Skip to content
GitLab
Commit 6d72b92f authored by garciay's avatar garciay
Browse files

Increase SSp size from Bit128 to Bit256

parent e16da27a
Hide whitespace changes
Inline Side-by-side
javasrc/adapter/org/etsi/its/adapter/Management.java
View file @ 6d72b92f
......@@ -68,7 +68,8 @@ public class Management implements IManagementTA, IManagementLayers {
/**
* Enforce secured mode status
*/
private static final String TsEnforceSecuredMode = ((CharstringValue)TERFactory.getInstance().getTaParameter("TsEnforceSecuredMode")).getString();
//private static String TsEnforceSecuredMode = ((CharstringValue)TERFactory.getInstance().getTaParameter("TsEnforceSecuredMode")).getString();
private static String TsEnforceSecuredMode = "false";
/**
* Secured root path to access certificates & private keys
......@@ -354,7 +355,12 @@ public class Management implements IManagementTA, IManagementLayers {
@Override
public void setSecuredMode(final byte[] securityData) {
certificateId = ByteHelper.byteArrayWithLengthToString(ByteHelper.concat(ByteHelper.intToByteArray(securityData.length, 4), securityData));
certificateId = ByteHelper.byteArrayWithLengthToString(ByteHelper.concat(ByteHelper.intToByteArray(securityData.length - 1, 4), securityData));
if (securityData[securityData.length - 1] == 0x01) {
TsEnforceSecuredMode = "true";
} else {
TsEnforceSecuredMode = "false";
}
setupSecuredMode();
}
......
javasrc/adapter/org/etsi/its/adapter/SecurityHelper.java
View file @ 6d72b92f
......@@ -103,7 +103,7 @@ public class SecurityHelper {
}
public byte[] checkSecuredProfileAndExtractPayload(final byte[] p_message, final int p_offset, final boolean p_enforceSecurityCheck, final int p_itsAidOther, Map<String, Object> lowerInfo) {
TERFactory.getInstance().logDebug(">>> SecurityHelper.checkSecuredProfileAndExtractPayload: " + ByteHelper.byteArrayToString(p_message));
//TERFactory.getInstance().logDebug(">>> SecurityHelper.checkSecuredProfileAndExtractPayload: " + ByteHelper.byteArrayToString(p_message));
ByteArrayInputStream decvalue = new ByteArrayInputStream(p_message, p_offset, p_message.length - p_offset);
......@@ -111,20 +111,20 @@ public class SecurityHelper {
if (decvalue.read() != 2) {
if (p_enforceSecurityCheck) {
// Drop it
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong version number");
//TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong version number");
return null;
}
}
// Extract header fields length and header fields
long headerFieldsLength = tls2size(decvalue);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: headerFieldsLength:" + headerFieldsLength);
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: headerFieldsLength:" + headerFieldsLength);
byte[] headerFields = new byte[(int) headerFieldsLength];
decvalue.read(headerFields, 0, (int) headerFieldsLength);
ByteArrayOutputStream certificateKeys = new ByteArrayOutputStream();
if (!checkHeaderfields(headerFields, certificateKeys, p_enforceSecurityCheck, p_itsAidOther, lowerInfo)) {
if (p_enforceSecurityCheck) {
// Drop it
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Headerfields");
//TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Headerfields");
return null;
}
}
......@@ -133,31 +133,31 @@ public class SecurityHelper {
byte[] keys = certificateKeys.toByteArray();
if ((keys[0] == 0x02) || (keys[0] == 0x03)) { // Key length = 32 bytes
aaSigningPublicKeyX = ByteHelper.extract(keys, 1, 32);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
} else { // Key length = 64 bytes
aaSigningPublicKeyX = ByteHelper.extract(keys, 1, 32);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
aaSigningPublicKeyY = ByteHelper.extract(keys, 33, 32);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
}
}
// FIXME Add encryption support
// if (p_enforceSecurityCheck) {
// }
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: headerFields:" + ByteHelper.byteArrayToString(headerFields));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: headerFields:" + ByteHelper.byteArrayToString(headerFields));
// Extract payload, decvalue is updated with the payload
if (decvalue.read() != 1) {
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Payload type");
//TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Payload type");
if (p_enforceSecurityCheck) {
// Drop it
return null;
}
}
long payloadLength = tls2size(decvalue);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: payloadLength:" + payloadLength);
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: payloadLength:" + payloadLength);
byte[] payload = new byte[(int) payloadLength];
