public class BIDFacade extends Object
----------------------------------------------
Copyright 2005
Bankenes BetalingsSentral AS (BBS)
Organisation Number N- 975 946 231
Haavard Martinsens vei 54
N- 0045 OSLO
Norway
----------------------------------------------
Modifier | Constructor and Description |
---|---|
protected |
BIDFacade(MerchantContext context)
Constructs a BIDFacade instance with the input context
|
Modifier and Type | Method and Description |
---|---|
no.bbs.bankid.seid.sdo.components.SEID_SDO |
addSDOSignature(byte[] sdoXMLBytes,
PKCS7WithOCSPResponse[] pkcs7AndOCSPEntries,
byte[] signedDataRaw)
This method makes it possible to add signatures to an already existing SEID_SDO.
|
no.bbs.bankid.seid.sdo.components.SEID_SDO |
addSDOSignature(no.bbs.bankid.seid.sdo.components.SEID_SDO sdo,
PKCS7WithOCSPResponse[] pkcs7AndOCSPEntries,
byte[] signedDataRaw)
This method makes it possible to add signatures to an already existing SEID_SDO.
|
byte[] |
base64Decode(byte[] dataToDecode)
Method to base64-decoded byte[] of data.
|
byte[] |
base64Encode(byte[] dataToEncode)
Method to base64-encoded byte[] of data.
|
no.bbs.bankid.seid.sdo.components.SEID_SDO |
createDynamicSDO(PKCS7WithOCSPResponse[] pkcs7AndOCSPEntries,
byte[] signedData,
String signedDocumentMimeType,
String merchantDescription)
This method gives the merchant the possibility to create a SEID_SDO structure with
1 ..
|
no.bbs.bankid.seid.sdo.components.SEID_SDO |
createSDO(byte[] b64ClientPKCS7,
byte[] b64MerchantPKCS7,
byte[] signedData,
String signedDocumentMimeType,
byte[] b64MerchantOCSP,
byte[] b64ClientOCSP,
String merchantDescription)
Method to create a SEID SDO instance (SEID_SDO).
|
no.bbs.bankid.seid.sdo.components.SEID_SDO |
createSDOSeal(no.bbs.bankid.seid.sdo.components.SEID_SDO sdo,
byte[] b64OCSPResponse)
This method seal the input SEID_SDO.
|
XMLDSIG |
createXMLDSIG(String c14nXMLOrder)
This method signs the input c14n canonicalized xml creating a
XML Digital Signature structure.
|
String |
dynamicSDOGetSigners(no.bbs.bankid.seid.sdo.components.SEID_SDO sdo)
This method generates a String formated for the client to used during multisigning.
|
String |
dynamicSDOXMLGetSigners(String sdoXml)
This method generates a String formated for the client to used during multisigning.
|
String |
generateMerchantReference()
Deprecated.
As of release 3.3.0, replaced by
generateMerchantReference(String locale) |
String |
generateMerchantReference(String locale)
Method to generate the reference to show to the user during mobile authentication.
|
CertificateInfo |
getCertificateInfo(byte[] certificate)
Returns a CertificateInfo with the Certificate Information for the input
X509Certificate bytes.
|
CertificateInfo |
getCertificateInfo(String b64ClientSignature)
This method parses the input PKCS7 and retrieves the signer Certificate.
|
CertificateStatus |
getCertificateStatus(String clientSignature,
List<String> addInfo)
This method parses the input signature (PKCS#7) and extracts the signer
certificate and its issuer certificate.
|
CertificateStatus |
getCertificateStatus(String clientSignature,
List<String> addInfo,
String internal)
This method is for internal use only.
|
CertificateStatus |
getCertificateStatus(String clientSignature,
List<String> addInfo,
String internal,
OCSPFormat format)
This method is for internal use only.
|
CertificateStatus |
getCertificateStatusRFC6960(String clientSignature,
List<String> addInfo,
String internal)
Get CertificateStatus with RFC6960 signature validation.
|
CertificateStatus |
getOwnCertificateStatus()
This method gets the CertificateStatus for the merchant's own signing certificate
|
PKCS7Info |
getPKCS7Info(String b64EncodedPKCS7)
Returns a PKCS7Info with the PKCS#7 Information for the input
base64 encoded signature bytes.
