Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
ecsec Public
reqesidta-prototype
eid-server
Commits
488ee37c
Commit
488ee37c
authored
Jan 24, 2020
by
Tobias Assmann
Browse files
better handling of defect card
parent
3c2819fb
Changes
4
Hide whitespace changes
Inline
Side-by-side
ssa-server/sam/src/main/java/reqesidta/sam/cert/rest/CertEndpoint.java
View file @
488ee37c
...
@@ -81,6 +81,13 @@ public class CertEndpoint {
...
@@ -81,6 +81,13 @@ public class CertEndpoint {
// create certificate request with user data from session,
// create certificate request with user data from session,
// a generated user public key and sign it with the sam specific private key
// a generated user public key and sign it with the sam specific private key
UserEIDIdentity
user
=
session
.
getUserEIDIdentity
();
UserEIDIdentity
user
=
session
.
getUserEIDIdentity
();
//check for valid user eid
if
(
user
.
getGivenNames
()
==
null
)
{
throw
new
Exception
(
"user lastnames is null!"
);
}
if
(
user
.
getLastNames
()
==
null
)
{
throw
new
Exception
(
"user lastnames is null!"
);
}
msg
=
csrFac
.
createCSR
(
userKeyPair
.
getPublic
(),
msg
=
csrFac
.
createCSR
(
userKeyPair
.
getPublic
(),
samPrivKey
,
samPrivKey
,
samCert
,
samCert
,
...
...
ssa-server/sam/src/main/java/reqesidta/sam/cert/utils/CSRFactory.java
View file @
488ee37c
...
@@ -90,26 +90,13 @@ public class CSRFactory {
...
@@ -90,26 +90,13 @@ public class CSRFactory {
x500NameBld
.
addRDN
(
BCStyle
.
CN
,
new
DERPrintableString
(
caIssuerName
));
x500NameBld
.
addRDN
(
BCStyle
.
CN
,
new
DERPrintableString
(
caIssuerName
));
X500Name
issuerDN
=
x500NameBld
.
build
();
X500Name
issuerDN
=
x500NameBld
.
build
();
x500NameBld
=
new
X500NameBuilder
(
BCStyle
.
INSTANCE
);
x500NameBld
=
new
X500NameBuilder
(
BCStyle
.
INSTANCE
);
//TODO: if card comes with data like foreign names, seems like parsing and setting
//users data in session fails, this should be fixed. As a quickhack we hardcode testdata here.
if
(
givenname
==
null
)
{
givenname
=
"Max"
;
}
if
(
surname
==
null
)
{
surname
=
"Mustermann"
;
}
x500NameBld
.
addRDN
(
BCStyle
.
CN
,
new
DERPrintableString
(
givenname
+
" "
+
surname
));
x500NameBld
.
addRDN
(
BCStyle
.
CN
,
new
DERPrintableString
(
givenname
+
" "
+
surname
));
x500NameBld
.
addRDN
(
BCStyle
.
GIVENNAME
,
new
DERPrintableString
(
givenname
));
x500NameBld
.
addRDN
(
BCStyle
.
GIVENNAME
,
new
DERPrintableString
(
givenname
));
x500NameBld
.
addRDN
(
BCStyle
.
SURNAME
,
new
DERPrintableString
(
surname
));
x500NameBld
.
addRDN
(
BCStyle
.
SURNAME
,
new
DERPrintableString
(
surname
));
if
(
birthname
==
null
)
{
if
(
birthname
!=
null
)
{
birthname
=
"Mustermann"
;
x500NameBld
.
addRDN
(
BCStyle
.
NAME_AT_BIRTH
,
new
DERPrintableString
(
birthname
));
}
x500NameBld
.
addRDN
(
BCStyle
.
NAME_AT_BIRTH
,
new
DERPrintableString
(
birthname
));
if
(
dateOfBirth
!=
null
)
{
x500NameBld
.
addRDN
(
BCStyle
.
DATE_OF_BIRTH
,
new
Time
(
dateOfBirth
));
}
else
{
x500NameBld
.
addRDN
(
BCStyle
.
DATE_OF_BIRTH
,
new
Time
(
new
Date
(
100
,
01
,
01
,
00
,
00
,
00
)));
}
}
x500NameBld
.
addRDN
(
BCStyle
.
