Commit 488ee37c authored by Tobias Assmann's avatar Tobias Assmann
Browse files

better handling of defect card

parent 3c2819fb
...@@ -81,6 +81,13 @@ public class CertEndpoint { ...@@ -81,6 +81,13 @@ public class CertEndpoint {
// create certificate request with user data from session, // create certificate request with user data from session,
// a generated user public key and sign it with the sam specific private key // a generated user public key and sign it with the sam specific private key
UserEIDIdentity user = session.getUserEIDIdentity(); UserEIDIdentity user = session.getUserEIDIdentity();
//check for valid user eid
if (user.getGivenNames() == null) {
throw new Exception("user lastnames is null!");
}
if (user.getLastNames() == null) {
throw new Exception("user lastnames is null!");
}
msg = csrFac.createCSR(userKeyPair.getPublic(), msg = csrFac.createCSR(userKeyPair.getPublic(),
samPrivKey, samPrivKey,
samCert, samCert,
......
...@@ -90,26 +90,13 @@ public class CSRFactory { ...@@ -90,26 +90,13 @@ public class CSRFactory {
x500NameBld.addRDN(BCStyle.CN, new DERPrintableString(caIssuerName)); x500NameBld.addRDN(BCStyle.CN, new DERPrintableString(caIssuerName));
X500Name issuerDN = x500NameBld.build(); X500Name issuerDN = x500NameBld.build();
x500NameBld = new X500NameBuilder(BCStyle.INSTANCE); x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
//TODO: if card comes with data like foreign names, seems like parsing and setting
//users data in session fails, this should be fixed. As a quickhack we hardcode testdata here.
if (givenname==null) {
givenname="Max";
}
if (surname==null) {
surname="Mustermann";
}
x500NameBld.addRDN(BCStyle.CN, new DERPrintableString(givenname + " " + surname)); x500NameBld.addRDN(BCStyle.CN, new DERPrintableString(givenname + " " + surname));
x500NameBld.addRDN(BCStyle.GIVENNAME, new DERPrintableString(givenname)); x500NameBld.addRDN(BCStyle.GIVENNAME, new DERPrintableString(givenname));
x500NameBld.addRDN(BCStyle.SURNAME, new DERPrintableString(surname)); x500NameBld.addRDN(BCStyle.SURNAME, new DERPrintableString(surname));
if (birthname==null) { if (birthname!=null) {
birthname="Mustermann"; x500NameBld.addRDN(BCStyle.NAME_AT_BIRTH, new DERPrintableString(birthname));
}
x500NameBld.addRDN(BCStyle.NAME_AT_BIRTH, new DERPrintableString(birthname));
if (dateOfBirth!=null) {
x500NameBld.addRDN(BCStyle.DATE_OF_BIRTH, new Time(dateOfBirth));
} else {
x500NameBld.addRDN(BCStyle.DATE_OF_BIRTH, new Time(new Date(100, 01, 01, 00, 00, 00)));
} }
x500NameBld.addRDN(BCStyle.DATE_OF_BIRTH, new Time(dateOfBirth));
X500Name subjectDN = x500NameBld.build(); X500Name subjectDN = x500NameBld.build();
GeneralName recipient = new GeneralName(issuerDN); GeneralName recipient = new GeneralName(issuerDN);
GeneralName sender = new GeneralName(subjectDN); GeneralName sender = new GeneralName(subjectDN);
......