|
String |
getSigners(ArrayList<String> pkcs7s)
This method generates a String formated for the client to used during multisigning.
|
HashMap<String,String> |
getTransactionInfo(String key,
List<String> oidList,
long timeoutInMs) |
static String |
getVersionInfo() |
byte[] |
hashData(byte[] dataToHash,
String hashAlgorithm)
Method to hash data.
|
InitSessionInfo |
initSession(InitSessionInfo initSessionInfo)
This method sends a request to the BankID COI to generate a BankID Web-client, and
receives a url to a helper object which retrieves the actual client.
|
String |
initTransaction(String operation,
String encryptedKey,
String encryptedData,
String encryptedAuth,
String sessionID,
BIDSessionData sessionData)
Method to handle the initAuth/initSign operation received from the BankID client.
|
String |
pushSMS(String transactionReference,
String text)
Method to push an SMS to the user after mobile phone sign/auth is done.
|
TransactionAndStatus |
requestMobileAction(MobileInfo mobileInfo)
Method to initialize mobile phone signing.
|
String |
requestMobileStatus(String transactionReference)
Method to get the status from an earlyer initialized mobile phone signing process.
|
DynamicSDOData |
sdoExtractSignatures(byte[] sdoAsXml)
This method gives the merchant the possibility to extract a SEID_SDO structure with
1 ..
|
SignatureAndData |
sign(byte[] dataToBeSigned)
Sign the input data to be signed using the Sign Certificate
|
byte[] |
sign(byte[] dataToBeSigned,
boolean useAuthCert,
boolean includeBSSChannelOID)
Sign method that signs the input dataToBeSigned with either the authPK or the
signPK based on the useAuthCert input value.
|
byte[] |
sign(byte[] dataToBeSigned,
boolean useAuthCert,
boolean includeBSSChannelOID,
CMSFormat cmsFormat)
Sign method that signs the input dataToBeSigned with either the authPK or the
signPK based on the useAuthCert input value.
|
SignatureAndData |
sign(byte[] dataToBeSigned,
CMSFormat cmsFormat)
Sign the input data to be signed using the Sign Certificate
|
SignatureAndData |
sign(String dataToBeSigned)
Converts the data to ISO-LATIN-1 and signs the data
using the Sign Certificate
|
SignatureAndData |
sign(String dataToBeSigned,
CMSFormat cmsFormat)
Converts the data to ISO-LATIN-1 and signs the data
using the Sign Certificate
|
SignatureAndData |
signPKCS1(byte[] dataToBeSigned)
Signs the input data bytes and creates a PKCS#1.
|
SignatureAndData |
signPKCS1(byte[] dataToBeSigned,
boolean useAuth)
Signs the input data bytes and creates a PKCS#1.
|
SignatureAndData |
signXML(String xmlDocument,
String xslDocument)
This method constructs a BankIDXML structure using the input:
The resulting structure is signed and returned in the SignatureAndData instance. |
SignatureAndData |
signXML(String xmlDocument,
String xslDocument,
CMSFormat cmsFormat)
This method constructs a BankIDXML structure using the input:
The resulting structure is signed and returned in the SignatureAndData instance. |
void |
validateDynamicSDO(byte[] sdoXMLBytes,
byte[] signedDataRaw,
int expectedNumberOfSignatures,
boolean isSDOSealed)
Validates a SEID_SDO.
|
void |
validateSDO(byte[] sdoXMLBytes,
boolean validateStoredData)
Method to validate a SEID_SDO.
|
void |
verify(byte[] b64EncodedPKCS7,
byte[] signedData)
Verifies the input Signature against the input data.
|
void |
verify(byte[] b64EncodedPKCS7,
byte[] signedData,
boolean signKeyUsage,
String extKeyUsage)
Verifies the input Signature against the input data.
|
void |
verify(String b64EncodedPKCS7,
byte[] signedData)
Verifies the input Signature against the input data.