decvalue.read(payload, 0, (int) payloadLength);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: payload:" + ByteHelper.byteArrayToString(payload));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: payload:" + ByteHelper.byteArrayToString(payload));
if (p_enforceSecurityCheck) { // Extract Secure Trailer
long secureTrailerLength = tls2size(decvalue);
byte[] secureTrailer = new byte[(int) secureTrailerLength];
......@@ -165,17 +165,17 @@ public class SecurityHelper {
ByteArrayOutputStream signature = new ByteArrayOutputStream();
if (!extractMessageSignature(secureTrailer, signature)) {
// Drop it
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Signatures");
//TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Wrong Signatures");
return null;
}
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: signature:" + ByteHelper.byteArrayToString(signature.toByteArray()));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: signature:" + ByteHelper.byteArrayToString(signature.toByteArray()));
// Build signed data
byte[] toBeVerifiedData = ByteHelper.extract(
p_message,
p_offset,
p_message.length - (int)(p_offset + secureTrailerLength - 1 /* Exclude signature structure but keep signature type and signature length */)
);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload:" + ByteHelper.byteArrayToString(toBeVerifiedData));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload:" + ByteHelper.byteArrayToString(toBeVerifiedData));
boolean result;
try {
if (aaSigningPublicKeyY == null) {
......@@ -188,16 +188,16 @@ public class SecurityHelper {
aaSigningPublicKeyX,
aaSigningPublicKeyY
);
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: Verify signature: " + new Boolean(result));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: Verify signature: " + new Boolean(result));
if (!result) {
// Drop packet
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: toBeVerifiedData :" + ByteHelper.byteArrayToString(toBeVerifiedData));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: toBeVerifiedData :" + ByteHelper.byteArrayToString(toBeVerifiedData));
// Calculate Digest digest from the buffer toBeVerifiedData
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: Hash :" + ByteHelper.byteArrayToString(CryptoLib.hashWithSha256(toBeVerifiedData)));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: signature :" + ByteHelper.byteArrayToString(signature.toByteArray()));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyY:" + ByteHelper.byteArrayToString(aaSigningPublicKeyY));
TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Invalid signature");
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: Hash :" + ByteHelper.byteArrayToString(CryptoLib.hashWithSha256(toBeVerifiedData)));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: signature :" + ByteHelper.byteArrayToString(signature.toByteArray()));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyX:" + ByteHelper.byteArrayToString(aaSigningPublicKeyX));
//TERFactory.getInstance().logDebug("SecurityHelper.checkSecuredProfileAndExtractPayload: aaSigningPublicKeyY:" + ByteHelper.byteArrayToString(aaSigningPublicKeyY));
//TERFactory.getInstance().logError("SecurityHelper.checkSecuredProfileAndExtractPayload: Drop packet - Invalid signature");
return null;
}
......@@ -207,7 +207,7 @@ public class SecurityHelper {
}
// Drop packet
TERFactory.getInstance().logError("<<< SecurityHelper.checkSecuredProfileAndExtractPayload: dropped");
//TERFactory.getInstance().logError("<<< SecurityHelper.checkSecuredProfileAndExtractPayload: dropped");
return null;
}
......@@ -215,11 +215,11 @@ public class SecurityHelper {
}
public boolean checkHeaderfields(final byte[] p_headerfields, final ByteArrayOutputStream p_keys, final boolean p_enforceSecurityCheck, final int p_itsAidOther, Map<String, Object> lowerInfo) {
TERFactory.getInstance().logDebug(">>> SecurityHelper.checkHeaderfields: " + ByteHelper.byteArrayToString(p_headerfields));
//TERFactory.getInstance().logDebug(">>> SecurityHelper.checkHeaderfields: " + ByteHelper.byteArrayToString(p_headerfields));
// Sanity check
if (p_headerfields.length == 0) {
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Invalid header fields");
//TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Invalid header fields");
return false;
}
// Extract digest or certificate
......@@ -232,7 +232,7 @@ public class SecurityHelper {
(p_headerfields[signerInfoTypeIndex + 1] != 0x03) // SignerInfo Type: certificate chain (3)
)
) {
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Certificate");
//TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Certificate");
if (p_enforceSecurityCheck) {
// Drop it
return false;
......@@ -244,17 +244,17 @@ public class SecurityHelper {
// Extract certificate because of it is an Other message profile
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, p_keys, p_enforceSecurityCheck, lowerInfo);
if (certificate == null) {
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Certificate not decoded");
//TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Certificate not decoded");
if (p_enforceSecurityCheck) {
// Drop it
return false;
}
}
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate=" + ByteHelper.byteArrayToString(certificate));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate=" + ByteHelper.byteArrayToString(certificate));
// Add it in our map
Long lKey = ByteHelper.byteArrayToLong(calculateDigestFromCertificate(certificate));
if (!_neighborsCertificates.containsKey(lKey)) {
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Add keys for " + ByteHelper.byteArrayToString(calculateDigestFromCertificate(certificate)) + " / " + lKey);
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Add keys for " + ByteHelper.byteArrayToString(calculateDigestFromCertificate(certificate)) + " / " + lKey);
_neighborsCertificates.put(lKey, p_keys);
}
signerInfoTypeIndex += certificate.length;
......@@ -263,11 +263,11 @@ public class SecurityHelper {
byte[] hashedid8 = ByteHelper.extract(p_headerfields, signerInfoTypeIndex, Long.SIZE / Byte.SIZE);
signerInfoTypeIndex += (Long.SIZE / Byte.SIZE);
Long lKey = ByteHelper.byteArrayToLong(hashedid8);
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate digest with SHA256=" + lKey + " / " + ByteHelper.byteArrayToString(hashedid8));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate digest with SHA256=" + lKey + " / " + ByteHelper.byteArrayToString(hashedid8));
if (!_neighborsCertificates.containsKey(lKey) || (_neighborsCertificates.get(lKey) == null)) { //FIXME as long as the cert chain is not complete, it should not be seen as error -> raise CR
if (p_enforceSecurityCheck) {
// Drop it
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown HahedId8");
//TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown HahedId8");
return false;
}
}
......@@ -278,7 +278,7 @@ public class SecurityHelper {
//e.printStackTrace();
if (p_enforceSecurityCheck) {
// Drop it
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: key " + lKey + "_neighbors certificates table");
//TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: key " + lKey + "_neighbors certificates table");
return false;
}
}
......@@ -286,7 +286,7 @@ public class SecurityHelper {
signerInfoTypeIndex += 1;
ByteArrayInputStream ba = new ByteArrayInputStream(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex));
int certChainLength = (int) this.tls2size(ba);
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certchain length = " + certChainLength);
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certchain length = " + certChainLength);
signerInfoTypeIndex += this.size2tls(certChainLength).length;
ByteArrayOutputStream keys;
do {
......@@ -295,57 +295,57 @@ public class SecurityHelper {
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, keys, p_enforceSecurityCheck, lowerInfo);
if (certificate == null) {
// Drop it
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Failed to decode chain of certificate");
//TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Failed to decode chain of certificate");
return false;
}
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate=" + ByteHelper.byteArrayToString(certificate));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Certificate=" + ByteHelper.byteArrayToString(certificate));
// Add it in our map
Long lKey = ByteHelper.byteArrayToLong(calculateDigestFromCertificate(certificate));
if (!_neighborsCertificates.containsKey(lKey)) {
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Add keys for " + ByteHelper.byteArrayToString(calculateDigestFromCertificate(certificate)) + " / " + lKey);
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Add keys for " + ByteHelper.byteArrayToString(calculateDigestFromCertificate(certificate)) + " / " + lKey);
_neighborsCertificates.put(lKey, p_keys);
}
certChainLength -= certificate.length;
signerInfoTypeIndex += certificate.length;
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Extracted certificate = " + ByteHelper.byteArrayToString(certificate));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: Extracted certificate = " + ByteHelper.byteArrayToString(certificate));
} while (certChainLength > 0);
}
// Check generation time
