inspectionsystem.js

Summary

An EAC-Keystore for inspection systems with support for TR-03129 web services to retrieve CV certificates from a document verifier.

Right-click on the "EAC Keystore" node to select:

Initialize - Clear all keys on the SmartCard-HSM. You will also need to remove the cvcertstore directory if CVCA and DV certificates changed. Initialize will also reset the CHR counter, so you must reset the counter on the DV as well.

GetCACertificates - Issue the GetCACertificates web service to retrieve the current CVCA certificate list and DV certificate.

RequestCertificate (Initial) - Generate a key pair and certificate signing request and obtain certificate from DV

RequestCertificate (Renew) - Generate a key pair and authenticated certificate signing request and obtain certificate from DV

EAC-PKI for Testing for details.




Class Summary
Explorer  

/**
 *  ---------
 * |.##> <##.|  SmartCard-HSM Support Scripts
 * |#       #|
 * |#       #|  Copyright (c) 2011-2012 CardContact Software & System Consulting
 * |'##> <##'|  Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de)
 *  ---------
 *
 * Consult your license package for usage terms and conditions.
 *
 * @fileoverview An EAC-Keystore for inspection systems with support for TR-03129 web services to retrieve CV certificates from a document verifier.
 *
 * <p>Right-click on the "EAC Keystore" node to select:</p>
 * <p>Initialize - Clear all keys on the SmartCard-HSM. You will also need to remove the cvcertstore directory if CVCA and DV
 *    certificates changed. Initialize will also reset the CHR counter, so you must reset the counter on the DV as well.</p>
 * <p>GetCACertificates - Issue the GetCACertificates web service to retrieve the current CVCA certificate list and DV certificate.</p>
 * <p>RequestCertificate (Initial) - Generate a key pair and certificate signing request and obtain certificate from DV</p>
 * <p>RequestCertificate (Renew) - Generate a key pair and authenticated certificate signing request and obtain certificate from DV</p>
 * <a href="http://www.openscdp.org/scripts/icao/eacpki.html">EAC-PKI for Testing</a> for details.</p>
 */

SmartCardHSM = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSM;
EACKeyStore = require("EACKeyStore").EACKeyStore;
TAConnection = require('scsh/tr3129/TAConnection').TAConnection;
CVCertificateStore = require('scsh/eac/CVCertificateStore').CVCertificateStore;
CVC = require("scsh/eac/CVC").CVC;



function Explorer(keystore) {
	this.keystore = keystore;

	this.url = "http://demo.openscdp.org/eacpki/se/dvcatr3129";
	this.crypto = new Crypto();

	this.C_DevAut = this.keystore.getC_DevAut();
	this.C_DevAut.decorate();
	print("C_DevAut:");
	print(this.C_DevAut.toString());

	this.node = new OutlineNode("EAC Keystore", true);

	this.nodeC_DevAut = new OutlineNode("C_DevAut");
	this.nodeC_DevAut.insert(this.C_DevAut.getASN1());
	this.node.insert(this.nodeC_DevAut);

	this.nodeC_Terminal = new OutlineNode("C_Terminal");
	this.node.insert(this.nodeC_Terminal);

	this.node.setUserObject(this);
	this.node.setContextMenu(Explorer.contentMenu);
	this.node.show();
	this.updateCertificateNode();
}

Explorer.contentMenu = ["Initialize", "GetCACertificates", "RequestCertificate (Initial)", "RequestCertificate (Renew)" ];
Explorer.cwd = GPSystem.mapFilename("", GPSystem.CWD);



Explorer.prototype.initialize = function() {
	var sc = this.keystore.sc;
	sc.initDevice(new ByteString("0001", HEX), new ByteString("648219", ASCII), new ByteString("57621880", ASCII), 3);
	sc.verifyUserPIN(new ByteString("648219", ASCII));
	print("Device initialized");
}



Explorer.prototype.updateCertificateNode = function() {
	var fid = this.keystore.getCurrentCertificateFID();
	if (fid) {
		var cvc = this.keystore.getCertificateByFID(fid);
		cvc.decorate();

		this.node.remove(this.nodeC_Terminal);
		this.nodeC_Terminal = new OutlineNode("C_Terminal");
		this.nodeC_Terminal.insert(cvc.getASN1());
		this.node.insert(this.nodeC_Terminal);
	}
}



Explorer.prototype.getCACertificates = function() {
	var con = new TAConnection(this.url, false);
	var certlist = con.getCACertificates();
	con.close();
	if (certlist && (certlist.length > 0)) {
		var certs = [];
		print("Received certificate(s):");
		for each (cvcbin in certlist) {
			var cvc = new CVC(cvcbin);
			print(cvc);
			certs.push(cvc);
		}

		var certstore = this.keystore.getCertificateStore();
		var leftcerts = certstore.insertCertificates2(this.crypto, certs, true, this.keystore.path);
		if (leftcerts.length > 0) {
			print("Could not accept the following certificates:");
			for each (cvc in leftcerts) {
				print(cvc);
			}
		}
	} else {
		print("Problem retrieving certificate list: " + con.getLastReturnCode());
	}
}



Explorer.prototype.requestCertificate = function(forceInitial) {
	var req = this.keystore.generateRequest(forceInitial);
	print("Request: " + req);
	var con = new TAConnection(this.url, false);

	var certlist = con.requestCertificate(req.getBytes());
	con.close();
	if (certlist && (certlist.length > 0)) {
		var certs = [];
		print("Received certificate(s):");
		for each (cvcbin in certlist) {
			var cvc = new CVC(cvcbin);
			print(cvc);
			certs.push(cvc);
		}

		var certstore = this.keystore.getCertificateStore();
		var leftcerts = certstore.insertCertificates2(this.crypto, certs, true, this.keystore.path);
		if (leftcerts.length > 0) {
			print("Could not accept the following certificates:");
			for each (cvc in leftcerts) {
				print(cvc);
			}
		}

		this.keystore.updateCardCertificate();
		this.updateCertificateNode();
	} else {
		print("Problem requesting certificate: " + con.getLastReturnCode());
	}
}



Explorer.prototype.actionListener = function(source, action) {
	switch(action) {
	case Explorer.contentMenu[0]:
		this.initialize();
		break;
	case Explorer.contentMenu[1]:
		this.getCACertificates();
		break;
	case Explorer.contentMenu[2]:
		this.requestCertificate(true);
		break;
	case Explorer.contentMenu[3]:
		this.requestCertificate(false);
		break;
	}
}



var card = new Card(_scsh3.reader);
var sc = new SmartCardHSM(card);
sc.verifyUserPIN(new ByteString("648219", ASCII));
var cs = new CVCertificateStore(Explorer.cwd + "/cvcertstore");
var ks = new EACKeyStore(sc, cs, "/UTCVCA/UTDVCA");
var explorer = new Explorer(ks);




Documentation generated by JSDoc on Sat Feb 24 15:17:19 2024