├── src
├── main
│ ├── resources
│ │ ├── application.properties
│ │ └── log4j2.xml
│ └── java
│ │ └── com
│ │ └── huawei
│ │ └── walletkit
│ │ └── tool
│ │ └── security
│ │ ├── model
│ │ ├── UnregistrationsResponse.java
│ │ ├── Certificate.java
│ │ ├── Response.java
│ │ ├── RegistrationsResponse.java
│ │ ├── RequestTokenResponse.java
│ │ ├── PersonalizeResponse.java
│ │ ├── UnregistrationsRequest.java
│ │ ├── PassDataResponse.java
│ │ ├── RegistrationsRequest.java
│ │ ├── RequestTokenRequest.java
│ │ ├── PersonalizeRequest.java
│ │ └── RequestBody.java
│ │ ├── SecurityApplication.java
│ │ ├── pass
│ │ ├── LocationInfo.java
│ │ ├── PassStatusInfo.java
│ │ ├── LanguageInfo.java
│ │ ├── BarCodeInfo.java
│ │ ├── PassDataFieldInfo.java
│ │ ├── PassDataInfo.java
│ │ ├── PassDataField.java
│ │ └── PassPackageCreator.java
│ │ ├── whitecard
│ │ └── manager
│ │ │ ├── CommonUtils.java
│ │ │ ├── KeyValueConnector.java
│ │ │ ├── ICCECarKeyDevicePassUnit.java
│ │ │ ├── ParamChecker.java
│ │ │ ├── Constants.java
│ │ │ ├── DevicePassUnit.java
│ │ │ ├── ICCECarKeyPassData.java
│ │ │ ├── AesUtils.java
│ │ │ ├── PassData.java
│ │ │ ├── WhiteCardManager.java
│ │ │ └── DataConvertUtil.java
│ │ ├── LogUtil.java
│ │ └── controller
│ │ └── PassesController.java
└── test
│ └── java
│ └── com
│ └── huawei
│ └── walletkit
│ └── tool
│ └── security
│ └── SecurityApplicationTests.java
├── Open Source Software Notice.doc
├── script
└── build.sh
├── README_ZH.md
├── README.md
├── pom.xml
├── mvnw.cmd
├── LICENSE
└── mvnw
/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=32018
--------------------------------------------------------------------------------
/Open Source Software Notice.doc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/HMS-Core/hms-wallet-nfc/HEAD/Open Source Software Notice.doc
--------------------------------------------------------------------------------
/src/test/java/com/huawei/walletkit/tool/security/SecurityApplicationTests.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security;
6 |
7 | import org.junit.jupiter.api.Test;
8 | import org.springframework.boot.test.context.SpringBootTest;
9 |
10 | @SpringBootTest
11 | class SecurityApplicationTests {
12 | @Test
13 | void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/UnregistrationsResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | /**
8 | * Response for unregister request
9 | *
10 | * @since 2020-01-17
11 | */
12 | public class UnregistrationsResponse {
13 | private String httpStatus;
14 |
15 | public String getHttpStatus() {
16 | return httpStatus;
17 | }
18 |
19 | public void setHttpStatus(String httpStatus) {
20 | this.httpStatus = httpStatus;
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/SecurityApplication.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security;
6 |
7 | import org.springframework.boot.SpringApplication;
8 | import org.springframework.boot.autoconfigure.SpringBootApplication;
9 |
10 | /**
11 | * SecurityApplication
12 | *
13 | * @author lWX883636
14 | * @since 2020-07-15
15 | */
16 | @SpringBootApplication
17 | public class SecurityApplication {
18 | public static void main(String[] args) {
19 | SpringApplication.run(SecurityApplication.class, args);
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/script/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # ***********************************************************************
3 | # Copyright: (c) Huawei Technologies Co., Ltd. 2019. All rights reserved.
4 | # script for build
5 | # version: 1.0.0
6 | # change log:
7 | # ***********************************************************************
8 | set -ex
9 | set -o pipefail
10 |
11 | #先cd到脚本所在路径,再实现其他处理逻辑,否则该脚本执行会依赖脚本执行的路径
12 | basepath=$(cd `dirname $0`; pwd)
13 | cd $basepath
14 |
15 | cd ..
16 |
17 | if [[ ${JDK_PATH} != "" ]]; then
18 | export JAVA_HOME=${JDK_PATH}
19 | export PATH=${JDK_PATH}/bin:$PATH
20 | fi
21 |
22 | #以下脚本开始实现业务具体的编译逻辑
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/Certificate.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | /**
8 | * Certificate
9 | *
10 | * @since 2020-01-17
11 | */
12 | public class Certificate {
13 | private String signature;
14 | private String publicKey;
15 |
16 | public String getSignature() {
17 | return signature;
18 | }
19 |
20 | public void setSignature(String signature) {
21 | this.signature = signature;
22 | }
23 |
24 | public String getPublicKey() {
25 | return publicKey;
26 | }
27 |
28 | public void setPublicKey(String publicKey) {
29 | this.publicKey = publicKey;
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/Response.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | /**
8 | * Response info
9 | *
10 | * @since 2020-01-17
11 | */
12 | public class Response {
13 | private String token;
14 |
15 | private Certificate certificate;
16 |
17 | public String getToken() {
18 | return token;
19 | }
20 |
21 | public void setToken(String token) {
22 | this.token = token;
23 | }
24 |
25 | public Certificate getCertificate() {
26 | return certificate;
27 | }
28 |
29 | public void setCertificate(Certificate certificate) {
30 | this.certificate = certificate;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/pass/LocationInfo.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.pass;
6 |
7 | /**
8 | * LocationInfo
9 | *
10 | * @author lWX883636
11 | * @since 2020-07-15
12 | */
13 | public class LocationInfo {
14 | private String longitude;
15 |
16 | private String latitude;
17 |
18 | public String getLongitude() {
19 | return longitude;
20 | }
21 |
22 | public void setLongitude(String longitude) {
23 | this.longitude = longitude;
24 | }
25 |
26 | public String getLatitude() {
27 | return latitude;
28 | }
29 |
30 | public void setLatitude(String latitude) {
31 | this.latitude = latitude;
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/RegistrationsResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | /**
8 | * Response for register request 1.1
9 | *
10 | * @since 2020-01-17
11 | */
12 | public class RegistrationsResponse {
13 | private String httpStatus;
14 |
15 | private Response response;
16 |
17 | public String getHttpStatus() {
18 | return httpStatus;
19 | }
20 |
21 | public void setHttpStatus(String httpStatus) {
22 | this.httpStatus = httpStatus;
23 | }
24 |
25 | public Response getResponse() {
26 | return response;
27 | }
28 |
29 | public void setResponse(Response response) {
30 | this.response = response;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/pass/PassStatusInfo.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.pass;
6 |
7 | /**
8 | * Status of pass
9 | *
10 | * @since 2019/06/25
11 | */
12 | public class PassStatusInfo {
13 | private String passId;
14 |
15 | /*
16 | * 0-inactive,1-expired,2-active, 3-pass not exist
17 | */
18 | private String status;
19 |
20 | public String getPassId() {
21 | return passId;
22 | }
23 |
24 | public void setPassId(String passId) {
25 | this.passId = passId;
26 | }
27 |
28 | public String getStatus() {
29 | return status;
30 | }
31 |
32 | public void setStatus(String status) {
33 | this.status = status;
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/RequestTokenResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | /**
8 | * Response for personalize token request 1.2
9 | *
10 | * @since 2020-01-17
11 | */
12 | public class RequestTokenResponse {
13 | private String httpStatus;
14 |
15 | private Response response;
16 |
17 | public String getHttpStatus() {
18 | return httpStatus;
19 | }
20 |
21 | public void setHttpStatus(String httpStatus) {
22 | this.httpStatus = httpStatus;
23 | }
24 |
25 | public Response getResponse() {
26 | return response;
27 | }
28 |
29 | public void setResponse(Response response) {
30 | this.response = response;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/main/resources/log4j2.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | /opt/huawei/walletkit/logs
6 | security
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/CommonUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.whitecard.manager;
6 |
7 | import static com.huawei.walletkit.tool.security.whitecard.manager.Constants.ICCE_CARKEY_PASSTYPE_PREFIX;
8 |
9 | /**
10 | * Common utils
11 | *
12 | * @since 2020-01-19
13 | */
14 | public class CommonUtils {
15 | /**
16 | * Check if string is empty
17 | *
18 | * @param str string to be checked
19 | * @return check result
20 | */
21 | public static boolean isStringEmpty(String str) {
22 | return str == null || str.trim().isEmpty();
23 | }
24 |
25 | /**
26 | * Check if passTypeIdentify belongs to ICCE
27 | * @param passTypeIdentifier passTypeIdentifier to be checked
28 | * @return check result
29 | */
30 | public static boolean isICCECarKey(String passTypeIdentifier) {
31 | return passTypeIdentifier != null && passTypeIdentifier.contains(ICCE_CARKEY_PASSTYPE_PREFIX);
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/pass/LanguageInfo.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.pass;
6 |
7 | /**
8 | * Multi-language info
9 | *
10 | * @since 2018/09/2
11 | */
12 | public class LanguageInfo {
13 | /**
14 | * Key value of the message
15 | */
16 | private String key;
17 |
18 | /**
19 | * Language type
20 | */
21 | private String language;
22 |
23 | /**
24 | * Value in the language
25 | */
26 | private String value;
27 |
28 | public String getKey() {
29 | return key;
30 | }
31 |
32 | public void setKey(String key) {
33 | this.key = key;
34 | }
35 |
36 | public String getLanguage() {
37 | return language;
38 | }
39 |
40 | public void setLanguage(String language) {
41 | this.language = language;
42 | }
43 |
44 | public String getValue() {
45 | return value;
46 | }
47 |
48 | public void setValue(String value) {
49 | this.value = value;
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/PersonalizeResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | /**
8 | * 1.3 Personalize data response
9 | *
10 | * @since 2020-01-17
11 | */
12 | public class PersonalizeResponse {
13 | /**
14 | * 200:Success
15 | * 401:Request error(token error)
16 | * 402:Signature check error
17 | */
18 | private String httpStatus;
19 |
20 | private PassDataResponse response;
21 |
22 | private String signature;
23 |
24 | public String getHttpStatus() {
25 | return httpStatus;
26 | }
27 |
28 | public void setHttpStatus(String httpStatus) {
29 | this.httpStatus = httpStatus;
30 | }
31 |
32 | public PassDataResponse getResponse() {
33 | return response;
34 | }
35 |
36 | public void setResponse(PassDataResponse response) {
37 | this.response = response;
38 | }
39 |
40 | public String getSignature() {
41 | return signature;
42 | }
43 |
44 | public void setSignature(String signature) {
45 | this.signature = signature;
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/README_ZH.md:
--------------------------------------------------------------------------------
1 | # 华为钱包服务NFC示例代码
2 |
3 | ## 目录
4 |
5 | * [简介](#简介)
6 | * [安装](#安装)
7 | * [环境要求](#环境要求)
8 | * [示例代码](#示例代码)
9 | * [授权许可](#授权许可)
10 |
11 | ## 简介
12 | 本示例代码展示如何使用华为钱包服务(HUAWEI Wallet Kit)NFC刷卡能力。
13 |
14 | ## 安装
15 | 运行示例代码前,您需安装Java和Maven。
16 |
17 | ## 环境要求
18 | 建议您使用Oracle Java 1.8。
19 |
20 | ## 示例代码
21 | PassesController为统一入口类,定义了需要实现的接口。
22 |
23 | 1. 注册接口
24 | 调用注册接口注册、获取三方鉴权及授权证书。
25 |
26 | 2. 申请个性化token
27 | 调用requestToken方法申请个性化token。
28 |
29 | 3. 获取个性化数据
30 | 调用getPersonalInfo接口获取个性化数据。
31 |
32 | 4. 取消注册
33 | 用户删除卡券时,华为钱包将调用取消注册接口通知您卡券已删除。
34 |
35 | ## 技术支持
36 | 如果您对HMS Core还处于评估阶段,可在[Reddit社区](https://www.reddit.com/r/HuaweiDevelopers/)获取关于HMS Core的最新讯息,并与其他开发者交流见解。
37 |
38 | 如果您对使用HMS示例代码有疑问,请尝试:
39 | - 开发过程遇到问题上[Stack Overflow](https://stackoverflow.com/questions/tagged/huawei-mobile-services),在`huawei-mobile-services`标签下提问,有华为研发专家在线一对一解决您的问题。
40 | - 到[华为开发者论坛](https://developer.huawei.com/consumer/cn/forum/blockdisplay?fid=18) HMS Core板块与其他开发者进行交流。
41 |
42 | 如果您在尝试示例代码中遇到问题,请向仓库提交[issue](https://github.com/HMS-Core/hms-wallet-nfc/issues),也欢迎您提交[Pull Request](https://github.com/HMS-Core/hms-wallet-nfc/pulls)。
43 |
44 | ## 授权许可
45 | 华为钱包服务NFC刷卡能力集成示例代码经过[Apache License, version 2.0](http://www.apache.org/licenses/LICENSE-2.0)授权许可。
46 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/pass/BarCodeInfo.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.pass;
6 |
7 | /**
8 | * Barcode class
9 | *
10 | * @since 2019-10-23
11 | */
12 | public class BarCodeInfo {
13 | private String text;
14 |
15 | /**
16 | * Type of barcode, maybe the value "codabar", "qrCode", "textOnly" etc.
17 | */
18 | private String type;
19 |
20 | private String value;
21 |
22 | private String encoding;
23 |
24 | public String getText() {
25 | return text;
26 | }
27 |
28 | public void setText(String text) {
29 | this.text = text;
30 | }
31 |
32 | public String getType() {
33 | return type;
34 | }
35 |
36 | public void setType(String type) {
37 | this.type = type;
38 | }
39 |
40 | public String getValue() {
41 | return value;
42 | }
43 |
44 | public void setValue(String value) {
45 | this.value = value;
46 | }
47 |
48 | public String getEncoding() {
49 | return encoding;
50 | }
51 |
52 | public void setEncoding(String encoding) {
53 | this.encoding = encoding;
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/KeyValueConnector.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.whitecard.manager;
6 |
7 | /**
8 | * Combine the key-value string in format "key=value&key=value...&key=value"
9 | *
10 | * @since 2020-02-20
11 | */
12 | public class KeyValueConnector {
13 | private StringBuilder builder;
14 |
15 | /**
16 | * append function
17 | *
18 | * @param key key
19 | * @param value value
20 | * @return keyvalueConnector
21 | */
22 | public KeyValueConnector append(String key, String value) {
23 | if (key == null || key.trim().isEmpty()) {
24 | return this;
25 | }
26 | if (builder == null) {
27 | builder = new StringBuilder();
28 | } else {
29 | builder.append("&");
30 | }
31 | builder.append(key).append("=");
32 | if (value != null) {
33 | builder.append(value);
34 | }
35 | return this;
36 | }
37 |
38 | /**
39 | * toString 方法
40 | *
41 | * @return string
42 | */
43 | public String toString() {
44 | if (builder == null) {
45 | return "";
46 | } else {
47 | return builder.toString();
48 | }
49 | }
50 | }
51 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/UnregistrationsRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | import com.huawei.walletkit.tool.security.whitecard.manager.KeyValueConnector;
8 |
9 | /**
10 | * Unregister request
11 | *
12 | * @since 2020-01-17
13 | */
14 | public class UnregistrationsRequest {
15 | private RequestBody requestBody;
16 |
17 | private String signature;
18 |
19 | public RequestBody getRequestBody() {
20 | return requestBody;
21 | }
22 |
23 | public void setRequestBody(RequestBody requestBody) {
24 | this.requestBody = requestBody;
25 | }
26 |
27 | public String getSignature() {
28 | return signature;
29 | }
30 |
31 | public void setSignature(String signature) {
32 | this.signature = signature;
33 | }
34 |
35 | /**
36 | * Assemble the content of the requestbody in ascending order of Key values
37 | * according to k=v&k=v format
38 | *
39 | * @return formatted string
40 | */
41 | public String toJsonString() {
42 | return new KeyValueConnector().append("passTypeIdentifier", requestBody.getPassTypeIdentifier())
43 | .append("serialNumber", requestBody.getSerialNumber())
44 | .append("transId", requestBody.getTransId())
45 | .append("userDeviceId", requestBody.getUserDeviceId())
46 | .toString();
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/PassDataResponse.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | import com.huawei.walletkit.tool.security.whitecard.manager.KeyValueConnector;
8 |
9 | /**
10 | * PassDataResponse
11 | *
12 | * @since 2020-01-17
13 | */
14 | public class PassDataResponse {
15 | private String encryptDevicePass;
16 | private String encryptAppletPersonalizeFields;
17 | private String encryptSessionKey;
18 |
19 | public String getEncryptDevicePass() {
20 | return encryptDevicePass;
21 | }
22 |
23 | public void setEncryptDevicePass(String encryptDevicePass) {
24 | this.encryptDevicePass = encryptDevicePass;
25 | }
26 |
27 | public String getEncryptAppletPersonalizeFields() {
28 | return encryptAppletPersonalizeFields;
29 | }
30 |
31 | public void setEncryptAppletPersonalizeFields(String encryptAppletPersonalizeFields) {
32 | this.encryptAppletPersonalizeFields = encryptAppletPersonalizeFields;
33 | }
34 |
35 | public String getEncryptSessionKey() {
36 | return encryptSessionKey;
37 | }
38 |
39 | public void setEncryptSessionKey(String encryptSessionKey) {
40 | this.encryptSessionKey = encryptSessionKey;
41 | }
42 |
43 | /**
44 | * toString()方法
45 | *
46 | * @return 返回一个toString 字串
47 | */
48 | public String toJsonString() {
49 | return new KeyValueConnector()
50 | .append("encryptAppletPersonalizeFields", encryptAppletPersonalizeFields)
51 | .append("encryptDevicePass", encryptDevicePass)
52 | .append("encryptSessionKey", encryptSessionKey)
53 | .toString();
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/RegistrationsRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | import com.huawei.walletkit.tool.security.whitecard.manager.KeyValueConnector;
8 |
9 | /**
10 | * RegistrationsRequest 1.1
11 | *
12 | * @since 2020-01-17
13 | */
14 | public class RegistrationsRequest {
15 | private RequestBody requestBody;
16 |
17 | private String signature;
18 |
19 | private Certificate certificate;
20 |
21 | public RequestBody getRequestBody() {
22 | return requestBody;
23 | }
24 |
25 | public void setRequestBody(RequestBody requestBody) {
26 | this.requestBody = requestBody;
27 | }
28 |
29 | public String getSignature() {
30 | return signature;
31 | }
32 |
33 | public void setSignature(String signature) {
34 | this.signature = signature;
35 | }
36 |
37 | public Certificate getCertificate() {
38 | return certificate;
39 | }
40 |
41 | public void setCertificate(Certificate certificate) {
42 | this.certificate = certificate;
43 | }
44 |
45 | /**
46 | * Assemble the content of the requestbody in ascending order of Key values
47 | * according to k=v&k=v format
48 | *
49 | * @return formatted string
50 | */
51 | public String toJsonString() {
52 | return new KeyValueConnector().append("passTypeIdentifier", requestBody.getPassTypeIdentifier())
53 | .append("passVersion", requestBody.getPassVersion())
54 | .append("serialNumber", requestBody.getSerialNumber())
55 | .append("transId", requestBody.getTransId())
56 | .append("userDeviceId", requestBody.getUserDeviceId())
57 | .toString();
58 | }
59 | }
60 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/RequestTokenRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | import com.huawei.walletkit.tool.security.whitecard.manager.KeyValueConnector;
8 |
9 | /**
10 | * Personalize token request 1.2
11 | *
12 | * @since 2020-01-17
13 | */
14 | public class RequestTokenRequest {
15 | private RequestBody requestBody;
16 |
17 | private String signature;
18 |
19 | private Certificate certificate;
20 |
21 | public RequestBody getRequestBody() {
22 | return requestBody;
23 | }
24 |
25 | public void setRequestBody(RequestBody requestBody) {
26 | this.requestBody = requestBody;
27 | }
28 |
29 | public String getSignature() {
30 | return signature;
31 | }
32 |
33 | public void setSignature(String signature) {
34 | this.signature = signature;
35 | }
36 |
37 | public Certificate getCertificate() {
38 | return certificate;
39 | }
40 |
41 | public void setCertificate(Certificate certificate) {
42 | this.certificate = certificate;
43 | }
44 |
45 | /**
46 | * Assemble the content of the requestbody in ascending order of Key values
47 | * according to k=v&k=v format
48 | *
49 | * @return formatted string
50 | */
51 | public String toJsonString() {
52 | return new KeyValueConnector().append("passTypeIdentifier", requestBody.getPassTypeIdentifier())
53 | .append("passVersion", requestBody.getPassVersion())
54 | .append("serialNumber", requestBody.getSerialNumber())
55 | .append("transId", requestBody.getTransId())
56 | .append("userDeviceId", requestBody.getUserDeviceId())
57 | .toString();
58 | }
59 | }
60 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/pass/PassDataFieldInfo.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.pass;
6 |
7 | import java.io.Serializable;
8 |
9 | /**
10 | * Data field of pass
11 | *
12 | * @since 2018/08/11
13 | */
14 | public class PassDataFieldInfo implements Serializable {
15 | private static final long serialVersionUID = -6148888288911963340L;
16 |
17 | /**
18 | * Key of the field
19 | */
20 | private String key;
21 |
22 | /**
23 | * Labek of the field
24 | */
25 | private String label;
26 |
27 | /**
28 | * Value of the field
29 | */
30 | private String value;
31 |
32 | /**
33 | * Redirect url
34 | */
35 | private String redirectUrl;
36 |
37 | private String localizedLabel;
38 |
39 | private String localizedValue;
40 |
41 | public PassDataFieldInfo() {
42 | }
43 |
44 | public PassDataFieldInfo(String key, String label, String value) {
45 | this.key = key;
46 | this.label = label;
47 | this.value = value;
48 | }
49 |
50 | public String getKey() {
51 | return key;
52 | }
53 |
54 | public void setKey(String key) {
55 | this.key = key;
56 | }
57 |
58 | public String getLabel() {
59 | return label;
60 | }
61 |
62 | public void setLabel(String label) {
63 | this.label = label;
64 | }
65 |
66 | public String getValue() {
67 | return value;
68 | }
69 |
70 | public void setValue(String value) {
71 | this.value = value;
72 | }
73 |
74 | public String getLocalizedLabel() {
75 | return localizedLabel;
76 | }
77 |
78 | public void setLocalizedLabel(String localizedLabel) {
79 | this.localizedLabel = localizedLabel;
80 | }
81 |
82 | public String getLocalizedValue() {
83 | return localizedValue;
84 | }
85 |
86 | public void setLocalizedValue(String localizedValue) {
87 | this.localizedValue = localizedValue;
88 | }
89 |
90 | public String getRedirectUrl() {
91 | return redirectUrl;
92 | }
93 |
94 | public void setRedirectUrl(String redirectUrl) {
95 | this.redirectUrl = redirectUrl;
96 | }
97 | }
98 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # HMS Wallet NFC Demo
2 |
3 | ## Table of Contents
4 |
5 | * [Introduction](#introduction)
6 | * [Installation](#installation)
7 | * [Supported Environment](#supported-environment)
8 | * [Sample Code](#sample-code)
9 | * [License](#license)
10 |
11 | ## Introduction
12 | This is sample code on how to use WalletKit NFC capabilities. You can realize the function of NFC card swiping ability through sample code.
13 |
14 | ## Installation
15 | Before running the demo code, you should have installed Java and Maven.
16 |
17 | ## Supported environment
18 | Oracle Java 1.8 is recommended.
19 |
20 | ## Sample code
21 | PassesController is a unified entry class, which defines the interfaces that need to be implemented.
22 |
23 | 1. Registration interface
24 | You can register and obtain the three-party authentication and authorization certificate by calling the register interface.
25 |
26 | 2. Apply for a personalized token
27 | You can implement the requestToken method to apply for a personalized token.
28 |
29 | 3. Get personalized data
30 | You can transfer personalized data through the getPersonalInfo interface.
31 |
32 | 4. Unregister
33 | When the wallet deletes the card, it will call this interface to inform you that the card has been deleted.
34 |
35 | ## Question or issues
36 | If you want to evaluate more about HMS Core,
37 | [r/HMSCore on Reddit](https://www.reddit.com/r/HuaweiDevelopers/) is for you to keep up with latest news about HMS Core, and to exchange insights with other developers.
38 |
39 | If you have questions about how to use HMS samples, try the following options:
40 | - [Stack Overflow](https://stackoverflow.com/questions/tagged/huawei-mobile-services) is the best place for any programming questions. Be sure to tag your question with
41 | `huawei-mobile-services`.
42 | - [Huawei Developer Forum](https://forums.developer.huawei.com/forumPortal/en/home?fid=0101187876626530001) HMS Core Module is great for general questions, or seeking recommendations and opinions.
43 |
44 | If you run into a bug in our samples, please submit an [issue](https://github.com/HMS-Core/hms-wallet-nfc/issues) to the Repository. Even better you can submit a [Pull Request](https://github.com/HMS-Core/hms-wallet-nfc/pulls) with a fix.
45 |
46 | ## License
47 | HMS wallet server sample code is licensed under the [Apache License, version 2.0](http://www.apache.org/licenses/LICENSE-2.0).
48 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/ICCECarKeyDevicePassUnit.java:
--------------------------------------------------------------------------------
1 | package com.huawei.walletkit.tool.security.whitecard.manager;
2 |
3 | import com.huawei.walletkit.tool.security.LogUtil;
4 | import com.huawei.walletkit.tool.security.model.PassDataResponse;
5 |
6 | public class ICCECarKeyDevicePassUnit extends DevicePassUnit{
7 | private static final String TAG = "ICCECarKeyDevicePassUnit";
8 | @Override
9 | public PassDataResponse toJson(String transId, String taPublicKey, String appletPersonalizePublicKey) {
10 | generatePassData(transId, taPublicKey, appletPersonalizePublicKey);
11 | PassDataResponse dataInfo = new PassDataResponse();
12 | dataInfo.setEncryptAppletPersonalizeFields(encryptAppletPersonalizeFields);
13 | dataInfo.setEncryptSessionKey(encryptSessionKey);
14 | return dataInfo;
15 | }
16 |
17 | @Override
18 | protected void generatePassData(String transId, String taPublicKey, String appletPublicKey) {
19 | LogUtil.info(TAG, "generatePassData, transId=" + LogUtil.parseSensitiveinfo(transId));
20 | LogUtil.info(TAG, "generatePassData, taPublicKey=" + LogUtil.parseSensitiveinfo(taPublicKey));
21 | LogUtil.info(TAG, "generatePassData, appletPublicKey=" + LogUtil.parseSensitiveinfo(appletPublicKey));
22 | String aesKey = AesUtils.getAesKey(16);
23 | String aesIv = AesUtils.getAesIV();
24 | String originKey = transId + aesKey + aesIv;
25 | // Encrypt originKey with taPublicKey
26 | encryptSessionKey = DataConvertUtil.encryptToBase64ByPublicKey(originKey, taPublicKey,
27 | DataConvertUtil.TA_PUBLIC_KEY_ENCRYPT_MODE);
28 | LogUtil.info(TAG, "generatePassData, encryptSessionKey=" + LogUtil.parseSensitiveinfo(encryptSessionKey));
29 |
30 | // get personalize data
31 | String personalizeData = ICCECarKeyPassData.getPersonalizeData(appletPublicKey);
32 | LogUtil.info(TAG, "generatePassData, personalizeData=" + LogUtil.parseSensitiveinfo(personalizeData));
33 | // Encrypt personalize data with key-iv
34 | encryptAppletPersonalizeFields =
35 | AesUtils.encryptToBase64(personalizeData, aesKey, aesIv, AesUtils.AES_CBC_PKCS_5_PADDING);
36 | LogUtil.info(TAG, "generatePassData, encryptAppletPersonalizeFields=" + encryptAppletPersonalizeFields, true);
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/PersonalizeRequest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | import com.huawei.walletkit.tool.security.whitecard.manager.CommonUtils;
8 | import com.huawei.walletkit.tool.security.whitecard.manager.KeyValueConnector;
9 |
10 | /**
11 | * 1.3 Personalize request
12 | *
13 | * @since 2020-01-17
14 | */
15 | public class PersonalizeRequest {
16 | private RequestBody requestBody;
17 |
18 | private String signature;
19 |
20 | private Certificate certificate;
21 |
22 | public RequestBody getRequestBody() {
23 | return requestBody;
24 | }
25 |
26 | public void setRequestBody(RequestBody requestBody) {
27 | this.requestBody = requestBody;
28 | }
29 |
30 | public String getSignature() {
31 | return signature;
32 | }
33 |
34 | public void setSignature(String signature) {
35 | this.signature = signature;
36 | }
37 |
38 | public Certificate getCertificate() {
39 | return certificate;
40 | }
41 |
42 | public void setCertificate(Certificate certificate) {
43 | this.certificate = certificate;
44 | }
45 |
46 | /**
47 | * Assemble the content of the requestbody in ascending order of Key values
48 | * according to k=v&k=v format
49 | *
50 | * @param token Personalize token, used to check the request
51 | * @return formatted string
52 | */
53 | public String toJsonString(String token) {
54 | KeyValueConnector connector = new KeyValueConnector();
55 | if (CommonUtils.isICCECarKey(requestBody.getPassTypeIdentifier())) {
56 | connector.append("cardSEId", requestBody.getCardSEId());
57 | }
58 |
59 | return connector.append("passTypeIdentifier", requestBody.getPassTypeIdentifier())
60 | .append("passVersion", requestBody.getPassVersion())
61 | .append("personalizeCert", requestBody.getPersonalizeCert())
62 | .append("personalizeCertType", requestBody.getPersonalizeCertType())
63 | .append("personalizePublicKey", requestBody.getPersonalizePublicKey())
64 | .append("serialNumber", requestBody.getSerialNumber())
65 | .append("token", token)
66 | .append("transId", requestBody.getTransId())
67 | .append("transPublicKey", requestBody.getTransPublicKey())
68 | .append("userDeviceId", requestBody.getUserDeviceId())
69 | .toString();
70 | }
71 | }
72 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/model/RequestBody.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.model;
6 |
7 | /**
8 | * Request body data
9 | *
10 | * @since 2020-01-17
11 | */
12 | public class RequestBody {
13 | private String cardSEId;
14 |
15 | private String passTypeIdentifier;
16 |
17 | private String serialNumber;
18 |
19 | private String passVersion;
20 |
21 | private String userDeviceId;
22 |
23 | private String personalizePublicKey;
24 |
25 | private String personalizeCert;
26 |
27 | private String personalizeCertType;
28 |
29 | private String transPublicKey;
30 |
31 | private String transId;
32 |
33 | public String getCardSEId() {
34 | return cardSEId;
35 | }
36 |
37 | public void setCardSEId(String cardSEId) {
38 | this.cardSEId = cardSEId;
39 | }
40 |
41 | public String getPassTypeIdentifier() {
42 | return passTypeIdentifier;
43 | }
44 |
45 | public void setPassTypeIdentifier(String passTypeIdentifier) {
46 | this.passTypeIdentifier = passTypeIdentifier;
47 | }
48 |
49 | public String getSerialNumber() {
50 | return serialNumber;
51 | }
52 |
53 | public void setSerialNumber(String serialNumber) {
54 | this.serialNumber = serialNumber;
55 | }
56 |
57 | public String getPassVersion() {
58 | return passVersion;
59 | }
60 |
61 | public void setPassVersion(String passVersion) {
62 | this.passVersion = passVersion;
63 | }
64 |
65 | public String getUserDeviceId() {
66 | return userDeviceId;
67 | }
68 |
69 | public void setUserDeviceId(String userDeviceId) {
70 | this.userDeviceId = userDeviceId;
71 | }
72 |
73 | public String getPersonalizePublicKey() {
74 | return personalizePublicKey;
75 | }
76 |
77 | public void setPersonalizePublicKey(String personalizePublicKey) {
78 | this.personalizePublicKey = personalizePublicKey;
79 | }
80 |
81 | public String getPersonalizeCert() {
82 | return personalizeCert;
83 | }
84 |
85 | public void setPersonalizeCert(String personalizeCert) {
86 | this.personalizeCert = personalizeCert;
87 | }
88 |
89 | public String getTransPublicKey() {
90 | return transPublicKey;
91 | }
92 |
93 | public void setTransPublicKey(String transPublicKey) {
94 | this.transPublicKey = transPublicKey;
95 | }
96 |
97 | public String getTransId() {
98 | return transId;
99 | }
100 |
101 | public void setTransId(String transId) {
102 | this.transId = transId;
103 | }
104 |
105 | public String getPersonalizeCertType() {
106 | return personalizeCertType;
107 | }
108 |
109 | public void setPersonalizeCertType(String personalizeCertType) {
110 | this.personalizeCertType = personalizeCertType;
111 | }
112 | }
113 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/LogUtil.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security;
6 |
7 | import java.util.logging.Level;
8 | import java.util.logging.Logger;
9 |
10 | /**
11 | * LogUtil
12 | *
13 | * @author lWX883636
14 | * @since 2020-07-16
15 | */
16 | public class LogUtil {
17 | private static final Logger LOGGER = Logger.getLogger(LogUtil.class.getName());
18 |
19 | private static final String SYMBOL = "*";
20 |
21 | /**
22 | * log set level
23 | *
24 | * @param newLevel Level
25 | */
26 | public static void setLevel(Level newLevel) {
27 | LOGGER.setLevel(newLevel);
28 | }
29 |
30 | /**
31 | * get log level
32 | *
33 | * @return Level
34 | */
35 | public static Level getLevel() {
36 | return LOGGER.getLevel();
37 | }
38 |
39 | /**
40 | * info
41 | *
42 | * @param msg String
43 | */
44 | public static void info(String msg) {
45 | info("", msg);
46 | }
47 |
48 | /**
49 | * info
50 | *
51 | * @param tag String
52 | * @param msg String
53 | */
54 | public static void info(String tag, String msg) {
55 | info(tag, msg, false);
56 | }
57 |
58 | /**
59 | * info
60 | *
61 | * @param tag String
62 | * @param msg String
63 | * @param isSensitiveInfo boolean
64 | */
65 | public static void info(String tag, String msg, boolean isSensitiveInfo) {
66 | LOGGER.info(getMsg(tag, msg, isSensitiveInfo));
67 | }
68 |
69 |
70 | /**
71 | * warning
72 | *
73 | * @param msg String
74 | */
75 | public static void warning(String msg) {
76 | warning("", msg);
77 | }
78 |
79 | /**
80 | * warning
81 | *
82 | * @param tag String
83 | * @param msg String
84 | */
85 | public static void warning(String tag, String msg) {
86 | warning("", msg, false);
87 | }
88 |
89 | /**
90 | * warning
91 | *
92 | * @param tag String
93 | * @param msg String
94 | * @param isSensitiveInfo boolean
95 | */
96 | public static void warning(String tag, String msg, boolean isSensitiveInfo) {
97 | LOGGER.warning(getMsg(tag, msg, isSensitiveInfo));
98 | }
99 |
100 |
101 | private static String getMsg(String tag, String msg, boolean isSensitiveInfo) {
102 | String log = "";
103 | if (tag != null && !tag.isEmpty()) {
104 | log = tag + ":";
105 | }
106 | if (msg != null) {
107 | if (isSensitiveInfo) {
108 | log = parseSensitiveinfo(log + msg);
109 | } else {
110 | log = log + msg;
111 | }
112 | }
113 | return log;
114 | }
115 |
116 | /**
117 | * parseSensitiveinfo
118 | *
119 | * @param log String
120 | * @return String
121 | */
122 | public static String parseSensitiveinfo(String log) {
123 | if (null == log || log.isEmpty()) {
124 | return "";
125 | }
126 | StringBuilder stringBuilder = new StringBuilder();
127 | for (int i = 0; i < log.length(); i++) {
128 | if (i % 2 == 0) {
129 | stringBuilder.append(log.charAt(i));
130 | } else {
131 | stringBuilder.append(SYMBOL);
132 | }
133 | }
134 | return stringBuilder.toString();
135 | }
136 | }
137 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/pass/PassDataInfo.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.pass;
6 |
7 | /**
8 | * Class of pass data
9 | *
10 | * @since 2018/08/11
11 | */
12 | public class PassDataInfo {
13 | /**
14 | * Pass structure version
15 | */
16 | private String formatVersion;
17 |
18 | /**
19 | * Pass type
20 | */
21 | private String passTypeIdentifier;
22 |
23 | /**
24 | * Pass Style
25 | */
26 | private String passStyleIdentifier;
27 |
28 | /**
29 | * Issuer name
30 | */
31 | private String organizationName;
32 |
33 | /**
34 | * Id or issuer
35 | */
36 | private String organizationPassId;
37 |
38 | /**
39 | * URL to the sp server
40 | */
41 | private String webServiceURL;
42 |
43 | private String authorizationToken;
44 |
45 | private String serialNumber;
46 |
47 | private String createPassTime;
48 |
49 | private PassDataField fields;
50 |
51 | private String passVersion;
52 |
53 | public PassDataField getFields() {
54 | return fields;
55 | }
56 |
57 | public void setFields(PassDataField fields) {
58 | this.fields = fields;
59 | }
60 |
61 | public String getFormatVersion() {
62 | return formatVersion;
63 | }
64 |
65 | public void setFormatVersion(String formatVersion) {
66 | this.formatVersion = formatVersion;
67 | }
68 |
69 | public String getPassTypeIdentifier() {
70 | return passTypeIdentifier;
71 | }
72 |
73 | public void setPassTypeIdentifier(String passTypeIdentifier) {
74 | this.passTypeIdentifier = passTypeIdentifier;
75 | }
76 |
77 | public String getPassStyleIdentifier() {
78 | return passStyleIdentifier;
79 | }
80 |
81 | public void setPassStyleIdentifier(String passStyleIdentifier) {
82 | this.passStyleIdentifier = passStyleIdentifier;
83 | }
84 |
85 | public String getOrganizationName() {
86 | return organizationName;
87 | }
88 |
89 | public void setOrganizationName(String organizationName) {
90 | this.organizationName = organizationName;
91 | }
92 |
93 | public String getOrganizationPassId() {
94 | return organizationPassId;
95 | }
96 |
97 | public void setOrganizationPassId(String organizationPassId) {
98 | this.organizationPassId = organizationPassId;
99 | }
100 |
101 | public String getWebServiceURL() {
102 | return webServiceURL;
103 | }
104 |
105 | public void setWebServiceURL(String webServiceURL) {
106 | this.webServiceURL = webServiceURL;
107 | }
108 |
109 | public String getAuthorizationToken() {
110 | return authorizationToken;
111 | }
112 |
113 | public void setAuthorizationToken(String authorizationToken) {
114 | this.authorizationToken = authorizationToken;
115 | }
116 |
117 | public String getSerialNumber() {
118 | return serialNumber;
119 | }
120 |
121 | public void setSerialNumber(String serialNumber) {
122 | this.serialNumber = serialNumber;
123 | }
124 |
125 | public String getCreatePassTime() {
126 | return createPassTime;
127 | }
128 |
129 | public void setCreatePassTime(String createPassTime) {
130 | this.createPassTime = createPassTime;
131 | }
132 |
133 | public String getPassVersion() {
134 | return passVersion;
135 | }
136 |
137 | public void setPassVersion(String passVersion) {
138 | this.passVersion = passVersion;
139 | }
140 |
141 | }
142 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/ParamChecker.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.whitecard.manager;
6 |
7 | import com.huawei.walletkit.tool.security.LogUtil;
8 | import com.huawei.walletkit.tool.security.model.Certificate;
9 | import com.huawei.walletkit.tool.security.model.RegistrationsRequest;
10 | import com.huawei.walletkit.tool.security.model.RequestBody;
11 |
12 | import java.nio.charset.Charset;
13 |
14 | /**
15 | * Parameters checker
16 | *
17 | * @since 2020-01-19
18 | */
19 | public class ParamChecker {
20 | private static final String TAG = "ParamChecker";
21 |
22 | /**
23 | * Check if the certificate is valid
24 | *
25 | * @param certificate certificate to be checked
26 | * @return true if valid, else false
27 | */
28 | public static boolean isValidCertificate(Certificate certificate) {
29 | if (certificate == null || CommonUtils.isStringEmpty(certificate.getSignature())
30 | || CommonUtils.isStringEmpty(certificate.getPublicKey())) {
31 | return false;
32 | }
33 | return true;
34 | }
35 |
36 | /**
37 | * Check the register request
38 | *
39 | * @param request register request
40 | * @return true if valid, else false
41 | */
42 | public static boolean isValidRegistrationsRequest(RegistrationsRequest request) {
43 | if (request == null) {
44 | return false;
45 | }
46 | RequestBody requestBody = request.getRequestBody();
47 | if (requestBody == null || CommonUtils.isStringEmpty(requestBody.getUserDeviceId())
48 | || CommonUtils.isStringEmpty(requestBody.getSerialNumber())
49 | || CommonUtils.isStringEmpty(requestBody.getPassTypeIdentifier())) {
50 | return false;
51 | }
52 | if (CommonUtils.isStringEmpty(request.getSignature())) {
53 | return false;
54 | }
55 | if (!isValidCertificate(request.getCertificate())) {
56 | return false;
57 | }
58 | return true;
59 | }
60 |
61 | /**
62 | * Signature verification of the hash value of the target string
63 | *
64 | * @param content target string
65 | * @param signature signature value
66 | * @param publicKey public key
67 | * @param mode sign mode
68 | * @return true if verify success, else false
69 | */
70 | public static boolean hashSignatureCheck(String content, String signature, String publicKey, String mode) {
71 | String hashValue = DataConvertUtil.encodeSHA256(content);
72 | LogUtil.info(TAG, "hashSignatureCheck, content=" + content + ", hashValue=" + hashValue, true);
73 | boolean result = DataConvertUtil.checkSign(hashValue, signature, publicKey, mode);
74 | LogUtil.info(TAG, "hashSignatureCheck, result=" + result);
75 | return result;
76 | }
77 |
78 | /**
79 | * Check sp certificate
80 | *
81 | * @param certificate sp certificate
82 | * @return true if valid, else false
83 | */
84 | public static boolean checkSpServerCertificate(Certificate certificate) {
85 | if (!isValidCertificate(certificate)) {
86 | return false;
87 | }
88 | boolean result = DataConvertUtil.checkSign(certificate.getPublicKey(),
89 | certificate.getSignature(), Constants.SERVER_PUBLIC_KEY, DataConvertUtil.SIGN_MODE_SHA256_RSA_PSS);
90 | LogUtil.info("checkSpServerCertificate, result=" + result);
91 | return result;
92 | }
93 |
94 | /**
95 | * Check if the string equals to the byte array
96 | *
97 | * @param bytes byte array
98 | * @param hashValue string
99 | * @return true if equal, else false
100 | */
101 | public static boolean checkHashValueEqual(byte[] bytes, String hashValue) {
102 | if (bytes == null || hashValue == null) {
103 | return false;
104 | }
105 | String resultStr = new String(bytes, Charset.defaultCharset());
106 | return resultStr.trim().equals(hashValue);
107 | }
108 | }
109 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/Constants.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.whitecard.manager;
6 |
7 | /**
8 | * Constant values
9 | *
10 | * @since 2020-02-18
11 | */
12 | public class Constants {
13 | /**
14 | * Public key of wallet server
15 | */
16 | public static final String WALLET_PUBLIC_KEY = "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA"
17 | + "5w4ii7rh2J6B371m02C+FBFgp9vZ8aS6nv5nBdAaMWpETj6bzZ1rFiGFF99o7qSbbh63cKgic0dARMed6HC"
18 | + "lOC5QGB7o16FwZGemrjN/z8/4dXc5OcUVs8BuebeJC4OvKTT7roQ7p9GuGgg1jrGgFkfC+nkWGt3ePE0tiX"
19 | + "JfH5f341X1OyKHSjdF5N6QYM0m73+XxS1foq3IyyIHrjq4I9uH1QjpFOF+9jo35bAYcNUquONUd6J55gAc/"
20 | + "Cztje6KfNmKBz24zwwoRkbXmNcaphK/t/z5N3FZsiS70GFv6iABXBR7j6ceaWzs24oQ2A1LuakXNN2ORnVn"
21 | + "j8laSxlMpey5Ci+eicU+mL1ivixGDmDhCgT4u4tj4vvD/AV+z88nUR83muwZ3+J3ASBFZVaBrMeeX6o+8rn"
22 | + "+iK+WvP5SLL2DLpffiMX0QqwA6C/RVW8KDh8Jq9yNkE0Uy81yVO0BJctY6t35d0fucLmwTa2YMSqV12dDfe"
23 | + "MZjxMDhmJVDUD/AgMBAAE=";
24 |
25 | /**
26 | * Public key of sp server
27 | */
28 | public static final String SERVER_PUBLIC_KEY =
29 | "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+1YI9jy7Cy8yH667h5DfLPqoVtizr73"
30 | + "HCewIsqXpduef6fDmKItbpMRehFxZwnk0IcnFJqRb/UlsXSDTjGLXaDYux5MLf9ttXkGxd37AOOi"
31 | + "yrikktsmguSWP6Eu5NJRX0KWWdCvUrmcGTgeauMuY05kg/hq9ymYyDIIImwgms37bgnnIme1Ukj8"
32 | + "Tz9h8vPtF0p6FtXANCAbuzeSA8SYZ9ZXBBfT4Oa5xpQv2Rzv1HeoBYd6UZhNwzE1LaOtOD+N0J25"
33 | + "oJrHM+npvFxfnU7iBnXmHjJxjUuck17SISRIMRbFRcXHsKskGT/5z9i2XqrXAESt7+uCWpLyahcu" + "mqSbmwIDAQAB";
34 |
35 | /**
36 | * Private key of sp server
37 | */
38 | public static final String SERVER_SECRET_KEY =
39 | "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDD7Vgj2PLsLLzIfrruHkN8s+qh"
40 | + "W2LOvvccJ7Aiypel255/p8OYoi1ukxF6EXFnCeTQhycUmpFv9SWxdINOMYtdoNi7Hkwt/221eQbF"
41 | + "3fsA46LKuKSS2yaC5JY/oS7k0lFfQpZZ0K9SuZwZOB5q4y5jTmSD+Gr3KZjIMggibCCazftuCeci"
42 | + "Z7VSSPxPP2Hy8+0XSnoW1cA0IBu7N5IDxJhn1lcEF9Pg5rnGlC/ZHO/Ud6gFh3pRmE3DMTUto604"
43 | + "P43Qnbmgmscz6em8XF+dTuIGdeYeMnGNS5yTXtIhJEgxFsVFxcewqyQZP/nP2LZeqtcARK3v64Ja"
44 | + "kvJqFy6apJubAgMBAAECggEAI+C1kDLtIQR8OXbDglE2aIKFx7B1YoijtZsq7OQOawfReWzeK3gf"
45 | + "O61guOqyynyMUwc8x9AaK9dHZLyCQvJdo/KNXY6Jwq6Qh3e3HsqsaRhGOjsfn+jTn4p+XP6GGM7O"
46 | + "qdQGtkG5qTtl81RMdaROXU8Apw35gHM0kAxhYvRL8CzPyY/HULK7gJ+y2HPZcpFsEFZRSqyvJY6q"
47 | + "GknQF7N7h4GQdwhhcTrl6B1uHWagMJsi9tMoAGTrMxe50TGre1dQJL7m0n3/bxe+VJ4FVJ/nfZ11"
48 | + "0IhizH1XylVnsuIfN6p6nn6VMQ6qWChsUss1YavbJgfqJivwLo2fXJWNysFLcQKBgQDxeG1NS9GZ"
49 | + "a77rQXO2bL+m9DNFSpWlLjooTpFECfhX4g0O29Tg2QEGHWLOB1r07oy2YYD7malWR/JjaOHoZaKt"
50 | + "Bn0PcVLUkFLNozPAu1KxTE6kJWLXeH7jb82CVgdZn6lRLgVOp+ZTorCkNUKIgM7ufCfBZ6rLiNMq"
51 | + "yu6m/9FbeQKBgQDPt2Ag67mUPt53L6e/83Iksb96O3PLtQjK5T0cThEKmL99xaYm+0MAy6hSa+0p"
52 | + "81mDuFSX8SV6Pl3hTLa/UaWHQoAnb2hUp9TbB4KOOvmxLLnnKeP83s53Zug8sg1hCaifAy8VZvjV"
53 | + "WhDe451STbH+37sNCij8ZHNO1oluUf9WswKBgQDU4tpigky5GUAKAvt0Qq45ECS/m0ERjw7hCFuU"
54 | + "A8I6IOZoSjGFRmxbqr64a82qEUJnbNEdgNzFX8r4D7jTff+M0iKh4cQn+VG3UIJJEh2WiHLwzrE0"
55 | + "zFv6QlCJ7zSttFC/bHZrYSV0aQOY0gfldsJ5iWY3YiE3LlsV6DG9c95s6QKBgQCS3OPRwvlekKj4"
56 | + "ejBQLo941Fg+00RHNoO1+SkhFy1DYcaa5aFZlHPGXzhutjJkY9PZpv3gxDasXOZBwty/Hro7jVBR"
57 | + "EZshp9x+1KuBZr9efvIeOGcjRmGS2KbBK178Sjj33OdwaXLsXpbpEOQN6jM8svFtAc8CzP8eMd/P"
58 | + "qZgwswKBgQCXmA2Ts9DJyBVHq5/YEWbxEPPr+ndWkjBQ3olNtmxR8x/ux/PNib+E35qITVt4rQ74"
59 | + "cMet/gWm/aIht0sEYoWuZqga9XzsHE6Jxg/Il6pdKc1CGt+lkCu8b8NLqeoWFKKpLSOT5DdbaeBQ"
60 | + "a5rsgQZEwUebn2sr+0BhKvabn4gNFQ==";
61 |
62 | /**
63 | * UTF-8 encode format
64 | */
65 | public static final String UTF8_ENCODING = "UTF-8";
66 |
67 | /**
68 | * Key value of token in header of request
69 | */
70 | public static final String TOKEN_KEY_VALUE = "Authorization";
71 |
72 | /**
73 | * Prev part of token from request
74 | */
75 | public static final String TOKEN_PREV_PART = "HuaweiPassToken ";
76 |
77 | /**
78 | * ICCE车钥匙passTypeIdentify统一前缀
79 | */
80 | public static final String ICCE_CARKEY_PASSTYPE_PREFIX = "hwpass.stdcarkey.";
81 |
82 | /**
83 | * key of code_ok
84 | */
85 | public static final int RESULT_CODE_OK = 0;
86 |
87 | /**
88 | * key of param error
89 | */
90 | public static final int RESULT_CODE_PARAM_ERROR = 1;
91 |
92 | /**
93 | * key of sign error
94 | */
95 | public static final int RESULT_CODE_SIGN_ERROR = 2;
96 |
97 | /**
98 | * key of inner error
99 | */
100 | public static final int RESULT_CODE_INNER_ERROR = 3;
101 | }
102 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/controller/PassesController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.controller;
6 |
7 | import com.huawei.walletkit.tool.security.LogUtil;
8 | import com.huawei.walletkit.tool.security.model.PersonalizeRequest;
9 | import com.huawei.walletkit.tool.security.model.PersonalizeResponse;
10 | import com.huawei.walletkit.tool.security.model.RegistrationsRequest;
11 | import com.huawei.walletkit.tool.security.model.RegistrationsResponse;
12 | import com.huawei.walletkit.tool.security.model.RequestTokenRequest;
13 | import com.huawei.walletkit.tool.security.model.RequestTokenResponse;
14 | import com.huawei.walletkit.tool.security.model.UnregistrationsRequest;
15 | import com.huawei.walletkit.tool.security.model.UnregistrationsResponse;
16 | import com.huawei.walletkit.tool.security.whitecard.manager.Constants;
17 | import com.huawei.walletkit.tool.security.whitecard.manager.DataConvertUtil;
18 | import com.huawei.walletkit.tool.security.whitecard.manager.WhiteCardManager;
19 |
20 | import org.springframework.http.ResponseEntity;
21 | import org.springframework.web.bind.annotation.PostMapping;
22 | import org.springframework.web.bind.annotation.RequestBody;
23 | import org.springframework.web.bind.annotation.RestController;
24 |
25 | import javax.servlet.http.HttpServletRequest;
26 |
27 | import java.io.UnsupportedEncodingException;
28 |
29 | /**
30 | * PassesController
31 | *
32 | * @since 2020-01-16
33 | */
34 | @RestController
35 | public class PassesController {
36 | /**
37 | * register
38 | *
39 | * @param res HttpServletRequest
40 | * @param request RegistrationsRequest
41 | * @return ResponseEntity
42 | */
43 | @PostMapping(path = "/v1/passes/registrations")
44 | public ResponseEntity register(HttpServletRequest res,
45 | @RequestBody RegistrationsRequest request) {
46 | return ResponseEntity.ok(WhiteCardManager.getInstance().dealWithRegisterRequest(extractToken(res), request));
47 | }
48 |
49 | /**
50 | * requestToken
51 | *
52 | * @param request RequestTokenRequest
53 | * @return ResponseEntity
54 | */
55 | @PostMapping(path = "/v1/passes/requestToken/personalize")
56 | public ResponseEntity requestToken1(@RequestBody RequestTokenRequest request) {
57 | return ResponseEntity.ok(WhiteCardManager.getInstance().dealWithTokenRequest(request));
58 | }
59 |
60 | /**
61 | * requestToken
62 | *
63 | * @param request RequestTokenRequest
64 | * @return ResponseEntity
65 | */
66 | @PostMapping(path = "/v1/passes/requestPersonalizeToken")
67 | public ResponseEntity requestToken(@RequestBody RequestTokenRequest request) {
68 | return ResponseEntity.ok(WhiteCardManager.getInstance().dealWithTokenRequest(request));
69 | }
70 |
71 | /**
72 | * getPersonalInfo
73 | *
74 | * @param res HttpServletRequest
75 | * @param request PersonalizeRequest
76 | * @return ResponseEntity
77 | */
78 | @PostMapping(path = "/v1/passes/requestPersonalize")
79 | public ResponseEntity getPersonalInfo(HttpServletRequest res,
80 | @RequestBody PersonalizeRequest request) {
81 | return ResponseEntity
82 | .ok(WhiteCardManager.getInstance().dealWithPersonalizeDataRequest(extractToken(res), request));
83 | }
84 |
85 | /**
86 | * unregister
87 | *
88 | * @param request UnregistrationsRequest
89 | * @return ResponseEntity
90 | */
91 | @PostMapping(path = "/v1/passes/unregistrations")
92 | public ResponseEntity unregister(@RequestBody UnregistrationsRequest request) {
93 | return ResponseEntity.ok(WhiteCardManager.getInstance().dealWithUnregisterRequest(request));
94 | }
95 |
96 | /**
97 | * Get the token from the request, and extract and decode according to the format
98 | * to get the original value of the token
99 | *
100 | * @param res Request
101 | * @return token value or null
102 | */
103 | private String extractToken(HttpServletRequest res) {
104 | String clientToken = res.getHeader(Constants.TOKEN_KEY_VALUE);
105 | if (clientToken == null) {
106 | LogUtil.info("extractToken, error token is null");
107 | return null;
108 | }
109 |
110 | if (!clientToken.startsWith(Constants.TOKEN_PREV_PART)) {
111 | LogUtil.info("PassesController", "extractToken, error token=" + LogUtil.parseSensitiveinfo(clientToken));
112 | return null;
113 | }
114 |
115 | String tokenBase64 = clientToken.substring(Constants.TOKEN_PREV_PART.length());
116 | byte[] tokenBytes = DataConvertUtil.base64Decode(tokenBase64);
117 | if (tokenBytes == null) {
118 | LogUtil.info("extractToken, base64 decode fail.");
119 | return null;
120 | }
121 | try {
122 | String token = new String(tokenBytes, "UTF-8");
123 | return token;
124 | } catch (UnsupportedEncodingException e) {
125 | LogUtil.info("extractToken, convert token fail.");
126 | return null;
127 | }
128 | }
129 | }
130 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | org.springframework.boot
7 | spring-boot-starter-parent
8 | 2.2.2.RELEASE
9 |
10 |
11 | com.huawei.walletkit.tool
12 | security
13 | 0.0.1-SNAPSHOT
14 | security
15 | WalletKit tool project for Spring Boot
16 | jar
17 |
18 |
19 | 1.8
20 |
21 |
22 |
23 |
24 | org.springframework.boot
25 | spring-boot-starter-web
26 |
27 |
28 |
29 | org.springframework.boot
30 | spring-boot-starter-test
31 | test
32 |
33 |
34 | org.junit.vintage
35 | junit-vintage-engine
36 |
37 |
38 |
39 |
40 |
41 | org.springframework.boot
42 | spring-boot-starter
43 |
44 |
45 | org.springframework.boot
46 | spring-boot-starter-logging
47 |
48 |
49 |
50 |
51 | org.springframework.boot
52 | spring-boot-starter-log4j2
53 |
54 |
55 | org.apache.logging.log4j
56 | log4j-jul
57 |
58 |
59 |
60 |
61 | org.apache.logging.log4j
62 | log4j-slf4j-impl
63 | 2.12.0
64 |
65 |
66 | org.apache.logging.log4j
67 | log4j-api
68 | 2.12.0
69 |
70 |
71 | org.apache.logging.log4j
72 | log4j-core
73 | 2.12.0
74 |
75 |
76 | org.slf4j
77 | jul-to-slf4j
78 | 1.7.26
79 |
80 |
81 | org.slf4j
82 | slf4j-api
83 | 1.7.26
84 |
85 |
86 |
87 |
88 | net.sf.json-lib
89 | json-lib
90 | 2.4
91 | jdk15
92 |
93 |
94 | commons-beanutils
95 | commons-beanutils
96 | 1.7.0
97 |
98 |
99 | commons-collections
100 | commons-collections
101 | 3.1
102 |
103 |
104 | commons-lang
105 | commons-lang
106 | 2.5
107 |
108 |
109 | net.sf.ezmorph
110 | ezmorph
111 | 1.0.3
112 |
113 |
114 |
115 |
116 |
117 | org.bouncycastle
118 | bcprov-ext-jdk16
119 | 1.46
120 | jar
121 | compile
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 | org.springframework.boot
130 | spring-boot-maven-plugin
131 |
132 | com.huawei.walletkit.tool.security.SecurityApplication
133 |
134 |
135 |
136 |
137 |
138 |
139 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/pass/PassDataField.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.pass;
6 |
7 | import java.util.List;
8 | import java.util.Map;
9 |
10 | /**
11 | * Data fields of pass
12 | *
13 | * @since 2018/08/11
14 | */
15 | public class PassDataField {
16 | private List commonFields;
17 |
18 | private List appendFields;
19 |
20 | private List messageList;
21 |
22 | private List timeList;
23 |
24 | private List imageList;
25 |
26 | private List textList;
27 |
28 | private Map internationalize;
29 |
30 | private List localized;
31 |
32 | private PassStatusInfo status;
33 |
34 | private BarCodeInfo barCode;
35 |
36 | private String srcPassTypeIdentifier;
37 |
38 | private String srcPassIdentifier;
39 |
40 | private String isUserDiy;
41 |
42 | private String countryCode;
43 |
44 | private String currencyCode;
45 |
46 | private List urlList;
47 |
48 | private List locationList;
49 |
50 | private List ticketInfoList;
51 |
52 | public List getCommonFields() {
53 | return commonFields;
54 | }
55 |
56 | public void setCommonFields(List commonFields) {
57 | this.commonFields = commonFields;
58 | }
59 |
60 | public List getAppendFields() {
61 | return appendFields;
62 | }
63 |
64 | public void setAppendFields(List appendFields) {
65 | this.appendFields = appendFields;
66 | }
67 |
68 | public Map getInternationalize() {
69 | return internationalize;
70 | }
71 |
72 | public void setInternationalize(Map internationalize) {
73 | this.internationalize = internationalize;
74 | }
75 |
76 | public PassStatusInfo getStatus() {
77 | return status;
78 | }
79 |
80 | public void setStatus(PassStatusInfo status) {
81 | this.status = status;
82 | }
83 |
84 | public BarCodeInfo getBarCode() {
85 | return barCode;
86 | }
87 |
88 | public void setBarCode(BarCodeInfo barCode) {
89 | this.barCode = barCode;
90 | }
91 |
92 | public List getLocalized() {
93 | return localized;
94 | }
95 |
96 | public void setLocalized(List localized) {
97 | this.localized = localized;
98 | }
99 |
100 | /**
101 | * getSrcClassId
102 | *
103 | * @return String
104 | */
105 | public String getSrcClassId() {
106 | return srcPassTypeIdentifier;
107 | }
108 |
109 | /**
110 | * setSrcClassId
111 | *
112 | * @param srcPassTypeIdentifier String
113 | */
114 | public void setSrcClassId(String srcPassTypeIdentifier) {
115 | this.srcPassTypeIdentifier = srcPassTypeIdentifier;
116 | }
117 |
118 | /**
119 | * getSrcObjectId
120 | *
121 | * @return String
122 | */
123 | public String getSrcObjectId() {
124 | return srcPassIdentifier;
125 | }
126 |
127 | /**
128 | * setSrcObjectId
129 | *
130 | * @param srcPassIdentifier String
131 | */
132 | public void setSrcObjectId(String srcPassIdentifier) {
133 | this.srcPassIdentifier = srcPassIdentifier;
134 | }
135 |
136 | public String getIsUserDiy() {
137 | return isUserDiy;
138 | }
139 |
140 | public void setIsUserDiy(String isUserDiy) {
141 | this.isUserDiy = isUserDiy;
142 | }
143 |
144 | public String getCountryCode() {
145 | return countryCode;
146 | }
147 |
148 | public void setCountryCode(String countryCode) {
149 | this.countryCode = countryCode;
150 | }
151 |
152 | public List getLocationList() {
153 | return locationList;
154 | }
155 |
156 | public void setLocationList(List locationList) {
157 | this.locationList = locationList;
158 | }
159 |
160 | public List getMessageList() {
161 | return messageList;
162 | }
163 |
164 | public void setMessageList(List messageList) {
165 | this.messageList = messageList;
166 | }
167 |
168 | public List getTimeList() {
169 | return timeList;
170 | }
171 |
172 | public void setTimeList(List timeList) {
173 | this.timeList = timeList;
174 | }
175 |
176 | public List getImageList() {
177 | return imageList;
178 | }
179 |
180 | public void setImageList(List imageList) {
181 | this.imageList = imageList;
182 | }
183 |
184 | public List getTextList() {
185 | return textList;
186 | }
187 |
188 | public void setTextList(List textList) {
189 | this.textList = textList;
190 | }
191 |
192 | public List getTicketInfoList() {
193 | return ticketInfoList;
194 | }
195 |
196 | public void setTicketInfoList(List ticketInfoList) {
197 | this.ticketInfoList = ticketInfoList;
198 | }
199 |
200 | public String getCurrencyCode() {
201 | return currencyCode;
202 | }
203 |
204 | public void setCurrencyCode(String currencyCode) {
205 | this.currencyCode = currencyCode;
206 | }
207 |
208 | public List getUrlList() {
209 | return urlList;
210 | }
211 |
212 | public void setUrlList(List urlList) {
213 | this.urlList = urlList;
214 | }
215 | }
216 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/DevicePassUnit.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.whitecard.manager;
6 |
7 | import com.huawei.walletkit.tool.security.LogUtil;
8 | import com.huawei.walletkit.tool.security.model.PassDataResponse;
9 | import com.huawei.walletkit.tool.security.pass.PassDataField;
10 | import com.huawei.walletkit.tool.security.pass.PassDataInfo;
11 | import com.huawei.walletkit.tool.security.pass.PassPackageCreator;
12 |
13 | /**
14 | * Basic data of pass
15 | *
16 | * @since 2020-01-19
17 | */
18 | public class DevicePassUnit {
19 | private static final String TAG = "DevicePassUnit";
20 |
21 | private String passVersion = "2.0";
22 |
23 | private String organizationPassId = "34221688191";
24 |
25 | private String serialNumber = "34221688191";
26 |
27 | private String passTypeIdentifier = "huawei.test.device.pass.0001";
28 |
29 | private String organizationName = "Test Orginization";
30 |
31 | protected String encryptSessionKey;
32 |
33 | protected String encryptUserDeviceFields;
34 |
35 | protected String encryptAppletPersonalizeFields;
36 |
37 | /**
38 | * Get encrypted pass info and personalize data
39 | *
40 | * @param transId TA transId
41 | * @param taPublicKey TA temp public key
42 | * @param appletPersonalizePublicKey Personalize public key from applet
43 | * @return Pass data
44 | */
45 | public PassDataResponse toJson(String transId, String taPublicKey, String appletPersonalizePublicKey) {
46 | generatePassData(transId, taPublicKey, appletPersonalizePublicKey);
47 | PassDataResponse dataInfo = new PassDataResponse();
48 | dataInfo.setEncryptAppletPersonalizeFields(encryptAppletPersonalizeFields);
49 | dataInfo.setEncryptDevicePass(encryptUserDeviceFields);
50 | dataInfo.setEncryptSessionKey(encryptSessionKey);
51 | return dataInfo;
52 | }
53 |
54 | protected void generatePassData(String transId, String taPublicKey, String appletPublicKey) {
55 | LogUtil.info(TAG, "generatePassData, transId=" + LogUtil.parseSensitiveinfo(transId));
56 | LogUtil.info(TAG, "generatePassData, taPublicKey=" + LogUtil.parseSensitiveinfo(taPublicKey));
57 | LogUtil.info(TAG, "generatePassData, appletPublicKey=" + LogUtil.parseSensitiveinfo(appletPublicKey));
58 | String aesKey = AesUtils.getAesKey(16);
59 | String aesIv = AesUtils.getAesIV();
60 | String originKey = transId + aesKey + aesIv;
61 | // Encrypt originKey with taPublicKey
62 | encryptSessionKey = DataConvertUtil.encryptToBase64ByPublicKey(originKey, taPublicKey,
63 | DataConvertUtil.TA_PUBLIC_KEY_ENCRYPT_MODE);
64 | LogUtil.info(TAG, "generatePassData, encryptSessionKey=" + LogUtil.parseSensitiveinfo(encryptSessionKey));
65 | // Get pass package data
66 | String passPackageData = generatePassPackageData();
67 | LogUtil.info(TAG, "generatePassData, passPackageData=" + passPackageData, true);
68 | // Encrypt pass data with key-iv
69 | encryptUserDeviceFields =
70 | AesUtils.encryptToBase64(passPackageData, aesKey, aesIv, AesUtils.AES_CBC_PKCS_5_PADDING);
71 | LogUtil.info(TAG, "generatePassData, encryptUserDeviceFields=" + encryptUserDeviceFields, true);
72 | // get personalize data
73 | String personalizeData = PassData.getPersonalizeData(appletPublicKey);
74 | LogUtil.info(TAG, "generatePassData, personalizeData=" + LogUtil.parseSensitiveinfo(personalizeData));
75 | // Encrypt personalize data with key-iv
76 | encryptAppletPersonalizeFields =
77 | AesUtils.encryptToBase64(personalizeData, aesKey, aesIv, AesUtils.AES_CBC_PKCS_5_PADDING);
78 | LogUtil.info(TAG, "generatePassData, encryptAppletPersonalizeFields=" + encryptAppletPersonalizeFields, true);
79 | }
80 |
81 | private String generatePassPackageData() {
82 | PassDataInfo passDataInfo = new PassDataInfo();
83 | passDataInfo.setPassVersion(passVersion);
84 | passDataInfo.setOrganizationPassId(organizationPassId);
85 | passDataInfo.setOrganizationName(organizationName);
86 | passDataInfo.setPassTypeIdentifier(passTypeIdentifier);
87 | passDataInfo.setSerialNumber(serialNumber);
88 | passDataInfo.setPassStyleIdentifier("DevicePassStyle");
89 | PassDataField fields = new PassDataField();
90 | passDataInfo.setFields(fields);
91 | String dataInfo = PassPackageCreator.createPassPackage(passDataInfo);
92 | LogUtil.info(TAG, "dataInfo:" + dataInfo, true);
93 | return dataInfo;
94 | }
95 |
96 | public String getPassVersion() {
97 | return passVersion;
98 | }
99 |
100 | public void setPassVersion(String passVersion) {
101 | this.passVersion = passVersion;
102 | }
103 |
104 | public String getOrganizationPassId() {
105 | return organizationPassId;
106 | }
107 |
108 | public void setOrganizationPassId(String organizationPassId) {
109 | this.organizationPassId = organizationPassId;
110 | }
111 |
112 | public String getPassTypeIdentifier() {
113 | return passTypeIdentifier;
114 | }
115 |
116 | public void setPassTypeIdentifier(String passTypeIdentifier) {
117 | this.passTypeIdentifier = passTypeIdentifier;
118 | }
119 |
120 | public String getSerialNumber() {
121 | return serialNumber;
122 | }
123 |
124 | public void setSerialNumber(String serialNumber) {
125 | this.serialNumber = serialNumber;
126 | }
127 |
128 | public String getOrganizationName() {
129 | return organizationName;
130 | }
131 |
132 | public void setOrganizationName(String organizationName) {
133 | this.organizationName = organizationName;
134 | }
135 | }
136 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/pass/PassPackageCreator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.pass;
6 |
7 | import com.huawei.walletkit.tool.security.LogUtil;
8 | import com.huawei.walletkit.tool.security.whitecard.manager.Constants;
9 | import com.huawei.walletkit.tool.security.whitecard.manager.DataConvertUtil;
10 | import net.sf.json.JSONObject;
11 |
12 | import java.io.ByteArrayOutputStream;
13 | import java.io.File;
14 | import java.io.FileInputStream;
15 | import java.io.FileNotFoundException;
16 | import java.io.FileOutputStream;
17 | import java.io.IOException;
18 | import java.io.InputStream;
19 | import java.io.UnsupportedEncodingException;
20 | import java.util.zip.ZipEntry;
21 | import java.util.zip.ZipOutputStream;
22 |
23 | /**
24 | * Class to create pass package
25 | *
26 | * @author z00323379
27 | * @since 2020-02-26
28 | */
29 | public class PassPackageCreator {
30 | /**
31 | * Create pass package and return the string encoded by base64
32 | *
33 | * @param passDataInfo Pass info
34 | * @return Pass package info encoded with base64
35 | */
36 | public static String createPassPackage(PassDataInfo passDataInfo) {
37 | if (passDataInfo == null) {
38 | LogUtil.info("createPassPackage, passDataInfo is null.");
39 | return null;
40 | }
41 | // 1. Get content of file hwpass.json
42 | JSONObject passObj = JSONObject.fromObject(passDataInfo);
43 | String passJson = passObj.toString();
44 | // 2. Get content of file mainfest.json
45 | String hashValue = DataConvertUtil.encodeSHA256(passJson);
46 | JSONObject manifestJson = new JSONObject();
47 | manifestJson.put("hwpass.json", hashValue);
48 | String manifestContent = manifestJson.toString();
49 | // 3. Signature to the content of mainifest.json file, return the content of file signature
50 | String signature = DataConvertUtil.signData(manifestContent, Constants.SERVER_SECRET_KEY);
51 | // 4. Write the above three contents to three zip files and generate the zip file
52 | String filePath = getTempPassPath();
53 | if (filePath == null) {
54 | LogUtil.info("createPassPackage, get pass path fail.");
55 | return null;
56 | }
57 | if (!generatePassZipFile(passJson, manifestContent, signature, filePath)) {
58 | LogUtil.info("createPassPackage, generate pass zip file fail.");
59 | return null;
60 | }
61 | String passData = readPassData(filePath);
62 | File file = new File(filePath);
63 | boolean deleteResult = file.delete();
64 | LogUtil.info("createPassPackage, delete file result=" + deleteResult);
65 | return passData;
66 | }
67 |
68 | private static String readPassData(String file) {
69 | InputStream inputStream = null;
70 | ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
71 | try {
72 | inputStream = new FileInputStream(file);
73 | int ch;
74 | while ((ch = inputStream.read()) != -1) {
75 | byteStream.write(ch);
76 | }
77 | byte[] passByteData = byteStream.toByteArray();
78 | return DataConvertUtil.base64EncodeToString(passByteData);
79 | } catch (IOException e) {
80 | return null;
81 | } finally {
82 | if (inputStream != null) {
83 | try {
84 | inputStream.close();
85 | } catch (IOException e) {
86 | LogUtil.info("readPassData, close inputStream error.");
87 | }
88 | }
89 | if (byteStream != null) {
90 | try {
91 | byteStream.close();
92 | } catch (IOException e) {
93 | LogUtil.info("readPassData, close byteStream error.");
94 | }
95 | }
96 | }
97 | }
98 |
99 | private static String getTempPassPath() {
100 | String tempDirPath = "/hwpass";
101 | File dirFile = new File(tempDirPath);
102 | if (!dirFile.exists()) {
103 | if (!dirFile.mkdirs()) {
104 | LogUtil.info("createPassPackage, mkdir ");
105 | return null;
106 | }
107 | }
108 | return tempDirPath + "/" + "common.zip";
109 | }
110 |
111 | private static boolean generatePassZipFile(String passJson, String manifest, String signature, String zipFilePath) {
112 | ZipOutputStream zipOut = null;
113 | try {
114 | zipOut = new ZipOutputStream(new FileOutputStream(zipFilePath));
115 | generateZipEntry("hwpass.json", passJson, zipOut);
116 | generateZipEntry("manifest.json", manifest, zipOut);
117 | generateZipEntry("signature", signature, zipOut);
118 | } catch (FileNotFoundException e) {
119 | LogUtil.info("FileNotFoundException");
120 | return false;
121 | } catch (IOException e) {
122 | LogUtil.info("IOException");
123 | return false;
124 | } finally {
125 | if (zipOut != null) {
126 | try {
127 | zipOut.close();
128 | } catch (IOException e) {
129 | LogUtil.info("Close zipOut fail.");
130 | }
131 | }
132 | LogUtil.info("Success.");
133 | }
134 | return true;
135 | }
136 |
137 | private static void generateZipEntry(String fileName, String content, ZipOutputStream zipOut)
138 | throws IOException, UnsupportedEncodingException {
139 | zipOut.putNextEntry(new ZipEntry(fileName));
140 | byte[] bytes = content.getBytes("UTF-8");
141 | zipOut.write(bytes);
142 | zipOut.closeEntry();
143 | }
144 | }
145 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/ICCECarKeyPassData.java:
--------------------------------------------------------------------------------
1 | package com.huawei.walletkit.tool.security.whitecard.manager;
2 |
3 | import com.huawei.walletkit.tool.security.LogUtil;
4 | import com.huawei.walletkit.tool.security.model.Certificate;
5 | import net.sf.json.JSONObject;
6 |
7 | import java.io.UnsupportedEncodingException;
8 | import java.util.Arrays;
9 |
10 | public class ICCECarKeyPassData extends PassData{
11 | private static final String TAG = "ICCECarKeyPassData";
12 | private static final String AES_TEMP_KEY_PREV_PART = "34810233";
13 |
14 | /**
15 | * Get personalize data, the data must be encrypted with applet personalize public key
16 | *
17 | * @param appletPublicKey applet personalize public key
18 | * @return Personalize data in json
19 | */
20 | public static String getPersonalizeData(String appletPublicKey) {
21 | JSONObject rootObj = new JSONObject();
22 | String aesKey = AesUtils.getAesKey(16);
23 | String aesIv = AesUtils.getAesIV();
24 | LogUtil.info(TAG, "getPersonalizeData, aesKey=" + LogUtil.parseSensitiveinfo(aesKey));
25 | LogUtil.info(TAG, "getPersonalizeData, aesIv=" + LogUtil.parseSensitiveinfo(aesIv));
26 |
27 | // Encrypt AES key with applet identity public key by RSA,
28 | // you must add a fix prev hex string to the key before you encrypt it.
29 | LogUtil.info(TAG, "getPersonalizeData, aesKey2=" + LogUtil.parseSensitiveinfo(AES_TEMP_KEY_PREV_PART + aesKey));
30 | String tempKey = DataConvertUtil.encryptToHexByPublicKey(
31 | DataConvertUtil.hexStringToByteArray(AES_TEMP_KEY_PREV_PART + aesKey),
32 | appletPublicKey, DataConvertUtil.PERSONALIZE_DATA_ENCRYPT_MODE);
33 | // Encrypt AES IV with applet identity public key by RSA
34 | String tempIv = DataConvertUtil.encryptToHexByPublicKey(DataConvertUtil.hexStringToByteArray(aesIv),
35 | appletPublicKey, DataConvertUtil.PERSONALIZE_DATA_ENCRYPT_MODE);
36 |
37 | String cardId = getCardId();
38 | byte[] filledCardId = fillData(cardId);
39 | String cardIdEncrypt = AesUtils.encryptToHex(filledCardId, aesKey, aesIv, AesUtils.AES_CBC_NOPADDING);
40 |
41 | // Encrypt card key with applet identity public key by RSA,
42 | // you must add a fix prev hex string to the key before you encrypt it.
43 | String srcCardId = getCardKey();
44 | LogUtil.info(TAG, "getPersonalizeData, srcCardId=" + LogUtil.parseSensitiveinfo(srcCardId));
45 | String cardKey = DataConvertUtil.encryptToHexByPublicKey(DataConvertUtil.hexStringToByteArray(srcCardId),
46 | appletPublicKey, DataConvertUtil.PERSONALIZE_DATA_ENCRYPT_MODE);
47 |
48 | // Fill card info data
49 | byte[] filledCardInfoInfo = fillData(getCardInfo() + getCardAuthParameter());
50 | // Encrypt filled card info data by AES
51 | String cardInfoEncrypt = AesUtils.encryptToHex(filledCardInfoInfo, aesKey, aesIv, AesUtils.AES_CBC_NOPADDING);
52 |
53 | // Fill private info data
54 | byte[] filledPrivateInfo = fillData(getPrivateInfo());
55 | // Encrypt filled privet info data by AES
56 | String privateInfoEncrypt = AesUtils.encryptToHex(filledPrivateInfo, aesKey, aesIv, AesUtils.AES_CBC_NOPADDING);
57 |
58 | rootObj.put("temp_key", tempKey);
59 | rootObj.put("temp_iv", tempIv);
60 | rootObj.put("card_id", cardIdEncrypt);
61 | rootObj.put("card_key", cardKey);
62 | rootObj.put("card_info", cardInfoEncrypt);
63 | rootObj.put("card_privateInfo", privateInfoEncrypt);
64 | rootObj.put("card_key_iv", getCardKeyIv());
65 | LogUtil.info(TAG, "Personalize:" + rootObj.toString(), true);
66 | return rootObj.toString();
67 | }
68 |
69 | /**
70 | * Fill personal data before encrypt it.
71 | *
72 | * @param srcData personal data
73 | * @return filled byte array
74 | */
75 | private static byte[] fillData(String srcData) {
76 | byte[] srcBytes = DataConvertUtil.hexStringToByteArray(srcData);
77 | if (srcBytes.length == 0) {
78 | LogUtil.info("fillData, srcBytes length error, length=0");
79 | return null;
80 | }
81 | byte[] lengthBytes = DataConvertUtil.dataLengthToBytes(srcBytes.length);
82 | if (lengthBytes.length == 0) {
83 | LogUtil.info("fillData, data length error, length=0");
84 | return null;
85 | }
86 | int totalLength = (lengthBytes.length + srcBytes.length + 15) / 16 * 16;
87 | byte[] dstBytes = new byte[totalLength];
88 | Arrays.fill(dstBytes, (byte) 0);
89 | System.arraycopy(lengthBytes, 0, dstBytes, 0, lengthBytes.length);
90 | System.arraycopy(srcBytes, 0, dstBytes, lengthBytes.length, srcBytes.length);
91 | if (lengthBytes.length + srcBytes.length < totalLength) {
92 | // First filled byte must be 0x80, others be 0x00.
93 | dstBytes[lengthBytes.length + srcBytes.length] = (byte) 0x80;
94 | }
95 | return dstBytes;
96 | }
97 |
98 | /**
99 | * Private card data,this is a test data, developer must fix the return data
100 | */
101 | private static String getPrivateInfo() {
102 | // todo 需要替换为真实值
103 | return "00000000000000000000000000000000";
104 | }
105 |
106 | private static String getCardInfo() {
107 | // todo cardInfo需要替换为真实值
108 | String cardInfo = "xxxxxxxxx";
109 | return getTLV("9F05", cardInfo);
110 | }
111 |
112 | private static String getCardAuthParameter() {
113 | // todo cardAuthParameter需要替换为真实值
114 | String cardAuthParameter = "xxxxxxxxx";
115 | return getTLV("9F31", cardAuthParameter);
116 | }
117 |
118 | private static String getTLV(String tag, String value) {
119 | StringBuilder buffer = new StringBuilder();
120 | String lc = "";
121 | if (value.length() > 254 && value.length() < 300) {
122 | lc = "81";
123 | }
124 | lc = lc + Integer.toHexString(value.length() / 2);
125 | return buffer.append(tag).append(lc).append(value).toString();
126 | }
127 |
128 | /**
129 | * The unique ID of card,this is a test data, developer must fix the return data
130 | */
131 | private static String getCardId() {
132 | //todo 替换成你自己的卡号,即serialNumber。16字节长度
133 | return "9F3B" + "10" + "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
134 | }
135 |
136 | /**
137 | * The private key of card,this is a test data, developer must fix the return data.
138 | */
139 | private static String getCardKey() {
140 | //todo 替换成你自己的密钥;对应联盟文档中的Dkey;用于SessionKey的计算
141 | return "34010133" + "2533f4afaa126ad44909b61291e82a7f";
142 | }
143 |
144 | private static String getCardKeyIv(){
145 | return "1000000000000000000000000000000000";
146 | }
147 | }
148 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/AesUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.whitecard.manager;
6 |
7 | import com.huawei.walletkit.tool.security.LogUtil;
8 |
9 | import javax.crypto.BadPaddingException;
10 | import javax.crypto.Cipher;
11 | import javax.crypto.IllegalBlockSizeException;
12 | import javax.crypto.NoSuchPaddingException;
13 | import javax.crypto.spec.IvParameterSpec;
14 | import javax.crypto.spec.SecretKeySpec;
15 | import java.io.UnsupportedEncodingException;
16 | import java.security.InvalidAlgorithmParameterException;
17 | import java.security.InvalidKeyException;
18 | import java.security.NoSuchAlgorithmException;
19 | import java.security.SecureRandom;
20 |
21 | /**
22 | * AES Utils
23 | *
24 | * @since 2020-01-19
25 | */
26 | public class AesUtils {
27 | /**
28 | * AES CBC encryption mode
29 | */
30 | public static final String AES_CBC_PKCS_5_PADDING = "AES/CBC/PKCS5Padding";
31 |
32 | /**
33 | * AES CBC Nopadding encryption mode
34 | */
35 | public static final String AES_CBC_NOPADDING = "AES/CBC/NoPadding";
36 |
37 | /**
38 | * Get AES key
39 | *
40 | * @param length Length or AES key
41 | * @return String AES key value in format
42 | */
43 | public static String getAesKey(int length) {
44 | SecureRandom random = new SecureRandom();
45 | byte[] key = new byte[length];
46 | random.nextBytes(key);
47 | return DataConvertUtil.byteArrayToHexString(key);
48 | }
49 |
50 | /**
51 | * Get 16 bytes IV value
52 | *
53 | * @return String IV value in hex format
54 | */
55 | public static String getAesIV() {
56 | SecureRandom random = new SecureRandom();
57 | byte[] key = new byte[16];
58 | random.nextBytes(key);
59 | return DataConvertUtil.byteArrayToHexString(key);
60 | }
61 |
62 | /**
63 | * AES encryption
64 | *
65 | * @param data data to be encrypted
66 | * @param key encryption key
67 | * @param iv IV value
68 | * @param algorithm encryption mode
69 | * @return String encryption result
70 | */
71 | public static String encryptToHex(String data, String key, String iv, String algorithm) {
72 | if (CommonUtils.isStringEmpty(data) || CommonUtils.isStringEmpty(key)) {
73 | LogUtil.info("AES:AES encrypt, Invalid params, data or key is empty");
74 | return null;
75 | }
76 | try {
77 | return encryptToHex(data.getBytes(Constants.UTF8_ENCODING), key, iv, algorithm);
78 | } catch (UnsupportedEncodingException e) {
79 | LogUtil.info("AES:encrypt UnsupportedEncodingException.");
80 | }
81 | return null;
82 | }
83 |
84 | /**
85 | * AES encryption
86 | *
87 | * @param srcData data to be encrypted
88 | * @param key encryption key
89 | * @param iv IV value
90 | * @param algorithm encryption mode
91 | * @return String encryption result
92 | */
93 | public static String encryptToHex(byte[] srcData, String key, String iv, String algorithm) {
94 | if (srcData == null || CommonUtils.isStringEmpty(key)) {
95 | LogUtil.info("AES:AES encrypt, Invalid params, data or key is empty");
96 | return null;
97 | }
98 | try {
99 | byte[] valueByte = encrypt(srcData, DataConvertUtil.hexStringToByteArray(key),
100 | DataConvertUtil.hexStringToByteArray(iv), algorithm);
101 | return DataConvertUtil.byteArrayToHexString(valueByte);
102 | } catch (Exception e) {
103 | LogUtil.info("AesUtils", "AES:encryptToBase64 Exception::" + LogUtil.parseSensitiveinfo(e.toString()));
104 | }
105 | return null;
106 | }
107 |
108 | /**
109 | * AES encryption
110 | *
111 | * @param data data to be encrypted
112 | * @param key encryption key
113 | * @param iv IV value
114 | * @param algorithm encryption mode
115 | * @return String encryption result, encoded with Base64
116 | */
117 | public static String encryptToBase64(String data, String key, String iv, String algorithm) {
118 | if (CommonUtils.isStringEmpty(data) || CommonUtils.isStringEmpty(key)) {
119 | LogUtil.info("AES:AES encrypt, Invalid params, data or key is empty");
120 | return null;
121 | }
122 | try {
123 | byte[] valueByte = encrypt(data.getBytes(Constants.UTF8_ENCODING),
124 | DataConvertUtil.hexStringToByteArray(key), DataConvertUtil.hexStringToByteArray(iv), algorithm);
125 | return DataConvertUtil.base64EncodeToString(valueByte);
126 | } catch (UnsupportedEncodingException e) {
127 | LogUtil.info("AES:encrypt UnsupportedEncodingException.");
128 | }
129 | return null;
130 | }
131 |
132 | private static byte[] encrypt(byte[] data, byte[] key, byte[] ivBytes, String algorithm) {
133 | if (data == null || key == null) {
134 | LogUtil.info("AES:AES encrypt, invalid params, data: " + (data == null) + " key: " + (key == null));
135 | return new byte[0];
136 | }
137 | if (ivBytes.length != 16) {
138 | LogUtil.info("AES:AES encrypt, Invalid AES iv length (must be 16 bytes)");
139 | return new byte[0];
140 | }
141 | try {
142 | SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
143 | byte[] enCodeFormat = secretKey.getEncoded();
144 | SecretKeySpec secretKeySpec = new SecretKeySpec(enCodeFormat, "AES");
145 | if (CommonUtils.isStringEmpty(algorithm)) {
146 | // CBC mode as default
147 | algorithm = AES_CBC_PKCS_5_PADDING;
148 | }
149 | Cipher cipher = Cipher.getInstance(algorithm);
150 | IvParameterSpec iv = new IvParameterSpec(ivBytes);
151 | cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, iv);
152 | return cipher.doFinal(data);
153 | } catch (NoSuchPaddingException e) {
154 | LogUtil.info("AES:encrypt NoSuchPaddingException. ");
155 | } catch (NoSuchAlgorithmException e) {
156 | LogUtil.info("AES:encrypt NoSuchAlgorithmException. ");
157 | } catch (InvalidAlgorithmParameterException e) {
158 | LogUtil.info("AES:encrypt InvalidAlgorithmParameterException.");
159 | } catch (InvalidKeyException e) {
160 | LogUtil.info("AES:encrypt InvalidKeyException.");
161 | } catch (BadPaddingException e) {
162 | LogUtil.info("AES:encrypt BadPaddingException.");
163 | } catch (IllegalBlockSizeException e) {
164 | LogUtil.info("AES:encrypt IllegalBlockSizeException. ");
165 | } catch (Exception e) {
166 | LogUtil.info("AesUtils", "AES:encrypt Exception::" + LogUtil.parseSensitiveinfo(e.toString()));
167 | }
168 | return new byte[0];
169 | }
170 | }
171 |
--------------------------------------------------------------------------------
/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM https://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM set title of command window
39 | title %0
40 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
42 |
43 | @REM set %HOME% to equivalent of $HOME
44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
45 |
46 | @REM Execute a user defined script before this one
47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
51 | :skipRcPre
52 |
53 | @setlocal
54 |
55 | set ERROR_CODE=0
56 |
57 | @REM To isolate internal variables from possible post scripts, we use another setlocal
58 | @setlocal
59 |
60 | @REM ==== START VALIDATION ====
61 | if not "%JAVA_HOME%" == "" goto OkJHome
62 |
63 | echo.
64 | echo Error: JAVA_HOME not found in your environment. >&2
65 | echo Please set the JAVA_HOME variable in your environment to match the >&2
66 | echo location of your Java installation. >&2
67 | echo.
68 | goto error
69 |
70 | :OkJHome
71 | if exist "%JAVA_HOME%\bin\java.exe" goto init
72 |
73 | echo.
74 | echo Error: JAVA_HOME is set to an invalid directory. >&2
75 | echo JAVA_HOME = "%JAVA_HOME%" >&2
76 | echo Please set the JAVA_HOME variable in your environment to match the >&2
77 | echo location of your Java installation. >&2
78 | echo.
79 | goto error
80 |
81 | @REM ==== END VALIDATION ====
82 |
83 | :init
84 |
85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
86 | @REM Fallback to current working directory if not found.
87 |
88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
90 |
91 | set EXEC_DIR=%CD%
92 | set WDIR=%EXEC_DIR%
93 | :findBaseDir
94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
95 | cd ..
96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
97 | set WDIR=%CD%
98 | goto findBaseDir
99 |
100 | :baseDirFound
101 | set MAVEN_PROJECTBASEDIR=%WDIR%
102 | cd "%EXEC_DIR%"
103 | goto endDetectBaseDir
104 |
105 | :baseDirNotFound
106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
107 | cd "%EXEC_DIR%"
108 |
109 | :endDetectBaseDir
110 |
111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
112 |
113 | @setlocal EnableExtensions EnableDelayedExpansion
114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
116 |
117 | :endReadAdditionalConfig
118 |
119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
122 |
123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
124 |
125 | FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
126 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
127 | )
128 |
129 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
130 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data.
131 | if exist %WRAPPER_JAR% (
132 | if "%MVNW_VERBOSE%" == "true" (
133 | echo Found %WRAPPER_JAR%
134 | )
135 | ) else (
136 | if not "%MVNW_REPOURL%" == "" (
137 | SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
138 | )
139 | if "%MVNW_VERBOSE%" == "true" (
140 | echo Couldn't find %WRAPPER_JAR%, downloading it ...
141 | echo Downloading from: %DOWNLOAD_URL%
142 | )
143 |
144 | powershell -Command "&{"^
145 | "$webclient = new-object System.Net.WebClient;"^
146 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
147 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
148 | "}"^
149 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
150 | "}"
151 | if "%MVNW_VERBOSE%" == "true" (
152 | echo Finished downloading %WRAPPER_JAR%
153 | )
154 | )
155 | @REM End of extension
156 |
157 | @REM Provide a "standardized" way to retrieve the CLI args that will
158 | @REM work with both Windows and non-Windows executions.
159 | set MAVEN_CMD_LINE_ARGS=%*
160 |
161 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
162 | if ERRORLEVEL 1 goto error
163 | goto end
164 |
165 | :error
166 | set ERROR_CODE=1
167 |
168 | :end
169 | @endlocal & set ERROR_CODE=%ERROR_CODE%
170 |
171 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
172 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
173 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
174 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
175 | :skipRcPost
176 |
177 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
178 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
179 |
180 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
181 |
182 | exit /B %ERROR_CODE%
183 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/PassData.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.whitecard.manager;
6 |
7 | import com.huawei.walletkit.tool.security.LogUtil;
8 | import com.huawei.walletkit.tool.security.model.Certificate;
9 | import net.sf.json.JSONObject;
10 |
11 | import java.io.UnsupportedEncodingException;
12 | import java.util.Arrays;
13 |
14 | /**
15 | * Some data of the pass
16 | *
17 | * @since 2020-02-18
18 | */
19 | public class PassData {
20 | private static final String TAG = "PassData";
21 | private static final String AES_TEMP_KEY_PREV_PART = "34810133";
22 | private static final String CARD_KEY_PREV_PART = "14010333";
23 | private static final String CARD_KEY_ROOT = "FFFFFFFFAA995566";
24 |
25 | /**
26 | * Create the token for personalize data, this is a test data, developer should modify the return value
27 | *
28 | * @return Token for personalize data
29 | */
30 | public static String getPersonalizeToken() {
31 | return "sp.token." + System.currentTimeMillis();
32 | }
33 |
34 | /**
35 | * Get sp server's certificate, encrypt applet identity public key with private key of sp server
36 | *
37 | * @param authPublicKey applet identity public key
38 | * @return sp server's certificate
39 | */
40 | public static Certificate getServerCert(String authPublicKey) {
41 | String signature = DataConvertUtil.signData(authPublicKey, Constants.SERVER_SECRET_KEY);
42 | if (CommonUtils.isStringEmpty(signature)) {
43 | LogUtil.info("getServerCert, sign data error.");
44 | return null;
45 | }
46 | Certificate cert = new Certificate();
47 | cert.setPublicKey(authPublicKey);
48 | cert.setSignature(signature);
49 | return cert;
50 | }
51 |
52 | /**
53 | * Get personalize data, the data must be encrypted with applet personalize public key
54 | *
55 | * @param appletPublicKey applet personalize public key
56 | * @return Personalize data in json
57 | */
58 | public static String getPersonalizeData(String appletPublicKey) {
59 | JSONObject rootObj = new JSONObject();
60 | String aesKey = AesUtils.getAesKey(16);
61 | String aesIv = AesUtils.getAesIV();
62 | LogUtil.info(TAG, "getPersonalizeData, aesKey=" + LogUtil.parseSensitiveinfo(aesKey));
63 | LogUtil.info(TAG, "getPersonalizeData, aesIv=" + LogUtil.parseSensitiveinfo(aesIv));
64 | // Fill private info data
65 | byte[] filledPrivateInfo = fillData(getPrivateInfo());
66 | // Encrypt filled privet info data by AES
67 | String privateInfoEncrypt = AesUtils.encryptToHex(filledPrivateInfo, aesKey, aesIv, AesUtils.AES_CBC_NOPADDING);
68 | String cardId = getCardId();
69 | byte[] filledCardId = fillData(cardId);
70 | String cardIdEncrypt = AesUtils.encryptToHex(filledCardId, aesKey, aesIv, AesUtils.AES_CBC_NOPADDING);
71 | // Encrypt card key with applet identity public key by RSA,
72 | // you must add a fix prev hex string to the key before you encrypt it.
73 | String srcCardId = CARD_KEY_PREV_PART + CARD_KEY_ROOT + cardId;
74 | LogUtil.info(TAG, "getPersonalizeData, srcCardId=" + LogUtil.parseSensitiveinfo(srcCardId));
75 | String cardKey = DataConvertUtil.encryptToHexByPublicKey(DataConvertUtil.hexStringToByteArray(srcCardId),
76 | appletPublicKey, DataConvertUtil.PERSONALIZE_DATA_ENCRYPT_MODE);
77 | // Encrypt AES key with applet identity public key by RSA,
78 | // you must add a fix prev hex string to the key before you encrypt it.
79 | LogUtil.info(TAG, "getPersonalizeData, aesKey2=" + LogUtil.parseSensitiveinfo(AES_TEMP_KEY_PREV_PART + aesKey));
80 | String tempKey = DataConvertUtil.encryptToHexByPublicKey(
81 | DataConvertUtil.hexStringToByteArray(AES_TEMP_KEY_PREV_PART + aesKey),
82 | appletPublicKey, DataConvertUtil.PERSONALIZE_DATA_ENCRYPT_MODE);
83 | // Encrypt AES IV with applet identity public key by RSA
84 | String tempIv = DataConvertUtil.encryptToHexByPublicKey(DataConvertUtil.hexStringToByteArray(aesIv),
85 | appletPublicKey, DataConvertUtil.PERSONALIZE_DATA_ENCRYPT_MODE);
86 | // Encrypt AES IV of external authentication for your reader. 16 bytes. Please change the sample value.
87 | // LV format, L = 0x10, V is the AES IV.
88 | String externalAuthIv = "10AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
89 | rootObj.put("card_privateInfo", privateInfoEncrypt);
90 | rootObj.put("card_id", cardIdEncrypt);
91 | rootObj.put("card_key", cardKey);
92 | rootObj.put("temp_key", tempKey);
93 | rootObj.put("temp_iv", tempIv);
94 | rootObj.put("card_iv", externalAuthIv);
95 | LogUtil.info(TAG, "Personalize:" + rootObj.toString(), true);
96 | return rootObj.toString();
97 | }
98 |
99 | /**
100 | * Fill personal data before encrypt it.
101 | *
102 | * @param srcData personal data
103 | * @return filled byte array
104 | */
105 | private static byte[] fillData(String srcData) {
106 | byte[] srcBytes;
107 | try {
108 | srcBytes = srcData.getBytes(Constants.UTF8_ENCODING);
109 | } catch (UnsupportedEncodingException e) {
110 | LogUtil.info("fillData, UnsupportedEncodingException.");
111 | return null;
112 | }
113 | byte[] lengthBytes = DataConvertUtil.dataLengthToBytes(srcBytes.length);
114 | if (lengthBytes.length == 0) {
115 | LogUtil.info("fillData, data length error, length=" + srcBytes.length);
116 | return null;
117 | }
118 | int totalLength = (lengthBytes.length + srcBytes.length + 15) / 16 * 16;
119 | byte[] dstBytes = new byte[totalLength];
120 | Arrays.fill(dstBytes, (byte) 0);
121 | System.arraycopy(lengthBytes, 0, dstBytes, 0, lengthBytes.length);
122 | System.arraycopy(srcBytes, 0, dstBytes, lengthBytes.length, srcBytes.length);
123 | if (lengthBytes.length + srcBytes.length < totalLength) {
124 | // First filled byte must be 0x80, others be 0x00.
125 | dstBytes[lengthBytes.length + srcBytes.length] = (byte) 0x80;
126 | }
127 | return dstBytes;
128 | }
129 |
130 | /**
131 | * Private card data,this is a test data, developer must fix the return data
132 | */
133 | private static String getPrivateInfo() {
134 | return "private info, filled by developer.";
135 | }
136 |
137 | /**
138 | * The unique ID of card,this is a test data, developer must fix the return data
139 | */
140 | private static String getCardId() {
141 | return "2020202020000001";
142 | }
143 |
144 | /**
145 | * The private key of card,this is a test data, developer must fix the return data.