if (p_headerfields[signerInfoTypeIndex++] != 0x00) { // Header Field: Generation Time (0)
if (p_enforceSecurityCheck) {
// Drop it
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime not found");
//TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime not found");
return false;
}
}
long generationTime = ByteHelper.byteArrayToLong(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, Long.SIZE / Byte.SIZE));
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: generationTime=" + generationTime);
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: generationTime=" + generationTime);
if (Math.abs(System.currentTimeMillis() - generationTime) < 1000) {
if (p_enforceSecurityCheck) {
// Drop it
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime out of range");
//TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - GenerationTime out of range");
return false;
}
}
signerInfoTypeIndex += (Long.SIZE / Byte.SIZE);
if (signerInfoTypeIndex < p_headerfields.length) {
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: dump #1=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: dump #1=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
if (p_headerfields[signerInfoTypeIndex] == 0x03) { // Header Field: Generation Location (3)
signerInfoTypeIndex += 1;
byte[] lat = ByteHelper.extract(p_headerfields, signerInfoTypeIndex, 4);
signerInfoTypeIndex += 4;
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: latitude=" + ByteHelper.byteArrayToString(lat));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: latitude=" + ByteHelper.byteArrayToString(lat));
byte[] lon = ByteHelper.extract(p_headerfields, signerInfoTypeIndex, 4);
signerInfoTypeIndex += 4;
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: longitude=" + ByteHelper.byteArrayToString(lon));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: longitude=" + ByteHelper.byteArrayToString(lon));
byte[] ele = ByteHelper.extract(p_headerfields, signerInfoTypeIndex, 2);
signerInfoTypeIndex += 2;
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: elevation=" + ByteHelper.byteArrayToString(ele));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: elevation=" + ByteHelper.byteArrayToString(ele));
}
}
if (signerInfoTypeIndex < p_headerfields.length) {
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: dump #2=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: dump #2=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
if (p_headerfields[signerInfoTypeIndex] == 0x05) { // Header Field: Its AID (5)
signerInfoTypeIndex += 1;
// Check ItsAid
......@@ -358,11 +358,11 @@ public class SecurityHelper {
) {
if (p_enforceSecurityCheck) {
// Drop it
TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown ItsAid value");
//TERFactory.getInstance().logError("SecurityHelper.checkHeaderfields: Drop packet - Unknown ItsAid value");
return false;
}
}
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: ItsAid=" + p_headerfields[signerInfoTypeIndex]);
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: ItsAid=" + p_headerfields[signerInfoTypeIndex]);
lowerInfo.put(SecurityHelper.SEC_ITS_AID, ByteHelper.intToByteArray(p_headerfields[signerInfoTypeIndex], Integer.SIZE / Byte.SIZE));
signerInfoTypeIndex += 1;
} else {
......@@ -373,23 +373,23 @@ public class SecurityHelper {
}
if (signerInfoTypeIndex < p_headerfields.length) {
// TODO check other fields
TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: dump #3=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
//TERFactory.getInstance().logDebug("SecurityHelper.checkHeaderfields: dump #3=" + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, signerInfoTypeIndex, p_headerfields.length - signerInfoTypeIndex)));
}
return true;
}
public byte[] decodeCertificate(final byte[] p_headerfields, final int p_offset, final ByteArrayOutputStream p_keys, final boolean p_enforceSecurityCheck, Map<String, Object> p_lowerInfo) {
TERFactory.getInstance().logDebug(">>> SecurityHelper.decodeCertificate: " + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, p_offset, p_headerfields.length - p_offset)));
//TERFactory.getInstance().logDebug(">>> SecurityHelper.decodeCertificate: " + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, p_offset, p_headerfields.length - p_offset)));
ByteArrayInputStream headerfields = new ByteArrayInputStream(p_headerfields, p_offset, p_headerfields.length - p_offset);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: headerfields length=" + headerfields.available());
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: headerfields length=" + headerfields.available());
ByteArrayOutputStream cert = new ByteArrayOutputStream(); // FIXME To be removed
try {
// Version
cert.write((byte)headerfields.read());
if (cert.toByteArray()[0] != 0x02) {
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Wrong version number");
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Wrong version number");
if (p_enforceSecurityCheck) {
// Drop it
return null;
......@@ -402,7 +402,7 @@ public class SecurityHelper {
case 0x01:
byte[] digest = new byte[8];
headerfields.read(digest, 0, digest.length);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: hashedid8=" + ByteHelper.byteArrayToString(digest));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: hashedid8=" + ByteHelper.byteArrayToString(digest));
cert.write(digest);
break;
// FIXME To be continued
......@@ -413,7 +413,7 @@ public class SecurityHelper {
(subjectInfoType != 0x01) && // Subject Info: authorization ticket (1)
(subjectInfoType != 0x02) // Subject Info: authorization authority (2)
) {
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Subject Info: authorization authority/ticket expected - " + ByteHelper.byteArrayToString(cert.toByteArray()));
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Subject Info: authorization authority/ticket expected - " + ByteHelper.byteArrayToString(cert.toByteArray()));
return null;
}
cert.write(subjectInfoType);
......@@ -423,7 +423,7 @@ public class SecurityHelper {
byte[] subjectInfo = new byte[(int) length];
headerfields.read(subjectInfo, 0, subjectInfo.length);
cert.write(subjectInfo);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: subjectInfo: " + ByteHelper.byteArrayToString(subjectInfo));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: subjectInfo: " + ByteHelper.byteArrayToString(subjectInfo));
} else {
cert.write(0x00);
}
......@@ -434,30 +434,30 @@ public class SecurityHelper {
byte[] b = new byte[(int) length];
headerfields.read(b, 0, b.length);
cert.write(b);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Subject Attributes length=" + length + " / " + headerfields.available());
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Subject Attributes length=" + length + " / " + headerfields.available());
ByteArrayInputStream subjectAttributes = new ByteArrayInputStream(b);
if (subjectAttributes.read() == 0x00) { // Subject Attribute: verification key (0) - Mandatory
if (subjectAttributes.read() == 0x00) { // Public Key Alg: ecdsa nistp256 with sha256 (0)
byte v = (byte) subjectAttributes.read();
p_keys.write(v);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: ECC Point Type: =" + v);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: ECC Point Type: =" + v);
if (v == 0x02) { // ECC Point Type: compressed lsb y-0(2)
byte[] key = new byte[32];
subjectAttributes.read(key, 0, 32);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Verification lsb y-1 key=" + ByteHelper.byteArrayToString(key));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Verification lsb y-1 key=" + ByteHelper.byteArrayToString(key));
p_keys.write(key);
} else if (v == 0x03) { // ECC Point Type: compressed lsb y-1(3)
byte[] key = new byte[32];
subjectAttributes.read(key, 0, 32);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Verification lsb y-1 key=" + ByteHelper.byteArrayToString(key));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Verification lsb y-1 key=" + ByteHelper.byteArrayToString(key));
p_keys.write(key);
} else if (v == 0x04) { // ECC Point Type: uncompressed (4)
byte[] key = new byte[32];
subjectAttributes.read(key, 0, 32);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Verification key1=" + ByteHelper.byteArrayToString(key));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Verification key1=" + ByteHelper.byteArrayToString(key));
p_keys.write(key);
subjectAttributes.read(key, 0, 32);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Verification key2=" + ByteHelper.byteArrayToString(key));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Verification key2=" + ByteHelper.byteArrayToString(key));
p_keys.write(key);
} // FIXME To be continued
} // FIXME To be continued
......@@ -470,24 +470,24 @@ public class SecurityHelper {
if (subjectAttributes.read() == 0x00) { // Symmetric Algorithm: aes 128 ccm (0)
v = (byte) subjectAttributes.read();
p_keys.write(v);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: ECC Point Type: =" + v);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: ECC Point Type: =" + v);
if (v == 0x02) { // ECC Point Type: compressed lsb y-0(2)
byte[] key = new byte[32];
subjectAttributes.read(key, 0, 32);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Encryption lsb y-0 key=" + ByteHelper.byteArrayToString(key));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Encryption lsb y-0 key=" + ByteHelper.byteArrayToString(key));
p_keys.write(key);
} else if (v == 0x03) { // ECC Point Type: compressed lsb y-1(3)
byte[] key = new byte[32];
subjectAttributes.read(key, 0, 32);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Encryption lsb y-1 key=" + ByteHelper.byteArrayToString(key));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Encryption lsb y-1 key=" + ByteHelper.byteArrayToString(key));
p_keys.write(key);
} else if (v == 0x04) { // ECC Point Type: uncompressed (4)
byte[] key = new byte[32];
subjectAttributes.read(key, 0, 32);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Encryption key1=" + ByteHelper.byteArrayToString(key));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Encryption key1=" + ByteHelper.byteArrayToString(key));
p_keys.write(key);
subjectAttributes.read(key, 0, 32);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Encryption key2=" + ByteHelper.byteArrayToString(key));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Encryption key2=" + ByteHelper.byteArrayToString(key));
p_keys.write(key);
} // FIXME To be continued
} // FIXME To be continued
......@@ -499,42 +499,49 @@ public class SecurityHelper {
// Assurance level
if (v != 0x02) {
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Assurance level expected - " + ByteHelper.byteArrayToString(cert.toByteArray()));
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Assurance level expected - " + ByteHelper.byteArrayToString(cert.toByteArray()));
return null;
}
v = (byte) subjectAttributes.read(); // Skip assurance level value
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: assurance level value=" + v);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: assurance level value=" + v);
if (subjectInfoType == 0x01) { // Authorization Ticket
if (subjectAttributes.read() != 0x21) { // Subject Attribute: its aid ssp list (33)
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Its aid ssp list expected - " + ByteHelper.byteArrayToString(cert.toByteArray()));
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Its aid ssp list expected - " + ByteHelper.byteArrayToString(cert.toByteArray()));
return null;
}
length = tls2size(subjectAttributes);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Its aid ssp length=" + length);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Its aid ssp length=" + length);
byte[] its_aid_ssp_list = new byte[(int) length];
subjectAttributes.read(its_aid_ssp_list, 0, (int) length);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: its_aid_list=" + ByteHelper.byteArrayToString(its_aid_ssp_list));
p_lowerInfo.put(SecurityHelper.SEC_SSP, ByteHelper.fill(its_aid_ssp_list, 16, (byte)0x00));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: its_aid_list=" + ByteHelper.byteArrayToString(its_aid_ssp_list));
byte[] padding = new byte[32 - (int) length];
ByteHelper.fill(padding, 32 - (int) length, (byte)0x00);
p_lowerInfo.put(
SecurityHelper.SEC_SSP,
ByteHelper.concat(
padding,
its_aid_ssp_list
));
// TODO Process ATS AID list
} else if (subjectInfoType == 0x02) { // Authorization Authority
if (subjectAttributes.read() != 0x20) { // Subject Attribute: its aid ssp (32)
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Its aid list expected - " + ByteHelper.byteArrayToString(cert.toByteArray()));
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Its aid list expected - " + ByteHelper.byteArrayToString(cert.toByteArray()));
return null;
}
length = tls2size(subjectAttributes);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: its_aid_list length=" + length);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: its_aid_list length=" + length);
byte[] its_aid_list = new byte[(int) length];
subjectAttributes.read(its_aid_list, 0, (int) length);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: its_aid_list=" + ByteHelper.byteArrayToString(its_aid_list));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: its_aid_list=" + ByteHelper.byteArrayToString(its_aid_list));
// TODO Process ATS AID list
} else {
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Unknown subjectInfoType - " + subjectInfoType);
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Unknown subjectInfoType - " + subjectInfoType);
return null;
}
// Validity restrictions
length = tls2size(headerfields);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Length=" + length + " / " + headerfields.available());
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Length=" + length + " / " + headerfields.available());