...@@ -6,24 +6,12 @@ ...@@ -6,24 +6,12 @@
package reqesidta.sam.eac.apdu.util; package reqesidta.sam.eac.apdu.util;
import de.governikus.eumw.poseidas.cardbase.asn1.ASN1; import de.governikus.eumw.poseidas.cardbase.asn1.ASN1;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.text.ParseException; import java.text.ParseException;
import java.util.Enumeration; import java.util.Base64;
import java.util.UUID;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import javax.smartcardio.ResponseAPDU; import javax.smartcardio.ResponseAPDU;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1String; import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERUTF8String; import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.DLApplicationSpecific; import org.bouncycastle.asn1.DLApplicationSpecific;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
...@@ -59,42 +47,46 @@ public class APDUAnalyzer { ...@@ -59,42 +47,46 @@ public class APDUAnalyzer {
if (resp.getSW() == SW_SUCCESS || resp.getSW() == SW_EOF) { if (resp.getSW() == SW_SUCCESS || resp.getSW() == SW_EOF) {
ASN1 asn1 = new ASN1(resp.getBytes()); ASN1 asn1 = new ASN1(resp.getBytes());
LOG.debug("raw response bytes as base 64 string:"+Base64.getEncoder().encodeToString(resp.getBytes()));
ASN1Primitive instance = ASN1TaggedObject.fromByteArray(asn1.getEncoded()); ASN1Primitive instance = ASN1TaggedObject.fromByteArray(asn1.getEncoded());
if (instance instanceof DLApplicationSpecific) { if (instance instanceof DLApplicationSpecific) {
int tag = ((DLApplicationSpecific) instance).getApplicationTag(); int tag = ((DLApplicationSpecific) instance).getApplicationTag();
byte[] contents = ((DLApplicationSpecific) instance).getContents(); byte[] contents = ((DLApplicationSpecific) instance).getContents();
ASN1Primitive obj = DERUTF8String.fromByteArray(contents); ASN1Primitive obj = DERUTF8String.fromByteArray(contents);
if (obj instanceof ASN1String) { if (obj instanceof ASN1String) {
String respStr = ((ASN1String) obj).getString(); String respStr = ((ASN1String) obj).getString();
LOG.info("Found String in responseAPDU: " + respStr + " with TAG: " + tag); LOG.info("Found String in responseAPDU: " + respStr + " with TAG: " + tag);
switch(tag) { switch(tag) {
case TAG_GIVEN_NAMES: case TAG_GIVEN_NAMES:
LOG.info("setting GivenNames");
session.getUserEIDIdentity().setGivenNames(respStr); session.getUserEIDIdentity().setGivenNames(respStr);
break; break;
case TAG_FAMILY_NAMES: case TAG_FAMILY_NAMES:
LOG.info("setting LastNames");
session.getUserEIDIdentity().setLastNames(respStr); session.getUserEIDIdentity().setLastNames(respStr);
break; break;
case TAG_BIRTH_NAME: case TAG_BIRTH_NAME:
LOG.info("setting BirthNames");
session.getUserEIDIdentity().setBirthName(respStr); session.getUserEIDIdentity().setBirthName(respStr);
break; break;
case TAG_DATE_OF_BIRTH: case TAG_DATE_OF_BIRTH:
try { try {
LOG.info("setting DateOfBirth");
session.getUserEIDIdentity().setDateOfBirth(respStr); session.getUserEIDIdentity().setDateOfBirth(respStr);
} catch (ParseException ex) { } catch (ParseException ex) {
throw new RuntimeException(ex); throw new RuntimeException(ex);
} }
break; break;
} }
LOG.debug("Current Identity: " + session.getUserEIDIdentity()); LOG.info("Current Identity: " + session.getUserEIDIdentity());
} }
} }
} }
} catch(Exception ex) { } catch(Exception ex) {
LOG.debug("Can't parse respCMD", ex); LOG.info("Can't parse respCMD", ex);
return; return;
} }
} }
......
...@@ -180,17 +180,23 @@ public class EACEndpoint { ...@@ -180,17 +180,23 @@ public class EACEndpoint {
LOG.info("decryptAPDU: " + sessionId); LOG.info("decryptAPDU: " + sessionId);
Session session = getSessionOrThrowNotFound(sessionId); Session session = getSessionOrThrowNotFound(sessionId);
LOG.info("create response ...");
ResponseAPDU respAPDU = new ResponseAPDU(apdu.apdu); ResponseAPDU respAPDU = new ResponseAPDU(apdu.apdu);
AESSecureMessaging sm = new AESSecureMessaging(session.getAESKeyMaterial().get()); AESSecureMessaging sm = new AESSecureMessaging(session.getAESKeyMaterial().get());
ResponseAPDU decipherCommand; ResponseAPDU decipherCommand;
try { try {
LOG.info("decipher response ...");
decipherCommand = sm.decipherResponse(respAPDU, apdu.cmdIndex, apdu.totalCmds); decipherCommand = sm.decipherResponse(respAPDU, apdu.cmdIndex, apdu.totalCmds);
LOG.info("analyze ...");
new APDUAnalyzer(session).analyzeResponseAPDU(decipherCommand); new APDUAnalyzer(session).analyzeResponseAPDU(decipherCommand);
LOG.info("return ...");
return new APDU(decipherCommand.getBytes()); return new APDU(decipherCommand.getBytes());
} catch (SecureMessagingException ex) { //} catch (SecureMessagingException ex) {
} catch (Exception ex) {
LOG.info("Exception!");
throw new WebApplicationException(ex, Response.Status.INTERNAL_SERVER_ERROR); throw new WebApplicationException(ex, Response.Status.INTERNAL_SERVER_ERROR);
} }
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment