diff options
Diffstat (limited to 'base')
10 files changed, 215 insertions, 7 deletions
diff --git a/base/common/src/org/dogtagpki/tps/apdu/APDU.java b/base/common/src/org/dogtagpki/tps/apdu/APDU.java index 86f07ee70..390252f54 100644 --- a/base/common/src/org/dogtagpki/tps/apdu/APDU.java +++ b/base/common/src/org/dogtagpki/tps/apdu/APDU.java @@ -56,7 +56,8 @@ public abstract class APDU { APDU_IMPORT_KEY_ENC, APDU_SET_ISSUERINFO, APDU_GET_ISSUERINFO, - APDU_GENERATE_KEY_ECC + APDU_GENERATE_KEY_ECC, + APDU_GET_LIFECYCLE } protected byte cla; diff --git a/base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java b/base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java new file mode 100644 index 000000000..6f55b0130 --- /dev/null +++ b/base/common/src/org/dogtagpki/tps/apdu/GetLifecycleAPDU.java @@ -0,0 +1,35 @@ +package org.dogtagpki.tps.apdu; + +import org.dogtagpki.tps.main.TPSBuffer; + + +public class GetLifecycleAPDU extends APDU { + public GetLifecycleAPDU() { + setCLA((byte) 0xB0); + setINS((byte) 0xf2); + setP1((byte) 0x0); + setP2((byte) 0x0); + } + + @Override + public Type getType() + { + return Type.APDU_GET_LIFECYCLE; + } + + @Override + public TPSBuffer getEncoding() + { + TPSBuffer encoding = new TPSBuffer(); + + encoding.add(cla); + encoding.add(ins); + encoding.add(p1); + encoding.add(p2); + encoding.add((byte) 0x01); + + return encoding; + } /* Encode */ + + +} diff --git a/base/tps-client/src/CMakeLists.txt b/base/tps-client/src/CMakeLists.txt index 28ca2e450..be5665f30 100644 --- a/base/tps-client/src/CMakeLists.txt +++ b/base/tps-client/src/CMakeLists.txt @@ -95,6 +95,7 @@ set(tps_library_SRCS apdu/Import_Key_APDU.cpp apdu/Import_Key_Enc_APDU.cpp apdu/APDU_Response.cpp + apdu/Get_Lifecycle_APDU.cpp msg/RA_Begin_Op_Msg.cpp msg/RA_End_Op_Msg.cpp msg/RA_Login_Request_Msg.cpp diff --git a/base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp b/base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp new file mode 100644 index 000000000..19035ee47 --- /dev/null +++ b/base/tps-client/src/apdu/Get_Lifecycle_APDU.cpp @@ -0,0 +1,41 @@ +#include <stdio.h> +#include "apdu/APDU.h" +#include "apdu/Get_Lifecycle_APDU.h" +#include "main/Memory.h" + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +/** + * Constructs Get Lifecycle APDU. + */ + +TPS_PUBLIC Get_Lifecycle_APDU::Get_Lifecycle_APDU () +{ + SetCLA(0xB0); + SetINS(0xF2); + SetP1(0x00); + SetP2(0x00); +} + +TPS_PUBLIC Get_Lifecycle_APDU::~Get_Lifecycle_APDU () +{ +} + +TPS_PUBLIC APDU_Type Get_Lifecycle_APDU::GetType() +{ + return APDU_GET_LIFECYCLE; +} + +TPS_PUBLIC void Get_Lifecycle_APDU::GetEncoding(Buffer &data){ + + data += Buffer(1, m_cla); + data += Buffer(1, m_ins); + data += Buffer(1, m_p1); + data += Buffer(1, m_p2); + data += Buffer(1, 0x01); + +} diff --git a/base/tps-client/src/include/apdu/APDU.h b/base/tps-client/src/include/apdu/APDU.h index cfb66ad19..e4b8b2a26 100644 --- a/base/tps-client/src/include/apdu/APDU.h +++ b/base/tps-client/src/include/apdu/APDU.h @@ -76,7 +76,8 @@ enum APDU_Type { APDU_IMPORT_KEY_ENC = 25, APDU_SET_ISSUERINFO = 26, APDU_GET_ISSUERINFO = 27, - APDU_GENERATE_KEY_ECC = 28 + APDU_GENERATE_KEY_ECC = 