cert.write(size2tls((int)length));
v = (byte)headerfields.read();
if (v == 0x00) { // Validity Restriction: time end (0)
......@@ -543,11 +550,11 @@ public class SecurityHelper {
headerfields.read(time, 0, 4);
cert.write(time);
int endTime = ByteHelper.byteArrayToInt(time);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: endTime=" + endTime);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: endTime=" + endTime);
// Check times
long currentTime = (System.currentTimeMillis() - 1072915200000L) / 1000L;
if (currentTime > endTime) {
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Validity Restriction: time end not matched");
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Validity Restriction: time end not matched");
return null;
}
v = (byte)headerfields.read();
......@@ -558,16 +565,16 @@ public class SecurityHelper {
headerfields.read(time, 0, 4);
cert.write(time);
int startTime = ByteHelper.byteArrayToInt(time);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: startTime=" + startTime);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: startTime=" + startTime);
headerfields.read(time, 0, 4);
cert.write(time);
int endTime = ByteHelper.byteArrayToInt(time);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: endTime=" + endTime);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: endTime=" + endTime);
// Check times
long currentTime = (System.currentTimeMillis() - 1072915200000L) / 1000L;
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: currentTime=" + currentTime);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: currentTime=" + currentTime);
if ((currentTime < startTime) || (currentTime > endTime)) {
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Validity Restriction: time start and end not matched");
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Validity Restriction: time start and end not matched");
return null;
}
v = (byte)headerfields.read();
......@@ -578,14 +585,14 @@ public class SecurityHelper {
headerfields.read(time, 0, 4);
cert.write(time);
int startTime = ByteHelper.byteArrayToInt(time);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: startTime=" + startTime);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: startTime=" + startTime);
byte[] dur = new byte[2];
headerfields.read(dur, 0, 2);
cert.write(dur);
short duration = ByteHelper.byteArrayToShort(dur);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: duration=" + duration);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: duration=" + duration);
int unit = (duration & 0xe0000) >>> 13;
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: unit=" + unit);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: unit=" + unit);
long value = (duration & 0x1fff);
switch (unit) {
case 0:
......@@ -598,14 +605,14 @@ public class SecurityHelper {
value *= 3600;
break;
default:
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Validity Restriction: time start and duration not processed");
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Validity Restriction: time start and duration not processed");
value = Long.MAX_VALUE;
} // End of 'switch' statement
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: value=" + value);
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Validity Restriction: value=" + value);
// Check times
long currentTime = (System.currentTimeMillis() - 1072915200000L) / 1000L;
if ((currentTime < startTime) || (currentTime > (startTime + value))) {
TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Validity Restriction: time start and duration not matched");
//TERFactory.getInstance().logError("SecurityHelper.decodeCertificate: Validity Restriction: time start and duration not matched");
return null;
}
v = (byte)headerfields.read();
......@@ -621,15 +628,15 @@ public class SecurityHelper {
byte[] lat = new byte[4];
headerfields.read(lat, 0, lat.length);
cert.write(lat);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Circle lat=" + ByteHelper.byteArrayToString(lat));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Circle lat=" + ByteHelper.byteArrayToString(lat));
byte[] lon = new byte[4];
headerfields.read(lon, 0, lon.length);
cert.write(lon);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Circle lon=" + ByteHelper.byteArrayToString(lon));
//TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Circle lon=" + ByteHelper.byteArrayToString(lon));
byte[] rad = new byte[2];
headerfields.read(rad, 0, rad.length);
cert.write(rad);
TERFactory.getInstance().logDebug("SecurityHelper.decodeCertificate: Circle rad=" + ByteHelper.byteArrayToInt(rad));