Further progress Format operation.

1. Read applet into memory to prepare to write to token.
2. With tpsclient create secure channel by implementing Initialize Update and ExternalAuthenticate messages.
3. Support for MAC and encryption for messages going on after secure channel has been created.
4. Implemented method to remove an aid file or instance from the token.
5. Added some symkey methods to allow TPS to manipulate session keys.
6. Performed some cfu feedback fixes such as changing al the names of APDU classes to have APDU in the name.

Have not tried this with real token as of yet. The tpsclient does verify of the MAC coming from the server and decrypts encrypted messages. Decrypted messages have to be correct for the MAC verification to work.
Next step will be to add the phone home servlet to the TPS and give it a try with a real token and esc.

35 files changed, 441 insertions, 144 deletions

diff --git a/base/common/src/org/dogtagpki/tps/TPSConnection.java b/base/common/src/org/dogtagpki/tps/TPSConnection.java
index 442d28dad..64f8cb906 100644
--- a/base/common/src/org/dogtagpki/tps/TPSConnection.java
+++ b/base/common/src/org/dogtagpki/tps/TPSConnection.java
@@ -53,12 +53,14 @@ public class TPSConnection {
 
         // read the first parameter
         while ((b = in.read()) >= 0) {
-            char c = (char)b;
-            if (c == '&') break;
+            char c = (char) b;
+            if (c == '&')
+                break;
             sb.append(c);
         }
 
-        if (b < 0) throw new IOException("Unexpected end of stream");
+        if (b < 0)
+            throw new IOException("Unexpected end of stream");
 
         // parse message size
         String nvp = sb.toString();
@@ -68,19 +70,20 @@ public class TPSConnection {
         sb.append('&');
 
         // read the rest of message
-        for (int i=0; i<size; i++) {
+        for (int i = 0; i < size; i++) {
 
             b = in.read();
-            if (b < 0) throw new IOException("Unexpected end of stream");
+            if (b < 0)
+                throw new IOException("Unexpected end of stream");
 
-            char c = (char)b;
+            char c = (char) b;
             sb.append(c);
         }
 
         CMS.debug("TPSMessage.read: Reading:  " + sb.toString());
 
         // parse the entire message
-        return  TPSMessage.createMessage(sb.toString());
+        return TPSMessage.createMessage(sb.toString());
     }
 
     public void write(TPSMessage message) throws IOException {
@@ -88,7 +91,6 @@ public class TPSConnection {
 
         CMS.debug("TPSMessage.write: Writing: " + s);
 
-
         if (chunked) {
             // send message length + EOL
             out.print(Integer.toHexString(s.length()));
@@ -98,11 +100,18 @@ public class TPSConnection {
         // send message
         out.print(s);
 
+        /*
+         *
+         * Right now, tpsclient is counting the final crlf as part of the message and ruining the MAC calculations
+         * For now do this and figure out later how to handle this for both tpsclient and esc.
+         *
         if (chunked) {
             // send EOL
             out.print("\r\n");
         }
 
+        */
+
         out.flush();
     }
 }
diff --git a/base/common/src/org/dogtagpki/tps/apdu/APDU.java b/base/common/src/org/dogtagpki/tps/apdu/APDU.java
index c4f2c1769..c1aa51716 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/APDU.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/APDU.java
@@ -19,6 +19,9 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 import org.dogtagpki.tps.main.Util;
+import org.mozilla.jss.pkcs11.PK11SymKey;
+
+import com.netscape.certsrv.base.EBaseException;
 
 public abstract class APDU {
 
@@ -140,8 +143,59 @@ public abstract class APDU {
         return encoding;
     }
 
-    public void getDataToMAC(TPSBuffer data) {
-        //ToDO
+    public TPSBuffer getDataToMAC() {
+        TPSBuffer mac = new TPSBuffer();
+
+        mac.add(cla);
+        mac.add(ins);
+        mac.add(p1);
+        mac.add(p2);
+        mac.add((byte) (data.size() + 8));
+        mac.add(data);
+
+        return mac;
+    }
+
+    public void secureMessage(PK11SymKey encKey) throws EBaseException {
+
+        if (encKey == null) {
+            throw new EBaseException("APDU.secureData: No input encrytion session key!");
+        }
+
+        int padNeeded = 0;
+
+        TPSBuffer dataToEnc = null;
+        TPSBuffer padding = null;
+        TPSBuffer dataEncrypted = null;
+
+        dataToEnc = new TPSBuffer();
+        dataToEnc.add((byte) data.size());
+        dataToEnc.add(data);
+
+        int dataSize = dataToEnc.size();
+        int rem = dataSize % 8;
+
+        if (rem == 0) {
+            padNeeded = 0;
+        } else if (dataSize < 8) {
+            padNeeded = 8 - dataSize;
+        } else {
+            padNeeded = 8 - rem;
+        }
+
+        if (padNeeded > 0) {
+            dataToEnc.add((byte) 0x80);
+            padNeeded--;
+
+            if (padNeeded > 0) {
+                padding = new TPSBuffer(padNeeded);
+                dataToEnc.add(padding);
+            }
+        }
+
+        dataEncrypted = Util.encryptData(dataToEnc, encKey);
+
+        data.set(dataEncrypted);
     }
 
     public Type getType() {
diff --git a/base/common/src/org/dogtagpki/tps/apdu/APDUResponse.java b/base/common/src/org/dogtagpki/tps/apdu/APDUResponse.java
index ef25cd204..9376a1f97 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/APDUResponse.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/APDUResponse.java
@@ -88,7 +88,7 @@ public class APDUResponse extends APDU {
     }
 
     //Get the two byte apdu return code
-    byte[] getResultBytes() {
+    public byte[] getResultCodeBytes() {
         byte[] result = new byte[2];
 
         result[0] = getSW1();
@@ -96,6 +96,20 @@ public class APDUResponse extends APDU {
         return result;
     }
 
+    public TPSBuffer getResultDataNoCode() {
+
+        //Result code will be 2 bytes at the end.
+        TPSBuffer theData = getData();
+
+        TPSBuffer result = null;
+        int len = theData.size();
+        if (len > 2) {
+            result = theData.substr(0, len - 2);
+        }
+
+        return result;
+    }
+
     public static void main(String args[]) {
 
         APDUResponse resp = new APDUResponse();
diff --git a/base/common/src/org/dogtagpki/tps/apdu/CreateObject.java b/base/common/src/org/dogtagpki/tps/apdu/CreateObjectAPDU.java
index 04208aa3b..03ad05ff4 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/CreateObject.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/CreateObjectAPDU.java
@@ -23,7 +23,7 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class CreateObject extends APDU {
+public class CreateObjectAPDU extends APDU {
     /**
      * Constructs a Create Object APDU. This APDU is usually sent right
      * before Write_Buffer_APDU is sent. This APDU only creates an Object
@@ -63,7 +63,7 @@ public class CreateObject extends APDU {
      * @see APDU
      */
 
-    public CreateObject(byte[] object_id, byte[] permissions, int len) {
+    public CreateObjectAPDU(byte[] object_id, byte[] permissions, int len) {
 
         if (object_id.length != 4)
             return;
@@ -108,7 +108,7 @@ public class CreateObject extends APDU {
         byte[] object_id = { 0x01, 0x02, 0x3, 0x4 };
         byte[] permisisons = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x6 };
 
-        CreateObject apdu = new CreateObject(object_id, permisisons, 56);
+        CreateObjectAPDU apdu = new CreateObjectAPDU(object_id, permisisons, 56);
 
         if (apdu != null) {
 
diff --git a/base/common/src/org/dogtagpki/tps/apdu/CreatePin.java b/base/common/src/org/dogtagpki/tps/apdu/CreatePinAPDU.java
index 3d7b9274c..c37d0d465 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/CreatePin.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/CreatePinAPDU.java
@@ -22,9 +22,9 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class CreatePin extends APDU {
+public class CreatePinAPDU  extends APDU {
 
-    public CreatePin(byte theP1, byte theP2, TPSBuffer theData) {
+    public  CreatePinAPDU(byte theP1, byte theP2, TPSBuffer theData) {
 
         setP1(theP1);
         setP2(theP2);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/DeleteFile.java b/base/common/src/org/dogtagpki/tps/apdu/DeleteFileAPDU.java
index 475207dd6..9114b8af6 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/DeleteFile.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/DeleteFileAPDU.java
@@ -19,14 +19,13 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class DeleteFile extends APDU {
+public class DeleteFileAPDU extends APDU {
 
-    public DeleteFile( TPSBuffer aid) {
+    public DeleteFileAPDU(TPSBuffer aid) {
         setCLA((byte) 0x84);
-        setINS((byte)0xE4);
-        setP1((byte)0x00);
-        setP2((byte)0x00);
-
+        setINS((byte) 0xE4);
+        setP1((byte) 0x00);
+        setP2((byte) 0x00);
 
         TPSBuffer AIDTLV = new TPSBuffer();
 
@@ -43,7 +42,7 @@ public class DeleteFile extends APDU {
     public APDU.Type getType() {
         return APDU.Type.APDU_DELETE_FILE;
 
-     }
+    }
 
     public static void main(String[] args) {
         // TODO Auto-generated method stub
diff --git a/base/common/src/org/dogtagpki/tps/apdu/ExternalAuthenticate.java b/base/common/src/org/dogtagpki/tps/apdu/ExternalAuthenticate.java
deleted file mode 100644
index d1337b886..000000000
--- a/base/common/src/org/dogtagpki/tps/apdu/ExternalAuthenticate.java
+++ /dev/null
@@ -1,51 +0,0 @@
-// --- BEGIN COPYRIGHT BLOCK ---
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; version 2 of the License.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License along
-// with this program; if not, write to the Free Software Foundation, Inc.,
-// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-//
-// (C) 2013 Red Hat, Inc.
-// All rights reserved.
-// --- END COPYRIGHT BLOCK ---
-package org.dogtagpki.tps.apdu;
-
-import org.dogtagpki.tps.main.TPSBuffer;
-
-public class ExternalAuthenticate extends APDU {
-
-    public ExternalAuthenticate(TPSBuffer theData, byte securityLevel) {
-
-        setCLA((byte) 0x84);
-        setINS((byte) 0x82);
-
-        setP1(securityLevel);
-
-        setP2((byte) 0x00);
-        setData(theData);
-    }
-
-    public TPSBuffer getHostCryptogram()
-    {
-        return getData();
-    }
-
-    @Override
-    public APDU.Type getType()
-    {
-        return APDU.Type.APDU_EXTERNAL_AUTHENTICATE;
-    }
-
-    public static void main(String[] args) {
-        // TODO Auto-generated method stub
-
-    }
-
-}
diff --git a/base/common/src/org/dogtagpki/tps/apdu/ExternalAuthenticateAPDU.java b/base/common/src/org/dogtagpki/tps/apdu/ExternalAuthenticateAPDU.java
new file mode 100644
index 000000000..d824e8ce7
--- /dev/null
+++ b/base/common/src/org/dogtagpki/tps/apdu/ExternalAuthenticateAPDU.java
@@ -0,0 +1,110 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package org.dogtagpki.tps.apdu;
+
+import org.dogtagpki.tps.main.TPSBuffer;
+
+public class ExternalAuthenticateAPDU extends APDU {
+
+    public enum SecurityLevel {
+        SECURE_MSG_ANY,
+        SECURE_MSG_MAC,
+        SECURE_MSG_NONE, // not yet supported
+        SECURE_MSG_MAC_ENC,
+
+    }
+
+    public ExternalAuthenticateAPDU(TPSBuffer theData, SecurityLevel securityLevel) {
+        setCLA((byte) 0x84);
+        setINS((byte) 0x82);
+
+        setP1(securityLevelToByte(securityLevel));
+        setP2((byte) 0x0);
+
+        setData(theData);
+    }
+
+    public TPSBuffer getHostCryptogram()
+    {
+        return getData();
+    }
+
+    @Override
+    public APDU.Type getType()
+    {
+        return APDU.Type.APDU_EXTERNAL_AUTHENTICATE;
+    }
+
+    public static byte securityLevelToByte(SecurityLevel level) {
+        byte result = 0;
+
+        switch (level) {
+        case SECURE_MSG_ANY:
+            result = 0;
+            break;
+        case SECURE_MSG_MAC:
+            result = 1;
+            break;
+        case SECURE_MSG_NONE:
+            result = 2;
+            break;
+        case SECURE_MSG_MAC_ENC:
+            result = 3;
+            break;
+
+        default:
+            result = 0;
+            break;
+
+        }
+
+        return result;
+    }
+
+    public static SecurityLevel byteToSecurityLevel(byte level) {
+
+        SecurityLevel result = SecurityLevel.SECURE_MSG_ANY;
+
+        switch (level) {
+
+        case 0:
+            result = SecurityLevel.SECURE_MSG_ANY;
+            break;
+        case 1:
+            result = SecurityLevel.SECURE_MSG_MAC;
+            break;
+        case 2:
+            result = SecurityLevel.SECURE_MSG_NONE;
+            break;
+        case 3:
+            result = SecurityLevel.SECURE_MSG_MAC_ENC;
+            break;
+        default:
+            result = SecurityLevel.SECURE_MSG_ANY;
+            break;
+        }
+
+        return result;
+    }
+
+    public static void main(String[] args) {
+        // TODO Auto-generated method stub
+
+    }
+
+}
diff --git a/base/common/src/org/dogtagpki/tps/apdu/FormatMuscleApplet.java b/base/common/src/org/dogtagpki/tps/apdu/FormatMuscleAppletAPDU.java
index af4cec11a..3babdc1c5 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/FormatMuscleApplet.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/FormatMuscleAppletAPDU.java
@@ -25,8 +25,8 @@ import org.dogtagpki.tps.main.TPSBuffer;
 
 /* Not sure this is used , provide stub right now. */
 
-public class FormatMuscleApplet extends APDU {
-    public FormatMuscleApplet(short memSize,
+public class FormatMuscleAppletAPDU extends APDU {
+    public FormatMuscleAppletAPDU(short memSize,
             TPSBuffer PIN0, byte pin0Tries,
             TPSBuffer unblockPIN0, byte unblock0Tries,
             TPSBuffer PIN1, byte pin1Tries,
diff --git a/base/common/src/org/dogtagpki/tps/apdu/GenerateKey.java b/base/common/src/org/dogtagpki/tps/apdu/GenerateKeyAPDU.java
index 47f45bb50..f11f132be 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/GenerateKey.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/GenerateKeyAPDU.java
@@ -23,9 +23,9 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class GenerateKey extends APDU {
+public class GenerateKeyAPDU extends APDU {
 
-    public GenerateKey(byte theP1, byte theP2, byte alg,
+    public GenerateKeyAPDU(byte theP1, byte theP2, byte alg,
             int keysize, byte option,
             byte type, TPSBuffer wrapped_challenge, TPSBuffer key_check) {
 
diff --git a/base/common/src/org/dogtagpki/tps/apdu/GenerateKeyECC.java b/base/common/src/org/dogtagpki/tps/apdu/GenerateKeyECCAPDU.java
index 3f9106723..6743822ad 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/GenerateKeyECC.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/GenerateKeyECCAPDU.java
@@ -23,9 +23,9 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class GenerateKeyECC extends APDU {
+public class GenerateKeyECCAPDU extends APDU {
 
-    public GenerateKeyECC(byte theP1, byte theP2, byte alg,
+    public GenerateKeyECCAPDU(byte theP1, byte theP2, byte alg,
             int keysize, byte option,
             byte type, TPSBuffer wrapped_challenge, TPSBuffer key_check) {
 
diff --git a/base/common/src/org/dogtagpki/tps/apdu/GetData.java b/base/common/src/org/dogtagpki/tps/apdu/GetDataAPDU.java
index b7b8be02c..7cd52fcd1 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/GetData.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/GetDataAPDU.java
@@ -22,9 +22,9 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class GetData extends APDU {
+public class GetDataAPDU extends APDU {
 
-    public GetData()
+    public GetDataAPDU()
     {
         setCLA((byte) 0x80);
         setINS((byte) 0xCA);
@@ -53,7 +53,7 @@ public class GetData extends APDU {
     } /* Encode */
 
     public static void main(String[] args) {
-        GetData get_data = new GetData();
+        GetDataAPDU get_data = new GetDataAPDU();
 
         get_data.dump();
 
diff --git a/base/common/src/org/dogtagpki/tps/apdu/GetIssuerInfo.java b/base/common/src/org/dogtagpki/tps/apdu/GetIssuerInfoAPDU.java
index 21fe1a77e..ede006a18 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/GetIssuerInfo.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/GetIssuerInfoAPDU.java
@@ -22,7 +22,7 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class GetIssuerInfo extends APDU {
+public class GetIssuerInfoAPDU extends APDU {
     /**
      * Constructs GetIssuer APDU.
      *
@@ -45,7 +45,7 @@ public class GetIssuerInfo extends APDU {
      * @param data issuer info
      * @see APDU
      */
-    public GetIssuerInfo()
+    public GetIssuerInfoAPDU()
     {
         setCLA((byte) 0x84);
         setINS((byte) 0xF6);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/GetStatus.java b/base/common/src/org/dogtagpki/tps/apdu/GetStatusAPDU.java
index 3b8c68fca..2479cc674 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/GetStatus.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/GetStatusAPDU.java
@@ -22,8 +22,8 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class GetStatus extends APDU {
-    public GetStatus()
+public class GetStatusAPDU extends APDU {
+    public GetStatusAPDU()
     {
         setCLA((byte) 0xB0);
         setINS((byte) 0x3C);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/GetVersion.java b/base/common/src/org/dogtagpki/tps/apdu/GetVersionAPDU.java
index 9bdc27fa1..6e10df985 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/GetVersion.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/GetVersionAPDU.java
@@ -22,8 +22,8 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class GetVersion extends APDU {
-    public GetVersion()
+public class GetVersionAPDU extends APDU {
+    public GetVersionAPDU()
     {
         setCLA((byte) 0xB0);
         setINS((byte) 0x70);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/ImportKey.java b/base/common/src/org/dogtagpki/tps/apdu/ImportKeyAPDU.java
index c17bfb825..a37e52831 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/ImportKey.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/ImportKeyAPDU.java
@@ -23,7 +23,7 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class ImportKey extends APDU {
+public class ImportKeyAPDU extends APDU {
     /**
      * Constructs Import Key APDU.
      *
@@ -46,7 +46,7 @@ public class ImportKey extends APDU {
      * Byte[] Additional parameters; // Optional
      * If KeyBlob's Encoding is BLOB_ENC_PLAIN(0x00), there are no additional parameters.
      */
-    public ImportKey(byte p1)
+    public ImportKeyAPDU(byte p1)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0x32);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/ImportKeyEnc.java b/base/common/src/org/dogtagpki/tps/apdu/ImportKeyEncAPDU.java
index c87a76ac8..ff01c6600 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/ImportKeyEnc.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/ImportKeyEncAPDU.java
@@ -23,7 +23,7 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class ImportKeyEnc extends APDU {
+public class ImportKeyEncAPDU extends APDU {
 
     /**
      * Constructs Import Key Encrypted APDU.
@@ -47,7 +47,7 @@ public class ImportKeyEnc extends APDU {
      * Import Parameters:
      * ...to be provided
      */
-    public ImportKeyEnc(byte p1, byte p2, TPSBuffer theData)
+    public ImportKeyEncAPDU(byte p1, byte p2, TPSBuffer theData)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0x0A);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/InitializeUpdate.java b/base/common/src/org/dogtagpki/tps/apdu/InitializeUpdateAPDU.java
index 4016b96f4..4bc640108 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/InitializeUpdate.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/InitializeUpdateAPDU.java
@@ -23,12 +23,13 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class InitializeUpdate extends APDU {
+public class InitializeUpdateAPDU extends APDU {
 