28, + APDU_GET_LIFECYCLE = 29 }; class APDU diff --git a/base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h b/base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h new file mode 100644 index 000000000..e8e1e9ad4 --- /dev/null +++ b/base/tps-client/src/include/apdu/Get_Lifecycle_APDU.h @@ -0,0 +1,58 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA + * + * Copyright (C) 2007 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + */ + +#ifndef GET_LIFECYCLE_APDU_H +#define GET_LIFECYCLE_APDU_H + +#ifdef HAVE_CONFIG_H +#ifndef AUTOTOOLS_CONFIG_H +#define AUTOTOOLS_CONFIG_H + +/* Eliminate warnings when using Autotools */ +#undef PACKAGE_BUGREPORT +#undef PACKAGE_NAME +#undef PACKAGE_STRING +#undef PACKAGE_TARNAME +#undef PACKAGE_VERSION + +#include <config.h> +#endif /* AUTOTOOLS_CONFIG_H */ +#endif /* HAVE_CONFIG_H */ + +#include "main/Base.h" +#include "apdu/APDU.h" + +#ifdef XP_WIN32 +#define TPS_PUBLIC __declspec(dllexport) +#else /* !XP_WIN32 */ +#define TPS_PUBLIC +#endif /* !XP_WIN32 */ + +class Get_Lifecycle_APDU : public APDU +{ + public: + TPS_PUBLIC Get_Lifecycle_APDU(); + TPS_PUBLIC ~Get_Lifecycle_APDU(); + TPS_PUBLIC APDU_Type GetType(); + TPS_PUBLIC void GetEncoding(Buffer &data); +}; + +#endif /* LIFECYCLE_APDU_H */ diff --git a/base/tps-client/tools/raclient/RA_Conn.cpp b/base/tps-client/tools/raclient/RA_Conn.cpp index 4686acb6b..6ca033f79 100644 --- a/base/tps-client/tools/raclient/RA_Conn.cpp +++ b/base/tps-client/tools/raclient/RA_Conn.cpp @@ -55,6 +55,7 @@ #include "apdu/Select_APDU.h" #include "apdu/Get_Version_APDU.h" #include "apdu/Put_Key_APDU.h" +#include "apdu/Get_Lifecycle_APDU.h" #include "msg/RA_Begin_Op_Msg.h" #include "msg/RA_End_Op_Msg.h" #include "msg/RA_Extended_Login_Request_Msg.h" @@ -932,6 +933,11 @@ RA_Conn::CreateAPDU (RA_Token * tok, Buffer & in_apdu_data, Buffer & mac) data = NULL; } } + else if (((BYTE *) apdu_data)[1] == 0xF2) + { + /* Get Lifecycle */ + apdu = new Get_Lifecycle_APDU(); + } else { /* error */ @@ -1055,7 +1061,13 @@ RA_Conn::ReadMsg (RA_Token * token) Buffer mac; APDU *apdu = CreateAPDU (token, *apdu_data, mac); - msg = new RA_Token_PDU_Request_Msg (apdu); + + if(apdu == NULL) { + msg = NULL; + } else { + msg = new RA_Token_PDU_Request_Msg (apdu); + } + if (apdu_data != NULL) { delete apdu_data; diff --git a/base/tps-client/tools/raclient/RA_Token.cpp b/base/tps-client/tools/raclient/RA_Token.cpp index ec8307366..2d347cb32 100644 --- a/base/tps-client/tools/raclient/RA_Token.cpp +++ b/base/tps-client/tools/raclient/RA_Token.cpp @@ -2526,7 +2526,9 @@ RA_Token::Process (APDU * apdu, NameValueSet * vars, NameValueSet * params) else { printf ("RA_Token: Unknown APDU (%d)\n", apdu->GetType ()); - /* error */ + + Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88); + resp = new APDU_Response (data); } return resp; } diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index af3e92e08..64cc571e3 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -100,6 +100,13 @@ public class TPSEnrollProcessor extends TPSProcessor { AppletInfo appletInfo = null; TokenRecord tokenRecord = null; + + byte lifecycleState = (byte) 0xf0; + int appletUpgraded = 0; + + + lifecycleState = getLifecycleState(); + try { appletInfo = getAppletInfo(); auditOpRequest("enroll", appletInfo, "success", null); @@ -353,7 +360,7 @@ public class TPSEnrollProcessor extends TPSProcessor { //We will skip the auth step inside of format format(true); } else { - checkAndUpgradeApplet(appletInfo); + appletUpgraded = checkAndUpgradeApplet(appletInfo); //Get new applet info appletInfo = getAppletInfo(); } @@ -542,7 +549,13 @@ public class TPSEnrollProcessor extends TPSProcessor { writeIssuerInfoToToken(channel, appletInfo); statusUpdate(99, "PROGRESS_SET_LIFECYCLE"); - channel.setLifeycleState((byte) 0x0f); + + if( lifecycleState != 0x0f || appletUpgraded == 1) { + CMS.debug(method + " Need to reset the lifecycle state. current state: " + lifecycleState + " Was applet upgraded: " + appletUpgraded ); + channel.setLifeycleState((byte) 0x0f); + } else { + CMS.debug(method + " No need to reset lifecycle state, it is already at the proper value."); + } //update the tokendb with new certs CMS.debug(method + " updating tokendb with certs."); diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index 2b42dc613..9530dd544 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -59,6 +59,7 @@ import org.dogtagpki.server.tps.mapping.FilterMappingParams; import org.dogtagpki.tps.apdu.APDU; import org.dogtagpki.tps.apdu.APDUResponse; import org.dogtagpki.tps.apdu.GetDataAPDU; +import org.dogtagpki.tps.apdu.GetLifecycleAPDU; import org.dogtagpki.tps.apdu.GetStatusAPDU; import org.dogtagpki.tps.apdu.GetVersionAPDU; import org.dogtagpki.tps.apdu.InitializeUpdateAPDU; @@ -388,6 +389,46 @@ public class TPSProcessor { } + protected byte getLifecycleState() { + + byte resultState = (byte) 0xf0; + + String method = "TPSProcessor.getLifecycleState:"; + CMS.debug(".getLifecycleState: "); + + GetLifecycleAPDU getLifecycle = new GetLifecycleAPDU(); + + try { + + selectCoolKeyApplet(); + + APDUResponse response = handleAPDURequest(getLifecycle); + + if (!response.checkResult()) { + return resultState; + } + + TPSBuffer result = response.getResultDataNoCode(); + + CMS.debug(method + " result size: " + result.size()); + + //Only one byte of data returned not including the 2 result bytes + + if (result.size() == 1) { + resultState = result.at(0); + + CMS.debug(method + " result: " + resultState); + } + + } catch (TPSException | IOException e) { + CMS.debug(method + " problem getting state: " + e); + } + + return resultState; + + } + + protected TPSBuffer encryptData(AppletInfo appletInfo, TPSBuffer keyInfo, TPSBuffer plaintextChallenge, String connId) throws TPSException { @@ -868,7 +909,7 @@ public class TPSProcessor { } - protected void checkAndUpgradeApplet(AppletInfo appletInfo) throws TPSException, IOException { + protected int checkAndUpgradeApplet(AppletInfo appletInfo) throws TPSException, IOException { CMS.debug("checkAndUpgradeApplet: entering.."); @@ -904,6 +945,7 @@ public class TPSProcessor { } + return upgraded; } protected void upgradeApplet(AppletInfo appletInfo, String operation, String new_version, @@ -2984,6 +3026,8 @@ public class TPSProcessor { } } + + protected boolean checkSymmetricKeysEnabled() throws TPSException { boolean result = true; |