/*
* Commons eID Project.
* Copyright (C) 2008-2013 FedICT.
* Copyright (C) 2014-2015 e-Contract.be BVBA.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License version
* 3.0 as published by the Free Software Foundation.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, see
* http://www.gnu.org/licenses/.
*/
package test.integ.be.fedict.commons.eid.client;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import java.io.ByteArrayInputStream;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Test;
import be.fedict.commons.eid.client.BeIDCard;
import be.fedict.commons.eid.client.BeIDCards;
import be.fedict.commons.eid.client.BeIDCardsException;
import be.fedict.commons.eid.client.FileType;
import be.fedict.commons.eid.client.event.BeIDCardListener;
import be.fedict.commons.eid.client.impl.BeIDDigest;
import be.fedict.commons.eid.consumer.Address;
import be.fedict.commons.eid.consumer.BeIDIntegrity;
import be.fedict.commons.eid.consumer.CardData;
import be.fedict.commons.eid.consumer.Identity;
import be.fedict.commons.eid.consumer.tlv.ByteArrayParser;
import org.bouncycastle.util.encoders.Hex;
public class BeIDCardTest {
protected static final Log LOG = LogFactory.getLog(BeIDCardTest.class);
protected BeIDCards beIDCards;
@Test
public void testReadFiles() throws Exception {
final BeIDCard beIDCard = getBeIDCard();
beIDCard.addCardListener(new TestBeIDCardListener());
LOG.debug("reading identity file");
final byte[] identityFile = beIDCard.readFile(FileType.Identity);
LOG.debug("reading identity signature file");
final byte[] identitySignatureFile = beIDCard
.readFile(FileType.IdentitySignature);
LOG.debug("reading RRN certificate file");
final byte[] rrnCertificateFile = beIDCard
.readFile(FileType.RRNCertificate);
LOG.debug("reading auth certificate file");
beIDCard.readFile(FileType.AuthentificationCertificate);
LOG.debug("reading sign certificate file");
beIDCard.readFile(FileType.NonRepudiationCertificate);
LOG.debug("reading root certificate file");
beIDCard.readFile(FileType.RootCertificate);
LOG.debug("reading CA certificate file");
beIDCard.readFile(FileType.CACertificate);
LOG.debug("reading Photo file");
final byte[] photoFile = beIDCard.readFile(FileType.Photo);
final CertificateFactory certificateFactory = CertificateFactory
.getInstance("X.509");
final X509Certificate rrnCertificate = (X509Certificate) certificateFactory
.generateCertificate(new ByteArrayInputStream(
rrnCertificateFile));
beIDCard.close();
final BeIDIntegrity beIDIntegrity = new BeIDIntegrity();
final Identity identity = beIDIntegrity.getVerifiedIdentity(
identityFile, identitySignatureFile, photoFile, rrnCertificate);
assertNotNull(identity);
assertNotNull(identity.getNationalNumber());
}
@Test
public void testAddressFileValidation() throws Exception {
final BeIDCard beIDCard = getBeIDCard();
beIDCard.addCardListener(new TestBeIDCardListener());
LOG.debug("reading address file");
final byte[] addressFile = beIDCard.readFile(FileType.Address);
LOG.debug("reading address signature file");
final byte[] addressSignatureFile = beIDCard
.readFile(FileType.AddressSignature);
LOG.debug("reading identity signature file");
final byte[] identitySignatureFile = beIDCard
.readFile(FileType.IdentitySignature);
LOG.debug("reading RRN certificate file");
final byte[] rrnCertificateFile = beIDCard
.readFile(FileType.RRNCertificate);
final CertificateFactory certificateFactory = CertificateFactory
.getInstance("X.509");
final X509Certificate rrnCertificate = (X509Certificate) certificateFactory
.generateCertificate(new ByteArrayInputStream(
rrnCertificateFile));
beIDCard.close();
final BeIDIntegrity beIDIntegrity = new BeIDIntegrity();
final Address address = beIDIntegrity.getVerifiedAddress(addressFile,
identitySignatureFile, addressSignatureFile, rrnCertificate);
assertNotNull(address);
assertNotNull(address.getMunicipality());
}
@Test
public void testAuthnSignature() throws Exception {
final BeIDCard beIDCard = getBeIDCard();
final byte[] toBeSigned = new byte[10];
final SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(toBeSigned);
final X509Certificate authnCertificate = beIDCard
.getAuthenticationCertificate();
byte[] signatureValue;
try {
signatureValue = beIDCard.signAuthn(toBeSigned, false);
} finally {
beIDCard.close();
}
final BeIDIntegrity beIDIntegrity = new BeIDIntegrity();
final boolean result = beIDIntegrity.verifyAuthnSignature(toBeSigned,
signatureValue, authnCertificate);
assertTrue(result);
}
@Test
public void testRRNCertificate() throws Exception {
final BeIDCard beIDCard = getBeIDCard();
