Commit 01097524 authored by garciay's avatar garciay
Browse files

Merge with C2C project

Add AcSecPrimitive/AcSecResponse support for CAM (DENM & GN to be done)
parent 964ca145
......@@ -60,4 +60,15 @@ public interface ITERequired {
* @return Value associated to the TA parameter
*/
Value getTaParameter(String param);
/**
* Logs the debug message.
*/
void logDebug(String debugMessage);
/**
* Logs the error message.
*/
void logError(String errorMessage);
}
......@@ -12,6 +12,7 @@ import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Observer;
import org.etsi.adapter.TERFactory;
import org.etsi.common.ITuple;
import org.etsi.common.Tuple;
import org.etsi.its.adapter.ports.IObservable;
......@@ -58,7 +59,7 @@ public class ComponentMgr{
public void addComponent(TriComponentId component) {
// Sanity check
if(component == null) {
System.err.println("Error: Trying to add null component");
TERFactory.getInstance().logError("Error: Trying to add null component");
return;
}
......@@ -81,11 +82,11 @@ public class ComponentMgr{
public void addPort(final String componentName, final TriPortId ttcnPort, final IPort port) {
// Sanity checks
if(componentName.isEmpty() || (ttcnPort == null) || (port == null)) {
System.err.println("Wrong parameters");
TERFactory.getInstance().logError("Wrong parameters");
return;
}
if(!mapCompNameToTriComp.containsKey(componentName)) {
System.err.println("Error: Trying to add port to unknown component");
TERFactory.getInstance().logError("Error: Trying to add port to unknown component");
return;
}
if(!mapTriPortToTuple.containsKey(componentName)) {
......@@ -110,7 +111,7 @@ public class ComponentMgr{
// Sanity checks
if(componentName == null || componentName.isEmpty()) {
System.err.println("Invalid component");
TERFactory.getInstance().logError("Invalid component");
return null;
}
......@@ -127,15 +128,15 @@ public class ComponentMgr{
// Sanity checks
if(componentName.isEmpty() || portName.isEmpty()) {
System.err.println("Wrong parameters");
TERFactory.getInstance().logError("Wrong parameters");
return null;
}
if(!mapCompNameToTriComp.containsKey(componentName)) {
System.err.println("Unknown component");
TERFactory.getInstance().logError("Unknown component");
return null;
}
if(!mapTriPortToTuple.containsKey(componentName)) {
System.err.println("No port list entry");
TERFactory.getInstance().logError("No port list entry");
return null;
}
......@@ -160,15 +161,15 @@ public class ComponentMgr{
// Sanity checks
if(componentName.isEmpty() || portName.isEmpty()) {
System.err.println("Wrong parameters");
TERFactory.getInstance().logError("Wrong parameters");
return null;
}
if(!mapCompNameToTriComp.containsKey(componentName)) {
System.err.println("Unknown component");
TERFactory.getInstance().logError("Unknown component");
return null;
}
if(!mapTriPortToTuple.containsKey(componentName)) {
System.err.println("No port list entry");
TERFactory.getInstance().logError("No port list entry");
return null;
}
......@@ -204,15 +205,15 @@ public class ComponentMgr{
// Sanity checks
if(componentName.isEmpty() || portName.isEmpty()) {
System.err.println("Wrong parameters");
TERFactory.getInstance().logError("Wrong parameters");
return;
}
if(!mapCompNameToTriComp.containsKey(componentName)) {
System.err.println("Unknown component");
TERFactory.getInstance().logError("Unknown component");
return;
}
if(!mapTriPortToTuple.containsKey(componentName)) {
System.err.println("No port list entry");
TERFactory.getInstance().logError("No port list entry");
return;
}
......
......@@ -48,7 +48,7 @@ public class Management implements IManagementTA, IManagementLayers {
/**
* Maximum time for getting Long position vector (in seconds)
*/
private static final int GET_LPV_TIMEOUT = 10;
private static final int GET_LPV_TIMEOUT = 10; //FIXME: Might be a parameter rather than a constant
/**
* Interval for polling the location table during GetLpv (in ms)
......@@ -353,6 +353,8 @@ public class Management implements IManagementTA, IManagementLayers {
// Ensure that management settings are reset
beaconHeader = null;
enqueueBeacon = null;
locTable.clear();
}
@Override
......
