Commit 488ee37c authored by Tobias Assmann's avatar Tobias Assmann
Browse files

better handling of defect card

parent 3c2819fb
......@@ -81,6 +81,13 @@ public class CertEndpoint {
// create certificate request with user data from session,
// a generated user public key and sign it with the sam specific private key
UserEIDIdentity user = session.getUserEIDIdentity();
//check for valid user eid
if (user.getGivenNames() == null) {
throw new Exception("user lastnames is null!");
}
if (user.getLastNames() == null) {
throw new Exception("user lastnames is null!");
}
msg = csrFac.createCSR(userKeyPair.getPublic(),
samPrivKey,
samCert,
......
......@@ -90,26 +90,13 @@ public class CSRFactory {
x500NameBld.addRDN(BCStyle.CN, new DERPrintableString(caIssuerName));
X500Name issuerDN = x500NameBld.build();
x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
//TODO: if card comes with data like foreign names, seems like parsing and setting
//users data in session fails, this should be fixed. As a quickhack we hardcode testdata here.
if (givenname==null) {
givenname="Max";
}
if (surname==null) {
surname="Mustermann";
}
x500NameBld.addRDN(BCStyle.CN, new DERPrintableString(givenname + " " + surname));
x500NameBld.addRDN(BCStyle.GIVENNAME, new DERPrintableString(givenname));
x500NameBld.addRDN(BCStyle.SURNAME, new DERPrintableString(surname));
if (birthname==null) {
birthname="Mustermann";
}
x500NameBld.addRDN(BCStyle.NAME_AT_BIRTH, new DERPrintableString(birthname));
if (dateOfBirth!=null) {
x500NameBld.addRDN(BCStyle.DATE_OF_BIRTH, new Time(dateOfBirth));
} else {
x500NameBld.addRDN(BCStyle.DATE_OF_BIRTH, new Time(new Date(100, 01, 01, 00, 00, 00)));
if (birthname!=null) {
x500NameBld.addRDN(BCStyle.NAME_AT_BIRTH, new DERPrintableString(birthname));
}
x500NameBld.addRDN(BCStyle.DATE_OF_BIRTH, new Time(dateOfBirth));
X500Name subjectDN = x500NameBld.build();
GeneralName recipient = new GeneralName(issuerDN);
GeneralName sender = new GeneralName(subjectDN);
......
......@@ -6,24 +6,12 @@
package reqesidta.sam.eac.apdu.util;
import de.governikus.eumw.poseidas.cardbase.asn1.ASN1;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.text.ParseException;
import java.util.Enumeration;
import java.util.UUID;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import java.util.Base64;
import javax.smartcardio.ResponseAPDU;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.DLApplicationSpecific;
import org.jboss.logging.Logger;
......@@ -59,42 +47,46 @@ public class APDUAnalyzer {
if (resp.getSW() == SW_SUCCESS || resp.getSW() == SW_EOF) {
ASN1 asn1 = new ASN1(resp.getBytes());
LOG.debug("raw response bytes as base 64 string:"+Base64.getEncoder().encodeToString(resp.getBytes()));
ASN1Primitive instance = ASN1TaggedObject.fromByteArray(asn1.getEncoded());
if (instance instanceof DLApplicationSpecific) {
int tag = ((DLApplicationSpecific) instance).getApplicationTag();
byte[] contents = ((DLApplicationSpecific) instance).getContents();
ASN1Primitive obj = DERUTF8String.fromByteArray(contents);
if (obj instanceof ASN1String) {
String respStr = ((ASN1String) obj).getString();
LOG.info("Found String in responseAPDU: " + respStr + " with TAG: " + tag);
switch(tag) {
case TAG_GIVEN_NAMES:
LOG.info("setting GivenNames");
session.getUserEIDIdentity().setGivenNames(respStr);
break;
case TAG_FAMILY_NAMES:
LOG.info("setting LastNames");
session.getUserEIDIdentity().setLastNames(respStr);
break;
case TAG_BIRTH_NAME:
LOG.info("setting BirthNames");
session.getUserEIDIdentity().setBirthName(respStr);
break;
case TAG_DATE_OF_BIRTH:
try {
LOG.info("setting DateOfBirth");
session.getUserEIDIdentity().setDateOfBirth(respStr);
} catch (ParseException ex) {
throw new RuntimeException(ex);
}
break;
}
LOG.debug("Current Identity: " + session.getUserEIDIdentity());
LOG.info("Current Identity: " + session.getUserEIDIdentity());
}
}
}
} catch(Exception ex) {
LOG.debug("Can't parse respCMD", ex);
LOG.info("Can't parse respCMD", ex);
return;
}
}
......
......@@ -180,17 +180,23 @@ public class EACEndpoint {
LOG.info("decryptAPDU: " + sessionId);
Session session = getSessionOrThrowNotFound(sessionId);
LOG.info("create response ...");
ResponseAPDU respAPDU = new ResponseAPDU(apdu.apdu);
AESSecureMessaging sm = new AESSecureMessaging(session.getAESKeyMaterial().get());
ResponseAPDU decipherCommand;
try {
LOG.info("decipher response ...");
decipherCommand = sm.decipherResponse(respAPDU, apdu.cmdIndex, apdu.totalCmds);
LOG.info("analyze ...");
new APDUAnalyzer(session).analyzeResponseAPDU(decipherCommand);
LOG.info("return ...");
return new APDU(decipherCommand.getBytes());
} catch (SecureMessagingException ex) {
//} catch (SecureMessagingException ex) {
} catch (Exception ex) {
LOG.info("Exception!");
throw new WebApplicationException(ex, Response.Status.INTERNAL_SERVER_ERROR);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment