319,4 +319,10 @@ public class SWCard implements SignatureCard { throw new UnsupportedOperationException("Not supported yet."); } + @Override + public void reset() { + // TODO Auto-generated method stub + + } + } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java index 18a63514..5e859d52 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -78,6 +78,8 @@ public interface SignatureCard { public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException; + + public void reset(); /** * -- cgit v1.2.3 From 8852be703a5cacaf271575ccee04bbe27612d16b Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 10 Oct 2008 12:35:07 +0000 Subject: Improved Quit Handling for multiple applet instances git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@101 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java | 6 +++--- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 4 +--- smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java | 2 +- 3 files changed, 5 insertions(+), 7 deletions(-) (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index ab6932d7..7f3a3b1c 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -262,11 +262,11 @@ public abstract class AbstractSignatureCard implements SignatureCard { } @Override - public void reset() { - log.debug("Resetting card"); + public void disconnect(boolean reset) { + log.debug("Disconnect called"); if (card_ != null) { try { - card_.disconnect(true); + card_.disconnect(reset); } catch (CardException e) { log.info("Error while resetting card", e); } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index 28cce350..68a6f6df 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -320,9 +320,7 @@ public class SWCard implements SignatureCard { } @Override - public void reset() { - // TODO Auto-generated method stub - + public void disconnect(boolean reset) { } } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java index 5e859d52..37bd7cf9 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -79,7 +79,7 @@ public interface SignatureCard { public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException; - public void reset(); + public void disconnect(boolean reset); /** * -- cgit v1.2.3 From ef8dc449ddc60008bce9264c73b4162cc487c174 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 16 Oct 2008 07:51:13 +0000 Subject: Changed STAL Handler from static registration to one Object per STAL instance git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@121 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java | 2 +- smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index 7f3a3b1c..77a3e2ea 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -267,7 +267,7 @@ public abstract class AbstractSignatureCard implements SignatureCard { if (card_ != null) { try { card_.disconnect(reset); - } catch (CardException e) { + } catch (Exception e) { log.info("Error while resetting card", e); } } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java index 3d1fd7c7..15971497 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java @@ -49,11 +49,11 @@ public class SMCCHelper { update(); } - public void update() { + public synchronized void update() { update(-1); } - public void update(int sleep) { + public synchronized void update(int sleep) { SignatureCardFactory factory = SignatureCardFactory.getInstance(); if (useSWCard) { try { @@ -113,7 +113,7 @@ public class SMCCHelper { } } - public SignatureCard getSignatureCard(Locale locale) { + public synchronized SignatureCard getSignatureCard(Locale locale) { if (signatureCard != null) { signatureCard.setLocale(locale); } -- cgit v1.2.3 From c2ae3db1bc6dcb8ba3eb3461c05e293917c004ca Mon Sep 17 00:00:00 2001 From: mcentner Date: Thu, 30 Oct 2008 10:33:29 +0000 Subject: Updated SMCC to use exclusive access and to throw exceptions upon locked or not activated cards. Improved locale support in the security layer request and response processing. Fixed issue in STAL which prevented the use of RSA-SHA1 signatures. Added additional parameters to the applet test pages. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@128 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 348 ++++++++++++--------- .../at/gv/egiz/smcc/AbstractSignatureCard.java | 169 +++++++--- .../at/gv/egiz/smcc/FileNotFoundException.java | 38 +++ .../main/java/at/gv/egiz/smcc/LockedException.java | 38 +++ .../at/gv/egiz/smcc/NotActivatedException.java | 44 +++ .../src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 339 ++++++++++++-------- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 79 ++++- .../at/gv/egiz/smcc/SignatureCardException.java | 2 +- .../java/at/gv/egiz/smcc/SignatureCardFactory.java | 223 +++++++++++-- .../java/at/gv/egiz/smcc/util/SmartCardIO.java | 3 +- .../test/java/at/gv/egiz/smcc/STARCOSCardTest.java | 92 ++++++ 11 files changed, 1034 insertions(+), 341 deletions(-) create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/FileNotFoundException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/LockedException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/NotActivatedException.java create mode 100644 smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java index abe086ee..9e56701f 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -30,12 +30,18 @@ package at.gv.egiz.smcc; import java.nio.charset.Charset; +import javax.smartcardio.Card; import javax.smartcardio.CardChannel; import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + public class ACOSCard extends AbstractSignatureCard implements SignatureCard { + + private static Log log = LogFactory.getLog(ACOSCard.class); public static final byte[] AID_DEC = new byte[] { (byte) 0xA0, (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x18, (byte) 0x45, (byte) 0x4E }; @@ -97,7 +103,145 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { super("at/gv/egiz/smcc/ACOSCard"); } - byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { + /* (non-Javadoc) + * @see at.gv.egiz.smcc.SignatureCard#getCertificate(at.gv.egiz.smcc.SignatureCard.KeyboxName) + */ + public byte[] getCertificate(KeyboxName keyboxName) + throws SignatureCardException { + + byte[] aid; + byte[] efc; + int maxsize; + if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + aid = AID_SIG; + efc = EF_C_CH_DS; + maxsize = EF_C_CH_DS_MAX_SIZE; + } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + aid = AID_DEC; + efc = EF_C_CH_EKEY; + maxsize = EF_C_CH_EKEY_MAX_SIZE; + } else { + throw new IllegalArgumentException("Keybox " + keyboxName + + " not supported."); + } + + log.debug("Get certificate for keybox '" + keyboxName.getKeyboxName() + "'" + + " (AID=" + toString(aid) + " EF=" + toString(efc) + ")."); + + try { + Card card = getCardChannel().getCard(); + try { + card.beginExclusive(); + return readTLVFile(aid, efc, maxsize + 15000); + } catch (FileNotFoundException e) { + // if certificate is not present, + // the citizen card application has not been activated + throw new NotActivatedException(); + } finally { + card.endExclusive(); + } + } catch (CardException e) { + throw new SignatureCardException("Failed to get exclusive card access."); + } + + + } + + /* (non-Javadoc) + * @see at.gv.egiz.smcc.SignatureCard#getInfobox(java.lang.String, at.gv.egiz.smcc.PINProvider, java.lang.String) + */ + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) + throws SignatureCardException { + + if ("IdentityLink".equals(infobox)) { + + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("inf.pin.name")); + + try { + Card card = getCardChannel().getCard(); + try { + card.beginExclusive(); + return readTLVFilePIN(AID_DEC, EF_INFOBOX, KID_PIN_INF, provider, + spec, EF_INFOBOX_MAX_SIZE); + } catch (FileNotFoundException e) { + // if certificate is not present, + // the citizen card application has not been activated + throw new NotActivatedException(); + } finally { + card.endExclusive(); + } + } catch (CardException e) { + throw new SignatureCardException("Failed to get exclusive card access."); + } + + } else { + throw new IllegalArgumentException("Infobox '" + infobox + + "' not supported."); + } + + } + + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, + PINProvider provider) throws SignatureCardException { + + if (hash.length != 20) { + throw new IllegalArgumentException("Hash value must be of length 20."); + } + + try { + Card card = getCardChannel().getCard(); + try { + card.beginExclusive(); + + if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { + + // SELECT DF + selectFileFID(DF_SIG); + // VERIFY + verifyPIN(provider, new PINSpec(6, 10, "[0-9]", getResourceBundle() + .getString("sig.pin.name")), KID_PIN_SIG); + // MSE: SET DST + mseSetDST(0x81, 0xb6, DST_SIG); + // PSO: HASH + psoHash(hash); + // PSO: COMPUTE DIGITAL SIGNATURE + return psoComputDigitalSiganture(); + + } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { + + // SELECT DF + selectFileFID(DF_DEC); + // VERIFY + verifyPIN(provider, new PINSpec(4, 4, "[0-9]", getResourceBundle() + .getString("dec.pin.name")), KID_PIN_DEC); + // MSE: SET DST + mseSetDST(0x41, 0xa4, DST_DEC); + // INTERNAL AUTHENTICATE + return internalAuthenticate(hash); + + + // 00 88 10 00 23 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 54 26 F0 EA AF EA F0 4E D4 A1 AD BF 66 D4 A5 9B 45 6F AF 79 00 + // 00 88 10 00 23 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 DF 8C AB 8F E2 AD AC 7B 5A AF BE E9 44 5E 95 99 FA AF 2F 48 00 + + } else { + throw new IllegalArgumentException("KeyboxName '" + keyboxName + + "' not supported."); + } + + } catch (FileNotFoundException e) { + // if certificate is not present, + // the citizen card application has not been activated + throw new NotActivatedException(); + } finally { + card.endExclusive(); + } + } catch (CardException e) { + throw new SignatureCardException("Failed to get exclusive card access."); + } + + } + + protected byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04, 0x00, fid, 256)); @@ -109,18 +253,40 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { } } - byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException { + protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); - ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, + return transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, 0x00, fid, 256)); - if (resp.getSW() == 0x6a82) { - throw new SignatureCardException("Failed to select file (FID=" - + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + ")"); + } + + protected int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException { + + CardChannel channel = getCardChannel(); + + byte[] asciiPIN = pin.getBytes(Charset.forName("ASCII")); + byte[] encodedPIN = new byte[8]; + System.arraycopy(asciiPIN, 0, encodedPIN, 0, Math.min(asciiPIN.length, + encodedPIN.length)); + + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x20, 0x00, + kid, encodedPIN), false); + + if (resp.getSW() == 0x63c0) { + throw new LockedException("PIN locked."); + } else if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) { + // return number of possible retries + return resp.getSW2() & 0x0f; + } else if (resp.getSW() == 0x6983) { + throw new NotActivatedException(); + } else if (resp.getSW() == 0x9000) { + return -1; } else { - return resp.getBytes(); + throw new SignatureCardException("Failed to verify pin: SW=" + + Integer.toHexString(resp.getSW()) + "."); } - } + } + /** * * @param pinProvider @@ -128,56 +294,30 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { * the PIN spec to be given to the pinProvider * @param kid * the KID (key identifier) of the PIN to be verified - * @param kfpc - * acutal value of the KFCP (key fault presentation counter) or less - * than 0 if actual value is unknown - * - * @return -1 if the PIN has been verifyed successfully, or else the new value - * of the KFCP (key fault presentation counter) - * * @throws CancelledException * if the user canceld the operation * @throws javax.smartcardio.CardException * @throws at.gv.egiz.smcc.SignatureCardException */ - int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) + protected void verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid) throws CardException, CancelledException, SignatureCardException { - CardChannel channel = getCardChannel(); - - // get PIN - String pin = pinProvider.providePIN(spec, kfpc); - if (pin == null) { - // User canceld operation - // throw new CancelledException("User canceld PIN entry"); - return -2; - } - - byte[] asciiPIN = pin.getBytes(Charset.forName("ASCII")); - byte[] encodedPIN = new byte[8]; - System.arraycopy(asciiPIN, 0, encodedPIN, 0, Math.min(asciiPIN.length, - encodedPIN.length)); - - ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x20, 0x00, - kid, encodedPIN)); - if (resp.getSW1() == (byte) 0x63 && resp.getSW2() >> 4 == (byte) 0xc) { - return resp.getSW2() & (byte) 0x0f; - } else if (resp.getSW() == 0x6983) { - // PIN blocked - throw new SignatureCardException(spec.getLocalizedName() + " blocked."); - } else if (resp.getSW() != 0x9000) { - throw new SignatureCardException("Failed to verify pin: SW=" - + Integer.toHexString(resp.getSW()) + "."); - } else { - return -1; - } - + int retries = -1; + do { + String pin = pinProvider.providePIN(spec, retries); + if (pin == null) { + // user canceled operation + throw new CancelledException("User canceled operation"); + } + retries = verifyPIN(pin, kid); + } while (retries > 0); + } - - void mseSetDST(byte[] dst) throws CardException, SignatureCardException { + + void mseSetDST(int p1, int p2, byte[] dst) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); - ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, 0x81, - 0xB6, dst)); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, p1, + p2, dst)); if (resp.getSW() != 0x9000) { throw new SignatureCardException("MSE:SET DST failed: SW=" + Integer.toHexString(resp.getSW())); @@ -207,102 +347,30 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { return resp.getData(); } } - - public byte[] getCertificate(KeyboxName keyboxName) - throws SignatureCardException { - - if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { - return readTLVFile(AID_SIG, EF_C_CH_DS, EF_C_CH_DS_MAX_SIZE); - } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { - return readTLVFile(AID_DEC, EF_C_CH_EKEY, EF_C_CH_EKEY_MAX_SIZE); - } else { - throw new IllegalArgumentException("Keybox " + keyboxName - + " not supported."); - } - - } - - public byte[] getInfobox(String infobox, PINProvider provider, String domainId) - throws SignatureCardException { - - if ("IdentityLink".equals(infobox)) { - - PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString( - "inf.pin.name")); - try { - byte[] res = readTLVFilePIN(AID_DEC, EF_INFOBOX, KID_PIN_INF, provider, - spec, EF_INFOBOX_MAX_SIZE); - return res; - } catch (Exception e) { - throw new SecurityException(e); - } - + + byte[] internalAuthenticate(byte[] hash) throws CardException, SignatureCardException { + byte[] digestInfo = new byte[] { + (byte) 0x30, (byte) 0x21, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2B, (byte) 0x0E, + (byte) 0x03, (byte) 0x02, (byte) 0x1A, (byte) 0x05, (byte) 0x00, (byte) 0x04 + }; + + byte[] data = new byte[digestInfo.length + hash.length + 1]; + + System.arraycopy(digestInfo, 0, data, 0, digestInfo.length); + data[digestInfo.length] = (byte) hash.length; + System.arraycopy(hash, 0, data, digestInfo.length + 1, hash.length); + + CardChannel channel = getCardChannel(); + + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x88, 0x10, 0x00, data, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("INTERNAL AUTHENTICATE failed: SW=" + Integer.toHexString(resp.getSW())); } else { - throw new IllegalArgumentException("Infobox '" + infobox - + "' not supported."); + return resp.getData(); } - } public String toString() { return "a-sign premium"; } - - public byte[] createSignature(byte[] hash, KeyboxName keyboxName, - PINProvider provider) throws SignatureCardException { - - if (hash.length != 20) { - throw new IllegalArgumentException("Hash value must be of length 20"); - } - - byte[] fid; - byte kid; - byte[] dst; - PINSpec spec; - if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { - fid = DF_SIG; - kid = KID_PIN_SIG; - dst = DST_SIG; - spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString( - "sig.pin.name")); - - } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { - fid = DF_DEC; - kid = KID_PIN_DEC; - dst = DST_DEC; - spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString( - "dec.pin.name")); - - } else { - throw new IllegalArgumentException("KeyboxName '" + keyboxName - + "' not supported."); - } - - try { - - // SELECT DF - selectFileFID(fid); - // VERIFY - int kfpc = -1; - while (true) { - kfpc = verifyPIN(provider, spec, kid, kfpc); - if (kfpc < -1) { - return null; - } else if (kfpc < 0) { - break; - } - } - // MSE: SET DST - mseSetDST(dst); - // PSO: HASH - psoHash(hash); - // PSO: COMPUTE DIGITAL SIGNATURE - byte[] rs = psoComputDigitalSiganture(); - - return rs; - - } catch (CardException e) { - throw new SignatureCardException("Failed to create signature.", e); - } - } } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index 77a3e2ea..cebc63fc 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -31,7 +31,6 @@ package at.gv.egiz.smcc; import java.nio.ByteBuffer; import java.util.Locale; import java.util.ResourceBundle; -import java.util.logging.Logger; import javax.smartcardio.ATR; import javax.smartcardio.Card; @@ -60,7 +59,7 @@ public abstract class AbstractSignatureCard implements SignatureCard { this.resourceBundleName = resourceBundleName; } - String toString(byte[] b) { + protected String toString(byte[] b) { StringBuffer sb = new StringBuffer(); if (b != null && b.length > 0) { sb.append(Integer.toHexString((b[0] & 240) >> 4)); @@ -74,13 +73,46 @@ public abstract class AbstractSignatureCard implements SignatureCard { return sb.toString(); } - abstract byte[] selectFileAID(byte[] fid) throws CardException, + protected abstract byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException; - abstract byte[] selectFileFID(byte[] fid) throws CardException, + protected abstract ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException; - byte[] readBinary(CardChannel channel, int offset, int len) + /** + * VERIFY PIN + * + *