final X509Certificate rrnCertificate = beIDCard.getRRNCertificate();
assertNotNull(rrnCertificate);
LOG.debug("RRN certificate: " + rrnCertificate);
}
@Test
public void testGetCardData() throws Exception {
final BeIDCard beIDCard = getBeIDCard();
final byte[] cardDataFile = beIDCard.getCardData();
assertNotNull(cardDataFile);
LOG.debug("card data file size: " + cardDataFile.length);
LOG.debug("card data file: " + Hex.toHexString(cardDataFile));
CardData cardData = ByteArrayParser.parse(cardDataFile, CardData.class);
LOG.debug("PKCS#1 1.5 supported: "
+ cardData.isRSASSAPKCS115Supported());
LOG.debug("PSS supported: " + cardData.isRSASSAPSSSupported());
LOG.debug("PKCS#1 support: "
+ Integer.toHexString(cardData.getPkcs1Support()));
}
@Test
public void testPSSSignature() throws Exception {
final BeIDCard beIDCard = getBeIDCard();
final byte[] toBeSigned = new byte[10];
final SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(toBeSigned);
final X509Certificate authnCertificate = beIDCard
.getAuthenticationCertificate();
final MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
final byte[] digestValue = messageDigest.digest(toBeSigned);
byte[] signatureValue;
try {
signatureValue = beIDCard.sign(digestValue, BeIDDigest.SHA_1_PSS,
FileType.AuthentificationCertificate, false);
} finally {
beIDCard.close();
}
Security.addProvider(new BouncyCastleProvider());
final BeIDIntegrity beIDIntegrity = new BeIDIntegrity();
final boolean result = beIDIntegrity.verifySignature(
"SHA1withRSAandMGF1", signatureValue,
authnCertificate.getPublicKey(), toBeSigned);
assertTrue(result);
}
@Test
public void testPSSSignatureSHA256() throws Exception {
final BeIDCard beIDCard = getBeIDCard();
final byte[] toBeSigned = new byte[10];
final SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(toBeSigned);
final X509Certificate authnCertificate = beIDCard
.getAuthenticationCertificate();
final MessageDigest messageDigest = MessageDigest
.getInstance("SHA-256");
final byte[] digestValue = messageDigest.digest(toBeSigned);
byte[] signatureValue;
try {
signatureValue = beIDCard.sign(digestValue, BeIDDigest.SHA_256_PSS,
FileType.AuthentificationCertificate, false);
} finally {
beIDCard.close();
}
Security.addProvider(new BouncyCastleProvider());
final BeIDIntegrity beIDIntegrity = new BeIDIntegrity();
final boolean result = beIDIntegrity.verifySignature(
"SHA256withRSAandMGF1", signatureValue,
authnCertificate.getPublicKey(), toBeSigned);
assertTrue(result);
}
@Test
public void testChangePIN() throws Exception {
final BeIDCard beIDCard = getBeIDCard();
try {
beIDCard.changePin(false);
} finally {
beIDCard.close();
}
}
@Test
public void testUnblockPIN() throws Exception {
BeIDCard beIDCard = getBeIDCard();
try {
beIDCard.unblockPin(false);
} finally {
beIDCard.close();
}
}
@Test
public void testNonRepSignature() throws Exception {
final byte[] toBeSigned = new byte[10];
final SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(toBeSigned);
final MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
final byte[] digestValue = messageDigest.digest(toBeSigned);
final BeIDCard beIDCard = getBeIDCard();
X509Certificate signingCertificate;
byte[] signatureValue;
try {
signatureValue = beIDCard.sign(digestValue, BeIDDigest.SHA_1,
FileType.NonRepudiationCertificate, false);
assertNotNull(signatureValue);
signingCertificate = beIDCard.getSigningCertificate();
} finally {
beIDCard.close();
}
final BeIDIntegrity beIDIntegrity = new BeIDIntegrity();
final boolean result = beIDIntegrity.verifyNonRepSignature(digestValue,
signatureValue, signingCertificate);
assertTrue(result);
}
protected BeIDCard getBeIDCard() {
this.beIDCards = new BeIDCards(new TestLogger());
BeIDCard beIDCard = null;
try {
beIDCard = this.beIDCards.getOneBeIDCard();
assertNotNull(beIDCard);
beIDCard.addCardListener(new BeIDCardListener() {
@Override
public void notifyReadProgress(final FileType fileType,
final int offset, final int estimatedMaxSize) {
LOG.debug("read progress of " + fileType.name() + ":"
+ offset + " of " + estimatedMaxSize);
}
@Override
public void notifySigningBegin(final FileType keyType) {
LOG.debug("signing with "
+ (keyType == FileType.AuthentificationCertificate
? "authentication"
: "non-repudiation") + " key has begun");
}
@Override
public void notifySigningEnd(final FileType keyType) {
LOG.debug("signing with "
+ (keyType == FileType.AuthentificationCertificate
? "authentication"
: "non-repudiation") + " key has ended");
}
});
} catch (final BeIDCardsException bcex) {
System.err.println(bcex.getMessage());
}
return beIDCard;
}
}