List of usage examples for javax.smartcardio CommandAPDU CommandAPDU
public CommandAPDU(int cla, int ins, int p1, int p2, byte[] data)
From source file:test.be.fedict.eid.applet.PcscTest.java
@Test public void testCcid() throws Exception { PcscEid pcscEid = new PcscEid(new TestView(), this.messages); if (false == pcscEid.isEidPresent()) { LOG.debug("insert eID card"); pcscEid.waitForEidPresent();/* w w w . ja v a 2s. com*/ } Card card = pcscEid.getCard(); // GET FEATURE LIST byte[] features = card.transmitControlCommand(0x42000D48, new byte[0]); if (0 == features.length) { LOG.debug("no CCID reader"); return; } LOG.debug("feature list: " + new String(Hex.encodeHex(features))); LOG.debug("feature verify pin direct: " + hasFeature(FEATURE_VERIFY_PIN_DIRECT_TAG, features)); Integer verifyPinControl = findFeature(FEATURE_VERIFY_PIN_DIRECT_TAG, features); LOG.debug("VERIFY PIN control: 0x" + Integer.toHexString(verifyPinControl)); CardChannel cardChannel = pcscEid.getCardChannel(); CommandAPDU setApdu = new CommandAPDU(0x00, 0x22, 0x41, 0xB6, new byte[] { 0x04, // length of following data (byte) 0x80, // algo ref 0x01, // rsa pkcs#1 (byte) 0x84, // tag for private key ref (byte) 0x82 }); ResponseAPDU responseApdu = cardChannel.transmit(setApdu); if (0x9000 != responseApdu.getSW()) { throw new RuntimeException("SELECT error"); } byte[] verifyCommandData = createPINVerificationDataStructure(); byte[] result = card.transmitControlCommand(verifyPinControl, verifyCommandData); responseApdu = new ResponseAPDU(result); LOG.debug("status work: " + Integer.toHexString(responseApdu.getSW())); if (0x9000 == responseApdu.getSW()) { LOG.debug("status OK"); } else if (0x6401 == responseApdu.getSW()) { LOG.debug("canceled by user"); } else if (0x6400 == responseApdu.getSW()) { LOG.debug("timeout"); } /* * The other SW values are those from the VERIFY APDU itself. */ }
From source file:test.be.fedict.eid.applet.Pkcs15Test.java
@Test public void testSelectPkcs15Application() throws Exception { CardChannel cardChannel = this.pcscEid.getCardChannel(); byte[] aId = new byte[] { (byte) 0xa0, 0x00, 0x00, 0x01, 0x77, 0x50, 0x4b, 0x43, 0x53, 0x2d, 0x31, 0x35 }; CommandAPDU selectApplicationApdu = new CommandAPDU(0x00, 0xA4, 0x04, 0x0C, aId); ResponseAPDU responseApdu = cardChannel.transmit(selectApplicationApdu); assertEquals(0x9000, responseApdu.getSW()); }
From source file:test.be.fedict.eid.applet.Pkcs15Test.java
@Test public void testSelectBelpicApplication() throws Exception { CardChannel cardChannel = this.pcscEid.getCardChannel(); byte[] belpicAID = new byte[] { (byte) 0xA0, 0x00, 0x00, 0x00, 0x30, 0x29, 0x05, 0x70, 0x00, (byte) 0xAD, 0x13, 0x10, 0x01, 0x01, (byte) 0xFF }; CommandAPDU selectApplicationApdu = new CommandAPDU(0x00, 0xA4, 0x04, 0x0C, belpicAID); ResponseAPDU responseApdu = cardChannel.transmit(selectApplicationApdu); assertEquals(0x9000, responseApdu.getSW()); }
From source file:test.be.fedict.eid.applet.SecurePinPadReaderTest.java
/** * Create a plain text authentication signature, directly after creating a * regular SHA1 authentication signature. This is the sequence that will be * implemented in the eID Applet.