Release eumw-2.0.3

.hgtags

@@ -42,3 +42,5 @@ aea25cf6b961f42c9f8849ad248f80cc4dd7dadd 2.0.0-RC4
 f29b81980360f77ecf20e868a4d250a5e3dff72b eumw-2.0.0-RC11
 a791ddaea15f03466feadb91896576710279231d eumw-2.0.0-RC12
 faa7672758ddaeb6c1d484f5e9778acf4e1aff8f eumw-2.0.1-RC1
+b6ade828ed88d68fc68e6241a073f3d2894f08ad eumw-2.0.1
+ad58688704c3431fe2a0c556bd8e29888509e6bb eumw-2.0.2

configuration-checker/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <artifactId>eumw</artifactId>
         <groupId>de.governikus.eumw</groupId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
 
     <artifactId>configuration-checker</artifactId>

configuration-wizard/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
     <artifactId>configuration-wizard</artifactId>
 

databasemigration/pom.xml

@@ -14,7 +14,7 @@
 	<parent>
 		<artifactId>eumw</artifactId>
 		<groupId>de.governikus.eumw</groupId>
-		<version>2.0.1</version>
+		<version>2.0.3</version>
 	</parent>
 	<artifactId>database-migration</artifactId>
 

distribution/pom.xml

@@ -15,11 +15,11 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
 
     <artifactId>distribution</artifactId>
-    <version>2.0.1</version>
+    <version>2.0.3</version>
     <packaging>pom</packaging>
 
     <dependencies>

dvca-connection-configurator/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
     <artifactId>dvca-connection-configurator</artifactId>
     <name>dvca-connection-configurator</name>

eidas-base-container/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <artifactId>eumw</artifactId>
         <groupId>de.governikus.eumw</groupId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
 
     <artifactId>eidas-base-container</artifactId>

eidas-common/pom.xml

@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>de.governikus.eumw</groupId>
 		<artifactId>eumw</artifactId>
-		<version>2.0.1</version>
+		<version>2.0.3</version>
 	</parent>
 	<artifactId>eidas-common</artifactId>
 

eidas-demo/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
     <artifactId>eidas-demo</artifactId>
 

eidas-middleware/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
     <artifactId>eidas-middleware</artifactId>
 

eidas-starterkit/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
     <artifactId>eidas-starterkit</artifactId>
 

password-generator/pom.xml

@@ -14,7 +14,7 @@
     <parent>
         <groupId>de.governikus.eumw</groupId>
         <artifactId>eumw</artifactId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
     <artifactId>password-generator</artifactId>
 

pom.xml

@@ -14,7 +14,7 @@
 
     <groupId>de.governikus.eumw</groupId>
     <artifactId>eumw</artifactId>
-    <version>2.0.1</version>
+    <version>2.0.3</version>
     <packaging>pom</packaging>
 
     <name>EU Middleware</name>
@@ -37,7 +37,7 @@
     <scm>
         <url>https://hg.govkg.de/Autent/eumw</url>
         <connection>scm:hg:https://hg.govkg.de/Autent/eumw</connection>
-        <tag>eumw-2.0.1</tag>
+        <tag>eumw-2.0.3</tag>
     </scm>
 
     <developers>
@@ -317,7 +317,7 @@
                     <configuration>
                         <keystore>NONE</keystore>
                         <storetype>PKCS11</storetype>
-                        <tsa>http://timestamp.globalsign.com/scripts/timestamp.dll</tsa>
+                        <tsa>${globalsign.tsa}</tsa>
                         <providerClass>sun.security.pkcs11.SunPKCS11</providerClass>
                         <providerArg>${globalsign.config}</providerArg>
                         <alias>${globalsign.alias}</alias>

poseidas-configuration/pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <artifactId>eumw</artifactId>
         <groupId>de.governikus.eumw</groupId>
-        <version>2.0.1</version>
+        <version>2.0.3</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

poseidas/pom.xml

@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>de.governikus.eumw</groupId>
 		<artifactId>eumw</artifactId>
-		<version>2.0.1</version>
+		<version>2.0.3</version>
 	</parent>
 	<artifactId>poseidas</artifactId>
 

poseidas/src/main/java/de/governikus/eumw/poseidas/cardbase/crypto/sm/AESSecureMessaging.java