|
void |
verifyTransactionRequest(String operation,
String encryptedKey,
String encryptedData,
String encryptedAuth,
String sessionID,
BIDSessionData sessionData)
Method to handle the decryption initAuth/initSign/handleError operation received from the BankID client.
|
String |
verifyTransactionResponse(BIDSessionData sessionData)
This method handles the creation of the encrypted response to the BankID client for the
initAuth/initSign/handleError operation.
|
protected BIDFacade(MerchantContext context)
context
- MerchantContext The context in which to run BankID Server methodspublic static String getVersionInfo()
public XMLDSIG createXMLDSIG(String c14nXMLOrder) throws BIDException
c14nXMLOrder
- String The xml order c14n canonicalized.BIDException
- if creating XMLDSIG failspublic no.bbs.bankid.seid.sdo.components.SEID_SDO addSDOSignature(byte[] sdoXMLBytes, PKCS7WithOCSPResponse[] pkcs7AndOCSPEntries, byte[] signedDataRaw) throws BIDException
sdoXMLBytes
- byte[] holding the SEID_SDO XML bytespkcs7AndOCSPEntries
- PKCS7WithOCSPResponse instances (PKCS#7 and OCSPResponse)signedDataRaw
- The un-encoded (RAW) bytes of the signedDocument. This parameter is OPTIONAL ONLY if
the input SEID_SDO contains the SignersDocumentBIDException
- If the input is invalid or the SEID_SDO does not validate for some reasonpublic no.bbs.bankid.seid.sdo.components.SEID_SDO createSDOSeal(no.bbs.bankid.seid.sdo.components.SEID_SDO sdo, byte[] b64OCSPResponse) throws BIDException
sdo
- SEID_SDO The instance to manipulate (Seal)b64OCSPResponse
- byte[] The OCSPResponse holding the merchant's signer certificate statusBIDException
- If invalid input or signing signing the SDODataPart failspublic no.bbs.bankid.seid.sdo.components.SEID_SDO addSDOSignature(no.bbs.bankid.seid.sdo.components.SEID_SDO sdo, PKCS7WithOCSPResponse[] pkcs7AndOCSPEntries, byte[] signedDataRaw) throws BIDException
sdo
- SEID_SDO to manipulatepkcs7AndOCSPEntries
- PKCS7WithOCSPResponse instances (PKCS#7 and OCSPResponse)signedDataRaw
- The un-encoded (RAW) bytes of the signedDocument. This parameter is OPTIONAL ONLY if
the input SEID_SDO contains the SignersDocumentBIDException
- If the input is invalid or the SEID_SDO does not validate for some reasonpublic void validateDynamicSDO(byte[] sdoXMLBytes, byte[] signedDataRaw, int expectedNumberOfSignatures, boolean isSDOSealed) throws BIDException
sdoXMLBytes
- byte[] holding the SEID SDO bytessignedDataRaw
- byte[] holding the RAW signedData bytes. (Not encoded in any way)expectedNumberOfSignatures
- int 0 if no number of signatures in SDO are expected. If > 0 then
this method checks that there are in fact the expectedNumberOfSignatures in the SDOisSDOSealed
- true if the SEID_SDO is sealed, else falseBIDException
public void validateSDO(byte[] sdoXMLBytes, boolean validateStoredData) throws BIDException
sdoXMLBytes
- byte[] containing the raw sdo bytes as read from file. Note: the input sdoXMLBytes
MUST NOT be encoded in any way (e.g. Base64 encoding)validateStoredData
- boolean Flag that triggers vaildation of the data stored in the SDOBIDException
public no.bbs.bankid.seid.sdo.components.SEID_SDO createDynamicSDO(PKCS7WithOCSPResponse[] pkcs7AndOCSPEntries, byte[] signedData, String signedDocumentMimeType, String merchantDescription) throws BIDException
pkcs7AndOCSPEntries
- PKCS7WithOCSPResponse[] holding signatures and OCSPResponsessignedData
- byte[] The data that was signedsignedDocumentMimeType
- String holding the signed data mimetype (text/plain, application/pdf or
text/BIDXML)merchantDescription
- String The merchant description (ISO-8859-1)BIDException
- If creating a dynamic SEID_SDO failspublic no.bbs.bankid.seid.sdo.components.SEID_SDO createSDO(byte[] b64ClientPKCS7, byte[] b64MerchantPKCS7, byte[] signedData, String signedDocumentMimeType, byte[] b64MerchantOCSP, byte[] b64ClientOCSP, String merchantDescription) throws BIDException
b64ClientPKCS7
- byte[] The client signature (PKCS#7) over the input signedDatab64MerchantPKCS7
- byte[] The merchant signature (PKCS#7) over the input signedData *signedData
- byte[] The data signed by the client and to be signed by the merchantsignedDocumentMimeType
- String Supported data types are 'text/plain' OR 'application/pdf'b64MerchantOCSP
- byte[] The Base64Encoded OCSPResponse that is returned from the BankID Client.