//from w w w.j a v a 2s . c o m * <p/> * V006Z: Remark: without the SET APDU the secure smart card reader won't * display the plain text message. Fixed in V010Z. * <p/> * V012Z: language support is still shaky. * <p/> * V015Z also performs a logoff in case of plain text. Good. * * @throws Exception */ @Test @QualityAssurance(firmware = Firmware.V015Z, approved = true) public void testAuthnSignPlainText() throws Exception { CardChannel cardChannel = this.pcscEid.getCardChannel(); List<X509Certificate> authnCertChain = this.pcscEid.getAuthnCertificateChain(); /* * Make sure that the PIN authorization is already OK. */ this.pcscEid.signAuthn("hello world".getBytes()); CommandAPDU setApdu = new CommandAPDU(0x00, 0x22, 0x41, 0xB6, new byte[] { 0x04, // length of following data (byte) 0x80, // algo ref 0x01, // rsa pkcs#1 (byte) 0x84, // tag for private key ref (byte) 0x82 }); // auth key // ResponseAPDU responseApdu = cardChannel.transmit(setApdu); // assertEquals(0x9000, responseApdu.getSW()); String textMessage = "My Testcase"; AlgorithmIdentifier algoId = new AlgorithmIdentifier("2.16.56.1.2.1.3.1"); DigestInfo digestInfo = new DigestInfo(algoId, textMessage.getBytes()); LOG.debug("DigestInfo DER encoded: " + new String(Hex.encodeHex(digestInfo.getDEREncoded()))); CommandAPDU computeDigitalSignatureApdu = new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, digestInfo.getDEREncoded()); ResponseAPDU responseApdu2 = cardChannel.transmit(computeDigitalSignatureApdu); assertEquals(0x9000, responseApdu2.getSW()); byte[] signatureValue = responseApdu2.getData(); LOG.debug("signature value size: " + signatureValue.length); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.DECRYPT_MODE, authnCertChain.get(0)); byte[] signatureDigestInfoValue = cipher.doFinal(signatureValue); ASN1InputStream aIn = new ASN1InputStream(signatureDigestInfoValue); DigestInfo signatureDigestInfo = new DigestInfo((ASN1Sequence) aIn.readObject()); LOG.debug("result algo Id: " + signatureDigestInfo.getAlgorithmId().getObjectId().getId()); assertEquals("2.16.56.1.2.1.3.1", signatureDigestInfo.getAlgorithmId().getObjectId().getId()); assertArrayEquals(textMessage.getBytes(), signatureDigestInfo.getDigest()); }
From source file:test.be.fedict.eid.applet.SecurePinPadReaderTest.java
/** * Creates a non-repudiation signature with plain text. * <p/>/*from w w w.j a v a 2s. co m*/ * Remark: "Enter NonRep PIN" should maybe be replaced with * "Enter Sign PIN". Fixed in V010Z. * * @throws Exception */ @Test @QualityAssurance(firmware = Firmware.V015Z, approved = true) public void testNonRepSignPlainText() throws Exception { CardChannel cardChannel = this.pcscEid.getCardChannel(); List<X509Certificate> signCertChain = this.pcscEid.getSignCertificateChain(); CommandAPDU setApdu = new CommandAPDU(0x00, 0x22, 0x41, 0xB6, new byte[] { 0x04, // length of following data (byte) 0x80, // algo ref 0x01, // rsa pkcs#1 (byte) 0x84, // tag for private key ref (byte) 0x83 }); // non-rep key ResponseAPDU responseApdu = cardChannel.transmit(setApdu); assertEquals(0x9000, responseApdu.getSW()); this.pcscEid.verifyPin(); String textMessage = "My Testcase"; AlgorithmIdentifier algoId = new AlgorithmIdentifier("2.16.56.1.2.1.3.1"); DigestInfo digestInfo = new DigestInfo(algoId, textMessage.getBytes()); CommandAPDU computeDigitalSignatureApdu = new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, digestInfo.getDEREncoded()); responseApdu = cardChannel.transmit(computeDigitalSignatureApdu); assertEquals(0x9000, responseApdu.getSW()); byte[] signatureValue = responseApdu.getData(); LOG.debug("signature value size: " + signatureValue.length); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.DECRYPT_MODE, signCertChain.get(0)); byte[] signatureDigestInfoValue = cipher.doFinal(signatureValue); ASN1InputStream aIn = new ASN1InputStream(signatureDigestInfoValue); DigestInfo signatureDigestInfo = new DigestInfo((ASN1Sequence) aIn.readObject()); LOG.debug("result algo Id: " + signatureDigestInfo.getAlgorithmId().getObjectId().getId()); assertEquals("2.16.56.1.2.1.3.1", signatureDigestInfo.getAlgorithmId().getObjectId().getId()); assertArrayEquals(textMessage.getBytes(), signatureDigestInfo.getDigest()); }
From source file:test.be.fedict.eid.applet.SecurePinPadReaderTest.java
/** * Only applicable for 2048 bit keys.// ww w. j av a 2 s. c om * * @throws Exception */ @Test @QualityAssurance(firmware = Firmware.V015Z, approved = true) public void testLargePlainTextMessage() throws Exception { CardChannel cardChannel = this.pcscEid.getCardChannel(); List<X509Certificate> signCertChain = this.pcscEid.getSignCertificateChain(); CommandAPDU setApdu = new CommandAPDU(0x00, 0x22, 0x41, 0xB6, new byte[] { 0x04, // length of following data (byte) 0x80, // algo ref 0x01, // rsa pkcs#1 (byte) 0x84, // tag for private key ref (byte) 0x83 }); // non-rep key ResponseAPDU responseApdu = cardChannel.transmit(setApdu); assertEquals(0x9000, responseApdu.getSW()); this.pcscEid.verifyPin(); byte[] data = new byte[115]; /* * If the length of the plain text message is >= 115, the message is not * visualized by the secure pinpad reader. */ SecureRandom secureRandom = new SecureRandom(); secureRandom.nextBytes(data); AlgorithmIdentifier algoId = new AlgorithmIdentifier("2.16.56.1.2.1.3.1"); DigestInfo digestInfo = new DigestInfo(algoId, data); CommandAPDU computeDigitalSignatureApdu = new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, digestInfo.getDEREncoded()); responseApdu = cardChannel.transmit(computeDigitalSignatureApdu); assertEquals(0x9000, responseApdu.getSW()); byte[] signatureValue = responseApdu.getData(); LOG.debug("signature value size: " + signatureValue.length); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.DECRYPT_MODE, signCertChain.get(0)); byte[] signatureDigestInfoValue = cipher.doFinal(signatureValue); ASN1InputStream aIn = new ASN1InputStream(signatureDigestInfoValue); DigestInfo signatureDigestInfo = new DigestInfo((ASN1Sequence) aIn.readObject()); LOG.debug("result algo Id: " + signatureDigestInfo.getAlgorithmId().getObjectId().getId()); assertEquals("2.16.56.1.2.1.3.1", signatureDigestInfo.getAlgorithmId().getObjectId().getId()); assertArrayEquals(data, signatureDigestInfo.getDigest()); }
From source file:test.be.fedict.eid.applet.SecurePinPadReaderTest.java
/** * When creating a non-repudiation signature using PKCS#1-SHA1 (non-naked) * the digest value should also be confirmed via the secure pinpad reader. * // w w w .ja v a 2s. c o m * @throws Exception */ @Test @QualityAssurance(firmware = Firmware.V015Z, approved = true) public void testNonRepSignPKCS1_SHA1() throws Exception { CardChannel cardChannel = this.pcscEid.getCardChannel(); List<X509Certificate> signCertChain = this.pcscEid.getSignCertificateChain(); CommandAPDU setApdu = new CommandAPDU(0x00, 0x22, 0x41, 0xB6, new byte[] { 0x04, // length of following data (byte) 0x80, // algo ref 0x02, // RSA PKCS#1 SHA1 (byte) 0x84, // tag for private key ref (byte) 0x83 }); // non-rep key ResponseAPDU responseApdu = cardChannel.transmit(setApdu); assertEquals(0x9000, responseApdu.getSW()); this.pcscEid.verifyPin(); byte[] data = "My Testcase".getBytes(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte[] digestValue = messageDigest.digest(data); CommandAPDU computeDigitalSignatureApdu = new CommandAPDU(0x00, 0x2A, 0x9E, 0x9A, digestValue); responseApdu = cardChannel.transmit(computeDigitalSignatureApdu); assertEquals(0x9000, responseApdu.getSW()); byte[] signatureValue = responseApdu.getData(); LOG.debug("signature value size: " + signatureValue.length); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initVerify(signCertChain.get(0).getPublicKey()); signature.update(data); boolean result = signature.verify(signatureValue); assertTrue(result); }