@@ -1,11 +1,10 @@
 /*
- * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except
- * in compliance with the Licence. You may obtain a copy of the Licence at:
- * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing,
- * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS
- * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and
- * limitations under the Licence.
+ * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the
+ * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance
+ * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless
+ * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an
+ * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the
+ * specific language governing permissions and limitations under the Licence.
  */
 
 package de.governikus.eumw.poseidas.cardbase.crypto.sm;
@@ -23,12 +22,14 @@
 import de.governikus.eumw.poseidas.cardbase.ArrayUtil;
 import de.governikus.eumw.poseidas.cardbase.AssertUtil;
 import de.governikus.eumw.poseidas.cardbase.ByteUtil;
+import de.governikus.eumw.poseidas.cardbase.Hex;
 import de.governikus.eumw.poseidas.cardbase.asn1.ASN1;
 import de.governikus.eumw.poseidas.cardbase.asn1.ASN1Constants;
 import de.governikus.eumw.poseidas.cardbase.card.CommandAPDUConstants;
 import de.governikus.eumw.poseidas.cardbase.card.SecureMessaging;
 import de.governikus.eumw.poseidas.cardbase.card.SecureMessagingException;
 import de.governikus.eumw.poseidas.cardbase.crypto.CipherUtil;
+import lombok.extern.slf4j.Slf4j;
 
 
 /**
@@ -38,6 +39,7 @@
  * @author Jens Wothe, jw@bos-bremen.de
  * @author Arne Stahlbock, ast@bos-bremen.de
  */
+@Slf4j
 public class AESSecureMessaging implements SecureMessaging
 {
 
@@ -87,8 +89,8 @@ public CommandAPDU encipherCommand(CommandAPDU command) throws SecureMessagingEx
     byte[] macDOBytes = createMacDO(secureHeaderPaddedBytes, cryptogramDOBytes, neDOBytes);
     byte[] dataFieldBytes = ByteUtil.combine(new byte[][]{cryptogramDOBytes, neDOBytes, macDOBytes});
     int l = getNewLe(neDOBytes, dataFieldBytes);
-    return new CommandAPDU(secureHeaderBytes[0], secureHeaderBytes[1], secureHeaderBytes[2],
-                           secureHeaderBytes[3], dataFieldBytes, l);
+    return new CommandAPDU(secureHeaderBytes[0], secureHeaderBytes[1], secureHeaderBytes[2], secureHeaderBytes[3],
+                           dataFieldBytes, l);
   }
 
   private int getNewLe(byte[] neDOBytes, byte[] dataFieldBytes)
@@ -135,15 +137,11 @@ public ResponseAPDU decipherResponse(ResponseAPDU response) throws SecureMessagi
     AssertUtil.notNull(response, "response");
     this.material.getIvParameterSpec().increaseSSC();
 