This is the
response from the Validation Authority. The OCSP Request is sent by
the BankID Central Operational Infrastructure.b64ClientOCSP
- byte[] If the getCertificateStatus has been called already then get the
Base64Encoded
clientOCSPResponse from the CertificateStatus instance and pass it to this
method. If the
clientOCSP response is not provided then this merchant calls the
getCertificateStatus
method to retrieve the client's certificate status. The OCSPResponse is set
in the resulting SEID_SDO instance.merchantDescription
- String containing the merchant description of the signedDocument. May be the
name of a Contract etc. This parameter MUST not be nullBIDException
- If creating the SEID_SDO fails or the input data is invalid or missingpublic CertificateStatus getOwnCertificateStatus() throws BIDException
BIDException
- if getOwnCertificateStatus fails for some reasonpublic CertificateStatus getCertificateStatus(String clientSignature, List<String> addInfo, String internal, OCSPFormat format) throws BIDException
BIDException
public CertificateStatus getCertificateStatus(String clientSignature, List<String> addInfo) throws BIDException
SocialNo |
Account |
OrganisationNo |
clientSignature
- String The signature (PKCS#7) as receied from BankID ClientaddInfo
- List List of Additional Information Labels to get from the VA.
Note that not all merchant have the rights to extract a users
additional information from the Validation Authority.BIDException
- If something failspublic CertificateStatus getCertificateStatus(String clientSignature, List<String> addInfo, String internal) throws BIDException
BIDException
public CertificateStatus getCertificateStatusRFC6960(String clientSignature, List<String> addInfo, String internal) throws BIDException
BIDException
public PKCS7Info getPKCS7Info(String b64EncodedPKCS7) throws BIDException
FIELD | TYPE |
---|---|
NumberSubCAs | int |
SubCACertificate1..N | byte[] |
RootCertificate | byte[] |
SignerCertificate | byte[] |
Data | byte[] |
SigningTime | Date |
b64EncodedPKCS7
- byte[] with a Base64 Encoded PKCS#7 (Signature) as received from
the BankID ClientBIDException
- If parsing the input PKCS#7 byte[] failspublic CertificateInfo getCertificateInfo(byte[] certificate) throws BIDException
FIELD | TYPE |
---|---|
IssuerName | String |
SubjectName | String |
ValidFrom | Date |
ValidTo | Date |
VersionNumber | String |
SerialNumber | String |
KeyAlgorithm | String |
KeySize | String |
PolicyOID_Info | String |
Originator | String |
DateOfBirth | String |
BankName | String |
UniqueId | String |
CommonName | String |
EmailAddress | String |
certificate
- byte[] X509Certificate bytesBIDException
- If parsing the input certificate byte[] failspublic CertificateInfo getCertificateInfo(String b64ClientSignature) throws BIDException
FIELD | TYPE |
---|---|
IssuerName | String |
SubjectName | String |
ValidFrom | Date |
ValidTo | Date |
VersionNumber | String |
SerialNumber | String |
KeyAlgorithm | String |
KeySize | String |
PolicyOID_Info | String |
Originator | String |
DateOfBirth | String |
BankName | String |
UniqueId | String |
CommonName | String |
EmailAddress | String |
b64ClientSignature
- String Client pkcs7 (signature) base64-encodedBIDException
- If parsing the input certificate byte[] failspublic SignatureAndData signXML(String xmlDocument, String xslDocument) throws BIDException
xmlDocument
- String holding the XML document to signxslDocument
- String holding the XSL (XML representation) to signBIDException
- If signXML fails for some reasonpublic SignatureAndData signXML(String xmlDocument, String xslDocument, CMSFormat cmsFormat) throws BIDException
xmlDocument
- String holding the XML document to signxslDocument
- String holding the XSL (XML representation) to signcmsFormat
- CMSFormat The desired CMS format for the PKCS7BIDException
- If signXML fails for some reasonpublic SignatureAndData sign(String dataToBeSigned) throws BIDException
dataToBeSigned
- String The raw data to be signed.BIDException
- If signing failspublic SignatureAndData sign(String dataToBeSigned, CMSFormat cmsFormat) throws BIDException
dataToBeSigned
- String The raw data to be signed.cmsFormat
- CMSFormat The desired format for the PKCS7BIDException
- If signing failspublic SignatureAndData sign(byte[] dataToBeSigned) throws BIDException
dataToBeSigned
- byte[] The raw data to be signedBIDException
- If signing failspublic SignatureAndData sign(byte[] dataToBeSigned, CMSFormat cmsFormat) throws BIDException
dataToBeSigned
- byte[] The raw data to be signedcmsFormat
- The desired CMS format for the PKCS7BIDException
- If signing failspublic byte[] sign(byte[] dataToBeSigned, boolean useAuthCert, boolean includeBSSChannelOID) throws BIDException
dataToBeSigned
- byte[] holding the data to be signeduseAuthCert
- boolean telling whether to sign with the authcert or notincludeBSSChannelOID
- boolean telling whether to include the BSSChannel OID in the P7BIDException
- If signing fails for some reasonpublic byte[] sign(byte[] dataToBeSigned, boolean useAuthCert, boolean includeBSSChannelOID, CMSFormat cmsFormat) throws BIDException
dataToBeSigned
- byte[] holding the data to be signeduseAuthCert
- boolean telling whether to sign with the authcert or notincludeBSSChannelOID
- boolean telling whether to include the BSSChannel OID in the P7cmsFormat
- CMSFormat The desired CMS format for the PKCS7BIDException
- If signing fails for some reasonpublic SignatureAndData signPKCS1(byte[] dataToBeSigned, boolean useAuth) throws BIDException
dataToBeSigned
- byte[] The data to be signed (RAW, not encoded)BIDException
- If signing fails or invalid inputpublic SignatureAndData signPKCS1(byte[] dataToBeSigned) throws BIDException
dataToBeSigned
- byte[] The data to be signed (RAW, not encoded)BIDException
- If signing fails or invalid inputpublic void verify(String b64EncodedPKCS7, byte[] signedData) throws BIDException
b64EncodedPKCS7
- String The Signature (PKCS#7)signedData
- byte[] The data to verify againstBIDException
- If signature verification failspublic void verify(byte[] b64EncodedPKCS7, byte[] signedData) throws BIDException
b64EncodedPKCS7
- byte[] The Signature (PKCS#7)signedData
- byte[] The data to verify againstBIDException
- If signature verification failspublic void verify(byte[] b64EncodedPKCS7, byte[] signedData, boolean signKeyUsage, String extKeyUsage) throws BIDException
b64EncodedPKCS7
- byte[] The signature (PKCS#7). Base64 encodedsignedData
- byte[] The data signedsignKeyUsage
- signKeyUsage If verifying a certificate with Sign KeyusageextKeyUsage
- extKeyUsage The extended key usages to check for in the signer certificate,
could be nullBIDException
- If verifying failspublic byte[] hashData(byte[] dataToHash, String hashAlgorithm) throws BIDException
dataToHash
- byte[] containing the data to hashhashAlgorithm
- String Must be one of the following: SHA1, MD5, MD2BIDException
- If the input hashAlgorithm is not supported or the dataToHash is nullpublic byte[] base64Encode(byte[] dataToEncode) throws BIDException
dataToEncode
- byte[] containing data to base64-encodeBIDException
- If base64-encoding fails or input data is missingpublic byte[] base64Decode(byte[] dataToDecode) throws BIDException
dataToDecode
- byte[] containing data to base64-decodeBIDException
- If base64-decoding fails or input data is missingpublic TransactionAndStatus requestMobileAction(MobileInfo mobileInfo) throws BIDException
mobileInfo
- MobileInfo containing data neededBIDException
- If input data is missingpublic String pushSMS(String transactionReference, String text) throws BIDException
transactionReference
- The transactionReference returned from the previus requestMobileAction(...) call.text
- The text to be diplayed on the phoneBIDException
- If input data is missingpublic String getSigners(ArrayList<String> pkcs7s) throws BIDException
pkcs7s
- ArrayList A list of Base64Encoded pkcs#7.BIDException
- If the input is invalid for some reason.public String dynamicSDOGetSigners(no.bbs.bankid.seid.sdo.components.SEID_SDO sdo) throws BIDException
sdo
- SEID_SDO The SEID_SDO contanining sinatures so far.BIDException
- If the input is invalid or the SEID_SDO does not validate for some reason.public String dynamicSDOXMLGetSigners(String sdoXml) throws BIDException
sdoXml
- String The String representation of the SEID_SDO xml contanining sinatures so far.BIDException
- If the input is invalid or the SEID_SDO does not validate for some reason.public String requestMobileStatus(String transactionReference) throws BIDException
transactionReference
- String containing the transactionReference neededBIDException
- If input data is missing@Deprecated public String generateMerchantReference() throws BIDException
generateMerchantReference(String locale)
BIDException
- Something unexpected happenspublic String generateMerchantReference(String locale) throws BIDException
locale
- String containing the language in which the reference is presented. Default is no_NOBIDException
- Something unexpected happenspublic String initTransaction(String operation, String encryptedKey, String encryptedData, String encryptedAuth, String sessionID, BIDSessionData sessionData) throws BIDException
A number of values in the BIDSessionData object must be set prior to calling this functions, and some will be available upon successful invocation. For more information about the BIDSessionData values, please refer to the BankID Implementation Guide [IMPL].
operation
- String containing the operation received from clientencryptedKey
- String containing the encrypted key from clientencryptedData
- String containing the encrypted request from clientencryptedAuth
- String containing a message authentication code of all other parameterssessionID
- String containing the sid received from clientsessionData
- BIDSessionData containing some needed information about the ongoing sessionBIDException
- If something goes wrongpublic InitSessionInfo initSession(InitSessionInfo initSessionInfo) throws BIDException
initSessionInfo
- Information to BankID COI to be able to generate a client.BIDException
public void verifyTransactionRequest(String operation, String encryptedKey, String encryptedData, String encryptedAuth, String sessionID, BIDSessionData sessionData) throws BIDException
A number of values in the BIDSessionData object must be set prior to calling this functions, and some will be available upon successful invocation. For more information about the BIDSessionData values, please refer to the BankID Implementation Guide [IMPL].
If the signature does not verify or if something goes wrong an BIDException is thrown.
operation
- String containing the operation recieved from clientencryptedKey
- String containing the encrypted key from clientencryptedData
- String containing the encrypted request from clientencryptedAuth
- String containing a message authentication code of all other parameterssessionID
- String containing the sid recieved from clientsessionData
- BIDSessionData containing some needed information aboute the ongoing sessionBIDException
- If something goes wrongpublic String verifyTransactionResponse(BIDSessionData sessionData) throws BIDException
A number of values in the BIDSessionData objeckt must be set prior to calling this functions, and some will be available upon successful invocation. For more information about the BIDSessionData values, please refer to the BankID Implementation Guide [IMPL].
sessionData
- BIDSessionData containing some needed information aboute the ongoing sessionBIDException
- If something goes wrongpublic DynamicSDOData sdoExtractSignatures(byte[] sdoAsXml) throws BIDException
sdoAsXml
- byte[] The SEID_SDO as xmlBIDException
- If somethig goes wrongpublic HashMap<String,String> getTransactionInfo(String key, List<String> oidList, long timeoutInMs) throws BIDException
BIDException
Copyright © 2017 Nets Branch Norway. All Rights Reserved.