+ * Implementations of this method should call + * {@link PINProvider#providePIN(PINSpec, int)} to retrieve the PIN entered by + * the user and VERIFY PIN on the smart card until the PIN has been + * successfully verified. + *

+ * + * @param pinProvider + * the PINProvider + * @param spec + * the PINSpec + * @param kid + * the key ID (KID) of the PIN to verify + * + * @throws CardException + * if smart card communication fails + * + * @throws CancelledException + * if the PINProvider indicated that the user canceled the PIN entry + * @throws NotActivatedException + * if the card application has not been activated + * @throws LockedException + * if the card application is locked + * + * @throws SignatureCardException + * if VERIFY PIN fails + */ + protected abstract void verifyPIN(PINProvider pinProvider, PINSpec spec, + byte kid) throws CardException, SignatureCardException; + + protected byte[] readBinary(CardChannel channel, int offset, int len) throws CardException, SignatureCardException { ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB0, @@ -94,7 +126,7 @@ public abstract class AbstractSignatureCard implements SignatureCard { } - int readBinary(int offset, int len, byte[] b) throws CardException, + protected int readBinary(int offset, int len, byte[] b) throws CardException, SignatureCardException { if (b.length < len) { @@ -114,7 +146,7 @@ public abstract class AbstractSignatureCard implements SignatureCard { } - byte[] readBinaryTLV(int maxSize, byte expectedType) throws CardException, + protected byte[] readBinaryTLV(int maxSize, byte expectedType) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); @@ -150,15 +182,38 @@ public abstract class AbstractSignatureCard implements SignatureCard { } - abstract int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, - int kfpc) throws CardException, SignatureCardException; - - public byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) + /** + * Read the content of a TLV file. + * + * @param aid the application ID (AID) + * @param ef the elementary file (EF) + * @param maxLength the maximum length of the file + * + * @return the content of the file + * + * @throws SignatureCardException + */ + protected byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) throws SignatureCardException { return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength); } - public byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, + + /** + * Read the content of a TLV file wich may require a PIN. + * + * @param aid the application ID (AID) + * @param ef the elementary file (EF) + * @param kid the key ID (KID) of the corresponding PIN + * @param provider the PINProvider + * @param spec the PINSpec + * @param maxLength the maximum length of the file + * + * @return the content of the file + * + * @throws SignatureCardException + */ + protected byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, PINProvider provider, PINSpec spec, int maxLength) throws SignatureCardException { @@ -179,33 +234,38 @@ public abstract class AbstractSignatureCard implements SignatureCard { } // SELECT FILE (EF) - rb = selectFileFID(ef); - if (rb[rb.length - 2] != (byte) 0x90 || rb[rb.length - 1] != (byte) 0x00) { + ResponseAPDU resp = selectFileFID(ef); + if (resp.getSW() == 0x6a82) { + + // EF not found + throw new FileNotFoundException("EF " + toString(ef) + " not found."); + + } else if (resp.getSW() != 0x9000) { throw new SignatureCardException("SELECT FILE with " + "FID=" + toString(ef) + " failed (" + "SW=" - + Integer.toHexString((0xFF & (int) rb[rb.length - 1]) - | (0xFF & (int) rb[rb.length - 2]) << 8) + ")."); + + Integer.toHexString(resp.getSW()) + ")."); + } // try to READ BINARY - int sw = readBinary(0, 1, new byte[1]); + byte[] b = new byte[1]; + int sw = readBinary(0, 1, b); + if (provider != null && sw == 0x6982) { // VERIFY - int kfpc = -1; // unknown - while (true) { - kfpc = verifyPIN(provider, spec, kid, kfpc); - if (kfpc < -1) { - return null; - } else if (kfpc < 0) { - break; - } + verifyPIN(provider, spec, kid); + + } else if (sw == 0x9000) { + // not expected type + if (b[0] != 0x30) { + throw new NotActivatedException(); } - } else if (sw != 0x9000) { + } else { throw new SignatureCardException("READ BINARY failed (SW=" + Integer.toHexString(sw) + ")."); } @@ -221,17 +281,56 @@ public abstract class AbstractSignatureCard implements SignatureCard { } - ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU) + /** + * Transmit the given command APDU using the given card channel. + * + * @param channel + * the card channel + * @param commandAPDU + * the command APDU + * @param logData + * true if command APDU data may be logged, or + * false otherwise + * + * @return the corresponding response APDU + * + * @throws CardException + * if smart card communication fails + */ + protected ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU, boolean logData) + throws CardException { + + if (log.isTraceEnabled()) { + log.trace(commandAPDU + + (logData ? "\n" + toString(commandAPDU.getBytes()) : "")); + long t0 = System.currentTimeMillis(); + ResponseAPDU responseAPDU = channel.transmit(commandAPDU); + long t1 = System.currentTimeMillis(); + log.trace(responseAPDU + "\n[" + (t1 - t0) + "ms] " + + (logData ? "\n" + toString(responseAPDU.getBytes()) : "")); + return responseAPDU; + } else { + return channel.transmit(commandAPDU); + } + + } + + /** + * Transmit the given command APDU using the given card channel. + * + * @param channel the card channel + * @param commandAPDU the command APDU + * + * @return the corresponding response APDU + * + * @throws CardException if smart card communication fails + */ + protected ResponseAPDU transmit(CardChannel channel, CommandAPDU commandAPDU) throws CardException { - log.trace(commandAPDU + "\n" + toString(commandAPDU.getBytes())); - long t0 = System.currentTimeMillis(); - ResponseAPDU responseAPDU = channel.transmit(commandAPDU); - long t1 = System.currentTimeMillis(); - log.trace(responseAPDU + "\n[" + (t1 - t0) + "ms] " - + toString(responseAPDU.getBytes())); - return responseAPDU; + return transmit(channel, commandAPDU, true); } + public void init(Card card) { card_ = card; ATR atr = card.getATR(); @@ -242,7 +341,7 @@ public abstract class AbstractSignatureCard implements SignatureCard { } } - CardChannel getCardChannel() { + protected CardChannel getCardChannel() { return card_.getBasicChannel(); } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/FileNotFoundException.java b/smcc/src/main/java/at/gv/egiz/smcc/FileNotFoundException.java new file mode 100644 index 00000000..f96611c2 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/FileNotFoundException.java @@ -0,0 +1,38 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class FileNotFoundException extends SignatureCardException { + + private static final long serialVersionUID = 1L; + + public FileNotFoundException() { + } + + public FileNotFoundException(String message, Throwable cause) { + super(message, cause); + } + + public FileNotFoundException(String message) { + super(message); + } + + public FileNotFoundException(Throwable cause) { + super(cause); + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/LockedException.java b/smcc/src/main/java/at/gv/egiz/smcc/LockedException.java new file mode 100644 index 00000000..e00322a0 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/LockedException.java @@ -0,0 +1,38 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class LockedException extends SignatureCardException { + + private static final long serialVersionUID = 1L; + + public LockedException() { + } + + public LockedException(String message, Throwable cause) { + super(message, cause); + } + + public LockedException(String message) { + super(message); + } + + public LockedException(Throwable cause) { + super(cause); + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/NotActivatedException.java b/smcc/src/main/java/at/gv/egiz/smcc/NotActivatedException.java new file mode 100644 index 00000000..9181fc5f --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/NotActivatedException.java @@ -0,0 +1,44 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +/** + * This exception is thrown upon a call to a function that + * has not been activated (e.g. not yet activated citizen card). + */ +public class NotActivatedException extends SignatureCardException { + + private static final long serialVersionUID = 1L; + + public NotActivatedException() { + super(); + } + + public NotActivatedException(String message, Throwable cause) { + super(message, cause); + } + + public NotActivatedException(String message) { + super(message); + } + + public NotActivatedException(Throwable cause) { + super(cause); + } + + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index 79e2663e..99acbc0f 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -31,12 +31,21 @@ package at.gv.egiz.smcc; import java.math.BigInteger; import java.util.Arrays; +import javax.smartcardio.Card; import javax.smartcardio.CardChannel; import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + public class STARCOSCard extends AbstractSignatureCard implements SignatureCard { + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(STARCOSCard.class); public static final byte[] MF = new byte[] { (byte) 0x3F, (byte) 0x00 }; @@ -83,7 +92,7 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard public static final byte KID_PIN_SS = (byte) 0x81; - // Gew�hnliche Signatur (GS) + // Gewöhnliche Signatur (GS) public static final byte[] AID_DF_GS = new byte[] { (byte) 0xd0, (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x13, @@ -104,31 +113,157 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard // . // ) (byte) 0x80, (byte) 0x02, (byte) 0x00, // local, key ID, key version - (byte) 0x89, (byte) 0x01, // tag, length (algorithm ID) - (byte) 0x14 // ECDSA + (byte) 0x89, (byte) 0x03, // tag, length (algorithm ID) + (byte) 0x13, (byte) 0x35, (byte) 0x10 // ECDSA }; public static final byte KID_PIN_CARD = (byte) 0x01; + /** + * Creates an new instance. + */ public STARCOSCard() { super("at/gv/egiz/smcc/STARCOSCard"); } + /* (non-Javadoc) + * @see at.gv.egiz.smcc.SignatureCard#getCertificate(at.gv.egiz.smcc.SignatureCard.KeyboxName) + */ public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException { + byte[] aid; + byte[] efc; if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { - return readTLVFile(AID_DF_SS, EF_C_X509_CH_DS, 2000); + aid = AID_DF_SS; + efc = EF_C_X509_CH_DS; } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { - return readTLVFile(AID_DF_GS, EF_C_X509_CH_AUT, 2000); + aid = AID_DF_GS; + efc = EF_C_X509_CH_AUT; } else { throw new IllegalArgumentException("Keybox " + keyboxName + " not supported."); } + log.debug("Get certificate for keybox '" + keyboxName.getKeyboxName() + "'" + + " (AID=" + toString(aid) + " EF=" + toString(efc) + ")."); + + try { + Card card = getCardChannel().getCard(); + try { + card.beginExclusive(); + return readTLVFile(aid, efc, 2000); + } catch (FileNotFoundException e) { + // if certificate is not present, + // the citizen card application has not been activated + throw new NotActivatedException(); + } finally { + card.endExclusive(); + } + } catch (CardException e) { + throw new SignatureCardException("Failed to get exclusive card access."); + } + + } + + /* (non-Javadoc) + * @see at.gv.egiz.smcc.SignatureCard#getInfobox(java.lang.String, at.gv.egiz.smcc.PINProvider, java.lang.String) + */ + public byte[] getInfobox(String infobox, PINProvider provider, String domainId) + throws SignatureCardException { + + if ("IdentityLink".equals(infobox)) { + + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + + try { + Card card = getCardChannel().getCard(); + try { + card.beginExclusive(); + return readTLVFilePIN(AID_INFOBOX, EF_INFOBOX, KID_PIN_CARD, + provider, spec, 2000); + } catch (FileNotFoundException e) { + // if certificate is not present, + // the citizen card application has not been activated + throw new NotActivatedException(); + } finally { + card.endExclusive(); + } + } catch (CardException e) { + throw new SignatureCardException("Failed to get exclusive card access."); + } + + } else { + throw new IllegalArgumentException("Infobox '" + infobox + + "' not supported."); + } + + } + + /* (non-Javadoc) + * @see at.gv.egiz.smcc.SignatureCard#createSignature(byte[], at.gv.egiz.smcc.SignatureCard.KeyboxName, at.gv.egiz.smcc.PINProvider) + */ + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, + PINProvider provider) throws SignatureCardException { + + if (hash.length != 20) { + throw new IllegalArgumentException("Hash value must be of length 20."); + } + + byte[] aid; + byte kid; + byte[] dst; + PINSpec spec; + if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { + aid = AID_DF_SS; + kid = KID_PIN_SS; + dst = DST_SS; + spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); + + } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { + aid = AID_DF_GS; + kid = KID_PIN_CARD; + dst = DST_GS; + spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + + } else { + throw new IllegalArgumentException("KeyboxName '" + keyboxName + + "' not supported."); + } + + try { + Card card = getCardChannel().getCard(); + try { + card.beginExclusive(); + + // SELECT MF + selectMF(); + // SELECT DF + selectFileAID(aid); + // VERIFY + verifyPIN(provider, spec, kid); + // MSE: SET DST + mseSetDST(dst); + // PSO: HASH + psoHash(hash); + // PSO: COMPUTE DIGITAL SIGNATURE + return psoComputDigitalSiganture(); + + + } catch (FileNotFoundException e) { + // if certificate is not present, + // the citizen card application has not been activated + throw new NotActivatedException(); + } finally { + card.endExclusive(); + } + } catch (CardException e) { + throw new SignatureCardException("Failed to get exclusive card access."); + } + } - byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { + protected byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04, 0x04, fid, 256)); @@ -150,16 +285,10 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard } } - byte[] selectFileFID(byte[] fid) throws CardException, SignatureCardException { + protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); - ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x02, + return transmit(channel, new CommandAPDU(0x00, 0xA4, 0x02, 0x04, fid, 256)); - if (resp.getSW() == 0x6a82) { - throw new SignatureCardException("Failed to select file (FID=" - + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + "."); - } else { - return resp.getBytes(); - } } void mseSetDST(byte[] dst) throws CardException, SignatureCardException { @@ -201,134 +330,86 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard } } - int verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid, int kfpc) - throws CardException, SignatureCardException { - + /** + * VERIFY PIN + *

+ * If pin is null only the PIN status is checked and + * returned. + *

+ * + * @param pin + * the PIN (may be null) + * @param kid + * the KID of the PIN to be verified + * + * @return -1 if VERIFY PIN was successful, or the number of possible retries + * + * @throws CardException + * if communication with the smart card fails. + * @throws NotActivatedException + * if the card application has not been activated + * @throws SignatureCardException + * if VERIFY PIN fails + */ + private int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); - // get number of possible retries - ResponseAPDU resp = transmit(channel, - new CommandAPDU(0x00, 0x20, 0x00, kid)); - int retries; - if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) { - retries = resp.getSW2() & 0x0f; - } else if (resp.getSW() == 0x6984) { - // PIN LCS = "Initilized" (not activated) - throw new SignatureCardException(spec.getLocalizedName() + " not set."); - } else { - throw new SignatureCardException("Failed to get PIN retries: SW=" - + Integer.toHexString(resp.getSW())); - } - - // get PIN - String pin = pinProvider.providePIN(spec, retries); + ResponseAPDU resp; if (pin == null) { - // User canceled operation - // throw new CancelledException("User canceld PIN entry"); - return -2; - } - // PIN length in bytes - int len = (int) Math.ceil(pin.length() / 2); - - // BCD encode PIN and marshal PIN block - byte[] pinBytes = new BigInteger(pin, 16).toByteArray(); - byte[] pinBlock = new byte[8]; - if (len < pinBytes.length) { - System.arraycopy(pinBytes, pinBytes.length - len, pinBlock, 1, len); + resp = transmit(channel, new CommandAPDU(0x00, 0x20, 0x00, kid)); } else { - System.arraycopy(pinBytes, 0, pinBlock, len - pinBytes.length + 1, - pinBytes.length); + // PIN length in bytes + int len = (int) Math.ceil(pin.length() / 2); + + // BCD encode PIN and marshal PIN block + byte[] pinBytes = new BigInteger(pin, 16).toByteArray(); + byte[] pinBlock = new byte[8]; + if (len < pinBytes.length) { + System.arraycopy(pinBytes, pinBytes.length - len, pinBlock, 1, len); + } else { + System.arraycopy(pinBytes, 0, pinBlock, len - pinBytes.length + 1, + pinBytes.length); + } + pinBlock[0] = (byte) (0x20 + len * 2); + Arrays.fill(pinBlock, len + 1, 8, (byte) 0xff); + + resp = transmit(channel, new CommandAPDU(0x00, 0x20, 0x00, kid, pinBlock), false); + } - pinBlock[0] = (byte) (0x20 + len * 2); - Arrays.fill(pinBlock, len + 1, 8, (byte) 0xff); - resp = transmit(channel, new CommandAPDU(0x00, 0x20, 0x00, kid, pinBlock)); - if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) { + if (resp.getSW() == 0x63c0) { + throw new LockedException("PIN locked."); + } else if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) { + // return number of possible retries return resp.getSW2() & 0x0f; - } else if (resp.getSW() != 0x9000) { + } else if (resp.getSW() == 0x6984) { + // PIN LCS = "Initialized" (-> not activated) + throw new NotActivatedException("PIN not set."); + } else if (resp.getSW() == 0x9000) { + return -1; // success + } else { throw new SignatureCardException("Failed to verify pin: SW=" + Integer.toHexString(resp.getSW())); - } else { - return -1; - } - - } - - public byte[] createSignature(byte[] hash, KeyboxName keyboxName, - PINProvider provider) throws SignatureCardException { - - if (hash.length != 20) { - throw new IllegalArgumentException("Hash value must be of length 20"); - } - - byte[] aid; - byte kid; - byte[] dst; - PINSpec spec; - if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { - aid = AID_DF_SS; - kid = KID_PIN_SS; - dst = DST_SS; - spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); - - } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { - aid = AID_DF_GS; - kid = KID_PIN_CARD; - dst = DST_GS; - spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); - - } else { - throw new IllegalArgumentException("KeyboxName '" + keyboxName - + "' not supported."); } - - try { - - // SELECT MF - selectMF(); - // SELECT DF - selectFileAID(aid); - // VERIFY - int retr = -1; // unknown - while (true) { - retr = verifyPIN(provider, spec, kid, retr); - if (retr < -1) { - return null; - } else if (retr < 0) { - break; - } - } - // MSE: SET DST - mseSetDST(dst); - // PSO: HASH - psoHash(hash); - // PSO: COMPUTE DIGITAL SIGNATURE - byte[] rs = psoComputDigitalSiganture(); - return rs; - - } catch (CardException e) { - throw new SignatureCardException("Failed to create signature.", e); - } - + } + + /* (non-Javadoc) + * @see at.gv.egiz.smcc.AbstractSignatureCard#verifyPIN(at.gv.egiz.smcc.PINProvider, at.gv.egiz.smcc.PINSpec, byte, int) + */ + protected void verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid) + throws CardException, SignatureCardException { - public byte[] getInfobox(String infobox, PINProvider provider, String domainId) - throws SignatureCardException { - - if ("IdentityLink".equals(infobox)) { - - PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); - try { - byte[] res = readTLVFilePIN(AID_INFOBOX, EF_INFOBOX, KID_PIN_CARD, - provider, spec, 2000); - return res; - } catch (Exception e) { - throw new SignatureCardException(e); + int retries = verifyPIN(null, kid); + do { + String pin = pinProvider.providePIN(spec, retries); + if (pin == null) { + // user canceled operation + throw new CancelledException("User canceld operation."); } - } else { - throw new IllegalArgumentException("Infobox '" + infobox - + "' not supported."); - } + retries = verifyPIN(pin, kid); + } while (retries > 0); } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index 68a6f6df..22a66c3f 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -25,6 +25,8 @@ import java.io.ByteArrayOutputStream; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; +import java.io.InputStreamReader; +import java.nio.charset.Charset; import java.security.InvalidKeyException; import java.security.Key; import java.security.KeyStore; @@ -52,16 +54,20 @@ import org.apache.commons.logging.LogFactory; */ public class SWCard implements SignatureCard { - private static final String BKU_USER_DIR = ".bku"; + private static final String BKU_USER_DIR = ".mocca"; private static final String SWCARD_DIR = "smcc"; private static final String KEYSTORE_CERTIFIED_KEYPAIR = "certified.p12"; + private static final String KEYSTORE_PASSWORD_CERTIFIED_KEYPAIR = "certified.pwd"; + private static final String CERTIFICATE_CERTIFIED_KEYPAIR = "certified.cer"; private static final String KEYSTORE_SECURE_KEYPAIR = "secure.p12"; + private static final String KEYSTORE_PASSWORD_SECURE_KEYPAIR = "secure.pwd"; + private static final String CERTIFICATE_SECURE_KEYPAIR = "secure.cer"; private static String swCardDir; @@ -70,8 +76,12 @@ public class SWCard implements SignatureCard { private KeyStore certifiedKeyStore; + private String certifiedKeyStorePassword; + private KeyStore secureKeyStore; + private String secureKeyStorePassword; + private Certificate certifiedCertificate; private Certificate secureCertificate; @@ -168,7 +178,7 @@ public class SWCard implements SignatureCard { } try { - keyStore.load(keyStoreFile, null); + keyStore.load(keyStoreFile, password); } catch (Exception e) { String msg = "Failed to load KeyStore from file '" + fileName + "'."; log.info(msg, e); @@ -176,10 +186,33 @@ public class SWCard implements SignatureCard { } return keyStore; - } + private String loadKeyStorePassword(String passwordFileName) throws SignatureCardException { + + String fileName = getFileName(passwordFileName); + FileInputStream keyStorePasswordFile; + try { + keyStorePasswordFile = new FileInputStream(fileName); + } catch (FileNotFoundException e) { + return null; + } + + try { + InputStreamReader reader = new InputStreamReader(keyStorePasswordFile, Charset.forName("UTF-8")); + StringBuilder sb = new StringBuilder(); + char b[] = new char[16]; + for (int l; (l = reader.read(b)) != -1;) { + sb.append(b, 0, l); + } + return sb.toString(); + } catch (IOException e) { + throw new SignatureCardException("Failed to read file '" + passwordFileName + "'."); + } + + } + private KeyStore getKeyStore(KeyboxName keyboxName, char[] password) throws SignatureCardException { if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { @@ -198,6 +231,23 @@ public class SWCard implements SignatureCard { } + private String getPassword(KeyboxName keyboxName) throws SignatureCardException { + + if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + if (certifiedKeyStorePassword == null) { + certifiedKeyStorePassword = loadKeyStorePassword(KEYSTORE_PASSWORD_CERTIFIED_KEYPAIR); + } + return certifiedKeyStorePassword; + } else if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + if (secureKeyStorePassword == null) { + secureKeyStorePassword = loadKeyStorePassword(KEYSTORE_PASSWORD_SECURE_KEYPAIR); + } + return secureKeyStorePassword; + } else { + throw new SignatureCardException("Keybox of type '" + keyboxName + "' not supported."); + } + + } public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException { @@ -254,9 +304,21 @@ public class SWCard implements SignatureCard { public byte[] createSignature(byte[] hash, KeyboxName keyboxName, PINProvider provider) throws SignatureCardException { // KeyStore password - PINSpec pinSpec = new PINSpec(0, -1, ".", "KeyStore-Password"); - - KeyStore keyStore = getKeyStore(keyboxName, null); + String password = getPassword(keyboxName); + + if (password == null) { + + PINSpec pinSpec = new PINSpec(0, -1, ".", "KeyStore-Password"); + + password = provider.providePIN(pinSpec, -1); + + if (password == null) { + return null; + } + + } + + KeyStore keyStore = getKeyStore(keyboxName, password.toCharArray()); PrivateKey privateKey = null; @@ -269,8 +331,7 @@ public class SWCard implements SignatureCard { Key key = null; while (key == null) { try { - String pin = provider.providePIN(pinSpec, -1); - key = keyStore.getKey(alias, pin.toCharArray()); + key = keyStore.getKey(alias, password.toCharArray()); } catch (UnrecoverableKeyException e) { log.info("Failed to get Key from KeyStore. Wrong password?", e); } @@ -315,8 +376,6 @@ public class SWCard implements SignatureCard { @Override public void setLocale(Locale locale) { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Not supported yet."); } @Override diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java index f2a964fe..f296f3a2 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardException.java @@ -34,7 +34,7 @@ public class SignatureCardException extends Exception { * */ private static final long serialVersionUID = 1L; - + /** * Creates a new instance of this SignatureCardException. * diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java index 2131a737..777299d9 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java @@ -28,19 +28,189 @@ // package at.gv.egiz.smcc; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + import javax.smartcardio.ATR; import javax.smartcardio.Card; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * A factory for creating {@link SignatureCard}s from {@link Card}s. + */ public class SignatureCardFactory { + + /** + * This class represents a supported smart card. + */ + private class SupportedCard { + + /** + * The ATR pattern. + */ + private byte[] atrPattern; + + /** + * The ATR mask. + */ + private byte[] atrMask; + + /** + * The implementation class. + */ + private String impl; - public static SignatureCardFactory getInstance() { - return new SignatureCardFactory(); + /** + * Creates a new SupportedCard instance with the given ATR pattern and mask + * und the corresponding implementation class. + * + * @param atrPattern + * the ATR pattern + * @param atrMask + * the ATR mask + * @param implementationClass + * the name of the implementation class + * + * @throws NullPointerException + * if atrPattern or atrMask is + * null. + * @throws IllegalArgumentException + * if the lengths of atrPattern and + * atrMask of not equal. + */ + public SupportedCard(byte[] atrPattern, byte[] atrMask, String implementationClass) { + if (atrPattern.length != atrMask.length) { + throw new IllegalArgumentException("Length of 'atr' and 'mask' must be equal."); + } + this.atrPattern = atrPattern; + this.atrMask = atrMask; + this.impl = implementationClass; + } + + /** + * Returns true if the given ATR matches the ATR pattern and mask this + * SupportedCard object. + * + * @param atr + * the ATR + * + * @return true if the given ATR matches the ATR pattern and + * mask of this SupportedCard object, or false + * otherwise. + */ + public boolean matches(ATR atr) { + + byte[] bytes = atr.getBytes(); + if (bytes == null) { + return false; + } + if (bytes.length < atrMask.length) { + // we cannot test for equal length here, as we get ATRs with + // additional bytes on systems using PCSClite (e.g. linux and OS X) sometimes + return false; + } + + int l = Math.min(atrMask.length, bytes.length); + for (int i = 0; i < l; i++) { + if ((bytes[i] & atrMask[i]) != atrPattern[i]) { + return false; + } + } + return true; + + } + + /** + * @return the corresponding implementation class. + */ + public String getImplementationClassName() { + return impl; + } + + } + + /** + * Logging facility. + */ + private static Log log = LogFactory.getLog(SignatureCardFactory.class); + + /** + * The instance to be returned by {@link #getInstance()}. + */ + private static SignatureCardFactory instance; + + /** + * The list of supported smart cards. + */ + private List supportedCards; + + /** + * @return an instance of this SignatureCardFactory. + */ + public static synchronized SignatureCardFactory getInstance() { + if (instance == null) { + instance = new SignatureCardFactory(); + } + return instance; } + /** + * Private constructor. + */ private SignatureCardFactory() { + + supportedCards = new ArrayList(); + + // e-card + supportedCards.add(new SupportedCard( + // ATR (3b:bd:18:00:81:31:fe:45:80:51:02:00:00:00:00:00:00:00:00:00:00:00) + new byte[] { + (byte) 0x3b, (byte) 0xbd, (byte) 0x18, (byte) 0x00, (byte) 0x81, (byte) 0x31, (byte) 0xfe, (byte) 0x45, + (byte) 0x80, (byte) 0x51, (byte) 0x02, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 + }, + // mask (ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:00:00:00:00:00:00:00:00:00:00:00) + new byte[] { + (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, + (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 + }, + "at.gv.egiz.smcc.STARCOSCard")); + // a-sign premium + supportedCards.add(new SupportedCard( + // ATR (3b:bf:11:00:81:31:fe:45:45:50:41:00:00:00:00:00:00:00:00:00:00:00:00:00) + new byte[] { + (byte) 0x3b, (byte) 