-    byte[] responseBytes = response.getBytes();
-    if (responseBytes.length == 2)
-    {
-      return response;
-    }
     byte[] responseData = response.getData();
     if (ArrayUtil.isNullOrEmpty(responseData))
     {
-      return response;
+      log.warn("Error 6419: no data");
+      throw new SecureMessagingException(SecureMessagingException.CODE_SOFTWARE, "response is not encrypted", null);
     }
     ASN1[] childs = getDataChilds(responseData);
     byte[] encDataDOBytes = null;
@@ -196,12 +194,16 @@ else if (SMConstants.TAG_BYTE_DO_CRYPTOGRPAHIC_CHECKSUM == tag)
       }
       else
       {
-        throw new SecureMessagingException(SecureMessagingException.CODE_SOFTWARE,
-                                           "unrecognized DO at response", null);
+        if (tag >= 0x61 && tag <= 0x76)
+        {
+          log.warn("Error 6419: data object {}", Hex.hexify(child.getEncoded()));
+        }
+        throw new SecureMessagingException(SecureMessagingException.CODE_SOFTWARE, "unrecognized DO at response", null);
       }
     }
     checkMac(macDOBytes, macData);
     byte[] dataBytes = getDataBytes(encDataDOBytes, encTag);
+    byte[] responseBytes = response.getBytes();
     byte[] result = ByteUtil.combine(new byte[][]{dataBytes, processDOBytes == null
       ? ByteUtil.subbytes(responseBytes, responseBytes.length - 2) : processDOBytes});
     return new ResponseAPDU(result);
@@ -251,8 +253,7 @@ private void checkMac(byte[] macDOBytes, byte[] macData) throws SecureMessagingE
     {
       // invalidate key material so the channel can no longer be used
       this.material = null;
-      throw new SecureMessagingException(SecureMessagingException.CODE_CARD, "no checksum received from card",
-                                         null);
+      throw new SecureMessagingException(SecureMessagingException.CODE_CARD, "no checksum received from card", null);
     }
     else
     {
@@ -319,8 +320,7 @@ private byte[] createCryptogramDO(CommandAPDU command) throws SecureMessagingExc
       ASN1 result;
       if (command.getINS() % 2 == 0)
       {
-        byte[] paddedCryptogram = ByteUtil.combine(new byte[]{SMConstants.PADDING_INDICATOR_BYTE_ISO},
-                                                   cryptogram);
+        byte[] paddedCryptogram = ByteUtil.combine(new byte[]{SMConstants.PADDING_INDICATOR_BYTE_ISO}, cryptogram);
         result = new ASN1(SMConstants.TAG_BYTE_DO_CRYPTOGRAM, paddedCryptogram);
       }
       else

poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/read/Read.java

@@ -1,11 +1,10 @@
 /*
- * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except
- * in compliance with the Licence. You may obtain a copy of the Licence at:
- * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing,
- * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS
- * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and
- * limitations under the Licence.
+ * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the
+ * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance
+ * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless
+ * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an
+ * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the
+ * specific language governing permissions and limitations under the Licence.
  */
 
 package de.governikus.eumw.poseidas.cardserver.eac.functions.read;
@@ -40,9 +39,8 @@
  * @see ReadResult
  * @author Jens Wothe, jw@bos-bremen.de
  */
-public class Read extends AbstractFunctionStep<ReadParameter, ReadResult>
-  implements FunctionStep<ReadParameter, ReadResult>, TransmitCommandCreator<ReadParameter>,
-  TransmitResultEvaluator<ReadResult>
+public class Read extends AbstractFunctionStep<ReadParameter, ReadResult> implements
+  FunctionStep<ReadParameter, ReadResult>, TransmitCommandCreator<ReadParameter>, TransmitResultEvaluator<ReadResult>
 {
 
   /**
@@ -109,11 +107,11 @@ public List<InputAPDUInfoType> create(ReadParameter parameter, List<ResponseAPDU
   @Override
   public ReadResult evaluate(TransmitAPDUResult transmitResult, int[] responseIndices)
   {
-    responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices);
     if (transmitResult.getThrowable() != null)
     {
       return new ReadResult(transmitResult.getThrowable());
     }
+    responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices);
     ResponseAPDU resp = new ResponseAPDU(transmitResult.getData().getOutputAPDU().get(responseIndices[0]));
     if (resp.getSW() == SmartCardCodeConstants.SUCCESSFULLY_PROCESSED
         || resp.getSW() == SmartCardCodeConstants.EOF_READ)

poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/ri/RestrictedIdentification.java

