SmartCardSignerCredential.java example

Explorer
irma_future_id-master
/****************************************************************************
 * Copyright (C) 2013 ecsec GmbH.
 * All rights reserved.
 * Contact: ecsec GmbH (info@ecsec.de)
 *
 * This file is part of the Open eCard App.
 *
 * GNU General Public License Usage
 * This file may be used under the terms of the GNU General Public
 * License version 3.0 as published by the Free Software Foundation
 * and appearing in the file LICENSE.GPL included in the packaging of
 * this file. Please review the following information to ensure the
 * GNU General Public License version 3.0 requirements will be met:
 * http://www.gnu.org/copyleft/gpl.html.
 *
 * Other Usage
 * Alternatively, this file may be used in accordance with the terms
 * and conditions contained in a signed written agreement between
 * you and ecsec GmbH.
 *
 ***************************************************************************/

package org.openecard.crypto.tls.auth;

import java.io.IOException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import javax.annotation.Nonnull;
import org.openecard.bouncycastle.crypto.tls.Certificate;
import org.openecard.bouncycastle.crypto.tls.TlsSignerCredentials;
import org.openecard.crypto.common.sal.CredentialPermissionDenied;
import org.openecard.crypto.common.sal.GenericCryptoSigner;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;


/**
 * Signing credential delegating all calls to a wrapped GenericCryptoSigner.
 *
 * @see GenericCryptoSigner
 * @author Tobias Wich <tobias.wich@ecsec.de>
 * @author Dirk Petrautzki <petrautzki@hs-coburg.de>
 */
public class SmartCardSignerCredential implements TlsSignerCredentials {

    private static final Logger logger = LoggerFactory.getLogger(SmartCardSignerCredential.class);

    private final GenericCryptoSigner signerImpl;
    private Certificate certificate = Certificate.EMPTY_CHAIN;

    public SmartCardSignerCredential(@Nonnull GenericCryptoSigner signerImpl) {
	this.signerImpl = signerImpl;
    }

    @Override
    public byte[] generateCertificateSignature(@Nonnull byte[] md5andsha1) throws IOException {
	// Note: this check is necessary to avoid the pin dialog when the certificate is
	//       Certificate.EMPTY_CHAIN
	if (! certificate.equals(Certificate.EMPTY_CHAIN)) {
	    try {
		return signerImpl.sign(md5andsha1);
	    } catch (SignatureException ex) {
		throw new IOException("Failed to create signature because of an unknown error.", ex);
	    } catch (CredentialPermissionDenied ex) {
		throw new IOException("Failed to create signature because of missing permissions.", ex);
	    }
	} else {
	    return new byte[]{};
	}
    }

    @Override
    public synchronized Certificate getCertificate() {
	if (certificate.equals(Certificate.EMPTY_CHAIN)) {
	    try {
		certificate = signerImpl.getBCCertificateChain();
	    } catch (IOException ex) {
		logger.error("Failed to read certificate due to an unknown error.", ex);
	    } catch (CredentialPermissionDenied ex) {
		logger.error("Failed to get certificate because of missing permissions.", ex);
	    } catch (CertificateException ex) {
		logger.error("Failed to deserialize certificate.", ex);
	    }
	}
	return certificate;
    }

}