     /**
      * Constructs Initialize Update APDU.
      */
-    public InitializeUpdate(byte key_version, byte key_index, TPSBuffer theData) {
+    public InitializeUpdateAPDU(byte key_version, byte key_index, TPSBuffer theData) {
+        setCLA((byte) 0x80);
         setINS((byte) 0x50);
         setP1(key_version);
         setP2(key_index);
@@ -47,16 +48,16 @@ public class InitializeUpdate extends APDU {
 
     public TPSBuffer getEncoding()
     {
-        TPSBuffer data = new TPSBuffer();
+        TPSBuffer theData = new TPSBuffer();
 
-        data.add(cla);
-        data.add(ins);
-        data.add(p1);
-        data.add(p2);
-        data.add((byte) data.size());
-        data.add(data);
+        theData.add(cla);
+        theData.add(ins);
+        theData.add(p1);
+        theData.add(p2);
+        theData.add((byte) data.size());
+        theData.add(data);
 
-        return data;
+        return theData;
     } /* Encode */
 
 }
diff --git a/base/common/src/org/dogtagpki/tps/apdu/InstallApplet.java b/base/common/src/org/dogtagpki/tps/apdu/InstallAppletAPDU.java
index 9e6206ac7..8f164e9d4 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/InstallApplet.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/InstallAppletAPDU.java
@@ -23,9 +23,9 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class InstallApplet extends APDU {
+public class InstallAppletAPDU extends APDU {
 
-    public InstallApplet(TPSBuffer packageAID, TPSBuffer appletAID,
+    public InstallAppletAPDU(TPSBuffer packageAID, TPSBuffer appletAID,
             byte appPrivileges, int instanceSize, int appletMemorySize)
     {
         setCLA((byte) 0x84);
@@ -79,7 +79,7 @@ public class InstallApplet extends APDU {
     /**
      * Constructs Install Applet APDU.
      */
-    public InstallApplet(TPSBuffer theData)
+    public InstallAppletAPDU(TPSBuffer theData)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0xE6);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/InstallLoad.java b/base/common/src/org/dogtagpki/tps/apdu/InstallLoadAPDU.java
index dc6d2b049..cb84b9382 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/InstallLoad.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/InstallLoadAPDU.java
@@ -23,9 +23,9 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class InstallLoad extends APDU {
+public class InstallLoadAPDU extends APDU {
 
-    public InstallLoad(TPSBuffer packageAID, TPSBuffer sdAID,
+    public InstallLoadAPDU(TPSBuffer packageAID, TPSBuffer sdAID,
             int fileLen)
     {
 
@@ -55,7 +55,7 @@ public class InstallLoad extends APDU {
     /**
      * Constructs Install Load APDU. Used when data was pre-constructed
      */
-    public InstallLoad(TPSBuffer theData)
+    public InstallLoadAPDU(TPSBuffer theData)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0xE6);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/Lifecycle.java b/base/common/src/org/dogtagpki/tps/apdu/LifecycleAPDU.java
index e26a39ed9..051f663df 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/Lifecycle.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/LifecycleAPDU.java
@@ -21,11 +21,11 @@
 
 package org.dogtagpki.tps.apdu;
 
-public class Lifecycle extends APDU {
+public class LifecycleAPDU extends APDU {
     /**
      * Constructs Lifecycle APDU.
      */
-    public Lifecycle(byte lifecycle)
+    public LifecycleAPDU(byte lifecycle)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0xf0);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/ListObjects.java b/base/common/src/org/dogtagpki/tps/apdu/ListObjectsAPDU.java
index b21cd111b..4d29506e6 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/ListObjects.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/ListObjectsAPDU.java
@@ -23,8 +23,8 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class ListObjects extends APDU {
-    public ListObjects(byte seq)
+public class ListObjectsAPDU extends APDU {
+    public ListObjectsAPDU(byte seq)
     {
         setCLA((byte) 0xB0);
         setINS((byte) 0x58);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/ListPins.java b/base/common/src/org/dogtagpki/tps/apdu/ListPinsAPDU.java
index 7ced5a21a..e9a5f49bf 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/ListPins.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/ListPinsAPDU.java
@@ -23,11 +23,11 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class ListPins extends APDU {
+public class ListPinsAPDU extends APDU {
 
     private byte ret_size = 0;
 
-    public ListPins(byte theRet_size)
+    public ListPinsAPDU(byte theRet_size)
     {
         setCLA((byte) 0xB0);
         setINS((byte) 0x48);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/LoadFile.java b/base/common/src/org/dogtagpki/tps/apdu/LoadFileAPDU.java
index 2b3f7e3f9..23e948c77 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/LoadFile.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/LoadFileAPDU.java
@@ -22,11 +22,11 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class LoadFile extends APDU {
+public class LoadFileAPDU extends APDU {
     /**
      * Constructs Load File APDU.
      */
-    public LoadFile(byte refControl, byte blockNum, TPSBuffer theData)
+    public LoadFileAPDU(byte refControl, byte blockNum, TPSBuffer theData)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0xE8);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/PutKey.java b/base/common/src/org/dogtagpki/tps/apdu/PutKeyAPDU.java
index 3d6f2a022..6a939e7ba 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/PutKey.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/PutKeyAPDU.java
@@ -22,11 +22,11 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class PutKey extends APDU {
+public class PutKeyAPDU extends APDU {
     /**
      * Constructs Put Key APDU.
      */
-    public PutKey(byte p1, byte p2, TPSBuffer theData)
+    public PutKeyAPDU(byte p1, byte p2, TPSBuffer theData)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0xd8);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/ReadBuffer.java b/base/common/src/org/dogtagpki/tps/apdu/ReadBufferAPDU.java
index 7e1ab00c5..7c8159bf4 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/ReadBuffer.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/ReadBufferAPDU.java
@@ -22,11 +22,11 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class ReadBuffer extends APDU {
+public class ReadBufferAPDU extends APDU {
     /**
      * Constructs Read Buffer APDU.
      */
-    public ReadBuffer(int len, int offset)
+    public ReadBufferAPDU(int len, int offset)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0x08);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/ReadObject.java b/base/common/src/org/dogtagpki/tps/apdu/ReadObjectAPDU.java
index b78098305..f013a82aa 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/ReadObject.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/ReadObjectAPDU.java
@@ -22,7 +22,7 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class ReadObject extends APDU {
+public class ReadObjectAPDU extends APDU {
     /**
      * Constructs Read Object APDU.
      *
@@ -52,7 +52,7 @@ public class ReadObject extends APDU {
      * @see APDU
      */
 
-    public ReadObject(byte[] object_id, int offset, int len)
+    public ReadObjectAPDU(byte[] object_id, int offset, int len)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0x56);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/Select.java b/base/common/src/org/dogtagpki/tps/apdu/SelectAPDU.java
index f01c00147..d0b492590 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/Select.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/SelectAPDU.java
@@ -22,8 +22,8 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class Select extends APDU {
-    public Select(byte p1, byte p2, TPSBuffer theData)
+public class SelectAPDU extends APDU {
+    public SelectAPDU(byte p1, byte p2, TPSBuffer theData)
     {
         setCLA((byte) 0x00);
         setINS((byte) 0xa4);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/SetIssuerInfo.java b/base/common/src/org/dogtagpki/tps/apdu/SetIssuerInfoAPDU.java
index 316a0fd52..40ea1b1ac 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/SetIssuerInfo.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/SetIssuerInfoAPDU.java
@@ -22,7 +22,7 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class SetIssuerInfo extends APDU {
+public class SetIssuerInfoAPDU extends APDU {
     /**
      * Constructs SetIssuer APDU.
      *
@@ -45,7 +45,7 @@ public class SetIssuerInfo extends APDU {
      * @param data issuer info
      * @see APDU
      */
-    public SetIssuerInfo(byte p1, byte p2, TPSBuffer theData)
+    public SetIssuerInfoAPDU(byte p1, byte p2, TPSBuffer theData)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0xF4);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/SetPin.java b/base/common/src/org/dogtagpki/tps/apdu/SetPinAPDU.java
index 8911c40dd..ddf46cd27 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/SetPin.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/SetPinAPDU.java
@@ -22,7 +22,7 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class SetPin extends APDU {
+public class SetPinAPDU extends APDU {
     /**
      * Constructs SetPin APDU.
      *
@@ -45,7 +45,7 @@ public class SetPin extends APDU {
      * @param data pin
      * @see APDU
      */
-    public SetPin(byte p1, byte p2, TPSBuffer theData)
+    public SetPinAPDU(byte p1, byte p2, TPSBuffer theData)
     {
         setCLA((byte) 0x84);
         setINS((byte) 0x04);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/UnblockPin.java b/base/common/src/org/dogtagpki/tps/apdu/UnblockPinAPDU.java
index 620698c00..ae2486fa5 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/UnblockPin.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/UnblockPinAPDU.java
@@ -20,11 +20,11 @@
  */
 package org.dogtagpki.tps.apdu;
 
-public class UnblockPin extends APDU {
+public class UnblockPinAPDU extends APDU {
     /**
      * Constructs Unblock Pin APDU.
      */
-    public UnblockPin()
+    public UnblockPinAPDU()
     {
         setCLA((byte) 0x84);
         setINS((byte) 0x02);
diff --git a/base/common/src/org/dogtagpki/tps/apdu/WriteObject.java b/base/common/src/org/dogtagpki/tps/apdu/WriteObjectAPDU.java
index bf64949ae..e8e4d63fa 100644
--- a/base/common/src/org/dogtagpki/tps/apdu/WriteObject.java
+++ b/base/common/src/org/dogtagpki/tps/apdu/WriteObjectAPDU.java
@@ -22,7 +22,7 @@ package org.dogtagpki.tps.apdu;
 
 import org.dogtagpki.tps.main.TPSBuffer;
 