@@ -1,11 +1,10 @@
 /*
- * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except
- * in compliance with the Licence. You may obtain a copy of the Licence at:
- * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing,
- * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS
- * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and
- * limitations under the Licence.
+ * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the
+ * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance
+ * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless
+ * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an
+ * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the
+ * specific language governing permissions and limitations under the Licence.
  */
 
 package de.governikus.eumw.poseidas.cardserver.eac.functions.ri;
@@ -47,8 +46,7 @@
 public class RestrictedIdentification
   extends AbstractFunctionStep<RestrictedIdentificationParameter, RestrictedIdentificationResult>
   implements FunctionStep<RestrictedIdentificationParameter, RestrictedIdentificationResult>,
-  TransmitCommandCreator<RestrictedIdentificationParameter>,
-  TransmitResultEvaluator<RestrictedIdentificationResult>
+  TransmitCommandCreator<RestrictedIdentificationParameter>, TransmitResultEvaluator<RestrictedIdentificationResult>
 {
 
   /**
@@ -113,8 +111,8 @@ public RestrictedIdentificationResult resultStep(TransmitResponse result)
     AssertUtil.notNull(result, "result");
     TransmitAPDUResult unsecuredResult = super.transmit.resultStep(result);
     return evaluate(unsecuredResult,
-                    unsecuredResult.getData().getOutputAPDU().size() == 2
-                      ? DEFAULT_RESPONSE_INDICES_TO_EVALUATE_TWO_ID : null);
+                    unsecuredResult.getData().getOutputAPDU().size() == 2 ? DEFAULT_RESPONSE_INDICES_TO_EVALUATE_TWO_ID
+                      : null);
   }
 
   // default indices (two ID)
@@ -141,8 +139,7 @@ public List<InputAPDUInfoType> create(RestrictedIdentificationParameter paramete
                                                    Hex.hexify(riInfo.getProtocol().getValue()))
                              + EACServerUtil.makeTag(EACServerUtil.MSE_PRIVATE_KEY_REFERENCE_TAG,
                                                      Hex.hexify(riInfo.getParams().getKeyID()));
-    CommandAPDU cmd = EACServerUtil.commandFromString(EACServerUtil.COMMAND_CHAINING_DISABLED
-                                                      + EACServerUtil.MSE_INS
+    CommandAPDU cmd = EACServerUtil.commandFromString(EACServerUtil.COMMAND_CHAINING_DISABLED + EACServerUtil.MSE_INS
                                                       + EACServerUtil.MSE_SET_AT_PARAM_RI,
                                                       dataFieldString,
                                                       EACServerUtil.LENGTH_EXPECTED_NONE);
@@ -203,11 +200,11 @@ else if (oid.equals(OIDConstants.OID_RI_DH_SHA_256) || oid.equals(OIDConstants.O
   @Override
   public RestrictedIdentificationResult evaluate(TransmitAPDUResult transmitResult, int[] responseIndices)
   {
-    responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices);
     if (transmitResult.getThrowable() != null)
     {
       return new RestrictedIdentificationResult(transmitResult.getThrowable());
     }
+    responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices);
 
     RestrictedIdentificationResult riResult = new RestrictedIdentificationResult();
     try

poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/select/SelectApplication.java

@@ -1,11 +1,10 @@
 /*
- * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except
- * in compliance with the Licence. You may obtain a copy of the Licence at:
- * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing,
- * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS
- * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and
- * limitations under the Licence.
+ * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the
+ * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance
+ * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless
+ * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an
+ * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the
+ * specific language governing permissions and limitations under the Licence.
  */
 
 package de.governikus.eumw.poseidas.cardserver.eac.functions.select;
@@ -112,11 +111,11 @@ else if (parameter.getAID() != null)
   @Override
   public SelectResult evaluate(TransmitAPDUResult transmitResult, int[] responseIndices)
   {
-    responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices);
     if (transmitResult.getThrowable() != null)
     {
       return new SelectResult(transmitResult.getThrowable());
     }
+    responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices);
     byte[] resp = transmitResult.getData().getOutputAPDU().get(responseIndices[0]);
     return new SelectResult(resp[0] == (byte)0x90 && resp[1] == 0x00 ? Boolean.TRUE : Boolean.FALSE);
   }