Add GP211 applet and latest GP201 applet for RSA.

Ticket # 793: Add support for Secure Channel Protocol 02 Properly select the coolkey applet in the "getAppletVersion" routine. For some reason the gp211 applet revealed this issue. Tested to work with both gp211 scp02 card and gp201 scp01 card.
author: Jack Magne <jmagne@localhost.localdomain> 2015-06-25 11:45:13 -0700
committer: Jack Magne <jmagne@localhost.localdomain> 2015-07-01 17:04:09 -0700
commit: 158ae4bfa03c56c02dcba9066c4dc3ff1806e6a0 (patch)
tree: ea2825ab86e993e2d472d9dd01a135470648b0ff
parent: b253cad196f57e79a5aede53aceffede1c9edfbe (diff)
download: pki-158ae4bfa03c56c02dcba9066c4dc3ff1806e6a0.tar.gz
pki-158ae4bfa03c56c02dcba9066c4dc3ff1806e6a0.tar.xz
pki-158ae4bfa03c56c02dcba9066c4dc3ff1806e6a0.zip
5 files changed, 34 insertions, 43 deletions
diff --git a/base/tps/shared/applets/1.4.54de790f.ijc b/base/tps/shared/applets/1.4.54de790f.ijc
new file mode 100644
index 000000000..5da1ddb81
--- /dev/null
+++ b/base/tps/shared/applets/1.4.54de790f.ijc
diff --git a/base/tps/shared/applets/1.5.558cdcff.ijc b/base/tps/shared/applets/1.5.558cdcff.ijc
new file mode 100644
index 000000000..2f2ea60d4
--- /dev/null
+++ b/base/tps/shared/applets/1.5.558cdcff.ijc
diff --git a/base/tps/shared/applets/readme.txt b/base/tps/shared/applets/readme.txt
index 773e3bac5..cdf12a83a 100644
--- a/base/tps/shared/applets/readme.txt
+++ b/base/tps/shared/applets/readme.txt
@@ -21,32 +21,18 @@
 This directory contains a list of CoolKey applets
 that can be used by the TPS for applet upgrade.
 
-
-Applet Information:
 ------------------
 
-File Name     Creation Date    Applet Ver Major Ver Minor Ver Remark
-============  ================ ========== ========= ========= ==========
-427BDDB8.ijc  2005/05/06  14:12 427BDDB8   1         3         Official Applet
+Beta applet:
+
+RSA / Key Recovery, GP211/SCP02:
+
+1.5.558cdcff.ijc
 
-Token Information:
------------------
+Additional applets:
 
-Type                      CUID (Token ID)     ATR       Remark
-======================== ==================== =======  ==================
-Old "E" and ealier cards 40900062ff00ssssssss 
-(Acquired From WebSite)
-"F" cards                40900062ff00ssssssss
-(Acquired From WebSite)
-"G" & later (Oct/Nov)    409000620103ssssssss 
-(Acquired From WebSite)
-Fortezza cards           409000620103ssssssss     
-(Acquired From WebSite)
-Developement Keyed cards 409000620101ssssssss 3B76940000FF6276010000
 
-where ssssssss is the serial number. 
+330J/RSA / Key Recovery:
 
+1.4.54de790f.ijc
 
-Remark
-======
-1.3.45787308.ijc - this is the unofficial jForte applet with hacks
diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg.in
index ea98a76ad..fdc3510ed 100644
--- a/base/tps/shared/conf/CS.cfg.in
+++ b/base/tps/shared/conf/CS.cfg.in
@@ -9,7 +9,10 @@ applet._000=#########################################
 applet._001=# applet information
 applet._002=# SAF Key:
 applet._003=# applet.aid.cardmgr_instance=A0000001510000
-applet._004=#########################################
+applet._004=# Stock RSA,KeyRecover applet : 1.4.54de790f.ijc
+applet._005=# Beta RSA/KeyRecovery/GP211/SCP02 applet : 1.5.558cdcff.ijc
+applet._006=# Use GP211 applet only with SCP02 card
+applet._007=#########################################
 applet.aid.cardmgr_instance=A0000000030000
 applet.aid.netkey_file=627601FF0000
 applet.aid.netkey_instance=627601FF000000
@@ -98,7 +101,7 @@ channel._001=# channel.encryption:
 channel._002=#
 channel._003=#   - enable encryption for all operation commands to token
 channel._004=#   - default is true
-channel._005=#  channel.blocksize=242
+channel._005=#  channel.blocksize=224
 channel._006=#  channel.defKeyVersion=0
 channel._007=#  channel.defKeyIndex=0
 channel._008=#
@@ -110,7 +113,7 @@ channel._013=#  * channel.instanceSize=18000
 channel._014=#  * channel.appletMemorySize=5000
 channel._015=#########################################
 channel.encryption=true
-channel.blocksize=242
+channel.blocksize=224
 channel.defKeyVersion=0
 channel.defKeyIndex=0
 cms.product.version=@APPLICATION_VERSION@
@@ -409,7 +412,7 @@ op.enroll.delegateIEtoken.update.applet.directory=/usr/share/pki/tps/applets
 op.enroll.delegateIEtoken.update.applet.emptyToken.enable=true
 op.enroll.delegateIEtoken.update.applet.enable=true
 op.enroll.delegateIEtoken.update.applet.encryption=true
-op.enroll.delegateIEtoken.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.delegateIEtoken.update.applet.requiredVersion=1.4.54de790f
 op.enroll.delegateIEtoken.update.symmetricKeys.enable=false
 op.enroll.delegateIEtoken.update.symmetricKeys.requiredVersion=1
 op.format.delegateIEtoken.auth.enable=true
@@ -430,7 +433,7 @@ op.format.delegateIEtoken.tks.conn=tks1
 op.format.delegateIEtoken.update.applet.directory=/usr/share/pki/tps/applets
 op.format.delegateIEtoken.update.applet.emptyToken.enable=true
 op.format.delegateIEtoken.update.applet.encryption=true
-op.format.delegateIEtoken.update.applet.requiredVersion=1.4.4d40a449
+op.format.delegateIEtoken.update.applet.requiredVersion=1.4.54de790f
 op.format.delegateIEtoken.update.symmetricKeys.enable=false
 op.format.delegateIEtoken.update.symmetricKeys.requiredVersion=1
 op.enroll.delegateISEtoken._000=#########################################
@@ -667,7 +670,7 @@ op.enroll.delegateISEtoken.update.applet.directory=/usr/share/pki/tps/applets
 op.enroll.delegateISEtoken.update.applet.emptyToken.enable=true
 op.enroll.delegateISEtoken.update.applet.enable=true
 op.enroll.delegateISEtoken.update.applet.encryption=true
-op.enroll.delegateISEtoken.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.delegateISEtoken.update.applet.requiredVersion=1.4.54de790f
 op.enroll.delegateISEtoken.update.symmetricKeys.enable=false
 op.enroll.delegateISEtoken.update.symmetricKeys.requiredVersion=1
 op.format.delegateISEtoken.auth.enable=true
@@ -688,7 +691,7 @@ op.format.delegateISEtoken.tks.conn=tks1
 op.format.delegateISEtoken.update.applet.directory=/usr/share/pki/tps/applets
 op.format.delegateISEtoken.update.applet.emptyToken.enable=true
 op.format.delegateISEtoken.update.applet.encryption=true
-op.format.delegateISEtoken.update.applet.requiredVersion=1.4.4d40a449
+op.format.delegateISEtoken.update.applet.requiredVersion=1.4.54de790f
 op.format.delegateISEtoken.update.symmetricKeys.enable=false
 op.format.delegateISEtoken.update.symmetricKeys.requiredVersion=1
 op.enroll.externalRegAddToToken._000=#########################################
@@ -748,7 +751,7 @@ op.enroll.externalRegAddToToken.update.applet.directory=/usr/share/pki/tps/apple
 op.enroll.externalRegAddToToken.update.applet.emptyToken.enable=true
 op.enroll.externalRegAddToToken.update.applet.enable=false
 op.enroll.externalRegAddToToken.update.applet.encryption=true
-op.enroll.externalRegAddToToken.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f
 op.enroll.externalRegAddToToken.update.symmetricKeys.enable=false
 op.enroll.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
 op.format.externalRegAddToToken.auth.enable=true
@@ -764,7 +767,7 @@ op.format.externalRegAddToToken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSE
 op.format.externalRegAddToToken.update.applet.directory=/usr/share/pki/tps/applets
 op.format.externalRegAddToToken.update.applet.emptyToken.enable=true
 op.format.externalRegAddToToken.update.applet.encryption=true
-op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.54de790f
 op.format.externalRegAddToToken.update.symmetricKeys.enable=false
 op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
 op.enroll.allowUnknownToken=true
@@ -1051,7 +1054,7 @@ op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets
 op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true
 op.enroll.soKeyTemporary.update.applet.enable=true
 op.enroll.soKeyTemporary.update.applet.encryption=true
-op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.54de790f
 op.enroll.soKeyTemporary.update.symmetricKeys.enable=false
 op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1
 op.enroll.soKey.tks.conn=tks1
@@ -1059,7 +1062,7 @@ op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets
 op.enroll.soKey.update.applet.emptyToken.enable=true
 op.enroll.soKey.update.applet.enable=true
 op.enroll.soKey.update.applet.encryption=true
-op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.soKey.update.applet.requiredVersion=1.4.54de790f
 op.enroll.soKey.update.symmetricKeys.enable=false
 op.enroll.soKey.update.symmetricKeys.requiredVersion=1
 op.enroll.userKey.cuidMustMatchKDD=false
@@ -1362,7 +1365,7 @@ op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets
 op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true
 op.enroll.userKeyTemporary.update.applet.enable=true
 op.enroll.userKeyTemporary.update.applet.encryption=true
-op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.54de790f
 op.enroll.userKeyTemporary.update.symmetricKeys.enable=false
 op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1
 op.enroll.userKey.tks.conn=tks1
@@ -1370,7 +1373,7 @@ op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets
 op.enroll.userKey.update.applet.emptyToken.enable=true
 op.enroll.userKey.update.applet.enable=true
 op.enroll.userKey.update.applet.encryption=true
-op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.userKey.update.applet.requiredVersion=1.4.54de790f
 op.enroll.userKey.update.symmetricKeys.enable=false
 op.enroll.userKey.update.symmetricKeys.requiredVersion=1
 op.format.allowUnknownToken=true
@@ -1393,7 +1396,7 @@ op.format.cleanToken.tks.conn=tks1
 op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets
 op.format.cleanToken.update.applet.emptyToken.enable=true
 op.format.cleanToken.update.applet.encryption=true
-op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.cleanToken.update.applet.requiredVersion=1.4.54de790f
 op.format.cleanToken.update.symmetricKeys.enable=false
 op.format.cleanToken.update.symmetricKeys.requiredVersion=1
 op.format.soCleanSOToken.cuidMustMatchKDD=false
@@ -1414,7 +1417,7 @@ op.format.soCleanSOToken.tks.conn=tks1
 op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets
 op.format.soCleanSOToken.update.applet.emptyToken.enable=true
 op.format.soCleanSOToken.update.applet.encryption=true
-op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.soCleanSOToken.update.applet.requiredVersion=1.4.54de790f
 op.format.soCleanSOToken.update.symmetricKeys.enable=false
 op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1
 op.format.soCleanUserToken.cuidMustMatchKDD=false