DATE_OF_BIRTH
,
new
Time
(
dateOfBirth
));
X500Name
subjectDN
=
x500NameBld
.
build
();
X500Name
subjectDN
=
x500NameBld
.
build
();
GeneralName
recipient
=
new
GeneralName
(
issuerDN
);
GeneralName
recipient
=
new
GeneralName
(
issuerDN
);
GeneralName
sender
=
new
GeneralName
(
subjectDN
);
GeneralName
sender
=
new
GeneralName
(
subjectDN
);
...
...
ssa-server/sam/src/main/java/reqesidta/sam/eac/apdu/util/APDUAnalyzer.java
View file @
488ee37c
...
@@ -6,24 +6,12 @@
...
@@ -6,24 +6,12 @@
package
reqesidta.sam.eac.apdu.util
;
package
reqesidta.sam.eac.apdu.util
;
import
de.governikus.eumw.poseidas.cardbase.asn1.ASN1
;
import
de.governikus.eumw.poseidas.cardbase.asn1.ASN1
;
import
java.io.ByteArrayOutputStream
;
import
java.io.File
;
import
java.io.FileOutputStream
;
import
java.io.IOException
;
import
java.nio.charset.StandardCharsets
;
import
java.nio.file.Files
;
import
java.text.ParseException
;
import
java.text.ParseException
;
import
java.util.Enumeration
;
import
java.util.Base64
;
import
java.util.UUID
;
import
java.util.zip.DataFormatException
;
import
java.util.zip.Inflater
;
import
javax.smartcardio.ResponseAPDU
;
import
javax.smartcardio.ResponseAPDU
;
import
org.bouncycastle.asn1.ASN1OctetString
;
import
org.bouncycastle.asn1.ASN1Primitive
;
import
org.bouncycastle.asn1.ASN1Primitive
;
import
org.bouncycastle.asn1.ASN1Sequence
;
import
org.bouncycastle.asn1.ASN1String
;
import
org.bouncycastle.asn1.ASN1String
;
import
org.bouncycastle.asn1.ASN1TaggedObject
;
import
org.bouncycastle.asn1.ASN1TaggedObject
;
import
org.bouncycastle.asn1.DEROctetString
;
import
org.bouncycastle.asn1.DERUTF8String
;
import
org.bouncycastle.asn1.DERUTF8String
;
import
org.bouncycastle.asn1.DLApplicationSpecific
;
import
org.bouncycastle.asn1.DLApplicationSpecific
;
import
org.jboss.logging.Logger
;
import
org.jboss.logging.Logger
;
...
@@ -59,42 +47,46 @@ public class APDUAnalyzer {
...
@@ -59,42 +47,46 @@ public class APDUAnalyzer {
if
(
resp
.
getSW
()
==
SW_SUCCESS
||
resp
.
getSW
()
==
SW_EOF
)
{
if
(
resp
.
getSW
()
==
SW_SUCCESS
||
resp
.
getSW
()
==
SW_EOF
)
{
ASN1
asn1
=
new
ASN1
(
resp
.
getBytes
());
ASN1
asn1
=
new
ASN1
(
resp
.
getBytes
());
LOG
.
debug
(
"raw response bytes as base 64 string:"
+
Base64
.
getEncoder
().
encodeToString
(
resp
.
getBytes
()));
ASN1Primitive
instance
=
ASN1TaggedObject
.
fromByteArray
(
asn1
.
getEncoded
());
ASN1Primitive
instance
=
ASN1TaggedObject
.
fromByteArray
(
asn1
.
getEncoded
());
if
(
instance
instanceof
DLApplicationSpecific
)
{
if
(
instance
instanceof
DLApplicationSpecific
)
{
int
tag
=
((
DLApplicationSpecific
)
instance
).
getApplicationTag
();
int
tag
=
((
DLApplicationSpecific
)
instance
).
getApplicationTag
();
byte
[]
contents
=
((
DLApplicationSpecific
)
instance
).
getContents
();
byte
[]
contents
=
((
DLApplicationSpecific
)
instance
).
getContents
();
ASN1Primitive
obj
=
DERUTF8String
.
fromByteArray
(
contents
);
ASN1Primitive
obj
=
DERUTF8String
.
fromByteArray
(
contents
);
if
(
obj
instanceof
ASN1String
)
{
if
(
obj
instanceof
ASN1String
)
{
String
respStr
=
((
ASN1String
)
obj
).
getString
();
String
respStr
=
((
ASN1String
)
obj
).
getString
();
LOG
.
info
(
"Found String in responseAPDU: "
+
respStr
+
" with TAG: "
+
tag
);
LOG
.
info
(
"Found String in responseAPDU: "
+
respStr
+
" with TAG: "
+
tag
);
switch
(
tag
)
{
switch
(
tag
)
{
case
TAG_GIVEN_NAMES:
case
TAG_GIVEN_NAMES:
LOG
.