0xbf, (byte) 0x11, (byte) 0x00, (byte) 0x81, (byte) 0x31, (byte) 0xfe, (byte) 0x45, + (byte) 0x45, (byte) 0x50, (byte) 0x41, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 + }, + // mask (ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:00:00:00:00:00:00:00:00:00:00:00:00:00) + new byte[] { + (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, + (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00 + }, + "at.gv.egiz.smcc.ACOSCard")); + } + /** + * Creates a SignatureCard instance with the given smart card. + * + * @param card + * the smart card, or null if a software card should be + * created + * + * @return a SignatureCard instance + * + * @throws CardNotSupportedException + * if no implementation of the given card could be + * found + */ public SignatureCard createSignatureCard(Card card) throws CardNotSupportedException { @@ -51,31 +221,34 @@ public class SignatureCardFactory { } ATR atr = card.getATR(); - byte[] historicalBytes = atr.getHistoricalBytes(); - if(historicalBytes == null || historicalBytes.length < 3) { - throw new CardNotSupportedException("Card not supported: ATR=" + toString(atr.getBytes())); + Iterator cards = supportedCards.iterator(); + while (cards.hasNext()) { + SupportedCard supportedCard = cards.next(); + if(supportedCard.matches(atr)) { + + ClassLoader cl = SignatureCardFactory.class.getClassLoader(); + SignatureCard sc; + try { + Class scClass = cl.loadClass(supportedCard.getImplementationClassName()); + sc = (SignatureCard) scClass.newInstance(); + sc.init(card); + return sc; + + } catch (ClassNotFoundException e) { + log.warn("Cannot find signature card implementation class.", e); + throw new CardNotSupportedException("Cannot find signature card implementation class.", e); + } catch (InstantiationException e) { + log.warn("Failed to instantiate signature card implementation.", e); + throw new CardNotSupportedException("Failed to instantiate signature card implementation.", e); + } catch (IllegalAccessException e) { + log.warn("Failed to instantiate signature card implementation.", e); + throw new CardNotSupportedException("Failed to instantiate signature card implementation.", e); + } + + } } - int t = ((0xFF & (int) historicalBytes[0]) << 16) + - ((0xFF & (int) historicalBytes[1]) << 8) + - (0xFF & (int) historicalBytes[2]); - - SignatureCard sCard; - switch (t) { - case 0x455041 : - case 0x4D4341 : - sCard = new ACOSCard(); - break; - - case 0x805102 : - sCard = new STARCOSCard(); - break; - - default : - throw new CardNotSupportedException("Card not supported: ATR=" + toString(atr.getBytes())); - } - sCard.init(card); - return sCard; + throw new CardNotSupportedException("Card not supported: ATR=" + toString(atr.getBytes())); } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java index ffffd3af..b70b44a7 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java @@ -142,7 +142,8 @@ public class SmartCardIO { for (CardTerminal terminal : cardTerminals_.list(CardTerminals.State.CARD_INSERTION)) { Card card = null; - try { + try { + log.trace("Trying to connect to card."); // try to connect to card card = terminal.connect("*"); } catch (CardException e) { diff --git a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java new file mode 100644 index 00000000..b921a5d5 --- /dev/null +++ b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java @@ -0,0 +1,92 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStreamReader; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Locale; + +import javax.smartcardio.CardException; +import javax.smartcardio.CommandAPDU; +import javax.smartcardio.ResponseAPDU; + +import at.gv.egiz.smcc.SignatureCard.KeyboxName; +import at.gv.egiz.smcc.util.SMCCHelper; + +public class STARCOSCardTest { + + /** + * @param args + * @throws CardException + * @throws NoSuchAlgorithmException + */ + public static void main(String[] args) throws CardException, NoSuchAlgorithmException { + + SMCCHelper helper = new SMCCHelper(); + while (helper.getResultCode() != SMCCHelper.CARD_FOUND) { + System.out.println("Did not get a signature card ... " + helper.getResultCode()); + helper.update(); + try { + Thread.sleep(1000); + } catch (InterruptedException e) { + e.printStackTrace(); + } + } + + SignatureCard signatureCard = helper.getSignatureCard(Locale.getDefault()); + + System.out.println("Found '" + signatureCard + "'."); + + try { +// signatureCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); +// signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); +// signatureCard.getInfobox("IdentityLink", new CommandLinePINProvider(), null); + MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); + byte[] digest = messageDigest.digest("test".getBytes()); + signatureCard.createSignature(digest, KeyboxName.CERITIFIED_KEYPAIR, new CommandLinePINProvider()); + } catch (SignatureCardException e) { + e.printStackTrace(); + } + + } + + private static class CommandLinePINProvider implements PINProvider { + + @Override + public String providePIN(PINSpec spec, int retries) { + + InputStreamReader inputStreamReader = new InputStreamReader(System.in); + BufferedReader in = new BufferedReader(inputStreamReader); + + System.out.print("Enter " + spec.getLocalizedName() + " [" + + spec.getMinLength() + "-" + spec.getMaxLength() + "] (" + retries + + " retries):"); + + try { + return in.readLine(); + } catch (IOException e) { + return null; + } + + } + + } + +} -- cgit v1.2.3 From 4d27cbd65e358f9ae778b6911e8de527e86f6bda Mon Sep 17 00:00:00 2001 From: mcentner Date: Mon, 3 Nov 2008 14:31:47 +0000 Subject: Localization default language set to German (de). git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@141 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../main/java/at/gv/egiz/smcc/util/SMCCHelper.java | 4 ++-- .../resources/at/gv/egiz/smcc/ACOSCard.properties | 2 +- .../at/gv/egiz/smcc/ACOSCard_de.properties | 21 --------------------- .../at/gv/egiz/smcc/ACOSCard_en.properties | 21 --------------------- .../at/gv/egiz/smcc/STARCOSCard.properties | 4 ++-- .../at/gv/egiz/smcc/STARCOSCard_de.properties | 20 -------------------- .../at/gv/egiz/smcc/STARCOSCard_en.properties | 20 -------------------- 7 files changed, 5 insertions(+), 87 deletions(-) delete mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_de.properties delete mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_en.properties delete mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_de.properties delete mode 100644 smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_en.properties (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java index 15971497..4dae7975 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java @@ -87,7 +87,7 @@ public class SMCCHelper { ATR atr = newCards.get(cardTerminal).getATR(); log.trace("Found supported card (" + signatureCard.toString() + ") " + "in terminal '" + cardTerminal.getName() + "', ATR = " - + toString(atr.getHistoricalBytes()) + "."); + + toString(atr.getBytes()) + "."); resultCode = CARD_FOUND; break; @@ -97,7 +97,7 @@ public class SMCCHelper { ATR atr = c.getATR(); log.info("Found unsupported card" + " in terminal '" + cardTerminal.getName() + "', ATR = " - + toString(atr.getHistoricalBytes()) + "."); + + toString(atr.getBytes()) + "."); } else { log.info("Found unsupported card in terminal '" + cardTerminal.getName() + "' without ATR"); diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard.properties b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard.properties index 9142841c..d2bbe4f9 100644 --- a/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard.properties +++ b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard.properties @@ -17,5 +17,5 @@ # and open the template in the editor. dec.pin.name=Geheimhaltungs-PIN -sig.pin.name=Signature-PIN +sig.pin.name=Signatur-PIN inf.pin.name=Infobox-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_de.properties b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_de.properties deleted file mode 100644 index d2bbe4f9..00000000 --- a/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_de.properties +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2008 Federal Chancellery Austria and -# Graz University of Technology -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# To change this template, choose Tools | Templates -# and open the template in the editor. - -dec.pin.name=Geheimhaltungs-PIN -sig.pin.name=Signatur-PIN -inf.pin.name=Infobox-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_en.properties b/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_en.properties deleted file mode 100644 index 9142841c..00000000 --- a/smcc/src/main/resources/at/gv/egiz/smcc/ACOSCard_en.properties +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2008 Federal Chancellery Austria and -# Graz University of Technology -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# To change this template, choose Tools | Templates -# and open the template in the editor. - -dec.pin.name=Geheimhaltungs-PIN -sig.pin.name=Signature-PIN -inf.pin.name=Infobox-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard.properties b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard.properties index 77935333..6fa5f0fa 100644 --- a/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard.properties +++ b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard.properties @@ -16,5 +16,5 @@ # To change this template, choose Tools | Templates # and open the template in the editor. -sig.pin.name=Signature-PIN -card.pin.name=Card-PIN +sig.pin.name=Signatur-PIN +card.pin.name=Karten-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_de.properties b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_de.properties deleted file mode 100644 index 6fa5f0fa..00000000 --- a/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_de.properties +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2008 Federal Chancellery Austria and -# Graz University of Technology -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# To change this template, choose Tools | Templates -# and open the template in the editor. - -sig.pin.name=Signatur-PIN -card.pin.name=Karten-PIN diff --git a/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_en.properties b/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_en.properties deleted file mode 100644 index 77935333..00000000 --- a/smcc/src/main/resources/at/gv/egiz/smcc/STARCOSCard_en.properties +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2008 Federal Chancellery Austria and -# Graz University of Technology -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# To change this template, choose Tools | Templates -# and open the template in the editor. - -sig.pin.name=Signature-PIN -card.pin.name=Card-PIN -- cgit v1.2.3 From e9aa3cfecde0a9e765507d0cc6b01341e7315860 Mon Sep 17 00:00:00 2001 From: clemenso Date: Mon, 3 Nov 2008 17:18:43 +0000 Subject: license git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@142 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java | 4 ---- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 4 ---- 2 files changed, 8 deletions(-) (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java index cc54a337..0852d664 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINSpec.java @@ -14,10 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ package at.gv.egiz.smcc; diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index 22a66c3f..42a4be1b 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -14,10 +14,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ package at.gv.egiz.smcc; -- cgit v1.2.3 From 9fcce6749092eb6c5d266dd1dd7099e88014fbd7 Mon Sep 17 00:00:00 2001 From: clemenso Date: Tue, 4 Nov 2008 12:03:15 +0000 Subject: simplegui messages on top git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@143 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 35 ++--------------------------------- 1 file changed, 2 insertions(+), 33 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index 3e3dfe14..9fa81387 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -1,6 +1,5 @@ - + bku at.gv.egiz @@ -15,36 +14,6 @@ http://bku.egiz.gv.at - - maven-jar-plugin - - - - sign - - - - - - false - false - - false - - - test-applet signer - keystore.ks - storepass - keypass - true - - - - maven-compiler-plugin - - UTF-8 - - maven-resources-plugin @@ -70,4 +39,4 @@ iaik_jce_full_signed --> - \ No newline at end of file + -- cgit v1.2.3 From 033e4f4c67fddb5e52e48173418cca826838c618 Mon Sep 17 00:00:00 2001 From: clemenso Date: Tue, 4 Nov 2008 12:06:29 +0000 Subject: UTF-8 encoding sources and resources git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@144 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index 9fa81387..5b5c2256 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -12,16 +12,6 @@ jar 1.0-SNAPSHOT http://bku.egiz.gv.at - - - - maven-resources-plugin - - UTF-8 - - - - commons-logging -- cgit v1.2.3 From e4a47aa9393d74647f4f0c66b54dc4519fed492f Mon Sep 17 00:00:00 2001 From: clemenso Date: Tue, 11 Nov 2008 12:16:00 +0000 Subject: Interrupt in waitForAction (applet closed) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@162 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 12 ++- .../at/gv/egiz/smcc/AbstractSignatureCard.java | 6 +- .../src/main/java/at/gv/egiz/smcc/PINProvider.java | 2 +- .../src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 10 ++- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 3 +- .../main/java/at/gv/egiz/smcc/SignatureCard.java | 17 +++- .../test/java/at/gv/egiz/smcc/STARCOSCardTest.java | 2 +- smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java | 94 +++++++++++----------- 8 files changed, 82 insertions(+), 64 deletions(-) (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java index 9e56701f..2baff834 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -106,8 +106,9 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { /* (non-Javadoc) * @see at.gv.egiz.smcc.SignatureCard#getCertificate(at.gv.egiz.smcc.SignatureCard.KeyboxName) */ + @Override public byte[] getCertificate(KeyboxName keyboxName) - throws SignatureCardException { + throws SignatureCardException, InterruptedException { byte[] aid; byte[] efc; @@ -150,8 +151,9 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { /* (non-Javadoc) * @see at.gv.egiz.smcc.SignatureCard#getInfobox(java.lang.String, at.gv.egiz.smcc.PINProvider, java.lang.String) */ + @Override public byte[] getInfobox(String infobox, PINProvider provider, String domainId) - throws SignatureCardException { + throws SignatureCardException, InterruptedException { if ("IdentityLink".equals(infobox)) { @@ -181,8 +183,9 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { } + @Override public byte[] createSignature(byte[] hash, KeyboxName keyboxName, - PINProvider provider) throws SignatureCardException { + PINProvider provider) throws SignatureCardException, InterruptedException { if (hash.length != 20) { throw new IllegalArgumentException("Hash value must be of length 20."); @@ -299,8 +302,9 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { * @throws javax.smartcardio.CardException * @throws at.gv.egiz.smcc.SignatureCardException */ + @Override protected void verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid) - throws CardException, CancelledException, SignatureCardException { + throws CardException, CancelledException, SignatureCardException, InterruptedException { int retries = -1; do { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index cebc63fc..b828e8cd 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -110,7 +110,7 @@ public abstract class AbstractSignatureCard implements SignatureCard { * if VERIFY PIN fails */ protected abstract void verifyPIN(PINProvider pinProvider, PINSpec spec, - byte kid) throws CardException, SignatureCardException; + byte kid) throws CardException, SignatureCardException, InterruptedException; protected byte[] readBinary(CardChannel channel, int offset, int len) throws CardException, SignatureCardException { @@ -194,7 +194,7 @@ public abstract class AbstractSignatureCard implements SignatureCard { * @throws SignatureCardException */ protected byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) - throws SignatureCardException { + throws SignatureCardException, InterruptedException { return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength); } @@ -215,7 +215,7 @@ public abstract class AbstractSignatureCard implements SignatureCard { */ protected byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, PINProvider provider, PINSpec spec, int maxLength) - throws SignatureCardException { + throws SignatureCardException, InterruptedException { try { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java b/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java index 844115a4..e0104618 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/PINProvider.java @@ -30,6 +30,6 @@ package at.gv.egiz.smcc; public interface PINProvider { - public String providePIN(PINSpec spec, int retries); + public String providePIN(PINSpec spec, int retries) throws InterruptedException; } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index 99acbc0f..d6d02475 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -129,8 +129,9 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard /* (non-Javadoc) * @see at.gv.egiz.smcc.SignatureCard#getCertificate(at.gv.egiz.smcc.SignatureCard.KeyboxName) */ + @Override public byte[] getCertificate(KeyboxName keyboxName) - throws SignatureCardException { + throws SignatureCardException, InterruptedException { byte[] aid; byte[] efc; @@ -169,8 +170,9 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard /* (non-Javadoc) * @see at.gv.egiz.smcc.SignatureCard#getInfobox(java.lang.String, at.gv.egiz.smcc.PINProvider, java.lang.String) */ + @Override public byte[] getInfobox(String infobox, PINProvider provider, String domainId) - throws SignatureCardException { + throws SignatureCardException, InterruptedException { if ("IdentityLink".equals(infobox)) { @@ -204,7 +206,7 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard * @see at.gv.egiz.smcc.SignatureCard#createSignature(byte[], at.gv.egiz.smcc.SignatureCard.KeyboxName, at.gv.egiz.smcc.PINProvider) */ public byte[] createSignature(byte[] hash, KeyboxName keyboxName, - PINProvider provider) throws SignatureCardException { + PINProvider provider) throws SignatureCardException, InterruptedException { if (hash.length != 20) { throw new IllegalArgumentException("Hash value must be of length 20."); @@ -399,7 +401,7 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard * @see at.gv.egiz.smcc.AbstractSignatureCard#verifyPIN(at.gv.egiz.smcc.PINProvider, at.gv.egiz.smcc.PINSpec, byte, int) */ protected void verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid) - throws CardException, SignatureCardException { + throws CardException, SignatureCardException, InterruptedException { int retries = verifyPIN(null, kid); do { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index 42a4be1b..42943541 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -297,7 +297,8 @@ public class SWCard implements SignatureCard { } - public byte[] createSignature(byte[] hash, KeyboxName keyboxName, PINProvider provider) throws SignatureCardException { + @Override + public byte[] createSignature(byte[] hash, KeyboxName keyboxName, PINProvider provider) throws SignatureCardException, InterruptedException { // KeyStore password String password = getPassword(keyboxName); diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java index 37bd7cf9..b6a453df 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -57,6 +57,7 @@ public interface SignatureCard { } } + @Override public boolean equals(Object obj) { if (obj instanceof String) { return obj.equals(keyboxName_); @@ -77,7 +78,7 @@ public interface SignatureCard { public void init(Card card); public byte[] getCertificate(KeyboxName keyboxName) - throws SignatureCardException; + throws SignatureCardException, InterruptedException; public void disconnect(boolean reset); @@ -88,12 +89,22 @@ public interface SignatureCard { * @param domainId may be null. * @return * @throws SignatureCardException + * @throws InterruptedException if applet is destroyed while in pin dialog */ public byte[] getInfobox(String infobox, PINProvider provider, String domainId) - throws SignatureCardException; + throws SignatureCardException, InterruptedException; + /** + * + * @param hash + * @param keyboxName + * @param provider + * @return + * @throws at.gv.egiz.smcc.SignatureCardException + * @throws java.lang.InterruptedException if applet is destroyed while in pin dialog + */ public byte[] createSignature(byte[] hash, KeyboxName keyboxName, - PINProvider provider) throws SignatureCardException; + PINProvider provider) throws SignatureCardException, InterruptedException; /** * Sets the local for evtl. required callbacks (e.g. PINSpec) diff --git a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java index b921a5d5..13210540 100644 --- a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java +++ b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java @@ -37,7 +37,7 @@ public class STARCOSCardTest { * @throws CardException * @throws NoSuchAlgorithmException */ - public static void main(String[] args) throws CardException, NoSuchAlgorithmException { + public static void main(String[] args) throws CardException, NoSuchAlgorithmException, InterruptedException { SMCCHelper helper = new SMCCHelper(); while (helper.getResultCode() != SMCCHelper.CARD_FOUND) { diff --git a/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java index 5448fee2..38126a67 100644 --- a/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java +++ b/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java @@ -14,50 +14,50 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package at.gv.egiz.smcc; - -import java.math.BigInteger; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; - -import at.gv.egiz.smcc.SignatureCard.KeyboxName; - -public class SWCardTest implements PINProvider { - - SWCard swCard = new SWCard(); - - public static void main(String[] args) throws Exception { - - SWCardTest swCardTest = new SWCardTest(); - swCardTest.test(); - - } - - public void test() throws SignatureCardException, NoSuchAlgorithmException { - - swCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); - swCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); - - BigInteger t = BigInteger.valueOf(System.currentTimeMillis()); - - MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); - byte[] hash = messageDigest.digest(t.toByteArray()); - - byte[] signature; - signature = swCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, this); - System.out.println(SignatureCardFactory.toString(signature)); - - signature = swCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, this); - System.out.println(SignatureCardFactory.toString(signature)); - - byte[] infobox = swCard.getInfobox("IdentityLink", this, null); - System.out.println(SignatureCardFactory.toString(infobox)); - - } - - @Override - public String providePIN(PINSpec spec, int retries) { - return "buerger"; - } - -} +package at.gv.egiz.smcc; + +import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +import at.gv.egiz.smcc.SignatureCard.KeyboxName; + +public class SWCardTest implements PINProvider { + + SWCard swCard = new SWCard(); + + public static void main(String[] args) throws Exception { + + SWCardTest swCardTest = new SWCardTest(); + swCardTest.test(); + + } + + public void test() throws SignatureCardException, NoSuchAlgorithmException, InterruptedException { + + swCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); + swCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); + + BigInteger t = BigInteger.valueOf(System.currentTimeMillis()); + + MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); + byte[] hash = messageDigest.digest(t.toByteArray()); + + byte[] signature; + signature = swCard.createSignature(hash, KeyboxName.CERITIFIED_KEYPAIR, this); + System.out.println(SignatureCardFactory.toString(signature)); + + signature = swCard.createSignature(hash, KeyboxName.SECURE_SIGNATURE_KEYPAIR, this); + System.out.println(SignatureCardFactory.toString(signature)); + + byte[] infobox = swCard.getInfobox("IdentityLink", this, null); + System.out.println(SignatureCardFactory.toString(infobox)); + + } + + @Override + public String providePIN(PINSpec spec, int retries) { + return "buerger"; + } + +} -- cgit v1.2.3 From e77343708ec9b74aed7256d72982e4fce4be80d8 Mon Sep 17 00:00:00 2001 From: wbauer Date: Sat, 15 Nov 2008 10:34:45 +0000 Subject: Release 1.0 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@175 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index 5b5c2256..110635c7 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -3,14 +3,14 @@ bku at.gv.egiz - 1.0-SNAPSHOT + 1.0 4.0.0 at.gv.egiz smcc smcc jar - 1.0-SNAPSHOT + 1.0 http://bku.egiz.gv.at -- cgit v1.2.3 From d127f2c5ccc96eb44eeacf46bb76feebe100361f Mon Sep 17 00:00:00 2001 From: mcentner Date: Mon, 24 Nov 2008 12:50:24 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@189 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index 110635c7..39af114f 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -12,6 +12,17 @@ jar 1.0 http://bku.egiz.gv.at + + + + maven-compiler-plugin + org.apache.maven.plugins + + false + + + + commons-logging @@ -28,5 +39,5 @@ iaik iaik_jce_full_signed --> - + -- cgit v1.2.3 From 11c83e13e032738ee927f22196dc9ca43589a8a4 Mon Sep 17 00:00:00 2001 From: mcentner Date: Mon, 24 Nov 2008 14:11:39 +0000 Subject: Version set to 1.0.0 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@193 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index 39af114f..ba1ffcce 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -3,14 +3,14 @@ bku at.gv.egiz - 1.0 + 1.0.0-SNAPSHOT 4.0.0 at.gv.egiz smcc smcc jar - 1.0 + 1.0.0-SNAPSHOT http://bku.egiz.gv.at -- cgit v1.2.3 From b1209c3cf4a3447b8dd1320a5b068bf205797980 Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 25 Nov 2008 07:47:42 +0000 Subject: [maven-release-plugin] prepare release mocca-1.0.1 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@201 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 85 ++++++++++++++++++++++++++++++------------------------------ 1 file changed, 42 insertions(+), 43 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index ba1ffcce..ffdba367 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -1,43 +1,42 @@ - - - - bku - at.gv.egiz - 1.0.0-SNAPSHOT - - 4.0.0 - at.gv.egiz - smcc - smcc - jar - 1.0.0-SNAPSHOT - http://bku.egiz.gv.at - - - - maven-compiler-plugin - org.apache.maven.plugins - - false - - - - - - - commons-logging - commons-logging - - - junit - junit - 3.8.1 - test - - - - + + + bku + at.gv.egiz + 1.0.1 + + 4.0.0 + at.gv.egiz + smcc + smcc + jar + 1.0.1 + http://bku.egiz.gv.at + + + + maven-compiler-plugin + org.apache.maven.plugins + + false + + + + + + + commons-logging + commons-logging + + + junit + junit + 3.8.1 + test + + + + \ No newline at end of file -- cgit v1.2.3 From 86962d8745b41a6cdb9fd95496176e698c0f6a9c Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 25 Nov 2008 07:47:48 +0000 Subject: [maven-release-plugin] prepare for next development iteration git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@203 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index ffdba367..a8bdecf4 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -2,14 +2,14 @@ bku at.gv.egiz - 1.0.1 + 1.0.1-SNAPSHOT 4.0.0 at.gv.egiz smcc smcc jar - 1.0.1 + 1.0.1-SNAPSHOT http://bku.egiz.gv.at -- cgit v1.2.3 From c9ff6be4c89bfcb643c70fdb46e3a6425911b61f Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 25 Nov 2008 08:10:11 +0000 Subject: [maven-release-plugin] prepare release mocca-1.0.2 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@205 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index a8bdecf4..2d56f24f 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -2,14 +2,14 @@ bku at.gv.egiz - 1.0.1-SNAPSHOT + 1.0.2 4.0.0 at.gv.egiz smcc smcc jar - 1.0.1-SNAPSHOT + 1.0.2 http://bku.egiz.gv.at -- cgit v1.2.3 From 38e77cff0a5cba8016dd3f9197647f7a82678880 Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 25 Nov 2008 08:10:17 +0000 Subject: [maven-release-plugin] prepare for next development iteration git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@207 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index 2d56f24f..da71c71e 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -2,14 +2,14 @@ bku at.gv.egiz - 1.0.2 + 1.0.2-SNAPSHOT 4.0.0 at.gv.egiz smcc smcc jar - 1.0.2 + 1.0.2-SNAPSHOT http://bku.egiz.gv.at -- cgit v1.2.3 From 4455f67be95f84ba0da82a90f0df47ddd4711937 Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 25 Nov 2008 08:15:32 +0000 Subject: [maven-release-plugin] rollback the release of mocca-1.0.2 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@208 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index da71c71e..a8bdecf4 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -2,14 +2,14 @@ bku at.gv.egiz - 1.0.2-SNAPSHOT + 1.0.1-SNAPSHOT 4.0.0 at.gv.egiz smcc smcc jar - 1.0.2-SNAPSHOT + 1.0.1-SNAPSHOT http://bku.egiz.gv.at -- cgit v1.2.3 From 4353cad73d83ac86184b2242f889701c76c0c2b7 Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 25 Nov 2008 08:24:03 +0000 Subject: [maven-release-plugin] prepare release mocca-1.0.1 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@211 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index a8bdecf4..ffdba367 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -2,14 +2,14 @@ bku at.gv.egiz - 1.0.1-SNAPSHOT + 1.0.1 4.0.0 at.gv.egiz smcc smcc jar - 1.0.1-SNAPSHOT + 1.0.1 http://bku.egiz.gv.at -- cgit v1.2.3 From 11953efc834fbb06f14c30d9f1783e2b4b941f7b Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 25 Nov 2008 08:29:39 +0000 Subject: [maven-release-plugin] rollback the release of mocca-1.0.1 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@214 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index ffdba367..a8bdecf4 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -2,14 +2,14 @@ bku at.gv.egiz - 1.0.1 + 1.0.1-SNAPSHOT 4.0.0 at.gv.egiz smcc smcc jar - 1.0.1 + 1.0.1-SNAPSHOT http://bku.egiz.gv.at -- cgit v1.2.3 From 4421289feed2da8d81ed438d9e5d9a0be503cec1 Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 25 Nov 2008 08:31:24 +0000 Subject: [maven-release-plugin] prepare release mocca-1.0.1 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@215 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index a8bdecf4..ffdba367 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -2,14 +2,14 @@ bku at.gv.egiz - 1.0.1-SNAPSHOT + 1.0.1 4.0.0 at.gv.egiz smcc smcc jar - 1.0.1-SNAPSHOT + 1.0.1 http://bku.egiz.gv.at -- cgit v1.2.3 From b2d68a5fb093999cb42192bea77da8d8414bdb7b Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 25 Nov 2008 08:31:29 +0000 Subject: [maven-release-plugin] prepare for next development iteration git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@217 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index ffdba367..da71c71e 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -2,14 +2,14 @@ bku at.gv.egiz - 1.0.1 + 1.0.2-SNAPSHOT 4.0.0 at.gv.egiz smcc smcc jar - 1.0.1 + 1.0.2-SNAPSHOT http://bku.egiz.gv.at -- cgit v1.2.3 From 2df9621154ad057f6cace73efe49c9ef42515fde Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 9 Dec 2008 08:14:43 +0000 Subject: Refactored STAL interface. Additional infobox functionality. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@236 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/smcc/AbstractSignatureCard.java | 30 ++++++++++++++++++++-- smcc/src/main/java/at/gv/egiz/smcc/SWCard.java | 12 ++++++++- .../main/java/at/gv/egiz/smcc/SignatureCard.java | 12 ++++++++- .../java/at/gv/egiz/smcc/SignatureCardFactory.java | 8 +++--- .../main/java/at/gv/egiz/smcc/util/SMCCHelper.java | 4 +-- .../java/at/gv/egiz/smcc/util/SmartCardIO.java | 9 ++++++- 6 files changed, 65 insertions(+), 10 deletions(-) (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index b828e8cd..e34c4899 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -36,6 +36,7 @@ import javax.smartcardio.ATR; import javax.smartcardio.Card; import javax.smartcardio.CardChannel; import javax.smartcardio.CardException; +import javax.smartcardio.CardTerminal; import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; @@ -53,7 +54,12 @@ public abstract class AbstractSignatureCard implements SignatureCard { int ifs_ = 254; - Card card_; + private Card card_; + + /** + * The card terminal that connects the {@link #card_}. + */ + private CardTerminal cardTerminal; protected AbstractSignatureCard(String resourceBundleName) { this.resourceBundleName = resourceBundleName; @@ -331,8 +337,9 @@ public abstract class AbstractSignatureCard implements SignatureCard { } - public void init(Card card) { + public void init(Card card, CardTerminal cardTerminal) { card_ = card; + this.cardTerminal = cardTerminal; ATR atr = card.getATR(); byte[] atrBytes = atr.getBytes(); if (atrBytes.length >= 6) { @@ -340,6 +347,11 @@ public abstract class AbstractSignatureCard implements SignatureCard { log.trace("Setting IFS (information field size) to " + ifs_); } } + + @Override + public Card getCard() { + return card_; + } protected CardChannel getCardChannel() { return card_.getBasicChannel(); @@ -372,4 +384,18 @@ public abstract class AbstractSignatureCard implements SignatureCard { } } + @Override + public void reset() throws SignatureCardException { + try { + log.debug("Disconnect and reset smart card."); + card_.disconnect(true); + log.debug("Reconnect smart card."); + if (cardTerminal != null) { + card_ = cardTerminal.connect("*"); + } + } catch (CardException e) { + throw new SignatureCardException("Failed to reset card.", e); + } + } + } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java index 42943541..439be034 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SWCard.java @@ -40,6 +40,7 @@ import java.util.Enumeration; import java.util.Locale; import javax.smartcardio.Card; +import javax.smartcardio.CardTerminal; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -102,7 +103,12 @@ public class SWCard implements SignatureCard { SWCard.swCardDir = swCardDir; } - public void init(Card card) { + public void init(Card card, CardTerminal cardTerminal) { + } + + @Override + public Card getCard() { + return null; } private String getFileName(String fileName) { @@ -379,4 +385,8 @@ public class SWCard implements SignatureCard { public void disconnect(boolean reset) { } + @Override + public void reset() throws SignatureCardException { + } + } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java index b6a453df..d7e76dd8 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCard.java @@ -31,6 +31,7 @@ package at.gv.egiz.smcc; import java.util.Locale; import javax.smartcardio.Card; +import javax.smartcardio.CardTerminal; public interface SignatureCard { @@ -75,12 +76,21 @@ public interface SignatureCard { } - public void init(Card card); + public void init(Card card, CardTerminal cardTerminal); + + public Card getCard(); public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException, InterruptedException; public void disconnect(boolean reset); + + /** + * Performs a reset of the card. + * + * @throws SignatureCardException if reset fails. + */ + public void reset() throws SignatureCardException; /** * diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java index 777299d9..ab66e9a1 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/SignatureCardFactory.java @@ -34,6 +34,7 @@ import java.util.List; import javax.smartcardio.ATR; import javax.smartcardio.Card; +import javax.smartcardio.CardTerminal; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -204,6 +205,7 @@ public class SignatureCardFactory { * @param card * the smart card, or null if a software card should be * created + * @param cardTerminal TODO * * @return a SignatureCard instance * @@ -211,12 +213,12 @@ public class SignatureCardFactory { * if no implementation of the given card could be * found */ - public SignatureCard createSignatureCard(Card card) + public SignatureCard createSignatureCard(Card card, CardTerminal cardTerminal) throws CardNotSupportedException { if(card == null) { SignatureCard sCard = new SWCard(); - sCard.init(card); + sCard.init(card, cardTerminal); return sCard; } @@ -231,7 +233,7 @@ public class SignatureCardFactory { try { Class scClass = cl.loadClass(supportedCard.getImplementationClassName()); sc = (SignatureCard) scClass.newInstance(); - sc.init(card); + sc.init(card, cardTerminal); return sc; } catch (ClassNotFoundException e) { diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java index 4dae7975..f7d3bab7 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SMCCHelper.java @@ -57,7 +57,7 @@ public class SMCCHelper { SignatureCardFactory factory = SignatureCardFactory.getInstance(); if (useSWCard) { try { - signatureCard = factory.createSignatureCard(null); + signatureCard = factory.createSignatureCard(null, null); resultCode = CARD_FOUND; } catch (CardNotSupportedException e) { resultCode = CARD_NOT_SUPPORTED; @@ -83,7 +83,7 @@ public class SMCCHelper { if (c == null) { throw new CardNotSupportedException(); } - signatureCard = factory.createSignatureCard(c); + signatureCard = factory.createSignatureCard(c, cardTerminal); ATR atr = newCards.get(cardTerminal).getATR(); log.trace("Found supported card (" + signatureCard.toString() + ") " + "in terminal '" + cardTerminal.getName() + "', ATR = " diff --git a/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java index b70b44a7..b1866894 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/util/SmartCardIO.java @@ -16,6 +16,7 @@ */ package at.gv.egiz.smcc.util; +import java.security.NoSuchAlgorithmException; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -54,7 +55,13 @@ public class SmartCardIO { CardTerminals cardTerminals_; private void updateTerminalFactory() { - TerminalFactory terminalFactory = TerminalFactory.getDefault(); + TerminalFactory terminalFactory; + try { + terminalFactory = TerminalFactory.getInstance("PC/SC", null); + } catch (NoSuchAlgorithmException e) { + log.info("Failed to get TerminalFactory of type 'PC/SC'.", e); + terminalFactory = TerminalFactory.getDefault(); + } log.debug("TerminalFactory : " + terminalFactory); if ("PC/SC".equals(terminalFactory.getType())) { terminalFactory_ = terminalFactory; -- cgit v1.2.3 From 887f6727479f3ae3d89a08ba619f9382b450e4c1 Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 12 Dec 2008 11:48:47 +0000 Subject: Updated SMCC to support non-blocking PIN entry. Added SV-Personendaten infobox implementation. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@248 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java | 320 +++++++++-------- .../at/gv/egiz/smcc/AbstractSignatureCard.java | 214 +++++++----- .../src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 386 +++++++++++++-------- .../smcc/SecurityStatusNotSatisfiedException.java | 38 ++ .../gv/egiz/smcc/VerificationFailedException.java | 65 ++++ .../test/java/at/gv/egiz/smcc/STARCOSCardTest.java | 40 ++- 6 files changed, 681 insertions(+), 382 deletions(-) create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/SecurityStatusNotSatisfiedException.java create mode 100644 smcc/src/main/java/at/gv/egiz/smcc/VerificationFailedException.java (limited to 'smcc') diff --git a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java index 2baff834..6d96599c 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/ACOSCard.java @@ -30,7 +30,6 @@ package at.gv.egiz.smcc; import java.nio.charset.Charset; -import javax.smartcardio.Card; import javax.smartcardio.CardChannel; import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; @@ -110,41 +109,47 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException, InterruptedException { - byte[] aid; - byte[] efc; - int maxsize; - if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { - aid = AID_SIG; - efc = EF_C_CH_DS; - maxsize = EF_C_CH_DS_MAX_SIZE; - } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { - aid = AID_DEC; - efc = EF_C_CH_EKEY; - maxsize = EF_C_CH_EKEY_MAX_SIZE; - } else { - throw new IllegalArgumentException("Keybox " + keyboxName - + " not supported."); - } - - log.debug("Get certificate for keybox '" + keyboxName.getKeyboxName() + "'" + - " (AID=" + toString(aid) + " EF=" + toString(efc) + ")."); - try { - Card card = getCardChannel().getCard(); - try { - card.beginExclusive(); - return readTLVFile(aid, efc, maxsize + 15000); - } catch (FileNotFoundException e) { - // if certificate is not present, - // the citizen card application has not been activated - throw new NotActivatedException(); - } finally { - card.endExclusive(); + + if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + + try { + getCard().beginExclusive(); + byte[] certificate = readTLVFile(AID_SIG, EF_C_CH_DS, EF_C_CH_DS_MAX_SIZE); + if (certificate == null) { + throw new NotActivatedException(); + } + return certificate; + } catch (FileNotFoundException e) { + throw new NotActivatedException(); + } finally { + getCard().endExclusive(); + } + + } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { + + try { + getCard().beginExclusive(); + byte[] certificate = readTLVFile(AID_DEC, EF_C_CH_EKEY, EF_C_CH_EKEY_MAX_SIZE); + if (certificate == null) { + throw new NotActivatedException(); + } + return certificate; + } catch (FileNotFoundException e) { + throw new NotActivatedException(); + } finally { + getCard().endExclusive(); + } + + } else { + throw new IllegalArgumentException("Keybox " + keyboxName + + " not supported."); } + } catch (CardException e) { - throw new SignatureCardException("Failed to get exclusive card access."); + log.warn(e); + throw new SignatureCardException("Failed to access card.", e); } - } @@ -155,30 +160,47 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { public byte[] getInfobox(String infobox, PINProvider provider, String domainId) throws SignatureCardException, InterruptedException { - if ("IdentityLink".equals(infobox)) { - - PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("inf.pin.name")); - - try { - Card card = getCardChannel().getCard(); - try { - card.beginExclusive(); - return readTLVFilePIN(AID_DEC, EF_INFOBOX, KID_PIN_INF, provider, - spec, EF_INFOBOX_MAX_SIZE); - } catch (FileNotFoundException e) { - // if certificate is not present, - // the citizen card application has not been activated - throw new NotActivatedException(); - } finally { - card.endExclusive(); - } - } catch (CardException e) { - throw new SignatureCardException("Failed to get exclusive card access."); + try { + if ("IdentityLink".equals(infobox)) { + + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("inf.pin.name")); + + int retries = -1; + String pin = null; + boolean pinRequiered = false; + + do { + if (pinRequiered) { + pin = provider.providePIN(spec, retries); + if (pin == null) { + throw new CancelledException(); + } + } + try { + getCard().beginExclusive(); + return readTLVFile(AID_DEC, EF_INFOBOX, pin, KID_PIN_INF, EF_INFOBOX_MAX_SIZE); + } catch (FileNotFoundException e) { + throw new NotActivatedException(); + } catch (SecurityStatusNotSatisfiedException e) { + pinRequiered = true; + } catch (VerificationFailedException e) { + pinRequiered = true; + retries = e.getRetries(); + } finally { + getCard().endExclusive(); + } + } while (retries != 0); + + throw new LockedException(); + + } else { + throw new IllegalArgumentException("Infobox '" + infobox + + "' not supported."); } - - } else { - throw new IllegalArgumentException("Infobox '" + infobox - + "' not supported."); + + } catch (CardException e) { + log.warn(e); + throw new SignatureCardException("Failed to access card.", e); } } @@ -192,68 +214,103 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { } try { - Card card = getCardChannel().getCard(); - try { - card.beginExclusive(); - - if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { - - // SELECT DF - selectFileFID(DF_SIG); - // VERIFY - verifyPIN(provider, new PINSpec(6, 10, "[0-9]", getResourceBundle() - .getString("sig.pin.name")), KID_PIN_SIG); - // MSE: SET DST - mseSetDST(0x81, 0xb6, DST_SIG); - // PSO: HASH - psoHash(hash); - // PSO: COMPUTE DIGITAL SIGNATURE - return psoComputDigitalSiganture(); - } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { - - // SELECT DF - selectFileFID(DF_DEC); - // VERIFY - verifyPIN(provider, new PINSpec(4, 4, "[0-9]", getResourceBundle() - .getString("dec.pin.name")), KID_PIN_DEC); - // MSE: SET DST - mseSetDST(0x41, 0xa4, DST_DEC); - // INTERNAL AUTHENTICATE - return internalAuthenticate(hash); - - - // 00 88 10 00 23 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 54 26 F0 EA AF EA F0 4E D4 A1 AD BF 66 D4 A5 9B 45 6F AF 79 00 - // 00 88 10 00 23 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 DF 8C AB 8F E2 AD AC 7B 5A AF BE E9 44 5E 95 99 FA AF 2F 48 00 - - } else { - throw new IllegalArgumentException("KeyboxName '" + keyboxName - + "' not supported."); - } + if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { + + PINSpec spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); + + int retries = -1; + String pin = null; + + do { + pin = provider.providePIN(spec, retries); + if (pin == null) { + throw new CancelledException(); + } + try { + getCard().beginExclusive(); + + // SELECT DF + selectFileFID(DF_SIG); + // VERIFY + retries = verifyPIN(pin, KID_PIN_SIG); + if (retries != -1) { + throw new VerificationFailedException(retries); + } + // MSE: SET DST + mseSetDST(0x81, 0xb6, DST_SIG); + // PSO: HASH + psoHash(hash); + // PSO: COMPUTE DIGITAL SIGNATURE + return psoComputDigitalSiganture(); + + } catch (SecurityStatusNotSatisfiedException e) { + retries = verifyPIN(null, KID_PIN_SIG); + } catch (VerificationFailedException e) { + retries = e.getRetries(); + } finally { + getCard().endExclusive(); + } + } while (retries != 0); + + throw new LockedException(); + + + } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { - } catch (FileNotFoundException e) { - // if certificate is not present, - // the citizen card application has not been activated - throw new NotActivatedException(); - } finally { - card.endExclusive(); + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("dec.pin.name")); + + int retries = -1; + String pin = null; + boolean pinRequiered = false; + + do { + if (pinRequiered) { + pin = provider.providePIN(spec, retries); + if (pin == null) { + throw new CancelledException(); + } + } + try { + getCard().beginExclusive(); + + // SELECT DF + selectFileFID(DF_DEC); + // VERIFY + retries = verifyPIN(pin, KID_PIN_DEC); + if (retries != -1) { + throw new VerificationFailedException(retries); + } + // MSE: SET DST + mseSetDST(0x41, 0xa4, DST_DEC); + // INTERNAL AUTHENTICATE + return internalAuthenticate(hash); + + } catch (FileNotFoundException e) { + throw new NotActivatedException(); + } catch (SecurityStatusNotSatisfiedException e) { + pinRequiered = true; + retries = verifyPIN(null, KID_PIN_DEC); + } catch (VerificationFailedException e) { + pinRequiered = true; + retries = e.getRetries(); + } finally { + getCard().endExclusive(); + } + } while (retries != 0); + + throw new LockedException(); + + } else { + throw new IllegalArgumentException("KeyboxName '" + keyboxName + + "' not supported."); } + } catch (CardException e) { - throw new SignatureCardException("Failed to get exclusive card access."); - } - - } - - protected byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { - CardChannel channel = getCardChannel(); - ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04, - 0x00, fid, 256)); - if (resp.getSW() != 0x9000) { - throw new SignatureCardException("Failed to select file (AID=" - + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + "."); - } else { - return resp.getBytes(); - } + log.warn(e); + throw new SignatureCardException("Failed to access card.", e); + } + } protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException { @@ -262,6 +319,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { 0x00, fid, 256)); } + @Override protected int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); @@ -290,35 +348,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { } - /** - * - * @param pinProvider - * @param spec - * the PIN spec to be given to the pinProvider - * @param kid - * the KID (key identifier) of the PIN to be verified - * @throws CancelledException - * if the user canceld the operation - * @throws javax.smartcardio.CardException - * @throws at.gv.egiz.smcc.SignatureCardException - */ - @Override - protected void verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid) - throws CardException, CancelledException, SignatureCardException, InterruptedException { - - int retries = -1; - do { - String pin = pinProvider.providePIN(spec, retries); - if (pin == null) { - // user canceled operation - throw new CancelledException("User canceled operation"); - } - retries = verifyPIN(pin, kid); - } while (retries > 0); - - } - - void mseSetDST(int p1, int p2, byte[] dst) throws CardException, SignatureCardException { + private void mseSetDST(int p1, int p2, byte[] dst) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, p1, p2, dst)); @@ -328,7 +358,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { } } - void psoHash(byte[] hash) throws CardException, SignatureCardException { + private void psoHash(byte[] hash) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x90, 0x81, hash)); @@ -338,7 +368,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { } } - byte[] psoComputDigitalSiganture() throws CardException, + private byte[] psoComputDigitalSiganture() throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E, @@ -352,7 +382,7 @@ public class ACOSCard extends AbstractSignatureCard implements SignatureCard { } } - byte[] internalAuthenticate(byte[] hash) throws CardException, SignatureCardException { + private byte[] internalAuthenticate(byte[] hash) throws CardException, SignatureCardException { byte[] digestInfo = new byte[] { (byte) 0x30, (byte) 0x21, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x05, (byte) 0x2B, (byte) 0x0E, (byte) 0x03, (byte) 0x02, (byte) 0x1A, (byte) 0x05, (byte) 0x00, (byte) 0x04 diff --git a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java index e34c4899..633cc90d 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/AbstractSignatureCard.java @@ -28,6 +28,8 @@ // package at.gv.egiz.smcc; +import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.nio.ByteBuffer; import java.util.Locale; import java.util.ResourceBundle; @@ -79,45 +81,56 @@ public abstract class AbstractSignatureCard implements SignatureCard { return sb.toString(); } - protected abstract byte[] selectFileAID(byte[] fid) throws CardException, - SignatureCardException; - - protected abstract ResponseAPDU selectFileFID(byte[] fid) throws CardException, - SignatureCardException; - /** - * VERIFY PIN + * Select an application using AID as DF name according to ISO/IEC 7816-4 + * section 8.2.2.2. * - *

- * Implementations of this method should call - * {@link PINProvider#providePIN(PINSpec, int)} to retrieve the PIN entered by - * the user and VERIFY PIN on the smart card until the PIN has been - * successfully verified. - *

+ * @param dfName + * AID of the application to be selected * - * @param pinProvider - * the PINProvider - * @param spec - * the PINSpec - * @param kid - * the key ID (KID) of the PIN to verify + * @return the response data of the response APDU if SW=0x9000 * * @throws CardException - * if smart card communication fails - * - * @throws CancelledException - * if the PINProvider indicated that the user canceled the PIN entry - * @throws NotActivatedException - * if the card application has not been activated - * @throws LockedException - * if the card application is locked + * if card communication fails * * @throws SignatureCardException - * if VERIFY PIN fails + * if application selection fails (e.g. an application with the + * given AID is not present on the card) */ - protected abstract void verifyPIN(PINProvider pinProvider, PINSpec spec, - byte kid) throws CardException, SignatureCardException, InterruptedException; + protected byte[] selectFileAID(byte[] dfName) throws CardException, SignatureCardException { + CardChannel channel = getCardChannel(); + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04, + 0x00, dfName, 256)); + if (resp.getSW() != 0x9000) { + throw new SignatureCardException("Failed to select application AID=" + + toString(dfName) + ": SW=" + Integer.toHexString(resp.getSW()) + "."); + } else { + return resp.getBytes(); + } + } + + protected abstract ResponseAPDU selectFileFID(byte[] fid) throws CardException, + SignatureCardException; + protected abstract int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException; + + + protected byte[] readRecord(int recordNumber) throws SignatureCardException, CardException { + return readRecord(getCardChannel(), recordNumber); + } + + protected byte[] readRecord(CardChannel channel, int recordNumber) throws SignatureCardException, CardException { + + ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xB2, + recordNumber, 0x04, 256)); + if (resp.getSW() == 0x9000) { + return resp.getData(); + } else { + throw new SignatureCardException("Failed to read records. SW=" + Integer.toHexString(resp.getSW())); + } + + } + protected byte[] readBinary(CardChannel channel, int offset, int len) throws CardException, SignatureCardException { @@ -125,6 +138,8 @@ public abstract class AbstractSignatureCard implements SignatureCard { 0x7F & (offset >> 8), offset & 0xFF, len)); if (resp.getSW() == 0x9000) { return resp.getData(); + } else if (resp.getSW() == 0x6982) { + throw new SecurityStatusNotSatisfiedException(); } else { throw new SignatureCardException("Failed to read bytes (" + offset + "+" + len + "): SW=" + Integer.toHexString(resp.getSW())); @@ -188,43 +203,10 @@ public abstract class AbstractSignatureCard implements SignatureCard { } - /** - * Read the content of a TLV file. - * - * @param aid the application ID (AID) - * @param ef the elementary file (EF) - * @param maxLength the maximum length of the file - * - * @return the content of the file - * - * @throws SignatureCardException - */ - protected byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) - throws SignatureCardException, InterruptedException { - return readTLVFilePIN(aid, ef, (byte) 0, null, null, maxLength); - } - - - /** - * Read the content of a TLV file wich may require a PIN. - * - * @param aid the application ID (AID) - * @param ef the elementary file (EF) - * @param kid the key ID (KID) of the corresponding PIN - * @param provider the PINProvider - * @param spec the PINSpec - * @param maxLength the maximum length of the file - * - * @return the content of the file - * - * @throws SignatureCardException - */ - protected byte[] readTLVFilePIN(byte[] aid, byte[] ef, byte kid, - PINProvider provider, PINSpec spec, int maxLength) - throws SignatureCardException, InterruptedException { - + protected byte[] readRecords(byte[] aid, byte[] ef, int start, int end) throws SignatureCardException, InterruptedException { + try { - + // SELECT FILE (AID) byte[] rb = selectFileAID(aid); if (rb[rb.length - 2] != (byte) 0x90 || rb[rb.length - 1] != (byte) 0x00) { @@ -256,37 +238,89 @@ public abstract class AbstractSignatureCard implements SignatureCard { + Integer.toHexString(resp.getSW()) + ")."); } - - // try to READ BINARY - byte[] b = new byte[1]; - int sw = readBinary(0, 1, b); - if (provider != null && sw == 0x6982) { - - // VERIFY - verifyPIN(provider, spec, kid); - - } else if (sw == 0x9000) { - // not expected type - if (b[0] != 0x30) { - throw new NotActivatedException(); - } - } else { - throw new SignatureCardException("READ BINARY failed (SW=" - + Integer.toHexString(sw) + ")."); + ByteArrayOutputStream bytes = new ByteArrayOutputStream(); + + for (int i = start; i <= end; i++) { + bytes.write(readRecord(i)); } - - // READ BINARY - byte[] data = readBinaryTLV(maxLength, (byte) 0x30); - - return data; - + + return bytes.toByteArray(); + } catch (CardException e) { throw new SignatureCardException("Failed to acces card.", e); + } catch (IOException e) { + throw new SignatureCardException("Failed to read records.", e); } - + + } + + /** + * Read the content of a TLV file. + * + * @param aid the application ID (AID) + * @param ef the elementary file (EF) + * @param maxLength the maximum length of the file + * + * @return the content of the file + * + * @throws SignatureCardException + * @throws CardException + */ + protected byte[] readTLVFile(byte[] aid, byte[] ef, int maxLength) + throws SignatureCardException, InterruptedException, CardException { + return readTLVFile(aid, ef, null, (byte) 0, maxLength); } + /** + * Read the content of a TLV file wich may require a PIN. + * + * @param aid the application ID (AID) + * @param ef the elementary file (EF) + * @param kid the key ID (KID) of the corresponding PIN + * @param provider the PINProvider + * @param spec the PINSpec + * @param maxLength the maximum length of the file + * + * @return the content of the file + * + * @throws SignatureCardException + * @throws CardException + */ + protected byte[] readTLVFile(byte[] aid, byte[] ef, String pin, byte kid, int maxLength) + throws SignatureCardException, InterruptedException, CardException { + + + // SELECT FILE (AID) + selectFileAID(aid); + + // SELECT FILE (EF) + ResponseAPDU resp = selectFileFID(ef); + if (resp.getSW() == 0x6a82) { + // EF not found + throw new FileNotFoundException("EF " + toString(ef) + " not found."); + } else if (resp.getSW() != 0x9000) { + throw new SignatureCardException("SELECT FILE with " + + "FID=" + + toString(ef) + + " failed (" + + "SW=" + + Integer.toHexString(resp.getSW()) + ")."); + } + + // VERIFY + if (pin != null) { + int retries = verifyPIN(pin, kid); + if (retries != -1) { + throw new VerificationFailedException(retries); + } + } + + return readBinaryTLV(maxLength, (byte) 0x30); + + + } + /** * Transmit the given command APDU using the given card channel. * diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index d6d02475..2a6e90bf 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -31,7 +31,6 @@ package at.gv.egiz.smcc; import java.math.BigInteger; import java.util.Arrays; -import javax.smartcardio.Card; import javax.smartcardio.CardChannel; import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; @@ -49,6 +48,42 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard public static final byte[] MF = new byte[] { (byte) 0x3F, (byte) 0x00 }; + /** + * Application ID SV-Personendaten. + */ + public static final byte[] AID_SV_PERSONENDATEN = new byte[] { + (byte) 0xD0, (byte) 0x40, (byte) 0x00, (byte) 0x00, + (byte) 0x17, (byte) 0x01, (byte) 0x01, (byte) 0x01 + }; + + /** + * File ID Grunddaten ({@link #AID_SV_PERSONENDATEN}). + */ + public static final byte[] FID_GRUNDDATEN = new byte[] { + (byte) 0xEF, (byte) 0x01 + }; + + /** + * File ID EHIC ({@link #AID_SV_PERSONENDATEN}). + */ + public static final byte[] FID_EHIC = new byte[] { + (byte) 0xEF, (byte) 0x02 + }; + + /** + * File ID Status ({@link #AID_SV_PERSONENDATEN}). + */ + public static final byte[] FID_SV_PERSONENBINDUNG = new byte[] { + (byte) 0xEF, (byte) 0x03 + }; + + /** + * File ID Status ({@link #AID_SV_PERSONENDATEN}). + */ + public static final byte[] FID_STATUS = new byte[] { + (byte) 0xEF, (byte) 0x04 + }; + public static final byte[] AID_INFOBOX = new byte[] { (byte) 0xd0, (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x18, (byte) 0x01 }; @@ -126,85 +161,134 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard super("at/gv/egiz/smcc/STARCOSCard"); } - /* (non-Javadoc) - * @see at.gv.egiz.smcc.SignatureCard#getCertificate(at.gv.egiz.smcc.SignatureCard.KeyboxName) - */ @Override public byte[] getCertificate(KeyboxName keyboxName) throws SignatureCardException, InterruptedException { - byte[] aid; - byte[] efc; - if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { - aid = AID_DF_SS; - efc = EF_C_X509_CH_DS; - } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { - aid = AID_DF_GS; - efc = EF_C_X509_CH_AUT; - } else { - throw new IllegalArgumentException("Keybox " + keyboxName - + " not supported."); - } + try { + + if (keyboxName == KeyboxName.SECURE_SIGNATURE_KEYPAIR) { + + try { + getCard().beginExclusive(); + return readTLVFile(AID_DF_SS, EF_C_X509_CH_DS, 2000); + } catch (FileNotFoundException e) { + throw new NotActivatedException(); + } finally { + getCard().endExclusive(); + } + + } else if (keyboxName == KeyboxName.CERITIFIED_KEYPAIR) { - log.debug("Get certificate for keybox '" + keyboxName.getKeyboxName() + "'" + - " (AID=" + toString(aid) + " EF=" + toString(efc) + ")."); + try { + getCard().beginExclusive(); + return readTLVFile(AID_DF_GS, EF_C_X509_CH_AUT, 2000); + } catch (FileNotFoundException e) { + throw new NotActivatedException(); + } finally { + getCard().endExclusive(); + } - try { - Card card = getCardChannel().getCard(); - try { - card.beginExclusive(); - return readTLVFile(aid, efc, 2000); - } catch (FileNotFoundException e) { - // if certificate is not present, - // the citizen card application has not been activated - throw new NotActivatedException(); - } finally { - card.endExclusive(); + } else { + throw new IllegalArgumentException("Keybox " + keyboxName + + " not supported."); } + } catch (CardException e) { - throw new SignatureCardException("Failed to get exclusive card access."); + log.warn(e); + throw new SignatureCardException("Failed to access card.", e); } - - } - /* (non-Javadoc) - * @see at.gv.egiz.smcc.SignatureCard#getInfobox(java.lang.String, at.gv.egiz.smcc.PINProvider, java.lang.String) - */ + } + @Override public byte[] getInfobox(String infobox, PINProvider provider, String domainId) throws SignatureCardException, InterruptedException { - if ("IdentityLink".equals(infobox)) { - - PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); - - try { - Card card = getCardChannel().getCard(); + try { + if ("IdentityLink".equals(infobox)) { + + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + + int retries = -1; + String pin = null; + boolean pinRequiered = false; + + do { + if (pinRequiered) { + pin = provider.providePIN(spec, retries); + if (pin == null) { + throw new CancelledException(); + } + } + try { + getCard().beginExclusive(); + return readTLVFile(AID_INFOBOX, EF_INFOBOX, pin, KID_PIN_CARD, 2000); + } catch (FileNotFoundException e) { + throw new NotActivatedException(); + } catch (SecurityStatusNotSatisfiedException e) { + pinRequiered = true; + retries = verifyPIN(null, KID_PIN_CARD); + } catch (VerificationFailedException e) { + pinRequiered = true; + retries = e.getRetries(); + } finally { + getCard().endExclusive(); + } + } while (retries != 0); + + throw new LockedException(); + + + } else if ("EHIC".equals(infobox)) { + try { - card.beginExclusive(); - return readTLVFilePIN(AID_INFOBOX, EF_INFOBOX, KID_PIN_CARD, - provider, spec, 2000); - } catch (FileNotFoundException e) { - // if certificate is not present, - // the citizen card application has not been activated - throw new NotActivatedException(); + getCard().beginExclusive(); + return readTLVFile(AID_SV_PERSONENDATEN, FID_EHIC, 126); } finally { - card.endExclusive(); + getCard().endExclusive(); } - } catch (CardException