From 9dd047024855665fa377f3893952445b7493fdcb Mon Sep 17 00:00:00 2001 From: klhgovernikus Date: Thu, 16 Sep 2021 11:10:26 +0200 Subject: [PATCH] Release eumw-2.0.3 --- .hgtags | 2 + configuration-checker/pom.xml | 2 +- configuration-wizard/pom.xml | 2 +- databasemigration/pom.xml | 2 +- distribution/pom.xml | 4 +- dvca-connection-configurator/pom.xml | 2 +- eidas-base-container/pom.xml | 2 +- eidas-common/pom.xml | 2 +- eidas-demo/pom.xml | 2 +- eidas-middleware/pom.xml | 2 +- eidas-starterkit/pom.xml | 2 +- password-generator/pom.xml | 2 +- pom.xml | 6 +- poseidas-configuration/pom.xml | 2 +- poseidas/pom.xml | 2 +- .../crypto/sm/AESSecureMessaging.java | 42 ++-- .../cardserver/eac/functions/read/Read.java | 20 +- .../ri/RestrictedIdentification.java | 25 +-- .../functions/select/SelectApplication.java | 15 +- .../eac/functions/select/SelectFile.java | 18 +- .../functions/transmitAPDU/TransmitAPDU.java | 23 +- .../impl/AbstractValidityFunction.java | 23 +- .../sm/AESBatchSecureMessaging.java | 90 ++++---- .../cardserver/sm/CardCommunication.java | 144 ++++--------- .../cardserver/sm/CardCommunicationImpl.java | 200 ++++++------------ .../convenience/EIDSequenceTransmit.java | 93 +++----- utils/pom.xml | 2 +- 27 files changed, 288 insertions(+), 443 deletions(-) diff --git a/.hgtags b/.hgtags index 99ac02e1..783c6ef3 100644 --- a/.hgtags +++ b/.hgtags @@ -42,3 +42,5 @@ aea25cf6b961f42c9f8849ad248f80cc4dd7dadd 2.0.0-RC4 f29b81980360f77ecf20e868a4d250a5e3dff72b eumw-2.0.0-RC11 a791ddaea15f03466feadb91896576710279231d eumw-2.0.0-RC12 faa7672758ddaeb6c1d484f5e9778acf4e1aff8f eumw-2.0.1-RC1 +b6ade828ed88d68fc68e6241a073f3d2894f08ad eumw-2.0.1 +ad58688704c3431fe2a0c556bd8e29888509e6bb eumw-2.0.2 diff --git a/configuration-checker/pom.xml b/configuration-checker/pom.xml index dd359bfb..14796e88 100644 --- a/configuration-checker/pom.xml +++ b/configuration-checker/pom.xml @@ -14,7 +14,7 @@ eumw de.governikus.eumw - 2.0.1 + 2.0.3 configuration-checker diff --git a/configuration-wizard/pom.xml b/configuration-wizard/pom.xml index 663b0933..95d54430 100644 --- a/configuration-wizard/pom.xml +++ b/configuration-wizard/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 configuration-wizard diff --git a/databasemigration/pom.xml b/databasemigration/pom.xml index b630c81b..4092d9eb 100644 --- a/databasemigration/pom.xml +++ b/databasemigration/pom.xml @@ -14,7 +14,7 @@ eumw de.governikus.eumw - 2.0.1 + 2.0.3 database-migration diff --git a/distribution/pom.xml b/distribution/pom.xml index 29a3e36f..859564f9 100644 --- a/distribution/pom.xml +++ b/distribution/pom.xml @@ -15,11 +15,11 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 distribution - 2.0.1 + 2.0.3 pom diff --git a/dvca-connection-configurator/pom.xml b/dvca-connection-configurator/pom.xml index bfc624e1..dc655f6b 100644 --- a/dvca-connection-configurator/pom.xml +++ b/dvca-connection-configurator/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 dvca-connection-configurator dvca-connection-configurator diff --git a/eidas-base-container/pom.xml b/eidas-base-container/pom.xml index 678995ea..24a81662 100644 --- a/eidas-base-container/pom.xml +++ b/eidas-base-container/pom.xml @@ -14,7 +14,7 @@ eumw de.governikus.eumw - 2.0.1 + 2.0.3 eidas-base-container diff --git a/eidas-common/pom.xml b/eidas-common/pom.xml index 6793c3a4..8644527a 100644 --- a/eidas-common/pom.xml +++ b/eidas-common/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 eidas-common diff --git a/eidas-demo/pom.xml b/eidas-demo/pom.xml index dd6d9db6..d5bcaef1 100644 --- a/eidas-demo/pom.xml +++ b/eidas-demo/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 eidas-demo diff --git a/eidas-middleware/pom.xml b/eidas-middleware/pom.xml index d925da4b..78f9d585 100644 --- a/eidas-middleware/pom.xml +++ b/eidas-middleware/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 eidas-middleware diff --git a/eidas-starterkit/pom.xml b/eidas-starterkit/pom.xml index ca0208c9..82ca3b51 100644 --- a/eidas-starterkit/pom.xml +++ b/eidas-starterkit/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 eidas-starterkit diff --git a/password-generator/pom.xml b/password-generator/pom.xml index 8e9a4dd8..b75dff0a 100644 --- a/password-generator/pom.xml +++ b/password-generator/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 password-generator diff --git a/pom.xml b/pom.xml index e5b59072..7335f05f 100644 --- a/pom.xml +++ b/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 pom EU Middleware @@ -37,7 +37,7 @@ https://hg.govkg.de/Autent/eumw scm:hg:https://hg.govkg.de/Autent/eumw - eumw-2.0.1 + eumw-2.0.3 @@ -317,7 +317,7 @@ NONE PKCS11 - http://timestamp.globalsign.com/scripts/timestamp.dll + ${globalsign.tsa} sun.security.pkcs11.SunPKCS11 ${globalsign.config} ${globalsign.alias} diff --git a/poseidas-configuration/pom.xml b/poseidas-configuration/pom.xml index 5c89197d..d6adc66c 100644 --- a/poseidas-configuration/pom.xml +++ b/poseidas-configuration/pom.xml @@ -13,7 +13,7 @@ eumw de.governikus.eumw - 2.0.1 + 2.0.3 4.0.0 diff --git a/poseidas/pom.xml b/poseidas/pom.xml index a70372fd..968a98c7 100644 --- a/poseidas/pom.xml +++ b/poseidas/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 poseidas diff --git a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardbase/crypto/sm/AESSecureMessaging.java b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardbase/crypto/sm/AESSecureMessaging.java index 167d6761..dd2c60c1 100644 --- a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardbase/crypto/sm/AESSecureMessaging.java +++ b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardbase/crypto/sm/AESSecureMessaging.java @@ -1,11 +1,10 @@ /* - * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except - * in compliance with the Licence. You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing, - * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS - * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the + * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance + * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless + * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an + * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the + * specific language governing permissions and limitations under the Licence. */ package de.governikus.eumw.poseidas.cardbase.crypto.sm; @@ -23,12 +22,14 @@ import de.governikus.eumw.poseidas.cardbase.ArrayUtil; import de.governikus.eumw.poseidas.cardbase.AssertUtil; import de.governikus.eumw.poseidas.cardbase.ByteUtil; +import de.governikus.eumw.poseidas.cardbase.Hex; import de.governikus.eumw.poseidas.cardbase.asn1.ASN1; import de.governikus.eumw.poseidas.cardbase.asn1.ASN1Constants; import de.governikus.eumw.poseidas.cardbase.card.CommandAPDUConstants; import de.governikus.eumw.poseidas.cardbase.card.SecureMessaging; import de.governikus.eumw.poseidas.cardbase.card.SecureMessagingException; import de.governikus.eumw.poseidas.cardbase.crypto.CipherUtil; +import lombok.extern.slf4j.Slf4j; /** @@ -38,6 +39,7 @@ * @author Jens Wothe, jw@bos-bremen.de * @author Arne Stahlbock, ast@bos-bremen.de */ +@Slf4j public class AESSecureMessaging implements SecureMessaging { @@ -87,8 +89,8 @@ public CommandAPDU encipherCommand(CommandAPDU command) throws SecureMessagingEx byte[] macDOBytes = createMacDO(secureHeaderPaddedBytes, cryptogramDOBytes, neDOBytes); byte[] dataFieldBytes = ByteUtil.combine(new byte[][]{cryptogramDOBytes, neDOBytes, macDOBytes}); int l = getNewLe(neDOBytes, dataFieldBytes); - return new CommandAPDU(secureHeaderBytes[0], secureHeaderBytes[1], secureHeaderBytes[2], - secureHeaderBytes[3], dataFieldBytes, l); + return new CommandAPDU(secureHeaderBytes[0], secureHeaderBytes[1], secureHeaderBytes[2], secureHeaderBytes[3], + dataFieldBytes, l); } private int getNewLe(byte[] neDOBytes, byte[] dataFieldBytes) @@ -135,15 +137,11 @@ public ResponseAPDU decipherResponse(ResponseAPDU response) throws SecureMessagi AssertUtil.notNull(response, "response"); this.material.getIvParameterSpec().increaseSSC(); - byte[] responseBytes = response.getBytes(); - if (responseBytes.length == 2) - { - return response; - } byte[] responseData = response.getData(); if (ArrayUtil.isNullOrEmpty(responseData)) { - return response; + log.warn("Error 6419: no data"); + throw new SecureMessagingException(SecureMessagingException.CODE_SOFTWARE, "response is not encrypted", null); } ASN1[] childs = getDataChilds(responseData); byte[] encDataDOBytes = null; @@ -196,12 +194,16 @@ else if (SMConstants.TAG_BYTE_DO_CRYPTOGRPAHIC_CHECKSUM == tag) } else { - throw new SecureMessagingException(SecureMessagingException.CODE_SOFTWARE, - "unrecognized DO at response", null); + if (tag >= 0x61 && tag <= 0x76) + { + log.warn("Error 6419: data object {}", Hex.hexify(child.getEncoded())); + } + throw new SecureMessagingException(SecureMessagingException.CODE_SOFTWARE, "unrecognized DO at response", null); } } checkMac(macDOBytes, macData); byte[] dataBytes = getDataBytes(encDataDOBytes, encTag); + byte[] responseBytes = response.getBytes(); byte[] result = ByteUtil.combine(new byte[][]{dataBytes, processDOBytes == null ? ByteUtil.subbytes(responseBytes, responseBytes.length - 2) : processDOBytes}); return new ResponseAPDU(result); @@ -251,8 +253,7 @@ private void checkMac(byte[] macDOBytes, byte[] macData) throws SecureMessagingE { // invalidate key material so the channel can no longer be used this.material = null; - throw new SecureMessagingException(SecureMessagingException.CODE_CARD, "no checksum received from card", - null); + throw new SecureMessagingException(SecureMessagingException.CODE_CARD, "no checksum received from card", null); } else { @@ -319,8 +320,7 @@ private byte[] createCryptogramDO(CommandAPDU command) throws SecureMessagingExc ASN1 result; if (command.getINS() % 2 == 0) { - byte[] paddedCryptogram = ByteUtil.combine(new byte[]{SMConstants.PADDING_INDICATOR_BYTE_ISO}, - cryptogram); + byte[] paddedCryptogram = ByteUtil.combine(new byte[]{SMConstants.PADDING_INDICATOR_BYTE_ISO}, cryptogram); result = new ASN1(SMConstants.TAG_BYTE_DO_CRYPTOGRAM, paddedCryptogram); } else diff --git a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/read/Read.java b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/read/Read.java index 4a50acfa..0a09d1ec 100644 --- a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/read/Read.java +++ b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/read/Read.java @@ -1,11 +1,10 @@ /* - * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except - * in compliance with the Licence. You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing, - * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS - * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the + * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance + * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless + * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an + * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the + * specific language governing permissions and limitations under the Licence. */ package de.governikus.eumw.poseidas.cardserver.eac.functions.read; @@ -40,9 +39,8 @@ * @see ReadResult * @author Jens Wothe, jw@bos-bremen.de */ -public class Read extends AbstractFunctionStep - implements FunctionStep, TransmitCommandCreator, - TransmitResultEvaluator +public class Read extends AbstractFunctionStep implements + FunctionStep, TransmitCommandCreator, TransmitResultEvaluator { /** @@ -109,11 +107,11 @@ public List create(ReadParameter parameter, List implements FunctionStep, - TransmitCommandCreator, - TransmitResultEvaluator + TransmitCommandCreator, TransmitResultEvaluator { /** @@ -113,8 +111,8 @@ public RestrictedIdentificationResult resultStep(TransmitResponse result) AssertUtil.notNull(result, "result"); TransmitAPDUResult unsecuredResult = super.transmit.resultStep(result); return evaluate(unsecuredResult, - unsecuredResult.getData().getOutputAPDU().size() == 2 - ? DEFAULT_RESPONSE_INDICES_TO_EVALUATE_TWO_ID : null); + unsecuredResult.getData().getOutputAPDU().size() == 2 ? DEFAULT_RESPONSE_INDICES_TO_EVALUATE_TWO_ID + : null); } // default indices (two ID) @@ -141,8 +139,7 @@ public List create(RestrictedIdentificationParameter paramete Hex.hexify(riInfo.getProtocol().getValue())) + EACServerUtil.makeTag(EACServerUtil.MSE_PRIVATE_KEY_REFERENCE_TAG, Hex.hexify(riInfo.getParams().getKeyID())); - CommandAPDU cmd = EACServerUtil.commandFromString(EACServerUtil.COMMAND_CHAINING_DISABLED - + EACServerUtil.MSE_INS + CommandAPDU cmd = EACServerUtil.commandFromString(EACServerUtil.COMMAND_CHAINING_DISABLED + EACServerUtil.MSE_INS + EACServerUtil.MSE_SET_AT_PARAM_RI, dataFieldString, EACServerUtil.LENGTH_EXPECTED_NONE); @@ -203,11 +200,11 @@ else if (oid.equals(OIDConstants.OID_RI_DH_SHA_256) || oid.equals(OIDConstants.O @Override public RestrictedIdentificationResult evaluate(TransmitAPDUResult transmitResult, int[] responseIndices) { - responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices); if (transmitResult.getThrowable() != null) { return new RestrictedIdentificationResult(transmitResult.getThrowable()); } + responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices); RestrictedIdentificationResult riResult = new RestrictedIdentificationResult(); try diff --git a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/select/SelectApplication.java b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/select/SelectApplication.java index bafd0be8..2d632b19 100644 --- a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/select/SelectApplication.java +++ b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/select/SelectApplication.java @@ -1,11 +1,10 @@ /* - * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except - * in compliance with the Licence. You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing, - * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS - * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the + * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance + * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless + * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an + * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the + * specific language governing permissions and limitations under the Licence. */ package de.governikus.eumw.poseidas.cardserver.eac.functions.select; @@ -112,11 +111,11 @@ else if (parameter.getAID() != null) @Override public SelectResult evaluate(TransmitAPDUResult transmitResult, int[] responseIndices) { - responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices); if (transmitResult.getThrowable() != null) { return new SelectResult(transmitResult.getThrowable()); } + responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices); byte[] resp = transmitResult.getData().getOutputAPDU().get(responseIndices[0]); return new SelectResult(resp[0] == (byte)0x90 && resp[1] == 0x00 ? Boolean.TRUE : Boolean.FALSE); } diff --git a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/select/SelectFile.java b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/select/SelectFile.java index c8709fc9..dd17f6eb 100644 --- a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/select/SelectFile.java +++ b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/select/SelectFile.java @@ -1,11 +1,10 @@ /* - * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except - * in compliance with the Licence. You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing, - * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS - * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the + * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance + * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless + * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an + * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the + * specific language governing permissions and limitations under the Licence. */ package de.governikus.eumw.poseidas.cardserver.eac.functions.select; @@ -93,8 +92,7 @@ public List create(FileParameter parameter, List create(FileParameter parameter, List resultList = new ArrayList<>(); - CommandAPDU[] securedCommands = this.cc.getCommands(); + CommandAPDU[] securedCommands = this.cc.getEncryptedCommands(); if (!ArrayUtil.isNullOrEmpty(securedCommands)) { for ( int i = 0 ; i < securedCommands.length ; i++ ) @@ -122,29 +122,36 @@ public synchronized TransmitAPDUResult resultStep(TransmitResponse result) { rList.add(new ResponseAPDU(rBytes)); } - this.cc.setResponses(rList.toArray(new ResponseAPDU[0])); - this.cc.setFinished(false); + this.cc.setEncryptedResponses(rList.toArray(new ResponseAPDU[0])); this.sm.fromCard(this.cc); List rByteList = new ArrayList<>(); - for ( ResponseAPDU r : this.cc.getResponses() ) + ResponseAPDU[] plainResponses = this.cc.getPlaintextResponses(); + if (!ArrayUtil.isNullOrEmpty(plainResponses)) { - byte[] respBytes = r.getBytes(); - LOG.debug("Response from card:\n" + Hex.dump(respBytes)); - rByteList.add(respBytes); + for ( ResponseAPDU r : plainResponses ) + { + byte[] respBytes = r.getBytes(); + LOG.debug("Response from card:\n" + Hex.dump(respBytes)); + rByteList.add(respBytes); + } } TransmitResponse decryptedResult = new TransmitResponse(); decryptedResult.getOutputAPDU().addAll(rByteList); decryptedResult.setResult(result.getResult()); + if (this.cc.getThrowable() != null) + { + return new TransmitAPDUResult(decryptedResult, this.cc.getThrowable()); + } if (!ResultMajor.OK.toString().equals(result.getResult().getResultMajor())) { return new TransmitAPDUResult(decryptedResult, new ECardException(result.getResult())); } else { - return new TransmitAPDUResult(decryptedResult, this.cc.getThrowable()); + return new TransmitAPDUResult(decryptedResult); } } finally diff --git a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/verification/impl/AbstractValidityFunction.java b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/verification/impl/AbstractValidityFunction.java index