MOPPAND-1569: Add new CosmoX ID-card chip support.

Author: ambrose40

id-card-lib/src/main/java/ee/ria/DigiDoc/idcard/ID1.java

@@ -2,28 +2,27 @@
 
 import static com.google.common.primitives.Bytes.concat;
 
-import android.util.Pair;
 import android.util.SparseArray;
 
-import com.google.common.base.Charsets;
 import com.google.common.primitives.Bytes;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;
 
 import ee.ria.DigiDoc.smartcardreader.ApduResponseException;
 import ee.ria.DigiDoc.smartcardreader.SmartCardReader;
 import ee.ria.DigiDoc.smartcardreader.SmartCardReaderException;
 
 class ID1 implements Token {
-
-    private static final Map<CertificateType, Pair<Byte, Byte>> CERT_MAP = new HashMap<>();
+    private static final Map<CertificateType, byte[]> CERT_MAP = new HashMap<>();
     static {
-        CERT_MAP.put(CertificateType.AUTHENTICATION, new Pair<>((byte) 0xF1, (byte) 0x01));
-        CERT_MAP.put(CertificateType.SIGNING, new Pair<>((byte) 0xF2, (byte) 0x1F));
+        CERT_MAP.put(CertificateType.AUTHENTICATION, new byte[] {(byte) 0xAD, (byte) 0xF1, 0x34, 0x01});
+        CERT_MAP.put(CertificateType.SIGNING, new byte[] {(byte) 0xAD, (byte) 0xF2, 0x34, (byte) 0x1F});
     }
 
     private static final Map<CodeType, Byte> PIN_MAP = new HashMap<>();
@@ -52,19 +51,18 @@ public PersonalData personalData() throws SmartCardReaderException {
         reader.transmit(0x00, 0xA4, 0x01, 0x0C, new byte[] {0x50, 0x00}, null);
         SparseArray<String> data = new SparseArray<>();
         for (int i = 1; i <= 8; i++) {
-            reader.transmit(0x00, 0xA4, 0x01, 0x0C, new byte[] {0x50, (byte) i}, null);
+            reader.transmit(0x00, 0xA4, 0x02, 0x0C, new byte[] {0x50, (byte) i}, null);
             byte[] record = reader.transmit(0x00, 0xB0, 0x00, 0x00, null, 0x00);
-            data.put(i, new String(record, Charsets.UTF_8).trim());
+            data.put(i, new String(record, StandardCharsets.UTF_8).trim());
         }
         return ID1PersonalDataParser.parse(data);
     }
 
     @Override
     public byte[] certificate(CertificateType type) throws SmartCardReaderException {
         selectMainAid();
-        reader.transmit(0x00, 0xA4, 0x00, 0x0C, null, null);
-        reader.transmit(0x00, 0xA4, 0x01, 0x0C, new byte[] {(byte) 0xAD, CERT_MAP.get(type).first}, null);
-        reader.transmit(0x00, 0xA4, 0x01, 0x0C, new byte[] {0x34, CERT_MAP.get(type).second}, null);
+        reader.transmit(0x00, 0xA4, 0x09, 0x0C, CERT_MAP.get(type), null);
+
         ByteArrayOutputStream stream = new ByteArrayOutputStream();
         while (true) {
             try {
@@ -89,65 +87,54 @@ public int codeRetryCounter(CodeType type) throws SmartCardReaderException {
         } else {
             selectMainAid();
         }
-        return reader.transmit(0x00, 0xCB, 0x3F, 0xFF, new byte[] {0x4D, 0x08, 0x70, 0x06, (byte) 0xBF, (byte) 0x81, PIN_MAP.get(type), 0x02, (byte) 0xA0, (byte) 0x80}, 0x00)[13];
+        return reader.transmit(0x00, 0xCB, 0x3F, 0xFF, new byte[] {0x4D, 0x08, 0x70, 0x06, (byte) 0xBF, (byte) 0x81, Objects.requireNonNull(PIN_MAP.get(type)), 0x02, (byte) 0xA0, (byte) 0x80}, 0x00)[13];
     }
 
     @Override
     public void changeCode(CodeType type, byte[] currentCode, byte[] newCode) throws SmartCardReaderException {
-        verifyCode(type, currentCode);
         if (type.equals(CodeType.PIN2)) {
             selectQSCDAid();
         } else {
             selectMainAid();
         }
-        reader.transmit(0x00, 0x24, 0x00, VERIFY_PIN_MAP.get(type), Bytes.concat(code(currentCode), code(newCode)), null);
+        verifyCode(type, currentCode);
+        reader.transmit(0x00, 0x24, 0x00, Objects.requireNonNull(VERIFY_PIN_MAP.get(type)), Bytes.concat(code(currentCode), code(newCode)), null);
     }
 
     @Override
     public void unblockAndChangeCode(byte[] pukCode, CodeType type, byte[] newCode) throws SmartCardReaderException {
         verifyCode(CodeType.PUK, pukCode);
-        // block code if not yet blocked
-        while (codeRetryCounter(type) != 0) {
-            try {
-                verifyCode(type, new byte[] {(byte) 0xFF});
-            } catch (CodeVerificationException ignored) {}
-        }
         if (type.equals(CodeType.PIN2)) {
             selectQSCDAid();
         }
-        reader.transmit(0x00, 0x2C, 0x02, VERIFY_PIN_MAP.get(type), code(newCode), null);
+        reader.transmit(0x00, 0x2C, 0x02, Objects.requireNonNull(VERIFY_PIN_MAP.get(type)), code(newCode), null);
     }
 
     @Override
-    public byte[] calculateSignature(byte[] pin2, byte[] hash, boolean ecc) throws SmartCardReaderException, IllegalStateException {
+    public byte[] calculateSignature(byte[] pin2, byte[] hash, boolean ecc) throws SmartCardReaderException {
+        selectQSCDAid();
         if (null != pin2 && pin2.length > 0) {
-        verifyCode(CodeType.PIN2, pin2);
+            verifyCode(CodeType.PIN2, pin2);
             Arrays.fill(pin2, (byte) 0);
         } else {
             throw new IllegalStateException("PIN2 is null or empty");
         }
-        selectQSCDAid();
         reader.transmit(0x00, 0x22, 0x41, 0xB6, new byte[] {(byte) 0x80, 0x04, (byte) 0xFF, 0x15, 0x08, 0x00, (byte) 0x84, 0x01, (byte) 0x9F}, null);
         return reader.transmit(0x00, 0x2A, 0x9E, 0x9A, padWithZeroes(hash), 0x00);
     }
 
     @Override
     public byte[] decrypt(byte[] pin1, byte[] data, boolean ecc) throws SmartCardReaderException {
+        selectOberthurAid();
         byte[] prefix = new byte[] {0x00};
         verifyCode(CodeType.PIN1, pin1);
-        selectOberthurAid();
         reader.transmit(0x00, 0x22, 0x41, 0xB8, new byte[] {(byte) 0x80, 0x04, (byte) 0xFF, 0x30, 0x04, 0x00, (byte) 0x84, 0x01, (byte) 0x81}, null);
         return reader.transmit(0x00, 0x2A, 0x80, 0x86, concat(prefix, data), 0x00);
     }
 
     private void verifyCode(CodeType type, byte[] code) throws SmartCardReaderException {
-        if (type.equals(CodeType.PIN2)) {
-            selectQSCDAid();
-        } else {
-            selectMainAid();
-        }
         try {
-            reader.transmit(0x00, 0x20, 0x00, VERIFY_PIN_MAP.get(type), code(code), null);
+            reader.transmit(0x00, 0x20, 0x00, Objects.requireNonNull(VERIFY_PIN_MAP.get(type)), code(code), null);
         } catch (ApduResponseException e) {
             if (e.sw1 == 0x63 || (e.sw1 == 0x69 && e.sw2 == (byte) 0x83)) {
                 throw new CodeVerificationException(type);

id-card-lib/src/main/java/ee/ria/DigiDoc/idcard/Token.java

@@ -19,14 +19,16 @@
 
 package ee.ria.DigiDoc.idcard;
 
+import android.util.Log;
+
 import org.bouncycastle.util.encoders.Hex;
 
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 
 import ee.ria.DigiDoc.smartcardreader.SmartCardReader;
 import ee.ria.DigiDoc.smartcardreader.SmartCardReaderException;
-
+import timber.log.Timber;
 /**
  * EstEID token interface.
  */
@@ -54,7 +56,6 @@ void changeCode(CodeType type, byte[] currentCode, byte[] newCode)
 
     /**
      * Unblock PIN1/PIN2 via PUK code and change it to a new value.
-     *
      * When PIN1/PIN2 is not blocked yet it will be blocked before unblocking.
      *
      * @param pukCode PUK code.
@@ -121,7 +122,10 @@ static Token create(SmartCardReader reader) throws SmartCardReaderException {
         if (atr == null) {
             throw new SmartCardReaderException("ATR cannot be null");
         }
-        if (Arrays.equals(Hex.decode("3bdb960080b1fe451f830012233f536549440f9000f1"), atr)) {
+        Timber.log(Log.DEBUG, "ATR: " + Hex.toHexString(atr));
+
+        if (Arrays.equals(Hex.decode("3bdb960080b1fe451f830012233f536549440f9000f1"), atr) ||
+                Arrays.equals(Hex.decode("3bdc960080b1fe451f830012233f54654944320f9000c3"), atr)) {
             return new ID1(reader);
         } else if (Arrays.equals(Hex.decode("3bfa1800008031fe45fe654944202f20504b4903"), atr) ||
                 Arrays.equals(Hex.decode("3bfe1800008031fe45803180664090a4162a00830f9000ef"), atr)
@@ -132,6 +136,10 @@ static Token create(SmartCardReader reader) throws SmartCardReaderException {
                 // TODO check for 3.0 card
         ) {
             return new EstEIDv3d4(reader);
+        /* TODO: Add Thales card
+        } else if (Arrays.equals(Hex.decode("3bff9600008031fe438031b85365494464b085051012233f1d"), atr)) {
+            return new Thales(reader);
+         */
         }
 
         throw new SmartCardReaderException("Unsupported card ATR: " + new String(Hex.encode(atr), StandardCharsets.UTF_8));