info
(
"setting GivenNames"
);
session
.
getUserEIDIdentity
().
setGivenNames
(
respStr
);
session
.
getUserEIDIdentity
().
setGivenNames
(
respStr
);
break
;
break
;
case
TAG_FAMILY_NAMES:
case
TAG_FAMILY_NAMES:
LOG
.
info
(
"setting LastNames"
);
session
.
getUserEIDIdentity
().
setLastNames
(
respStr
);
session
.
getUserEIDIdentity
().
setLastNames
(
respStr
);
break
;
break
;
case
TAG_BIRTH_NAME:
case
TAG_BIRTH_NAME:
LOG
.
info
(
"setting BirthNames"
);
session
.
getUserEIDIdentity
().
setBirthName
(
respStr
);
session
.
getUserEIDIdentity
().
setBirthName
(
respStr
);
break
;
break
;
case
TAG_DATE_OF_BIRTH:
case
TAG_DATE_OF_BIRTH:
try
{
try
{
LOG
.
info
(
"setting DateOfBirth"
);
session
.
getUserEIDIdentity
().
setDateOfBirth
(
respStr
);
session
.
getUserEIDIdentity
().
setDateOfBirth
(
respStr
);
}
catch
(
ParseException
ex
)
{
}
catch
(
ParseException
ex
)
{
throw
new
RuntimeException
(
ex
);
throw
new
RuntimeException
(
ex
);
}
}
break
;
break
;
}
}
LOG
.
debug
(
"Current Identity: "
+
session
.
getUserEIDIdentity
());
LOG
.
info
(
"Current Identity: "
+
session
.
getUserEIDIdentity
());
}
}
}
}
}
}
}
catch
(
Exception
ex
)
{
}
catch
(
Exception
ex
)
{
LOG
.
debug
(
"Can't parse respCMD"
,
ex
);
LOG
.
info
(
"Can't parse respCMD"
,
ex
);
return
;
return
;
}
}
}
}
...
...
ssa-server/sam/src/main/java/reqesidta/sam/eac/rest/EACEndpoint.java
View file @
488ee37c
...
@@ -180,17 +180,23 @@ public class EACEndpoint {
...
@@ -180,17 +180,23 @@ public class EACEndpoint {
LOG
.
info
(
"decryptAPDU: "
+
sessionId
);
LOG
.
info
(
"decryptAPDU: "
+
sessionId
);
Session
session
=
getSessionOrThrowNotFound
(
sessionId
);
Session
session
=
getSessionOrThrowNotFound
(
sessionId
);
LOG
.
info
(
"create response ..."
);
ResponseAPDU
respAPDU
=
new
ResponseAPDU
(
apdu
.
apdu
);
ResponseAPDU
respAPDU
=
new
ResponseAPDU
(
apdu
.
apdu
);
AESSecureMessaging
sm
=
new
AESSecureMessaging
(
session
.
getAESKeyMaterial
().
get
());
AESSecureMessaging
sm
=
new
AESSecureMessaging
(
session
.
getAESKeyMaterial
().
get
());
ResponseAPDU
decipherCommand
;
ResponseAPDU
decipherCommand
;
try
{
try
{
LOG
.
info
(
"decipher response ..."
);
decipherCommand
=
sm
.
decipherResponse
(
respAPDU
,
apdu
.
cmdIndex
,
apdu
.
totalCmds
);
decipherCommand
=
sm
.
decipherResponse
(
respAPDU
,
apdu
.
cmdIndex
,
apdu
.
totalCmds
);
LOG
.
info
(
"analyze ..."
);
new
APDUAnalyzer
(
session
).
analyzeResponseAPDU
(
decipherCommand
);
new
APDUAnalyzer
(
session
).
analyzeResponseAPDU
(
decipherCommand
);
LOG
.
info
(
"return ..."
);
return
new
APDU
(
decipherCommand
.
getBytes
());
return
new
APDU
(
decipherCommand
.
getBytes
());
}
catch
(
SecureMessagingException
ex
)
{
//} catch (SecureMessagingException ex) {
}
catch
(
Exception
ex
)
{
LOG
.
info
(
"Exception!"
);
throw
new
WebApplicationException
(
ex
,
Response
.
Status
.
INTERNAL_SERVER_ERROR
);
throw
new
WebApplicationException
(
ex
,
Response
.
Status
.
INTERNAL_SERVER_ERROR
);
}
}
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment