List of usage examples for javax.smartcardio CommandAPDU CommandAPDU
public CommandAPDU(ByteBuffer apdu)
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
@SuppressWarnings("unused") private List<Byte> listCounters(int pin) { ByteBuffer buf = ByteBuffer.allocate(10); buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.listCounters, 0, 0, 4 }); buf.put(this.pinToByteArr(pin)); buf.put(new byte[] { 0 }); buf.position(0);/*from ww w. j a v a2s . co m*/ try { if (printInput) System.out.println("Input for listCounters: " + Arrays.toString(buf.array())); ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from listCounters: " + response); if (this.evaluateStatus(response) == SmartcardStatusCode.OK) { List<Byte> counters = new ArrayList<Byte>(); byte[] counterIDs = response.getData(); for (byte counterID : counterIDs) { counters.add(counterID); } return counters; } } catch (CardException e) { e.printStackTrace(); } return null; }
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
/** * /*from w w w . ja v a 2s .c o m*/ * @param pin * @param counterID * @return the 7-byte stream keyID || index || threshold || cursor(4 bytes). */ private byte[] readCounter(int pin, int counterID) { byte[] data = new byte[5]; System.arraycopy(this.pinToByteArr(pin), 0, data, 0, 4); data[4] = (byte) counterID; ByteBuffer buf = ByteBuffer.allocate(11); buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.readCounter, 0, 0, 5 }); buf.put(data); buf.put((byte) 7); buf.position(0); try { if (printInput) System.out.println("Input for readCounter: " + Arrays.toString(buf.array())); ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from readCounter: " + response); System.out.println("With data: " + Arrays.toString(response.getData())); if (this.evaluateStatus(response) == SmartcardStatusCode.OK) { return response.getData(); } else { return null; } } catch (CardException e) { e.printStackTrace(); return null; } }
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
@Override public SmartcardBackup backupAttendanceData(int pin, String password) { SmartcardBackup backup = new SmartcardBackup(); ByteBuffer buf = ByteBuffer.allocate(21); buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.backupDevice, 0, 0, 0, 0, 0x0C }); buf.put(this.pinToByteArr(pin)); byte[] password_bytes = Utils.passwordToByteArr(password); if (password_bytes == null) { return null; }//from www .j a v a 2 s.com buf.put(password_bytes); buf.put(new byte[] { 0, 0 }); buf.position(0); try { //First we backup the device-specific stuff. pin, puk and deviceSecret is encrypted and //deviceID and deviceURI is stored in plain text ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from backupDevice: " + response); if (this.evaluateStatus(response) != SmartcardStatusCode.OK) { return null; } backup.macDevice = response.getData(); backup.deviceID = this.getDeviceID(pin); backup.deviceUri = this.getDeviceURI(pin); //Then we backup the counters. counterID, index and cursor is encrypted, but //the threshold and keyID is hidden. Thus we need to save those along with the counterID //in cleartext. We assume that the key is put on the card in the initialization phase. // buf = ByteBuffer.allocate(18); // buf.put(new byte[]{(byte)this.ABC4TRUSTCMD, this.backupCounters, 0, 0, 0x0C}); // buf.put(this.pinToByteArr(pin)); // buf.put(password_bytes); // buf.put((byte)0); // buf.position(0); // response = this.transmitCommand(new CommandAPDU(buf)); // System.out.println("Response from backupCounters: " + response); // if(this.evaluateStatus(response) == SmartcardStatusCode.OK){ // backup.macCounters = response.getData(); // }else{ // backup.macCounters = null; // } // // List<Byte> credentials = this.listCredentialIDs(pin); // for(Byte credID : credentials){ // byte[] credInfo = this.readCredential(pin, credID); // byte status = credInfo[5]; // System.out.println("backing up credential: "+this.getCredentialUriFromID(pin, credID)+" with status: " + status); // if(status != 2){ // //Credential is either just created, and thus not backed up, // //OR done presenting (limited amount of presentations), thus not backupable. // continue; // } // buf = ByteBuffer.allocate(22); // buf.put(new byte[]{(byte)this.ABC4TRUSTCMD, (byte) this.backupCredential, 0, 0, 0, 0, 0x0D}); // buf.put(this.pinToByteArr(pin)); // buf.put(password_bytes); // buf.put(credID); // buf.put(new byte[]{0, 0}); // buf.position(0); // response = this.transmitCommand(new CommandAPDU(buf)); // System.out.println("Response from backupCredentials: " + response); // if(this.evaluateStatus(response) != SmartcardStatusCode.OK){ // return null; // } // backup.macCredentials.put(credID, response.getData()); // } //Create AES key using the PIN and Password of the user final byte[] IV = new byte[16]; new SecureRandom().nextBytes(IV); Cipher cipher = getAESKey(salt, password, IV, true); backup.IV = IV; //finally we backup the blobstore Map<URI, SmartcardBlob> blobs = this.getBlobs(pin); Map<URI, byte[]> encBlobs = new HashMap<URI, byte[]>(); try { for (URI uri : blobs.keySet()) { String uriString = uri.toString(); if (uriString.startsWith(IdemixCryptoEngineUserImpl.IdmxCredential) || uriString.startsWith(UProveCryptoEngineUserImpl.UProveCredential)) { continue; } byte[] blob = blobs.get(uri).blob; encBlobs.put(uri, cipher.doFinal(blob)); } } catch (Exception e) { throw new RuntimeException("Could not encrypt blobstore", e); } backup.blobstore = encBlobs; } catch (CardException e) { e.printStackTrace(); return null; } return backup; }
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
@Override public SmartcardStatusCode restoreAttendanceData(int pin, String password, SmartcardBackup backup) { //restore device URI SmartcardBlob deviceUriBlob = new SmartcardBlob(); try {/*from ww w. j av a2 s .c o m*/ deviceUriBlob.blob = backup.deviceUri.toASCIIString().getBytes("US-ASCII"); } catch (UnsupportedEncodingException e1) { return SmartcardStatusCode.BAD_REQUEST; } this.storeBlob(pin, Smartcard.device_name, deviceUriBlob); try { ByteBuffer buf; if (backup.macCounters != null && backup.macCounters.length != 0) { buf = ByteBuffer.allocate(17); buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.restoreCounters, 0, 0, 0x0C }); buf.put(this.pinToByteArr(pin)); buf.put(Utils.passwordToByteArr(password)); buf.position(0); this.putData(backup.macCounters); //put the encrypted data in the buffer ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from restoreCounters: " + response); if (this.evaluateStatus(response) != SmartcardStatusCode.OK) { return this.evaluateStatus(response); } } for (byte credID : backup.macCredentials.keySet()) { buf = ByteBuffer.allocate(17); buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, (byte) this.restoreCredential, 0, 0, 0x0C }); buf.put(this.pinToByteArr(pin)); buf.put(Utils.passwordToByteArr(password)); buf.position(0); if (printInput) System.out.println("Input for for restoreCredential: " + Arrays.toString(buf.array())); this.putData(backup.macCredentials.get(credID));//put the encrypted data in the buffer ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from restoreCredential: " + response); if (this.evaluateStatus(response) != SmartcardStatusCode.OK) { return this.evaluateStatus(response); } } //restoring the blob-store, but remove the current blob-store first (in particular remove the pseudonym that no longer works.) Set<URI> blobs = this.getBlobUris(pin); for (URI uri : blobs) { this.deleteBlob(pin, uri); } try { for (URI uri : backup.blobstore.keySet()) { //decrypt blobs before putting them in. byte[] encedBlob = backup.blobstore.get(uri); Cipher cipher = getAESKey(salt, password, backup.IV, false); byte[] blob = cipher.doFinal(encedBlob); SmartcardBlob SCBlob = new SmartcardBlob(); SCBlob.blob = blob; this.storeBlob(pin, uri, SCBlob); } } catch (Exception e) { throw new RuntimeException("Could not decrypt blobs", e); } //finally restore the device - this means also restoring the pin, so using the provided pin no longer works. buf = ByteBuffer.allocate(17); buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.restoreDevice, 0, 0, 0x0C }); buf.put(this.pinToByteArr(pin)); buf.put(Utils.passwordToByteArr(password)); buf.position(0); this.putData(backup.macDevice); //put the encrypted data in the buffer ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from restoreDevice: " + response); if (this.evaluateStatus(response) != SmartcardStatusCode.OK) { return this.evaluateStatus(response); } } catch (CardException e) { e.printStackTrace(); return SmartcardStatusCode.NOT_FOUND; } return SmartcardStatusCode.OK; }
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
public List<Byte> listCredentialIDs(int pin) { ByteBuffer buf = ByteBuffer.allocate(10); buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.listCredentials, 0, 0, 4 }); buf.put(this.pinToByteArr(pin)); buf.put((byte) 0); buf.position(0);/*w ww.jav a 2 s . co m*/ try { if (printInput) System.out.println("Input for listCredentials: " + Arrays.toString(buf.array())); ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from listCredentials: " + response); if (this.evaluateStatus(response) == SmartcardStatusCode.OK) { List<Byte> credentialIDs = new ArrayList<Byte>(); byte[] creds = response.getData(); for (byte cred : creds) { credentialIDs.add(cred); } return credentialIDs; } } catch (CardException e) { e.printStackTrace(); return null; } return null; }
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
@Override public SmartcardStatusCode addIssuerParametersWithAttendanceCheck(RSAKeyPair rootKey, URI parametersUri, int keyIDForCounter, CredentialBases credBases, RSAVerificationKey courseKey, int minimumAttendance) { byte issuerID = this.getNewIssuerID(parametersUri); byte groupID = issuerID; byte genID1 = 1; byte genID2 = 2; byte numPres = 0; //unlimited presentations - limit not used in the pilot byte counterID = issuerID; ByteBuffer buf = ByteBuffer.allocate(11); //SET ISSUER(BYTE issuerID, groupID, genID1, genID2, numpres, counterID) byte[] data = new byte[] { issuerID, groupID, genID1, genID2, numPres, counterID }; buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.setIssuer, 0, 0, 6 }); buf.put(data);/* w w w.j a v a 2 s .c o m*/ buf.position(0); try { //Before setting the issuer, we must create a group, generators as well as a counter int mode = this.getMode(); this.setGroupComponent(mode, credBases.n.toByteArray(), groupID, 0, rootKey); this.setGenerator(mode, credBases.R0.toByteArray(), groupID, genID1, rootKey); this.setGenerator(mode, credBases.S.toByteArray(), groupID, genID2, rootKey); byte[] cursor = this.getNewCursor(0); //Create a new key with keyID that counter can use. this.setAuthenticationKey(courseKey.n, keyIDForCounter, rootKey); this.setCounter(counterID, keyIDForCounter, 0, minimumAttendance, cursor, rootKey); //prior to the actual command,if we are in working mode, //we have to authenticate the input data first. if (mode == 2) { System.out.println("Can only use addIssuerParameters in root mode"); return SmartcardStatusCode.UNAUTHORIZED; } System.out.println("Input to setIssuer: " + Arrays.toString(buf.array())); ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from setIssuer: " + response); if (evaluateStatus(response) == SmartcardStatusCode.OK) { // SmartcardStatusCode code = this.storeIssuerUriAndID(pin, parametersUri, issuerID); // if(code != SmartcardStatusCode.OK){ // System.err.println("Could not store the issuerURI and ID on the card, but the issuer itself is still stored on the card. Returned code: " + code); // return code; // } } return this.evaluateStatus(response); } catch (CardException e) { //TODO: Error handling. Remove stuff again if something fails. e.printStackTrace(); return SmartcardStatusCode.NOT_FOUND; } }
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
public SmartcardStatusCode addUProveIssuerParametersWithAttendanceCheck(RSAKeyPair rootKey, URI parametersUri, int keyIDForCounter, UProveParams uProveParams, RSAVerificationKey courseKey, int minimumAttendance) { byte issuerID = this.getNewIssuerID(parametersUri); byte groupID = issuerID; byte genID1 = 1; byte genID2 = 0; //Not used in UProve, thus set to 0. byte numPres = 0; //unlimited presentations - limit not used in the pilot byte counterID = issuerID; ByteBuffer buf = ByteBuffer.allocate(11); //SET ISSUER(BYTE issuerID, groupID, genID1, genID2, numpres, counterID) byte[] data = new byte[] { issuerID, groupID, genID1, genID2, numPres, counterID }; buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.setIssuer, 0, 0, 6 }); buf.put(data);// w ww. j av a 2 s . c o m buf.position(0); try { //Before setting the issuer, we must create a group, generators as well as a counter int mode = this.getMode(); this.setGroupComponent(mode, uProveParams.p.toByteArray(), groupID, 0, rootKey); this.setGroupComponent(mode, uProveParams.q.toByteArray(), groupID, 1, rootKey); this.setGroupComponent(mode, uProveParams.f.toByteArray(), groupID, 2, rootKey); System.out.println("p: " + uProveParams.p); System.out.println("q: " + uProveParams.q); System.out.println("g: " + uProveParams.g); System.out.println("f: " + uProveParams.f); this.setGenerator(mode, uProveParams.g.toByteArray(), groupID, genID1, rootKey); byte[] cursor = this.getNewCursor(0); //Create a new key with keyID that counter can use. this.setAuthenticationKey(courseKey.n, keyIDForCounter, rootKey); this.setCounter(counterID, keyIDForCounter, 0, minimumAttendance, cursor, rootKey); //prior to the actual command,if we are in working mode, //we have to authenticate the input data first. if (mode == 2) { System.out.println("Can only use addIssuerParameters in root mode"); return SmartcardStatusCode.UNAUTHORIZED; } System.out.println("Input for setIssuer: " + Arrays.toString(buf.array())); ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from setIssuer: " + response); if (evaluateStatus(response) == SmartcardStatusCode.OK) { // SmartcardStatusCode code = this.storeIssuerUriAndID(pin, parametersUri, issuerID); // if(code != SmartcardStatusCode.OK){ // System.err.println("Could not store the issuerURI and ID on the card, but the issuer itself is still stored on the card. Returned code: " + code); // return code; // } } return this.evaluateStatus(response); } catch (CardException e) { //TODO: Error handling. Remove stuff again if something fails. e.printStackTrace(); return SmartcardStatusCode.NOT_FOUND; } }
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
@Override public SmartcardStatusCode addIssuerParameters(RSAKeyPair rootKey, URI parametersUri, CredentialBases credBases) {/*from w w w. j av a 2 s . co m*/ byte issuerID = this.getNewIssuerID(parametersUri); byte groupID = issuerID; byte genID1 = 1;//R0 byte genID2 = 2;//S byte numPres = 0; //unlimited presentations - limit not used in the pilot byte counterID = 0; //no counter present ByteBuffer buf = ByteBuffer.allocate(11); //SET ISSUER(BYTE issuerID, groupID, genID1, genID2, numpres, counterID) byte[] data = new byte[] { issuerID, groupID, genID1, genID2, numPres, counterID }; buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.setIssuer, 0, 0, 6 }); buf.put(data); buf.position(0); try { //Before setting the issuer, we must create a group with generators. Idemix uses unknown order. int mode = this.getMode(); SmartcardStatusCode status; status = this.setGroupComponent(mode, credBases.n.toByteArray(), groupID, 0, rootKey); if (status != SmartcardStatusCode.OK) { return status; } status = this.setGenerator(mode, credBases.R0.toByteArray(), groupID, genID1, rootKey); if (status != SmartcardStatusCode.OK) { return status; } status = this.setGenerator(mode, credBases.S.toByteArray(), groupID, genID2, rootKey); if (status != SmartcardStatusCode.OK) { return status; } //prior to the actual command, if we are in working mode, //we have to authenticate the input data first. if (mode == 2) { System.out.println("Can only use addIssuerParameters in root mode"); return SmartcardStatusCode.UNAUTHORIZED; } System.out.println("Input for set Issuer: " + Arrays.toString(buf.array())); ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from setIssuer: " + response); return evaluateStatus(response); } catch (CardException e) { //TODO: Error handling. Remove stuff again if something fails. e.printStackTrace(); return SmartcardStatusCode.NOT_FOUND; } }
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
@Override public SmartcardStatusCode addUProveIssuerParameters(RSAKeyPair rootKey, URI parametersUri, UProveParams uProveParams) {/* w ww .jav a 2 s. c o m*/ byte issuerID = this.getNewIssuerID(parametersUri); byte groupID = issuerID; byte genID1 = 1; byte genID2 = 0; byte numPres = 0; //unlimited presentations - limit not used in the pilot byte counterID = 0; //no counter present ByteBuffer buf = ByteBuffer.allocate(11); //SET ISSUER(BYTE issuerID, groupID, genID1, genID2, numpres, counterID) byte[] data = new byte[] { issuerID, groupID, genID1, genID2, numPres, counterID }; buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.setIssuer, 0, 0, 6 }); buf.put(data); buf.position(0); try { //Before setting the issuer, we must create a group, generators as well as a counter int mode = this.getMode(); this.setGroupComponent(mode, uProveParams.p.toByteArray(), groupID, 0, rootKey); this.setGroupComponent(mode, uProveParams.q.toByteArray(), groupID, 1, rootKey); this.setGroupComponent(mode, uProveParams.f.toByteArray(), groupID, 2, rootKey); this.setGenerator(mode, uProveParams.g.toByteArray(), groupID, genID1, rootKey); //prior to the actual command, if we are in working mode, //we have to authenticate the input data first. if (mode == 2) { System.out.println("Can only use addIssuerParameters in root mode"); return SmartcardStatusCode.UNAUTHORIZED; } System.out.println("Input for setIssuer: " + Arrays.toString(buf.array())); ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from setIssuer: " + response); return this.evaluateStatus(response); } catch (CardException e) { //TODO: Error handling. Remove stuff again if something fails. e.printStackTrace(); return SmartcardStatusCode.NOT_FOUND; } }
From source file:eu.abc4trust.smartcard.HardwareSmartcard.java
@Override public SmartcardStatusCode incrementCourseCounter(int pin, RSAKeyPair key, URI issuerId, int lectureId) { //First check if the counter is enabled. //TODO! // TrustedIssuerParameters tip = this.getIssuerParameters(pin, issuerId); // if(!tip.course.isActivated()){ // if(!tip.course.updateLectureId(lectureId)){ // //Course not yet issued! // return SmartcardStatusCode.NOT_MODIFIED; // } // }/* www. java 2 s . c o m*/ //auth data should be counterID||cursor , with cursor having the updated value. byte counterID = this.getIssuerIDFromUri(pin, issuerId); //IssuerID is the same as CounterID if the counter exists. byte keyID = this.readCounter(pin, counterID)[0]; byte[] data = new byte[5]; data[0] = counterID; System.arraycopy(this.getNewCursor(lectureId), 0, data, 1, 4); byte[] challenge = this.getNewNonceForSignature(); byte[] sig = SmartcardCrypto.generateSignature(data, challenge, key, this.rand).sig; //sig = this.removeSignBit(sig); ByteBuffer buf = ByteBuffer.allocate(7 + 1 + sig.length); byte[] bufferLength = ByteBuffer.allocate(2).putShort((short) (sig.length + 1)).array(); buf.put(new byte[] { (byte) this.ABC4TRUSTCMD, this.incrementCounter, 0, 0, 0 }); buf.put(bufferLength); buf.put(keyID); buf.put(sig); buf.position(0); try { byte[] counterInfo = this.readCounter(pin, counterID); byte index = counterInfo[1]; if (printInput) System.out.println("Input for incrementCounter: " + Arrays.toString(buf.array())); ResponseAPDU response = this.transmitCommand(new CommandAPDU(buf)); System.out.println("Response from incrementCounter: " + response); if (this.evaluateStatus(response) == SmartcardStatusCode.OK) { //ensure that counter was increased or return not modified byte[] newCounterInfo = this.readCounter(pin, counterID); int newIndex = newCounterInfo[1]; if (index == newIndex) { return SmartcardStatusCode.NOT_MODIFIED; } else { return SmartcardStatusCode.OK; } } return this.evaluateStatus(response); } catch (CardException e) { e.printStackTrace(); return SmartcardStatusCode.NOT_FOUND; } }