......@@ -49,7 +49,7 @@ public class PcapMultiplexer implements Runnable {
int r = Pcap.findAllDevs(alldevs, errbuf);
if (r == Pcap.NOT_OK || alldevs.isEmpty()) {
System.err.printf("Can't read list of devices, error is %s", errbuf.toString());
TERFactory.getInstance().logError("Can't read list of devices, error is %s" + errbuf.toString());
return;
}
......@@ -72,7 +72,7 @@ public class PcapMultiplexer implements Runnable {
}
device = alldevs.get(ifaceIndex);
System.out.println("Listening: " + device.getName());
// TERFactory.getInstance().logDebug("Listening: " + device.getName());
}
/**
......@@ -84,7 +84,7 @@ public class PcapMultiplexer implements Runnable {
}
public synchronized void register(Layer client, byte[] macAddress, short frameType) {
System.out.println(">>>PcapMultiplexer.registering: " + frameType);
// TERFactory.getInstance().logDebug(">>>PcapMultiplexer.registering: " + frameType);
if(clientsToMacs.isEmpty()) {
// Open interface
......@@ -94,7 +94,7 @@ public class PcapMultiplexer implements Runnable {
pcap = Pcap.openLive(device.getName(), snaplen, flags, timeout, errbuf);
if (pcap == null) {
System.err.printf("Error while opening device for capture: "
TERFactory.getInstance().logError("Error while opening device for capture: "
+ errbuf.toString());
return;
}
......@@ -103,7 +103,7 @@ public class PcapMultiplexer implements Runnable {
filter = "";
}
else {
System.out.println("Another Client !");
// TERFactory.getInstance().logDebug("Another Client !");
filter = filter + " and ";
}
......@@ -114,7 +114,7 @@ public class PcapMultiplexer implements Runnable {
}
filter = filter + "not ether src " + strMacAddress;
System.out.println("New filter: " + filter);
// TERFactory.getInstance().logDebug("New filter: " + filter);
// Apply filter
PcapBpfProgram bpfFilter = new PcapBpfProgram();
......@@ -122,7 +122,7 @@ public class PcapMultiplexer implements Runnable {
int netmask = 0;
int r = pcap.compile(bpfFilter, filter, optimize, netmask);
if (r != Pcap.OK) {
System.out.println("Filter error: " + pcap.getErr());
// TERFactory.getInstance().logDebug("Filter error: " + pcap.getErr());
}
pcap.setFilter(bpfFilter);
......
......@@ -11,7 +11,11 @@ import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.etsi.adapter.TERFactory;
import org.etsi.common.ByteHelper;
//import org.etsi.its.adapter.layers.ETSI;
import de.fraunhofer.sit.c2x.CryptoLib;
......@@ -21,6 +25,18 @@ public class SecurityHelper {
public static SecurityHelper getInstance() { return Instance; }
/**
* SSP value
* @see ETSI TS 103 097
*/
public static final String SEC_SSP = "SSP";
/**
* ITS-AID value
* @see ETSI TS 103 097
*/
public static final String SEC_ITS_AID = "ITS_AID";
/**
* Storage for received certificates
*/
......@@ -86,14 +102,14 @@ public class SecurityHelper {
return (long) Math.ceil(d / Byte.SIZE);
}
public byte[] checkSecuredProfileAndExtractPayload(final byte[] p_message, final int p_offset, final boolean p_enforceSecurityCheck, final int p_itsAidOther) {
System.out.println(">>> SecurityHelper.checkSecuredProfileAndExtractPayload: " + ByteHelper.byteArrayToString(p_message));
public byte[] checkSecuredProfileAndExtractPayload(final byte[] p_message, final int p_offset, final boolean p_enforceSecurityCheck, final int p_itsAidOther, Map<String, Object> lowerInfo) {
TERFactory.getInstance().logDebug(">>> SecurityHelper.checkSecuredProfileAndExtractPayload: " + ByteHelper.byteArrayToString(p_message));
ByteArrayInputStream decvalue = new ByteArrayInputStream(p_message, p_offset, p_message.length - p_offset);
// Check version
if (decvalue.read() != 2) {
System.err.println("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong version number");
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong version number");
if (p_enforceSecurityCheck) {
// Drop it
return null;
......@@ -101,12 +117,12 @@ public class SecurityHelper {
}
// Extract header fields length and header fields
long headerFieldsLength = tls2size(decvalue);
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: headerFieldsLength:" + headerFieldsLength);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: headerFieldsLength:" + headerFieldsLength);
byte[] headerFields = new byte[(int) headerFieldsLength];
decvalue.read(headerFields, 0, (int) headerFieldsLength);
ByteArrayOutputStream certificateKeys = new ByteArrayOutputStream();
if (!checkHeaderfields(headerFields, certificateKeys, p_enforceSecurityCheck, p_itsAidOther)) {
System.err.println("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Headerfields");
if (!checkHeaderfields(headerFields, certificateKeys, p_enforceSecurityCheck, p_itsAidOther, lowerInfo)) {
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Headerfields");
if (p_enforceSecurityCheck) {
// Drop it
return null;
......@@ -116,28 +132,28 @@ public class SecurityHelper {
byte[] keys = certificateKeys.toByteArray();
if ((keys[0] == 0x02) || (keys[0] == 0x03)) { // Key length = 32 bytes
aaSigningPublicKeyX = ByteHelper.extract(keys, 1, 32);
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
} else { // Key length = 64 bytes
aaSigningPublicKeyX = ByteHelper.extract(keys, 1, 32);
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
aaSigningPublicKeyY = ByteHelper.extract(keys, 33, 32);
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
aaSigningPublicKeyY = ByteHelper.extract(keys, 33, 32);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
}
// FIXME Add encryption support
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: headerFields:" + ByteHelper.byteArrayToString(headerFields));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: headerFields:" + ByteHelper.byteArrayToString(headerFields));
// Extract payload, decvalue is updated with the payload
if (decvalue.read() != 1) {
System.err.println("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Payload type");
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Payload type");
if (p_enforceSecurityCheck) {
// Drop it
return null;
}
}
long payloadLength = tls2size(decvalue);
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: payloadLength:" + payloadLength);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: payloadLength:" + payloadLength);
byte[] payload = new byte[(int) payloadLength];
decvalue.read(payload, 0, (int) payloadLength);
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: payload:" + ByteHelper.byteArrayToString(payload));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: payload:" + ByteHelper.byteArrayToString(payload));
if (p_enforceSecurityCheck) { // Extract Secure Trailer
long secureTrailerLength = tls2size(decvalue);
byte[] secureTrailer = new byte[(int) secureTrailerLength];
......@@ -145,39 +161,39 @@ public class SecurityHelper {
ByteArrayOutputStream signature = new ByteArrayOutputStream();
if (!extractMessageSignature(secureTrailer, signature)) {
// Drop it
System.err.println("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Signatures");
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Signatures");
return null;
}
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: signature:" + ByteHelper.byteArrayToString(signature.toByteArray()));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: signature:" + ByteHelper.byteArrayToString(signature.toByteArray()));
// Build signed data
byte[] toBeVerifiedData = ByteHelper.extract(
p_message,
p_offset,
p_message.length - (int)(p_offset + secureTrailerLength - 1 /* Exclude signature structure but keep signature type and signature length */)
);
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload:" + ByteHelper.byteArrayToString(toBeVerifiedData));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload:" + ByteHelper.byteArrayToString(toBeVerifiedData));
boolean result;
try {
if (aaSigningPublicKeyY == null) {
// FIXME FSCOM: Check how t verify compressed signature
return payload;
}
if (aaSigningPublicKeyY == null) {
// FIXME FSCOM: Check how t verify compressed signature
return payload;
}
result = CryptoLib.verifyWithEcdsaNistp256WithSha256(
toBeVerifiedData,
signature.toByteArray(),
aaSigningPublicKeyX,
aaSigningPublicKeyY
);
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: Verify signature: " + new Boolean(result));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: Verify signature: " + new Boolean(result));
if (!result) {
// Drop packet
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: toBeVerifiedData :" + ByteHelper.byteArrayToString(toBeVerifiedData));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: toBeVerifiedData :" + ByteHelper.byteArrayToString(toBeVerifiedData));
// Calculate Digest digest from the buffer toBeVerifiedData
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: Hash :" + ByteHelper.byteArrayToString(CryptoLib.hashWithSha256(toBeVerifiedData)));
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: signature :" + ByteHelper.byteArrayToString(signature.toByteArray()));
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
System.out.println("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyY:" + ByteHelper.byteArrayToString(aaSigningPublicKeyY));
System.err.println("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Invalid signature");
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: Hash :" + ByteHelper.byteArrayToString(CryptoLib.hashWithSha256(toBeVerifiedData)));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: signature :" + ByteHelper.byteArrayToString(signature.toByteArray()));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyY:" + ByteHelper.byteArrayToString(aaSigningPublicKeyY));
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Invalid signature");
return null;
}
......@@ -187,19 +203,19 @@ public class SecurityHelper {
}
// Drop packet
System.err.println("<<< SecurityHelper.checkSecuredProfileAndExtractPayload: dropped");
TERFactory.getInstance().logError("<<< SecurityHelper.checkSecuredProfileAndExtractPayload: dropped");
return null;
}
return payload;
}
public boolean checkHeaderfields(final byte[] p_headerfields, final ByteArrayOutputStream p_keys, final boolean p_enforceSecurityCheck, final int p_itsAidOther) {
System.out.println(">>> SecurityHelper.checkHeaderfields: " + ByteHelper.byteArrayToString(p_headerfields));
public boolean checkHeaderfields(final byte[] p_headerfields, final ByteArrayOutputStream p_keys, final boolean p_enforceSecurityCheck, final int p_itsAidOther, Map<String, Object> lowerInfo) {
TERFactory.getInstance().logDebug(">>> SecurityHelper.checkHeaderfields: " + ByteHelper.byteArrayToString(p_headerfields));
// Sanity check
if (p_headerfields.length == 0) {
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - Invalid header fields");
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Invalid header fields");
return false;
}
// Extract digest or certificate
......@@ -212,7 +228,7 @@ public class SecurityHelper {
(p_headerfields[signerInfoTypeIndex + 1] != 0x03) // SignerInfo Type: certificate chain (3)
)
) {
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - Certificate");
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Certificate");
if (p_enforceSecurityCheck) {
// Drop it
return false;
......@@ -222,19 +238,19 @@ public class SecurityHelper {
if (p_headerfields[signerInfoTypeIndex] == 0x02) { // SignerInfo Type: Certificate (2)
signerInfoTypeIndex += 1;
// Extract certificate because of it is an Other message profile
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, p_keys, p_enforceSecurityCheck);
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, p_keys, p_enforceSecurityCheck, lowerInfo);
if (certificate == null) {
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - Certificate not decoded");
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Certificate not decoded");
if (p_enforceSecurityCheck) {
// Drop it
return false;
}
}
System.out.println("SecurityHelper.checkHeaderfields: Certificate=" + ByteHelper.byteArrayToString(certificate));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate=" + ByteHelper.byteArrayToString(certificate));
// Add it in our map
Long lKey = ByteHelper.byteArrayToLong(calculateDigestFromCertificate(certificate));
if (!_neighborsCertificates.containsKey(lKey)) {
System.out.println("SecurityHelper.checkHeaderfields: Add keys for " + ByteHelper.byteArrayToString(calculateDigestFromCertificate(certificate)) + " / " + lKey);
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Add keys for " + ByteHelper.byteArrayToString(calculateDigestFromCertificate(certificate)) + " / " + lKey);
_neighborsCertificates.put(lKey, p_keys);
}
signerInfoTypeIndex += certificate.length;
......@@ -243,9 +259,9 @@ public class SecurityHelper {
byte[] hashedid8 = ByteHelper.extract(p_headerfields, signerInfoTypeIndex, Long.SIZE / Byte.SIZE);
signerInfoTypeIndex += (Long.SIZE / Byte.SIZE);
Long lKey = ByteHelper.byteArrayToLong(hashedid8);
System.out.println("SecurityHelper.checkHeaderfields: Certificate digest with SHA256=" + lKey + "/ " + ByteHelper.byteArrayToString(hashedid8));
if (!_neighborsCertificates.containsKey(lKey) || (_neighborsCertificates.get(lKey) == null)) {
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - Unknown HahedId8");
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate digest with SHA256=" + lKey + "/ " + ByteHelper.byteArrayToString(hashedid8));
if (!_neighborsCertificates.containsKey(lKey) || (_neighborsCertificates.get(lKey) == null)) { //FIXME as long as the cert chain is not complete, it should not be seen as error -> raise CR
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown HahedId8");
if (p_enforceSecurityCheck) {
// Drop it
return false;
......@@ -265,42 +281,42 @@ public class SecurityHelper {
signerInfoTypeIndex += 1;
ByteArrayInputStream ba = new ByteArrayInputStream(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex));
int certChainLength = (int) this.tls2size(ba);
System.out.println("SecurityHelper.checkHeaderfields: Certchain length = " + certChainLength);
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certchain length = " + certChainLength);
signerInfoTypeIndex += this.size2tls(certChainLength).length;
ByteArrayOutputStream keys;
do {
// Extract certificate because of it is an Other message profile
keys = new ByteArrayOutputStream();
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, keys, p_enforceSecurityCheck);
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, keys, p_enforceSecurityCheck, lowerInfo);
if (certificate == null) {
// Drop it
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - Failed to decode chain of certificate");
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Failed to decode chain of certificate");
return false;
}
System.out.println("SecurityHelper.checkHeaderfields: Certificate=" + ByteHelper.byteArrayToString(certificate));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate=" + ByteHelper.byteArrayToString(certificate));
// Add it in our map
Long lKey = ByteHelper.byteArrayToLong(calculateDigestFromCertificate(certificate));
if (!_neighborsCertificates.containsKey(lKey)) {
System.out.println("SecurityHelper.checkHeaderfields: Add keys for " + ByteHelper.byteArrayToString(calculateDigestFromCertificate(certificate)) + " / " + lKey);
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Add keys for " + ByteHelper.byteArrayToString(calculateDigestFromCertificate(certificate)) + " / " + lKey);
_neighborsCertificates.put(lKey, p_keys);
}
certChainLength -= certificate.length;
signerInfoTypeIndex += certificate.length;
System.out.println("SecurityHelper.checkHeaderfields: Extracted certificate = " + ByteHelper.byteArrayToString(certificate));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Extracted certificate = " + ByteHelper.byteArrayToString(certificate));
} while (certChainLength > 0);
}
// Check generation time
if (p_headerfields[signerInfoTypeIndex++] != 0x00) { // Header Field: Generation Time (0)
if (p_enforceSecurityCheck) {
// Drop it
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime not found");
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime not found");
return false;
}
}
long generationTime = ByteHelper.byteArrayToLong(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, Long.SIZE / Byte.SIZE));
System.out.println("SecurityHelper.checkHeaderfields: generationTime=" + generationTime);
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: generationTime=" + generationTime);
if (Math.abs(System.currentTimeMillis() - generationTime) < 1000) {
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime out of range");
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime out of range");
if (p_enforceSecurityCheck) {
// Drop it
return false;
......@@ -309,22 +325,22 @@ public class SecurityHelper {
signerInfoTypeIndex += (Long.SIZE / Byte.SIZE);
if (signerInfoTypeIndex < p_headerfields.length) {
System.out.println("SecurityHelper.checkHeaderfields: dump #1=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: dump #1=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
if (p_headerfields[signerInfoTypeIndex] == 0x03) { // Header Field: Generation Location (3)
signerInfoTypeIndex += 1;
byte[] lat = ByteHelper.extract(p_headerfields, signerInfoTypeIndex, 4);
signerInfoTypeIndex += 4;
System.out.println("SecurityHelper.checkHeaderfields: latitude=" + ByteHelper.byteArrayToString(lat));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: latitude=" + ByteHelper.byteArrayToString(lat));
byte[] lon = ByteHelper.extract(p_headerfields, signerInfoTypeIndex, 4);
signerInfoTypeIndex += 4;
System.out.println("SecurityHelper.checkHeaderfields: longitude=" + ByteHelper.byteArrayToString(lon));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: longitude=" + ByteHelper.byteArrayToString(lon));
byte[] ele = ByteHelper.extract(p_headerfields, signerInfoTypeIndex, 2);
signerInfoTypeIndex += 2;
System.out.println("SecurityHelper.checkHeaderfields: elevation=" + ByteHelper.byteArrayToString(ele));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: elevation=" + ByteHelper.byteArrayToString(ele));
}
}
if (signerInfoTypeIndex < p_headerfields.length) {
System.out.println("SecurityHelper.checkHeaderfields: dump #2=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: dump #2=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
if (p_headerfields[signerInfoTypeIndex] == 0x05) { // Header Field: Its AID (5)
signerInfoTypeIndex += 1;
// Check ItsAid
......@@ -332,40 +348,43 @@ public class SecurityHelper {
if (
(p_headerfields[signerInfoTypeIndex] != 0x24) && // CAM
(p_headerfields[signerInfoTypeIndex] != 0x25) && // DENM
// TODO Add MAPEM/SPATEM, IVIM & SREM/SSEM
(p_headerfields[signerInfoTypeIndex] != p_itsAidOther)
) {
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - Unknown ItsAid value");
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown ItsAid value");
if (p_enforceSecurityCheck) {
// Drop it
return false;
}
}
System.out.println("SecurityHelper.checkHeaderfields: ItsAid=" + p_headerfields[signerInfoTypeIndex]);
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: ItsAid=" + p_headerfields[signerInfoTypeIndex]);
lowerInfo.put(SecurityHelper.SEC_ITS_AID, ByteHelper.intToByteArray(p_headerfields[signerInfoTypeIndex], Integer.SIZE / Byte.SIZE));
signerInfoTypeIndex += 1;
} else {
// FIXME to be continued
}
}
}
if (signerInfoTypeIndex < p_headerfields.length) {
// TODO check other fields
System.out.println("SecurityHelper.checkHeaderfields: dump #3=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: dump #3=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
}
return true;
}
public byte[] decodeCertificate(final byte[] p_headerfields, final int p_offset, final ByteArrayOutputStream p_keys, final boolean p_enforceSecurityCheck) {
System.out.println(">>> SecurityHelper.decodeCertificate: " + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, p_offset, p_headerfields.length - p_offset)));
public byte[] decodeCertificate(final byte[] p_headerfields, final int p_offset, final ByteArrayOutputStream p_keys, final boolean p_enforceSecurityCheck, Map<String, Object> p_lowerInfo) {
TERFactory.getInstance().logDebug(">>> SecurityHelper.decodeCertificate: " + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, p_offset, p_headerfields.length - p_offset)));
ByteArrayInputStream headerfields = new ByteArrayInputStream(p_headerfields, p_offset, p_headerfields.length - p_offset);
System.out.println("SecurityHelper.decodeCertificate: headerfields length=" + headerfields.available());
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: headerfields length=" + headerfields.available());
ByteArrayOutputStream cert = new ByteArrayOutputStream(); // FIXME To be removed
try {
// Version
cert.write((byte)headerfields.read());
if (cert.toByteArray()[0] != 0x02) {
System.err.println("SecurityHelper.decodeCertificate: Wrong version number");
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Wrong version number");
if (p_enforceSecurityCheck) {
// Drop it
return null;
......@@ -378,7 +397,7 @@ public class SecurityHelper {
case 0x01:
byte[] digest = new byte[8];
headerfields.read(digest, 0, digest.length);
System.out.println("SecurityHelper.decodeCertificate: hashedid8=" + ByteHelper.byteArrayToString(digest));
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: hashedid8=" + ByteHelper.byteArrayToString(digest));
cert.write(digest);
break;
// FIXME To be continued
......@@ -389,7 +408,7 @@ public class SecurityHelper {
(subjectInfoType != 0x01) && // Subject Info: authorization ticket (1)
(subjectInfoType != 0x02) // Subject Info: authorization authority (2)
) {