-public class WriteObject extends APDU {
+public class WriteObjectAPDU extends APDU {
     /**
      * Constructs Write Buffer APDU. This APDU is usually sent right after
      * the Create_Object_APDU is sent. This APDU writes the actual object
@@ -60,7 +60,7 @@ public class WriteObject extends APDU {
      * @param data
      * @see APDU
      */
-    public WriteObject(byte[] object_id, int offset, TPSBuffer data)
+    public WriteObjectAPDU(byte[] object_id, int offset, TPSBuffer data)
     {
         if (object_id.length != 4) {
             return;
diff --git a/base/common/src/org/dogtagpki/tps/main/TPSBuffer.java b/base/common/src/org/dogtagpki/tps/main/TPSBuffer.java
index 1df8716fc..03ec46092 100644
--- a/base/common/src/org/dogtagpki/tps/main/TPSBuffer.java
+++ b/base/common/src/org/dogtagpki/tps/main/TPSBuffer.java
@@ -95,13 +95,20 @@ public class TPSBuffer {
     }
 
     public byte at(int i) {
-        if (i < 0 || i > size()) {
+        if (i < 0 || i >= size()) {
             return 0x0;
         }
 
         return buf[i];
     }
 
+    public void setAt(int i, byte value) {
+        if (i < 0 || i >= size())
+            return;
+
+        buf[i] = value;
+    }
+
     /**
      * Returns true if the two buffers are the same length and contain
      * the same byte at each offset.
@@ -126,6 +133,13 @@ public class TPSBuffer {
         addBytes(addBytes);
     }
 
+    public void set(TPSBuffer newContents) {
+        if (newContents == null)
+            return;
+
+        buf = newContents.toBytesArray();
+    }
+
     /**
      * Append operators.
      */
@@ -233,6 +247,7 @@ public class TPSBuffer {
 
             result.append(HEX_DIGITS.charAt((c & 0xF0) >> 4));
             result.append(HEX_DIGITS.charAt(c & 0x0F));
+            result.append("%");
 
         }
 
diff --git a/base/common/src/org/dogtagpki/tps/main/Util.java b/base/common/src/org/dogtagpki/tps/main/Util.java
index aba6c6e1d..bef425215 100644
--- a/base/common/src/org/dogtagpki/tps/main/Util.java
+++ b/base/common/src/org/dogtagpki/tps/main/Util.java
@@ -23,23 +23,30 @@ package org.dogtagpki.tps.main;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
+import java.security.spec.AlgorithmParameterSpec;
 
-import com.netscape.cmsutil.util.Utils;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.Cipher;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.EncryptionAlgorithm;
+import org.mozilla.jss.crypto.IVParameterSpec;
+import org.mozilla.jss.pkcs11.PK11SymKey;
 
+import com.netscape.certsrv.base.EBaseException;
+import com.netscape.cmsutil.util.Utils;
 
 public class Util {
 
     public Util() {
     }
 
-    public static byte[]  str2ByteArray (String s)  {
+    public static byte[] str2ByteArray(String s) {
         int len = s.length() / 2;
 
+        byte[] ret = new byte[len];
 
-        byte[]  ret = new byte[len];
-
-        for (int i = 0; i < len; i ++) {
-               ret[i] =  (byte) ((byte) Util.hexToBin(s.charAt(i*2)) * 16 +  Util.hexToBin(s.charAt(i*2+1)));
+        for (int i = 0; i < len; i++) {
+            ret[i] = (byte) ((byte) Util.hexToBin(s.charAt(i * 2)) * 16 + Util.hexToBin(s.charAt(i * 2 + 1)));
         }
 
         return ret;
@@ -127,13 +134,152 @@ public class Util {
         return result.toString();
     }
 
+    public static String specialURLEncode(TPSBuffer data) {
+        return specialURLEncode(data.toBytesArray());
+    }
+
+    public static String specialURLEncode(byte data[]) {
+        StringBuffer sb = new StringBuffer();
+        for (int i = 0; i < data.length; i++) {
+            sb.append("#");
+            if ((data[i] & 0xff) < 16) {
+                sb.append("0");
+            }
+            sb.append(Integer.toHexString((data[i] & 0xff)));
+        }
+
+        return sb.toString().toUpperCase();
+    }
+
     public static String specialEncode(TPSBuffer data) {
         return Utils.SpecialEncode(data.toBytesArray());
     }
 
+
+    public static TPSBuffer computeMAC(PK11SymKey symKey, TPSBuffer input, TPSBuffer icv) throws EBaseException {
+        TPSBuffer output = null;
+        TPSBuffer result = null;
+
+        int inputLen = input.size();
+
+        if (symKey == null || input == null || icv == null || icv.size() != 8) {
+            throw new EBaseException("Util.computeMAC: invalid input data!");
+        }
+
+        TPSBuffer macPad = new TPSBuffer(8);
+        macPad.setAt(0, (byte) 0x80);
+
+        CryptoToken token = null;
+
+        try {
+
+            token = CryptoManager.getInstance().getInternalKeyStorageToken();
+
+            Cipher cipher = token.getCipherContext(EncryptionAlgorithm.DES3_ECB);
+            result = new TPSBuffer(icv);
+
+            /* Process whole blocks */
+            int inputOffset = 0;
+            while (inputLen >= 8)
+            {
+                for (int i = 0; i < 8; i++)
+                {
+                    //Xor implicitly converts bytes to ints, we convert answer back to byte.
+                    byte a = (byte) (result.at(i) ^ input.at(inputOffset + i));
+                    result.setAt(i, a);
+                }
+                cipher.initEncrypt(symKey);
+                byte[] ciphResult = cipher.doFinal(result.toBytesArray());
+
+                if (ciphResult.length != result.size()) {
+                    throw new EBaseException("Invalid cipher in Util.computeMAC");
+                }
+
+                result = new TPSBuffer(ciphResult);
+
+                inputLen -= 8;
+                inputOffset += 8;
+            }
+
+            /*
+             * Fold in remaining data (if any)
+             * Set i to number of bytes processed
+             */
+            int i = 0;
+            for (i = 0; i < inputLen; i++)
+            {
+                byte a = (byte) (result.at(i) ^ input.at(i + inputOffset));
+                result.setAt(i, a);
+            }
+
+            /*
+             * Fill remainder of last block. There
+             * will be at least one byte handled here.
+             */
+
+            //Start at the beginning of macPad
+            // Keep going with i in result where we left off.
+            int padOffset = 0;
+            while (i < 8)
+            {
+                byte a = (byte) (result.at(i) ^ macPad.at(padOffset++));
+                result.setAt(i, a);
+                i++;
+            }
+
+            cipher.initEncrypt(symKey);
+            byte[] ciphResultFinal = cipher.doFinal(result.toBytesArray());
+
+            if (ciphResultFinal.length != result.size()) {
+                throw new EBaseException("Invalid cipher in Util.computeMAC");
+            }
+
+            output = new TPSBuffer(ciphResultFinal);
+
+        } catch (Exception e) {
+            throw new EBaseException("Util.computeMAC: Cryptographic problem encountered! " + e.toString());
+        }
+
+        return output;
+    }
+
     public static TPSBuffer specialDecode(String str) {
-        byte[] data = Utils.SpecialDecode(str);
+        byte[] data = uriDecodeFromHex(str);
         TPSBuffer tbuf = new TPSBuffer(data);
         return tbuf;
     }
+
+    public static TPSBuffer encryptData(TPSBuffer dataToEnc, PK11SymKey encKey) throws EBaseException {
+
+        TPSBuffer encrypted = null;
+        if (encKey == null || dataToEnc == null) {
+            throw new EBaseException("Util.encryptData: called with no sym key or no data!");
+        }
+
+        CryptoToken token = null;
+        try {
+
+            token = CryptoManager.getInstance().getInternalKeyStorageToken();
+            Cipher cipher = token.getCipherContext(EncryptionAlgorithm.DES3_CBC);
+
+            AlgorithmParameterSpec algSpec = null;
+
+            int len = EncryptionAlgorithm.DES3_CBC.getIVLength();
+            byte[] iv = new byte[len]; // Assume iv set to 0's as in current TPS
+
+            algSpec = new IVParameterSpec(iv);
+            cipher.initEncrypt(encKey, algSpec);
+
+            byte[] encryptedBytes = cipher.doFinal(dataToEnc.toBytesArray());
+
+            encrypted = new TPSBuffer(encryptedBytes);
+
+        } catch (Exception e) {
+            throw new EBaseException("Util.encryptData: problem encrypting data: " + e.toString());
+        }
+
+        return encrypted;
+
+    }
+
 }
diff --git a/base/common/src/org/dogtagpki/tps/msg/TokenPDURequest.java b/base/common/src/org/dogtagpki/tps/msg/TokenPDURequest.java
index 433338bc5..e27f98416 100644
--- a/base/common/src/org/dogtagpki/tps/msg/TokenPDURequest.java
+++ b/base/common/src/org/dogtagpki/tps/msg/TokenPDURequest.java
@@ -18,7 +18,7 @@
 package org.dogtagpki.tps.msg;
 
 import org.dogtagpki.tps.apdu.APDU;
-import org.dogtagpki.tps.apdu.Select;
+import org.dogtagpki.tps.apdu.SelectAPDU;
 import org.dogtagpki.tps.main.TPSBuffer;
 import org.dogtagpki.tps.main.Util;
 
@@ -44,13 +44,13 @@ public class TokenPDURequest extends TPSMessage {
 
     public static void main(String[] args) {
 
-        Select apdu = null;
+        SelectAPDU apdu = null;
 
         byte[] select_aid = { (byte) 0xa0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0 };
 
         TPSBuffer select = new TPSBuffer(select_aid);
 
-        apdu = new Select((byte) 0x4, (byte) 0x0, select);
+        apdu = new SelectAPDU((byte) 0x4, (byte) 0x0, select);
 
         TokenPDURequest request = new TokenPDURequest(apdu);