@@ -1435,7 +1438,7 @@ op.format.soCleanUserToken.tks.conn=tks1
 op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets
 op.format.soCleanUserToken.update.applet.emptyToken.enable=true
 op.format.soCleanUserToken.update.applet.encryption=true
-op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.soCleanUserToken.update.applet.requiredVersion=1.4.54de790f
 op.format.soCleanUserToken.update.symmetricKeys.enable=false
 op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1
 op.format.soKey.cuidMustMatchKDD=false
@@ -1456,7 +1459,7 @@ op.format.soKey.tks.conn=tks1
 op.format.soKey.update.applet.directory=[TPS_DIR]/applets
 op.format.soKey.update.applet.emptyToken.enable=true
 op.format.soKey.update.applet.encryption=true
-op.format.soKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.soKey.update.applet.requiredVersion=1.4.54de790f
 op.format.soKey.update.symmetricKeys.enable=false
 op.format.soKey.update.symmetricKeys.requiredVersion=1
 op.format.soUserKey.cuidMustMatchKDD=false
@@ -1477,7 +1480,7 @@ op.format.soUserKey.tks.conn=tks1
 op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets
 op.format.soUserKey.update.applet.emptyToken.enable=true
 op.format.soUserKey.update.applet.encryption=true
-op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.soUserKey.update.applet.requiredVersion=1.4.54de790f
 op.format.soUserKey.update.symmetricKeys.enable=false
 op.format.soUserKey.update.symmetricKeys.requiredVersion=1
 op.format.tokenKey.cuidMustMatchKDD=false
@@ -1498,7 +1501,7 @@ op.format.tokenKey.tks.conn=tks1
 op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets
 op.format.tokenKey.update.applet.emptyToken.enable=true
 op.format.tokenKey.update.applet.encryption=true
-op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.tokenKey.update.applet.requiredVersion=1.4.54de790f
 op.format.tokenKey.update.symmetricKeys.enable=false
 op.format.tokenKey.update.symmetricKeys.requiredVersion=1
 op.format.userKey.cuidMustMatchKDD=false
@@ -1519,7 +1522,7 @@ op.format.userKey.tks.conn=tks1
 op.format.userKey.update.applet.directory=[TPS_DIR]/applets
 op.format.userKey.update.applet.emptyToken.enable=true
 op.format.userKey.update.applet.encryption=true
-op.format.userKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.userKey.update.applet.requiredVersion=1.4.54de790f
 op.format.userKey.update.symmetricKeys.enable=false
 op.format.userKey.update.symmetricKeys.requiredVersion=1
 op.pinReset.mappingResolver=pinResetProfileMappingResolver
@@ -1540,7 +1543,7 @@ op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets
 op.pinReset.userKey.update.applet.emptyToken.enable=true
 op.pinReset.userKey.update.applet.enable=false
 op.pinReset.userKey.update.applet.encryption=true
-op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449
+op.pinReset.userKey.update.applet.requiredVersion=1.4.54de790f
 op.pinReset.userKey.update.symmetricKeys.enable=false
 op.pinReset.userKey.update.symmetricKeys.requiredVersion=1
 os.serverName=cert-[PKI_INSTANCE_NAME]
diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
index 22ca7a291..14e8eadbf 100644
--- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
+++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java
@@ -354,6 +354,8 @@ public class TPSProcessor {
 
         CMS.debug("In TPSProcessor.getAppletVersion");
 
+        selectCoolKeyApplet();
+
         GetVersionAPDU get_version_apdu = new GetVersionAPDU();
 
         APDUResponse respApdu = handleAPDURequest(get_version_apdu);
author	Jack Magne <jmagne@localhost.localdomain>	2015-06-25 11:45:13 -0700
committer	Jack Magne <jmagne@localhost.localdomain>	2015-07-01 17:04:09 -0700
commit	158ae4bfa03c56c02dcba9066c4dc3ff1806e6a0 (patch)
tree	ea2825ab86e993e2d472d9dd01a135470648b0ff
parent	b253cad196f57e79a5aede53aceffede1c9edfbe (diff)
download	pki-158ae4bfa03c56c02dcba9066c4dc3ff1806e6a0.tar.gz pki-158ae4bfa03c56c02dcba9066c4dc3ff1806e6a0.tar.xz pki-158ae4bfa03c56c02dcba9066c4dc3ff1806e6a0.zip