edd9bc9c..b7ea6342 100644 --- a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/verification/impl/AbstractValidityFunction.java +++ b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/eac/functions/verification/impl/AbstractValidityFunction.java @@ -1,11 +1,10 @@ /* - * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except - * in compliance with the Licence. You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing, - * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS - * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the + * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance + * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless + * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an + * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the + * specific language governing permissions and limitations under the Licence. */ package de.governikus.eumw.poseidas.cardserver.eac.functions.verification.impl; @@ -47,8 +46,8 @@ * @author Jens Wothe, jw@bos-bremen.de * @author Arne Stahlbock, ast@bos-bremen.de */ -public abstract class AbstractValidityFunction extends - AbstractFunctionStep implements FunctionStep, +public abstract class AbstractValidityFunction + extends AbstractFunctionStep implements FunctionStep, TransmitCommandCreator, TransmitResultEvaluator { @@ -110,15 +109,13 @@ public final List create(T parameter, List acce @Override public final ValidityVerificationResult evaluate(TransmitAPDUResult transmitResult, int[] responseIndices) { - responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices); if (transmitResult.getThrowable() != null) { return new ValidityVerificationResult(transmitResult.getThrowable()); } + responseIndices = TransmitResultEvaluator.Util.checkArguments(transmitResult, responseIndices); - int returnCode = new ResponseAPDU(transmitResult.getData() - .getOutputAPDU() - .get(responseIndices[0])).getSW(); + int returnCode = new ResponseAPDU(transmitResult.getData().getOutputAPDU().get(responseIndices[0])).getSW(); ValidityVerificationResult vvResult; if (returnCode == 0x9000) { diff --git a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/AESBatchSecureMessaging.java b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/AESBatchSecureMessaging.java index 28bec8f9..b7d1da6a 100644 --- a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/AESBatchSecureMessaging.java +++ b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/AESBatchSecureMessaging.java @@ -1,11 +1,10 @@ /* - * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except - * in compliance with the Licence. You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing, - * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS - * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the + * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance + * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless + * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an + * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the + * specific language governing permissions and limitations under the Licence. */ package de.governikus.eumw.poseidas.cardserver.sm; @@ -44,30 +43,35 @@ public void toCard(CardCommunication cardCommunication) // encrypt commands List encryptedCommandList = new ArrayList<>(); + BatchAESEncSSCIvParameterSpec paramSpec; IvParameterSpec iv = super.material.getIvParameterSpec(); + if (BatchAESEncSSCIvParameterSpec.class.isInstance(iv)) + { + paramSpec = (BatchAESEncSSCIvParameterSpec)iv; + } + else + { + return; + } - CommandAPDU[] commands = cardCommunication.getCommands(); + CommandAPDU[] commands = cardCommunication.getPlaintextCommands(); for ( int i = 0 ; i < commands.length ; i++ ) { CommandAPDU command = commands[i]; try { encryptedCommandList.add(super.encipherCommand(command)); - if (BatchAESEncSSCIvParameterSpec.class.isInstance(iv)) + if (i == 0) { - BatchAESEncSSCIvParameterSpec paramSpec = (BatchAESEncSSCIvParameterSpec)iv; - if (i == 0) - { - paramSpec.mark(); - } - if (i != commands.length - 1) - { - paramSpec.increaseSSC(); - } - else - { - paramSpec.reset(); - } + paramSpec.mark(); + } + if (i != commands.length - 1) + { + paramSpec.increaseSSC(); + } + else + { + paramSpec.reset(); } } catch (Exception e) @@ -82,10 +86,8 @@ public void toCard(CardCommunication cardCommunication) } else { - cardCommunication.setCommands(encryptedCommandList.toArray(new CommandAPDU[0])); + cardCommunication.setEncryptedCommands(encryptedCommandList.toArray(new CommandAPDU[0])); } - cardCommunication.setPhase(CardCommunication.PHASE_POST); - cardCommunication.setFinished(true); } /** {@inheritDoc} */ @@ -94,31 +96,39 @@ public void fromCard(CardCommunication cardCommunication) { Exception throwable = null; + AESEncSSCIvParameterSpec paramSpec; IvParameterSpec iv = super.material.getIvParameterSpec(); + if (AESEncSSCIvParameterSpec.class.isInstance(iv)) + { + paramSpec = (AESEncSSCIvParameterSpec)iv; + } + else + { + return; + } // decrypt response - ResponseAPDU[] encryptedResponses = cardCommunication.getResponses(); + ResponseAPDU[] encryptedResponses = cardCommunication.getEncryptedResponses(); List decryptedResponses = new ArrayList<>(); - for ( int i = 0 ; i < encryptedResponses.length ; i++ ) + if (encryptedResponses != null) { - ResponseAPDU response = encryptedResponses[i]; - try + for ( int i = 0 ; i < encryptedResponses.length ; i++ ) { - ResponseAPDU decryptedResponse = super.decipherResponse(response); - decryptedResponses.add(decryptedResponse); - if (AESEncSSCIvParameterSpec.class.isInstance(iv)) + ResponseAPDU response = encryptedResponses[i]; + try { - AESEncSSCIvParameterSpec paramSpec = (AESEncSSCIvParameterSpec)iv; + ResponseAPDU decryptedResponse = super.decipherResponse(response); + decryptedResponses.add(decryptedResponse); if (i != encryptedResponses.length - 1) { paramSpec.increaseSSC(); } } - } - catch (Exception e) - { - throwable = e; - break; + catch (Exception e) + { + throwable = e; + break; + } } } if (throwable != null) @@ -127,9 +137,7 @@ public void fromCard(CardCommunication cardCommunication) } else { - cardCommunication.setResponses(decryptedResponses.toArray(new ResponseAPDU[0])); + cardCommunication.setPlaintextResponses(decryptedResponses.toArray(new ResponseAPDU[0])); } - cardCommunication.setPhase(CardCommunication.PHASE_POST); - cardCommunication.setFinished(true); } } diff --git a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/CardCommunication.java b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/CardCommunication.java index ad2e46c3..9ebe8615 100644 --- a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/CardCommunication.java +++ b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/CardCommunication.java @@ -1,11 +1,10 @@ /* - * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except - * in compliance with the Licence. You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing, - * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS - * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the + * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance + * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless + * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an + * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the + * specific language governing permissions and limitations under the Licence. */ package de.governikus.eumw.poseidas.cardserver.sm; @@ -15,8 +14,7 @@ /** - * Interface for smart card information exchange as combination of command(s), response and occurred - * exceptions. + * Interface for smart card information exchange as combination of command(s), response and occurred exceptions. * * @author Jens Wothe, jw@bos-bremen.de */ @@ -26,8 +24,8 @@ public interface CardCommunication /** * Sets occurred exception. *

- * Notice: after set of response finished communication are to be indicated by using - * {@link #setFinished(boolean)} accordingly. + * Notice: after set of response finished communication are to be indicated by using {@link #setFinished(boolean)} + * accordingly. *

* * @param throwable exception, null permitted to clear @@ -42,117 +40,57 @@ public interface CardCommunication public Throwable getThrowable(); /** - * Set single command. - * - * @param command, null or incomplete commands not permitted (at least 4 bytes) - * @throws IllegalArgumentException if command null + * Gets plaintext commands. + * + * @return commands */ - public void setCommand(CommandAPDU command); + public CommandAPDU[] getPlaintextCommands(); /** - * Sets multiple commands. - * - * @param commands, null or empty array not permitted, null or incomplete commands - * not permitted (at least 4 bytes) + * Sets encrypted commands. + * + * @param commands, null or empty array not permitted, null or incomplete commands not + * permitted (at least 4 bytes) * @throws IllegalArgumentException if command array null or empty */ - public void setCommands(CommandAPDU... commands); + public void setEncryptedCommands(CommandAPDU... commands); /** - * Gets commands. - * - * @return commands, not null, empty array possible + * Gets encrypted commands. + * + * @return commands, null possible */ - public CommandAPDU[] getCommands(); + public CommandAPDU[] getEncryptedCommands(); /** - * Sets response. - *

- * Notice: after set of response finished communication are to be indicated by using - * {@link #setFinished(boolean)} accordingly. - *

- * - * @param response response, null permitted to clear, response not null only - * permitted with at least 2 bytes - * @throws IllegalArgumentException if response not null and response does not possess 2 bytes + * Sets encrypted responses. + * + * @param responses responses, null permitted to clear, response not null only permitted + * with at least 2 bytes + * @throws IllegalArgumentException if response not null and any single response does not possess 2 bytes */ - public void setResponse(ResponseAPDU response); + public void setEncryptedResponses(ResponseAPDU... responses); /** - * Sets responses. - *

- * Notice: after set of responses finished communication are to be indicated by using - * {@link #setFinished(boolean)} accordingly. - *

- * - * @param responses responses, null permitted to clear, response not null only - * permitted with at least 2 bytes - * @throws IllegalArgumentException if response not null and any single response does not - * possess 2 bytes - */ - public void setResponses(ResponseAPDU... responses); - - /** - * Gets responses. - * + * Gets encrypted responses. + * * @return responses, maybe null */ - public ResponseAPDU[] getResponses(); + public ResponseAPDU[] getEncryptedResponses(); /** - * Gets response. - * - * @return response, maybe null + * Sets plaintext responses. + * + * @param responses responses, null permitted to clear, response not null only permitted + * with at least 2 bytes + * @throws IllegalArgumentException if response not null and any single response does not possess 2 bytes */ - public ResponseAPDU getResponse(); + public void setPlaintextResponses(ResponseAPDU... responses); /** - * Sets communication phase. - * - * @param phase prepare or post phase of communication, only {@link #PHASE_PREPARE} or {@value #PHASE_POST} - * permitted, change from post to prepare phase are not permitted - * @throws IllegalArgumentException if phase not valid - * @throws IllegalStateException if phase is to changed from post to prepare phase - * @see #PHASE_PREPARE - * @see #PHASE_POST - */ - public void setPhase(int phase); - - /** - * Gets phase of communication. - * - * @return phase prepare or post phase of communication - * @see #PHASE_PREPARE - * @see #PHASE_POST - */ - public int getPhase(); - - /** - * Constants of phase prepare - before layer processing. - * - * @see #getPhase() - */ - public static int PHASE_PREPARE = 0; - - /** - * Constants of phase post - after layer processing or on processing error. - * - * @see #getPhase() - */ - public static int PHASE_POST = 1; - - /** - * Ends or (re-)open communication. - * - * @param finished true for finished communication - */ - public void setFinished(boolean finished); - - /** - * Checks communication is finished or not. - * - * @return true if communication finished, false otherwise + * Gets plaintext responses. + * + * @return responses, maybe null */ - public boolean isFinished(); - + public ResponseAPDU[] getPlaintextResponses(); } diff --git a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/CardCommunicationImpl.java b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/CardCommunicationImpl.java index 1926ee84..82752e69 100644 --- a/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/CardCommunicationImpl.java +++ b/poseidas/src/main/java/de/governikus/eumw/poseidas/cardserver/sm/CardCommunicationImpl.java @@ -1,21 +1,20 @@ /* - * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except - * in compliance with the Licence. You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing, - * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS - * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the + * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance + * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless + * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an + * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the + * specific language governing permissions and limitations under the Licence. */ package de.governikus.eumw.poseidas.cardserver.sm; -import java.util.Arrays; - import javax.smartcardio.CommandAPDU; import javax.smartcardio.ResponseAPDU; import de.governikus.eumw.poseidas.cardbase.card.CommandAPDUConstants; +import lombok.Getter; +import lombok.Setter; /** @@ -26,88 +25,66 @@ public class CardCommunicationImpl implements CardCommunication { - // commands - private CommandAPDU[] commands = null; + // plaintext commands + @Getter + private CommandAPDU[] plaintextCommands; - // flag to indicate finished communication phase - private boolean finished = false; + // encrypted commands + @Getter + private CommandAPDU[] encryptedCommands; - // phase - private int phase = PHASE_PREPARE; + // plaintext responses + @Getter + private ResponseAPDU[] plaintextResponses; - // responses - private ResponseAPDU[] responses = null; + // encrypted responses + @Getter + private ResponseAPDU[] encryptedResponses; // throwable/exception + @Getter + @Setter private Throwable throwable = null; /** - * Constructor with commands. - * - * @param commands commands, null not permitted + * Constructor with plaintext commands. + * + * @param commands plaintext commands, null or empty array not permitted, null or too short + * array elements (at least 4 bytes) not permitted */ - public CardCommunicationImpl(CommandAPDU[] commands) + public CardCommunicationImpl(CommandAPDU[] plaintextCommands) { super(); - this.setCommands(commands); - } - - /** {@inheritDoc} */ - @Override - public CommandAPDU[] getCommands() - { - return this.commands; - } - - /** {@inheritDoc} */ - @Override - public int getPhase() - { - return this.phase; + this.setPlaintextCommands(plaintextCommands); } - /** {@inheritDoc} */ - @Override - public ResponseAPDU[] getResponses() + private void setPlaintextCommands(CommandAPDU... commands) { - return this.responses; - } - - /** {@inheritDoc} */ - @Override - public ResponseAPDU getResponse() - { - return this.responses != null && this.responses.length >= 1 ? this.responses[0] : null; - } - - /** {@inheritDoc} */ - @Override - public Throwable getThrowable() - { - return this.throwable; - } - - /** {@inheritDoc} */ - @Override - public boolean isFinished() - { - return this.finished; - } - - /** {@inheritDoc} */ - @Override - public void setCommand(CommandAPDU command) - { - if (command == null) + if (commands == null) + { + throw new IllegalArgumentException("command array not permitted as null"); + } + if (commands.length < 1) { - throw new IllegalArgumentException("command not permitted as null"); + throw new IllegalArgumentException("empty command-array not permitted"); } - this.setCommands(command); + for ( CommandAPDU c : commands ) + { + if (c == null || c.getBytes() == null) + { + throw new IllegalArgumentException("command of array not permitted as null"); + } + if (c.getBytes().length < CommandAPDUConstants.COUNT_HEADER) + { + throw new IllegalArgumentException("command of array not permitted as incomplete command, at least 4 bytes required"); + } + } + this.plaintextCommands = commands; } /** {@inheritDoc} */ @Override - public void setCommands(CommandAPDU... commands) + public void setEncryptedCommands(CommandAPDU... commands) { if (commands == null) { @@ -125,52 +102,36 @@ public void setCommands(CommandAPDU... commands) } if (command.getBytes().length < CommandAPDUConstants.COUNT_HEADER) { - throw new IllegalArgumentException( - "command of array not permitted as incomplete command, at least 4 bytes required"); + throw new IllegalArgumentException("command of array not permitted as incomplete command, at least 4 bytes required"); } } - this.commands = commands; + this.encryptedCommands = commands; } /** {@inheritDoc} */ @Override - public void setFinished(boolean finished) + public void setPlaintextResponses(ResponseAPDU... responses) { - this.finished = finished; - - } - - /** {@inheritDoc} */ - @Override - public void setPhase(int phase) - { - if (phase != PHASE_POST && phase != PHASE_PREPARE) - { - throw new IllegalArgumentException("illegal phase"); - } - if (this.phase == PHASE_POST && phase == PHASE_PREPARE) - { - throw new IllegalStateException("change from post to prepare phase not permitted"); - } - this.phase = phase; - - } - - /** {@inheritDoc} */ - @Override - public void setResponse(ResponseAPDU response) - { - if (response == null) + if (responses != null) { - throw new IllegalArgumentException("response not permitted as null"); + for ( ResponseAPDU r : responses ) + { + if (r == null || r.getBytes() == null) + { + throw new IllegalArgumentException("response not permitted as null"); + } + if (r.getBytes().length < 2) + { + throw new IllegalArgumentException("illegal response, response expected to possess at least 2 bytes"); + } + } } - this.setResponses(response); - + this.plaintextResponses = responses; } /** {@inheritDoc} */ @Override - public void setResponses(ResponseAPDU... responses) + public void setEncryptedResponses(ResponseAPDU... responses) { if (responses != null) { @@ -182,37 +143,10 @@ public void setResponses(ResponseAPDU... responses) } if (r.getBytes().length < 2) { - throw new IllegalArgumentException( - "illegal response, response expected to possess at least 2 bytes"); + throw new IllegalArgumentException("illegal response, response expected to possess at least 2 bytes"); } } } - this.responses = responses; + this.encryptedResponses = responses; } - - /** {@inheritDoc} */ - @Override - public void setThrowable(Throwable throwable) - { - this.throwable = throwable; - } - - /** {@inheritDoc} */ - @Override - public String toString() - { - return super.toString() - + "\n Finished: " - + this.finished - + "\n Phase: " - + (this.phase == PHASE_PREPARE ? "PREPARE" : "POST") - + "\n Commands: " - + (this.commands != null ? Arrays.asList(this.commands) : null) - + "\n Responses: " - + (this.responses != null ? Arrays.asList(this.responses) : null) - + " Throwable: " - + (this.throwable != null ? this.throwable.getClass().getName() + " / " - + this.throwable.getMessage() : this.throwable); - } - } diff --git a/poseidas/src/main/java/de/governikus/eumw/poseidas/eidserver/convenience/EIDSequenceTransmit.java b/poseidas/src/main/java/de/governikus/eumw/poseidas/eidserver/convenience/EIDSequenceTransmit.java index 319b82c4..abaddc18 100644 --- a/poseidas/src/main/java/de/governikus/eumw/poseidas/eidserver/convenience/EIDSequenceTransmit.java +++ b/poseidas/src/main/java/de/governikus/eumw/poseidas/eidserver/convenience/EIDSequenceTransmit.java @@ -1,11 +1,10 @@ /* - * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except - * in compliance with the Licence. You may obtain a copy of the Licence at: - * http://joinup.ec.europa.eu/software/page/eupl Unless required by applicable law or agreed to in writing, - * software distributed under the Licence is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS - * OF ANY KIND, either express or implied. See the Licence for the specific language governing permissions and - * limitations under the Licence. + * Copyright (c) 2020 Governikus KG. Licensed under the EUPL, Version 1.2 or as soon they will be approved by the + * European Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in compliance + * with the Licence. You may obtain a copy of the Licence at: http://joinup.ec.europa.eu/software/page/eupl Unless + * required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an + * "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licence for the + * specific language governing permissions and limitations under the Licence. */ package de.governikus.eumw.poseidas.eidserver.convenience; @@ -62,8 +61,7 @@ /** - * Perform the communication with the eID card after the EAC protocol has finished, i.e. read fields and run - * functions. + * Perform the communication with the eID card after the EAC protocol has finished, i.e. read fields and run functions. */ @Slf4j public class EIDSequenceTransmit @@ -134,8 +132,8 @@ public class EIDSequenceTransmit private DocumentValidityVerification documentValidityVerification; /** - * Fields allowed to be read selected by the user on client side. Note: it is imperative that the field - * "install qualified certificate" is on last position in the list, if present. + * Fields allowed to be read selected by the user on client side. Note: it is imperative that the field "install + * qualified certificate" is on last position in the list, if present. */ private List fields; @@ -317,8 +315,8 @@ private Object getBatchData() throws ECardException // do not read fields with generic attributes here else if (field.getFID() != null && new BigInteger(Hex.parse(field.getFID())).intValue() < 0x0117) { - FileParameter file = new FileParameter(Hex.parse(EIDConstants.EID_APPLICATION_AID), - Hex.parse(field.getFID()), true); + FileParameter file = new FileParameter(Hex.parse(EIDConstants.EID_APPLICATION_AID), Hex.parse(field.getFID()), + true); log.debug("{}{}Create select for {}", parent.getLogPrefix(), LOG_DATA, field.getDataFieldName()); batchList.addAll(selectFile.create(file)); log.debug("{}{}Create read for this field", parent.getLogPrefix(), LOG_DATA); @@ -406,8 +404,7 @@ private FileParameter getFileParameterSelectApplication() Hex.parse(EIDConstants.EID_FID_DG01_DOCUMENT_TYPE), true); } - private RestrictedIdentificationParameter getParameterRestrictedIdentification(boolean ri) - throws IOException + private RestrictedIdentificationParameter getParameterRestrictedIdentification(boolean ri) throws IOException { ASN1 keyASN = new ASN1(parent.getCVC().getRIKey1()); SecurityInfos cardSecurity = NPAUtil.fromCardSecurityBytes(parent.getEACFinal().getCardSecurityBytes()); @@ -497,8 +494,7 @@ else if (addressASN.getTag().intValue() == 0x30) // This is a a1 tag, but the getTag() functions removes the first bit. if (textASN.getTag().intValue() == 0x21) { - return new EIDInfoResultString(new String(new ASN1(textASN.getValue()).getValue(), - StandardCharsets.UTF_8)); + return new EIDInfoResultString(new String(new ASN1(textASN.getValue()).getValue(), StandardCharsets.UTF_8)); } // This is a a2 tag, but the getTag() functions removes the first bit. if (textASN.getTag().intValue() == 0x22) @@ -517,8 +513,8 @@ else if (addressASN.getTag().intValue() == 0x30) } catch (DataFormatException e) { - throw new IOException("Unexpected text format: " - + new String(textASN.getValue(), StandardCharsets.UTF_8), e); + throw new IOException("Unexpected text format: " + new String(textASN.getValue(), StandardCharsets.UTF_8), + e); } baos.write(buf, 0, len); } @@ -672,25 +668,16 @@ private Object handleBatchCommands(TransmitAPDUResult transmitResult) throws ECa { setParentPut(EIDKeys.valueOf(field.getDataFieldName()), new EIDInfoResultNotOnChip()); } - log.debug("{}{}Could not read file for {}", - parent.getLogPrefix(), - LOG_DATA, - field.getDataFieldName()); + log.debug("{}{}Could not read file for {}", parent.getLogPrefix(), LOG_DATA, field.getDataFieldName()); } else if (ArrayUtil.isNullOrEmpty(result.getFileContent()) || result.getFileContent()[0] == 0x00) { - log.debug("{}{}No result (read) for file {}", - parent.getLogPrefix(), - LOG_DATA, - field.getDataFieldName()); + log.debug("{}{}No result (read) for file {}", parent.getLogPrefix(), LOG_DATA, field.getDataFieldName()); } else { EIDInfoResult value = getASN1Value(result, field.getDataFieldName()); - log.debug("{}{}{} added to eidInfoContainer.", - parent.getLogPrefix(), - LOG_DATA, - field.getDataFieldName()); + log.debug("{}{}{} added to eidInfoContainer.", parent.getLogPrefix(), LOG_DATA, field.getDataFieldName()); setParentPut(EIDKeys.valueOf(field.getDataFieldName()), value); } } @@ -706,8 +693,7 @@ else if (ArrayUtil.isNullOrEmpty(result.getFileContent()) || result.getFileConte return getTransmitRequest(); } - private void handleBatchCommandAgeVerification(TransmitAPDUResult transmitResult, int index) - throws ECardException + private void handleBatchCommandAgeVerification(TransmitAPDUResult transmitResult, int index) throws ECardException { ValidityVerificationResult result = ageVerification.evaluate(transmitResult, new int[]{index}); checkAgeVerification(result); @@ -717,8 +703,7 @@ private void handleBatchCommandBlockingIdentification(TransmitAPDUResult transmi throws ECardException { log.debug("{}{}Evaluate RI with MCard", parent.getLogPrefix(), LOG_COMMAND); - RestrictedIdentificationResult result = restrictedIdentification.evaluate(transmitResult, - new int[]{index}); + RestrictedIdentificationResult result = restrictedIdentification.evaluate(transmitResult, new int[]{index}); log.debug("{}{}Result from MCard: {}", parent.getLogPrefix(), LOG_COMMAND, result); checkBlockingIdentification(result); log.debug("{}{}check BlockingIdentification done", parent.getLogPrefix(), LOG_COMMAND); @@ -732,19 +717,16 @@ private void handleBatchCommandCommunityIdentification(TransmitAPDUResult transm } - private void handleBatchCommandDocumentValidity(TransmitAPDUResult transmitResult, int index) - throws ECardException + private void handleBatchCommandDocumentValidity(TransmitAPDUResult transmitResult, int index) throws ECardException { - ValidityVerificationResult result = documentValidityVerification.evaluate(transmitResult, - new int[]{index}); + ValidityVerificationResult result = documentValidityVerification.evaluate(transmitResult, new int[]{index}); checkDocumentValidity(result); } private void handleBatchCommandRestrictedIdentification(TransmitAPDUResult transmitResult, int index) throws ECardException { - RestrictedIdentificationResult result = restrictedIdentification.evaluate(transmitResult, - new int[]{index}); + RestrictedIdentificationResult result = restrictedIdentification.evaluate(transmitResult, new int[]{index}); checkRestrictedIdentification(result); } @@ -783,35 +765,23 @@ private Object handleBatchData(TransmitAPDUResult transmitResult) throws ECardEx { setParentPut(EIDKeys.valueOf(field.getDataFieldName()), new EIDInfoResultNotOnChip()); } - log.debug("{}{}Could not read file for {}", - parent.getLogPrefix(), - LOG_DATA, - field.getDataFieldName()); + log.debug("{}{}Could not read file for {}", parent.getLogPrefix(), LOG_DATA, field.getDataFieldName()); } else if (!ArrayUtil.isNullOrEmpty(result.getFileContent()) && result.getFileContent()[0] != 0x00) { EIDInfoResult value = getASN1Value(result, field.getDataFieldName()); - log.debug("{}{}{} added to eidInfoContainer.", - parent.getLogPrefix(), - LOG_DATA, - field.getDataFieldName()); + log.debug("{}{}{} added to eidInfoContainer.", parent.getLogPrefix(), LOG_DATA, field.getDataFieldName()); setParentPut(EIDKeys.valueOf(field.getDataFieldName()), value); } else { - log.debug("{}{}No result (read) for file {}", - parent.getLogPrefix(), - LOG_DATA, - field.getDataFieldName()); + log.debug("{}{}No result (read) for file {}", parent.getLogPrefix(), LOG_DATA, field.getDataFieldName()); } } else { setParentPut(EIDKeys.valueOf(field.getDataFieldName()), new EIDInfoResultNotOnChip()); - log.debug("{}{}Could not select file for {}", - parent.getLogPrefix(), - LOG_DATA, - field.getDataFieldName()); + log.debug("{}{}Could not select file for {}", parent.getLogPrefix(), LOG_DATA, field.getDataFieldName()); } } } @@ -828,8 +798,7 @@ private void checkAgeVerification(ValidityVerificationResult result) throws ECar else { throw new ECardException(ResultMinor.SAL_MEAC_AGE_VERIFICATION_FAILED_WARNING, - "The age verification process fails: " + result.getThrowable(), - result.getThrowable()); + "The age verification process fails: " + result.getThrowable(), result.getThrowable()); } } @@ -888,8 +857,7 @@ private void checkBlockingIdentification(RestrictedIdentificationResult result) "Blocking identification verification failed: " + result.getThrowable()); } throw new ECardException(ResultMinor.COMMON_INTERNAL_ERROR, - "Blocking identification verification failed: " - + "Result contains no ID to use"); + "Blocking identification verification failed: " + "Result contains no ID to use"); } log.debug("{}{}Leave method", parent.getLogPrefix(), LOG_COMMAND); } @@ -904,8 +872,7 @@ private void checkCommunityIdentification(ValidityVerificationResult result) thr else { throw new ECardException(ResultMinor.SAL_MEAC_COMMUNITY_VERIFICATION_FAILED_WARNING, - "Community affiliation process fails: " + result.getThrowable(), - result.getThrowable()); + "Community affiliation process fails: " + result.getThrowable(), result.getThrowable()); } } diff --git a/utils/pom.xml b/utils/pom.xml index 47d1f353..7cbdbcb1 100644 --- a/utils/pom.xml +++ b/utils/pom.xml @@ -14,7 +14,7 @@ de.governikus.eumw eumw - 2.0.1 + 2.0.3 utils