e) { - throw new SignatureCardException("Failed to get exclusive card access."); + + } else if ("Grunddaten".equals(infobox)) { + + try { + getCard().beginExclusive(); + return readTLVFile(AID_SV_PERSONENDATEN, FID_GRUNDDATEN, 550); + } finally { + getCard().endExclusive(); + } + + } else if ("SV-Personenbindung".equals(infobox)) { + + try { + getCard().beginExclusive(); + return readTLVFile(AID_SV_PERSONENDATEN, FID_SV_PERSONENBINDUNG, 500); + } finally { + getCard().endExclusive(); + } + + } else if ("Status".equals(infobox)) { + + try { + getCard().beginExclusive(); + return readRecords(AID_SV_PERSONENDATEN, FID_STATUS, 1, 5); + } finally { + getCard().endExclusive(); + } + + } else { + throw new IllegalArgumentException("Infobox '" + infobox + + "' not supported."); } - } else { - throw new IllegalArgumentException("Infobox '" + infobox - + "' not supported."); + } catch (CardException e) { + log.warn(e); + throw new SignatureCardException("Failed to access card.", e); } } - /* (non-Javadoc) - * @see at.gv.egiz.smcc.SignatureCard#createSignature(byte[], at.gv.egiz.smcc.SignatureCard.KeyboxName, at.gv.egiz.smcc.PINProvider) - */ + @Override public byte[] createSignature(byte[] hash, KeyboxName keyboxName, PINProvider provider) throws SignatureCardException, InterruptedException { @@ -212,72 +296,115 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard throw new IllegalArgumentException("Hash value must be of length 20."); } - byte[] aid; - byte kid; - byte[] dst; - PINSpec spec; - if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { - aid = AID_DF_SS; - kid = KID_PIN_SS; - dst = DST_SS; - spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); - - } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { - aid = AID_DF_GS; - kid = KID_PIN_CARD; - dst = DST_GS; - spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); - - } else { - throw new IllegalArgumentException("KeyboxName '" + keyboxName - + "' not supported."); - } - try { - Card card = getCardChannel().getCard(); - try { - card.beginExclusive(); - - // SELECT MF - selectMF(); - // SELECT DF - selectFileAID(aid); - // VERIFY - verifyPIN(provider, spec, kid); - // MSE: SET DST - mseSetDST(dst); - // PSO: HASH - psoHash(hash); - // PSO: COMPUTE DIGITAL SIGNATURE - return psoComputDigitalSiganture(); - - - } catch (FileNotFoundException e) { - // if certificate is not present, - // the citizen card application has not been activated - throw new NotActivatedException(); - } finally { - card.endExclusive(); + + if (KeyboxName.SECURE_SIGNATURE_KEYPAIR.equals(keyboxName)) { + + PINSpec spec = new PINSpec(6, 10, "[0-9]", getResourceBundle().getString("sig.pin.name")); + + int retries = -1; + String pin = null; + + do { + try { + getCard().beginExclusive(); + selectFileAID(AID_DF_SS); + retries = verifyPIN(null, KID_PIN_SS); + } finally { + getCard().endExclusive(); + } + pin = provider.providePIN(spec, retries); + if (pin == null) { + throw new CancelledException(); + } + try { + getCard().beginExclusive(); + return createSignature(hash, AID_DF_SS, pin, KID_PIN_SS, DST_SS); + } catch (VerificationFailedException e) { + retries = e.getRetries(); + } finally { + getCard().endExclusive(); + } + } while (retries != 0); + + throw new LockedException(); + + + } else if (KeyboxName.CERITIFIED_KEYPAIR.equals(keyboxName)) { + + PINSpec spec = new PINSpec(4, 4, "[0-9]", getResourceBundle().getString("card.pin.name")); + + int retries = -1; + String pin = null; + boolean pinRequiered = false; + + do { + if (pinRequiered) { + pin = provider.providePIN(spec, retries); + if (pin == null) { + throw new CancelledException(); + } + } + try { + getCard().beginExclusive(); + return createSignature(hash, AID_DF_GS, pin, KID_PIN_CARD, DST_GS); + } catch (FileNotFoundException e) { + throw new NotActivatedException(); + } catch (SecurityStatusNotSatisfiedException e) { + pinRequiered = true; + retries = verifyPIN(null, KID_PIN_CARD); + } catch (VerificationFailedException e) { + pinRequiered = true; + retries = e.getRetries(); + } finally { + getCard().endExclusive(); + } + } while (retries != 0); + + throw new LockedException(); + + } else { + throw new IllegalArgumentException("KeyboxName '" + keyboxName + + "' not supported."); } + } catch (CardException e) { - throw new SignatureCardException("Failed to get exclusive card access."); + log.warn(e); + throw new SignatureCardException("Failed to access card.", e); } } - protected byte[] selectFileAID(byte[] fid) throws CardException, SignatureCardException { + protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); - ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x04, + return transmit(channel, new CommandAPDU(0x00, 0xA4, 0x02, 0x04, fid, 256)); - if (resp.getSW() != 0x9000) { - throw new SignatureCardException("Failed to select file (AID=" - + toString(fid) + "): SW=" + Integer.toHexString(resp.getSW()) + "."); - } else { - return resp.getBytes(); + } + + private byte[] createSignature(byte[] hash, byte[] aid, String pin, byte kid, + byte[] dst) throws CardException, SignatureCardException { + + // SELECT MF + selectMF(); + // SELECT DF + selectFileAID(aid); + // VERIFY + int retries = verifyPIN(pin, kid); + if (retries != -1) { + throw new VerificationFailedException(retries); } + // MSE: SET DST + mseSetDST(dst); + // PSO: HASH + psoHash(hash); + // PSO: COMPUTE DIGITAL SIGNATURE + return psoComputDigitalSiganture(); + + } - void selectMF() throws CardException, SignatureCardException { + + private void selectMF() throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0xA4, 0x00, 0x0C)); @@ -287,13 +414,7 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard } } - protected ResponseAPDU selectFileFID(byte[] fid) throws CardException, SignatureCardException { - CardChannel channel = getCardChannel(); - return transmit(channel, new CommandAPDU(0x00, 0xA4, 0x02, - 0x04, fid, 256)); - } - - void mseSetDST(byte[] dst) throws CardException, SignatureCardException { + private void mseSetDST(byte[] dst) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x22, 0x41, 0xB6, dst)); @@ -303,7 +424,7 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard } } - void psoHash(byte[] hash) throws CardException, SignatureCardException { + private void psoHash(byte[] hash) throws CardException, SignatureCardException { byte[] data = new byte[hash.length + 2]; data[0] = (byte) 0x90; // tag data[1] = (byte) (hash.length); // length @@ -318,7 +439,7 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard } } - byte[] psoComputDigitalSiganture() throws CardException, + private byte[] psoComputDigitalSiganture() throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); ResponseAPDU resp = transmit(channel, new CommandAPDU(0x00, 0x2A, 0x9E, @@ -353,7 +474,8 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard * @throws SignatureCardException * if VERIFY PIN fails */ - private int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException { + @Override + protected int verifyPIN(String pin, byte kid) throws CardException, SignatureCardException { CardChannel channel = getCardChannel(); @@ -385,6 +507,8 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard } else if (resp.getSW1() == 0x63 && resp.getSW2() >> 4 == 0xc) { // return number of possible retries return resp.getSW2() & 0x0f; + } else if (resp.getSW() == 0x6983) { + throw new LockedException(); } else if (resp.getSW() == 0x6984) { // PIN LCS = "Initialized" (-> not activated) throw new NotActivatedException("PIN not set."); @@ -397,26 +521,8 @@ public class STARCOSCard extends AbstractSignatureCard implements SignatureCard } - /* (non-Javadoc) - * @see at.gv.egiz.smcc.AbstractSignatureCard#verifyPIN(at.gv.egiz.smcc.PINProvider, at.gv.egiz.smcc.PINSpec, byte, int) - */ - protected void verifyPIN(PINProvider pinProvider, PINSpec spec, byte kid) - throws CardException, SignatureCardException, InterruptedException { - - int retries = verifyPIN(null, kid); - do { - String pin = pinProvider.providePIN(spec, retries); - if (pin == null) { - // user canceled operation - throw new CancelledException("User canceld operation."); - } - retries = verifyPIN(pin, kid); - } while (retries > 0); - - } - public String toString() { - return "eCard"; + return "e-card"; } diff --git a/smcc/src/main/java/at/gv/egiz/smcc/SecurityStatusNotSatisfiedException.java b/smcc/src/main/java/at/gv/egiz/smcc/SecurityStatusNotSatisfiedException.java new file mode 100644 index 00000000..bf0af76c --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/SecurityStatusNotSatisfiedException.java @@ -0,0 +1,38 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class SecurityStatusNotSatisfiedException extends SignatureCardException { + + private static final long serialVersionUID = 1L; + + public SecurityStatusNotSatisfiedException() { + } + + public SecurityStatusNotSatisfiedException(String message, Throwable cause) { + super(message, cause); + } + + public SecurityStatusNotSatisfiedException(String message) { + super(message); + } + + public SecurityStatusNotSatisfiedException(Throwable cause) { + super(cause); + } + +} diff --git a/smcc/src/main/java/at/gv/egiz/smcc/VerificationFailedException.java b/smcc/src/main/java/at/gv/egiz/smcc/VerificationFailedException.java new file mode 100644 index 00000000..fa066ff9 --- /dev/null +++ b/smcc/src/main/java/at/gv/egiz/smcc/VerificationFailedException.java @@ -0,0 +1,65 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.smcc; + +public class VerificationFailedException extends SignatureCardException { + + private static final long serialVersionUID = 1L; + + public static final int UNKNOWN = -1; + + private int retries = UNKNOWN; + + public VerificationFailedException() { + } + + public VerificationFailedException(String message, Throwable cause) { + super(message, cause); + } + + public VerificationFailedException(String message) { + super(message); + } + + public VerificationFailedException(Throwable cause) { + super(cause); + } + + public VerificationFailedException(int retries) { + this.retries = retries; + } + + public VerificationFailedException(int retries, String message, Throwable cause) { + super(message, cause); + this.retries = retries; + } + + public VerificationFailedException(int retries, String message) { + super(message); + this.retries = retries; + } + + public VerificationFailedException(int retries, Throwable cause) { + super(cause); + this.retries = retries; + } + + public int getRetries() { + return retries; + } + +} diff --git a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java index 13210540..090e1181 100644 --- a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java +++ b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java @@ -19,6 +19,8 @@ package at.gv.egiz.smcc; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.PrintWriter; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Locale; @@ -27,6 +29,8 @@ import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; +import sun.misc.HexDumpEncoder; + import at.gv.egiz.smcc.SignatureCard.KeyboxName; import at.gv.egiz.smcc.util.SMCCHelper; @@ -34,10 +38,9 @@ public class STARCOSCardTest { /** * @param args - * @throws CardException - * @throws NoSuchAlgorithmException + * @throws Exception */ - public static void main(String[] args) throws CardException, NoSuchAlgorithmException, InterruptedException { + public static void main(String[] args) throws Exception { SMCCHelper helper = new SMCCHelper(); while (helper.getResultCode() != SMCCHelper.CARD_FOUND) { @@ -55,18 +58,41 @@ public class STARCOSCardTest { System.out.println("Found '" + signatureCard + "'."); try { -// signatureCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); -// signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR); -// signatureCard.getInfobox("IdentityLink", new CommandLinePINProvider(), null); +// printJavaByteArray( +// signatureCard.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR), System.out); +// printJavaByteArray( +// signatureCard.getCertificate(KeyboxName.CERITIFIED_KEYPAIR), System.out); +// System.out. println(new String(signatureCard.getInfobox("IdentityLink", new CommandLinePINProvider(), null))); +// byte[] infobox = signatureCard.getInfobox("Status", new CommandLinePINProvider(), null); +// printJavaByteArray(infobox, System.out); MessageDigest messageDigest = MessageDigest.getInstance("SHA-1"); byte[] digest = messageDigest.digest("test".getBytes()); - signatureCard.createSignature(digest, KeyboxName.CERITIFIED_KEYPAIR, new CommandLinePINProvider()); + byte[] signature = signatureCard.createSignature(digest, KeyboxName.SECURE_SIGNATURE_KEYPAIR, new CommandLinePINProvider()); + printJavaByteArray(signature, System.out); } catch (SignatureCardException e) { e.printStackTrace(); } } + public static void printJavaByteArray(byte[] bytes, OutputStream os) { + + PrintWriter w = new PrintWriter(os); + + w.write("new byte[] {"); + for (int i = 0; i < bytes.length;) { + if (i % 8 == 0) { + w.write("\n "); + } + w.write("(byte) 0x" + Integer.toHexString(0x0F & (bytes[i] >> 4)) + Integer.toHexString(0x0F & bytes[i])); + if (++i < bytes.length) { + w.write(", "); + } + } + w.write("\n};"); + w.flush(); + } + private static class CommandLinePINProvider implements PINProvider { @Override -- cgit v1.2.3 From d1cb86eef5158caea65975d9cc62c8b616ea6a73 Mon Sep 17 00:00:00 2001 From: wbauer Date: Wed, 17 Dec 2008 14:24:38 +0000 Subject: Added @Ignore git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@251 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java | 11 +++++++---- smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java | 3 +++ smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java | 3 +++ 3 files changed, 13 insertions(+), 4 deletions(-) (limited to 'smcc') diff --git a/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java b/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java index 5f4bb67e..4835865f 100644 --- a/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java +++ b/smcc/src/test/java/at/gv/egiz/smcc/SMCCApplication.java @@ -16,10 +16,13 @@ */ package at.gv.egiz.smcc; -import java.util.Locale; - -import at.gv.egiz.smcc.util.SMCCHelper; - +import java.util.Locale; + +import org.junit.Ignore; + +import at.gv.egiz.smcc.util.SMCCHelper; + +@Ignore public class SMCCApplication { /** diff --git a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java index 090e1181..7f421474 100644 --- a/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java +++ b/smcc/src/test/java/at/gv/egiz/smcc/STARCOSCardTest.java @@ -29,11 +29,14 @@ import javax.smartcardio.CardException; import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; +import org.junit.Ignore; + import sun.misc.HexDumpEncoder; import at.gv.egiz.smcc.SignatureCard.KeyboxName; import at.gv.egiz.smcc.util.SMCCHelper; +@Ignore public class STARCOSCardTest { /** diff --git a/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java b/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java index 38126a67..115edc16 100644 --- a/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java +++ b/smcc/src/test/java/at/gv/egiz/smcc/SWCardTest.java @@ -20,8 +20,11 @@ import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import org.junit.Ignore; + import at.gv.egiz.smcc.SignatureCard.KeyboxName; +@Ignore public class SWCardTest implements PINProvider { SWCard swCard = new SWCard(); -- cgit v1.2.3 From e13bc24b1ed7e6fc186b6beff03795cae1f64d2f Mon Sep 17 00:00:00 2001 From: wbauer Date: Wed, 17 Dec 2008 14:27:27 +0000 Subject: removed junit version git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@252 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- smcc/pom.xml | 1 - 1 file changed, 1 deletion(-) (limited to 'smcc') diff --git a/smcc/pom.xml b/smcc/pom.xml index da71c71e..62c60e75 100644 --- a/smcc/pom.xml +++ b/smcc/pom.xml @@ -30,7 +30,6 @@ junit junit - 3.8.1 test