146 | */
147 | private static String getCardKey() {
148 | return AesUtils.getAesKey(32);
149 | }
150 |
151 | /**
152 | * Token for register, released to the client side with the hms pass package
153 | *
154 | * @return The token value in hms pass
155 | */
156 | public static String getLinkDevicePassToken() {
157 | return "sp.perinstall.token.01101";
158 | }
159 | }
160 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 |
3 | Version 2.0, January 2004
4 |
5 | http://www.apache.org/licenses/
6 |
7 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
8 |
9 | 1. Definitions.
10 |
11 | "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
12 |
13 | "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
16 |
17 | "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
18 |
19 | "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
20 |
21 | "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
22 |
23 | "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
24 |
25 | "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
26 |
27 | "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
28 |
29 | "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
30 |
31 | 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
32 |
33 | 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
34 |
35 | 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
36 |
37 | You must give any other recipients of the Work or Derivative Works a copy of this License; and
38 | You must cause any modified files to carry prominent notices stating that You changed the files; and
39 | You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
40 | If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
41 |
42 | You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
43 | 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
44 |
45 | 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
46 |
47 | 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
48 |
49 | 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
50 |
51 | 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
52 |
53 | END OF TERMS AND CONDITIONS
--------------------------------------------------------------------------------
/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # https://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Mingw, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | fi
118 |
119 | if [ -z "$JAVA_HOME" ]; then
120 | javaExecutable="`which javac`"
121 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
122 | # readlink(1) is not available as standard on Solaris 10.
123 | readLink=`which readlink`
124 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
125 | if $darwin ; then
126 | javaHome="`dirname \"$javaExecutable\"`"
127 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
128 | else
129 | javaExecutable="`readlink -f \"$javaExecutable\"`"
130 | fi
131 | javaHome="`dirname \"$javaExecutable\"`"
132 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
133 | JAVA_HOME="$javaHome"
134 | export JAVA_HOME
135 | fi
136 | fi
137 | fi
138 |
139 | if [ -z "$JAVACMD" ] ; then
140 | if [ -n "$JAVA_HOME" ] ; then
141 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
142 | # IBM's JDK on AIX uses strange locations for the executables
143 | JAVACMD="$JAVA_HOME/jre/sh/java"
144 | else
145 | JAVACMD="$JAVA_HOME/bin/java"
146 | fi
147 | else
148 | JAVACMD="`which java`"
149 | fi
150 | fi
151 |
152 | if [ ! -x "$JAVACMD" ] ; then
153 | echo "Error: JAVA_HOME is not defined correctly." >&2
154 | echo " We cannot execute $JAVACMD" >&2
155 | exit 1
156 | fi
157 |
158 | if [ -z "$JAVA_HOME" ] ; then
159 | echo "Warning: JAVA_HOME environment variable is not set."
160 | fi
161 |
162 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
163 |
164 | # traverses directory structure from process work directory to filesystem root
165 | # first directory with .mvn subdirectory is considered project base directory
166 | find_maven_basedir() {
167 |
168 | if [ -z "$1" ]
169 | then
170 | echo "Path not specified to find_maven_basedir"
171 | return 1
172 | fi
173 |
174 | basedir="$1"
175 | wdir="$1"
176 | while [ "$wdir" != '/' ] ; do
177 | if [ -d "$wdir"/.mvn ] ; then
178 | basedir=$wdir
179 | break
180 | fi
181 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
182 | if [ -d "${wdir}" ]; then
183 | wdir=`cd "$wdir/.."; pwd`
184 | fi
185 | # end of workaround
186 | done
187 | echo "${basedir}"
188 | }
189 |
190 | # concatenates all lines of a file
191 | concat_lines() {
192 | if [ -f "$1" ]; then
193 | echo "$(tr -s '\n' ' ' < "$1")"
194 | fi
195 | }
196 |
197 | BASE_DIR=`find_maven_basedir "$(pwd)"`
198 | if [ -z "$BASE_DIR" ]; then
199 | exit 1;
200 | fi
201 |
202 | ##########################################################################################
203 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
204 | # This allows using the maven wrapper in projects that prohibit checking in binary data.
205 | ##########################################################################################
206 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
207 | if [ "$MVNW_VERBOSE" = true ]; then
208 | echo "Found .mvn/wrapper/maven-wrapper.jar"
209 | fi
210 | else
211 | if [ "$MVNW_VERBOSE" = true ]; then
212 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
213 | fi
214 | if [ -n "$MVNW_REPOURL" ]; then
215 | jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
216 | else
217 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
218 | fi
219 | while IFS="=" read key value; do
220 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
221 | esac
222 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
223 | if [ "$MVNW_VERBOSE" = true ]; then
224 | echo "Downloading from: $jarUrl"
225 | fi
226 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
227 | if $cygwin; then
228 | wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
229 | fi
230 |
231 | if command -v wget > /dev/null; then
232 | if [ "$MVNW_VERBOSE" = true ]; then
233 | echo "Found wget ... using wget"
234 | fi
235 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
236 | wget "$jarUrl" -O "$wrapperJarPath"
237 | else
238 | wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
239 | fi
240 | elif command -v curl > /dev/null; then
241 | if [ "$MVNW_VERBOSE" = true ]; then
242 | echo "Found curl ... using curl"
243 | fi
244 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
245 | curl -o "$wrapperJarPath" "$jarUrl" -f
246 | else
247 | curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
248 | fi
249 |
250 | else
251 | if [ "$MVNW_VERBOSE" = true ]; then
252 | echo "Falling back to using Java to download"
253 | fi
254 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
255 | # For Cygwin, switch paths to Windows format before running javac
256 | if $cygwin; then
257 | javaClass=`cygpath --path --windows "$javaClass"`
258 | fi
259 | if [ -e "$javaClass" ]; then
260 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
261 | if [ "$MVNW_VERBOSE" = true ]; then
262 | echo " - Compiling MavenWrapperDownloader.java ..."
263 | fi
264 | # Compiling the Java class
265 | ("$JAVA_HOME/bin/javac" "$javaClass")
266 | fi
267 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
268 | # Running the downloader
269 | if [ "$MVNW_VERBOSE" = true ]; then
270 | echo " - Running MavenWrapperDownloader.java ..."
271 | fi
272 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
273 | fi
274 | fi
275 | fi
276 | fi
277 | ##########################################################################################
278 | # End of extension
279 | ##########################################################################################
280 |
281 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
282 | if [ "$MVNW_VERBOSE" = true ]; then
283 | echo $MAVEN_PROJECTBASEDIR
284 | fi
285 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
286 |
287 | # For Cygwin, switch paths to Windows format before running java
288 | if $cygwin; then
289 | [ -n "$M2_HOME" ] &&
290 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
291 | [ -n "$JAVA_HOME" ] &&
292 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
293 | [ -n "$CLASSPATH" ] &&
294 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
295 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
296 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
297 | fi
298 |
299 | # Provide a "standardized" way to retrieve the CLI args that will
300 | # work with both Windows and non-Windows executions.
301 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
302 | export MAVEN_CMD_LINE_ARGS
303 |
304 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
305 |
306 | exec "$JAVACMD" \
307 | $MAVEN_OPTS \
308 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
309 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
310 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
311 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/WhiteCardManager.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.whitecard.manager;
6 |
7 | import com.huawei.walletkit.tool.security.LogUtil;
8 | import com.huawei.walletkit.tool.security.model.PersonalizeRequest;
9 | import com.huawei.walletkit.tool.security.model.PersonalizeResponse;
10 | import com.huawei.walletkit.tool.security.model.RegistrationsRequest;
11 | import com.huawei.walletkit.tool.security.model.RegistrationsResponse;
12 | import com.huawei.walletkit.tool.security.model.RequestTokenRequest;
13 | import com.huawei.walletkit.tool.security.model.RequestTokenResponse;
14 | import com.huawei.walletkit.tool.security.model.Certificate;
15 | import com.huawei.walletkit.tool.security.model.PassDataResponse;
16 | import com.huawei.walletkit.tool.security.model.RequestBody;
17 | import com.huawei.walletkit.tool.security.model.Response;
18 | import com.huawei.walletkit.tool.security.model.UnregistrationsRequest;
19 | import com.huawei.walletkit.tool.security.model.UnregistrationsResponse;
20 | import org.bouncycastle.jce.provider.BouncyCastleProvider;
21 |
22 | import java.security.Security;
23 | import java.util.HashMap;
24 | import java.util.Map;
25 |
26 | /**
27 | * Deal with client request.
28 | *
29 | * @since 2020-01-19
30 | */
31 | public class WhiteCardManager {
32 | private static final String TAG = "WhiteCardManager";
33 |
34 | private static final WhiteCardManager INSTANCE = new WhiteCardManager();
35 | /**
36 | * The device that requested the certificate, save the corresponding certificate information
37 | */
38 | private Map deviceIdCertMap = new HashMap<>();
39 | /**
40 | * Cached personal data tokens
41 | */
42 | private Map deviceIdTokenMap = new HashMap<>();
43 | /**
44 | * The public identity key of the applet passed in the wallet certificate, used to verify the wallet request data
45 | */
46 | private String appletAuthPublicKey;
47 |
48 | public static WhiteCardManager getInstance() {
49 | return INSTANCE;
50 | }
51 |
52 | private WhiteCardManager() {
53 | if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
54 | Security.addProvider(new BouncyCastleProvider());
55 | }
56 | }
57 |
58 | /**
59 | * Deal with the register request
60 | *
61 | * @param token Token from the header of request, need to match with the token of Linkeddevicepass
62 | * @param request Register request
63 | * @return Response data for return
64 | */
65 | public RegistrationsResponse dealWithRegisterRequest(String token, RegistrationsRequest request) {
66 | LogUtil.info(TAG, "Register: token=" + token, true);
67 | RegistrationsResponse response = new RegistrationsResponse();
68 | if (token == null) {
69 | LogUtil.info("Register:Invalid token.");
70 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_PARAM_ERROR));
71 | return response;
72 | }
73 | if (!ParamChecker.isValidRegistrationsRequest(request)) {
74 | LogUtil.info("Register:Some key param is empty.");
75 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_PARAM_ERROR));
76 | return response;
77 | }
78 | Certificate walletCertificate = request.getCertificate();
79 | if (!verifyWalletCert(walletCertificate)) {
80 | LogUtil.info("Register:Verify wallet cert failed.");
81 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_SIGN_ERROR));
82 | return response;
83 | }
84 |
85 | if (!ParamChecker.hashSignatureCheck(request.toJsonString(), request.getSignature(),
86 | appletAuthPublicKey, DataConvertUtil.SIGN_MODE_SHA256_RSA_MGF1)) {
87 | LogUtil.info("dealWithRegisterRequest, check body sign fail.");
88 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_SIGN_ERROR));
89 | return response;
90 | }
91 |
92 | String userDeviceId = request.getRequestBody().getUserDeviceId();
93 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_OK));
94 | Response responseBody = new Response();
95 | Certificate serverCert = PassData.getServerCert(appletAuthPublicKey);
96 | responseBody.setCertificate(serverCert);
97 | response.setResponse(responseBody);
98 | LogUtil.info(TAG, "Register:{deviceId=" + userDeviceId + ", cert=" + serverCert + "}", true);
99 | deviceIdCertMap.put(userDeviceId, serverCert);
100 | return response;
101 | }
102 |
103 | /**
104 | * Check the wallet certificate and obtain the applet identity public key
105 | *
106 | * @param walletCert Wallet certificate
107 | * @return Check result
108 | */
109 | private boolean verifyWalletCert(Certificate walletCert) {
110 | String appletPublicKey = walletCert.getPublicKey();
111 | String signature = walletCert.getSignature();
112 | if (CommonUtils.isStringEmpty(appletPublicKey) || CommonUtils.isStringEmpty(signature)) {
113 | LogUtil.info("verifyWalletCert, public key or signature is empty.");
114 | return false;
115 | }
116 | if (!(DataConvertUtil.checkSign(appletPublicKey, signature, Constants.WALLET_PUBLIC_KEY,
117 | DataConvertUtil.SIGN_MODE_SHA256_RSA)
118 | || DataConvertUtil.checkSign(appletPublicKey, signature, Constants.WALLET_PUBLIC_KEY,
119 | DataConvertUtil.SIGN_MODE_SHA256_RSA_PSS))) {
120 | LogUtil.info("verifyWalletCert, checkSign fail.");
121 | return false;
122 | }
123 | LogUtil.info("verifyWalletCert, success.");
124 | appletAuthPublicKey = appletPublicKey;
125 | return true;
126 | }
127 |
128 | /**
129 | * Deal with the request for personalize token
130 | *
131 | * @param request Token request
132 | * @return Response data for return
133 | */
134 | public RequestTokenResponse dealWithTokenRequest(RequestTokenRequest request) {
135 | RequestTokenResponse response = new RequestTokenResponse();
136 | String userDeviceId = request.getRequestBody().getUserDeviceId();
137 | Certificate spCertFromRequest = request.getCertificate();
138 | if (CommonUtils.isStringEmpty(userDeviceId) || !ParamChecker.checkSpServerCertificate(spCertFromRequest)) {
139 | LogUtil.info("RequestToken:User device id or sp certificate is empty");
140 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_PARAM_ERROR));
141 | return response;
142 | }
143 | Certificate cachedCert = deviceIdCertMap.get(userDeviceId);
144 | if (cachedCert == null) {
145 | LogUtil.info("RequestToken:Certificate not match");
146 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_SIGN_ERROR));
147 | return response;
148 | }
149 | if (!ParamChecker.hashSignatureCheck(request.toJsonString(), request.getSignature(),
150 | appletAuthPublicKey, DataConvertUtil.SIGN_MODE_SHA256_RSA_MGF1)) {
151 | LogUtil.info("dealWithTokenRequest, check body sign fail.");
152 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_SIGN_ERROR));
153 | return response;
154 | }
155 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_OK));
156 | Response responseBody = new Response();
157 | String personalizeToken = PassData.getPersonalizeToken();
158 | responseBody.setToken(personalizeToken);
159 | deviceIdTokenMap.put(userDeviceId, personalizeToken);
160 | response.setResponse(responseBody);
161 | return response;
162 | }
163 |
164 | /**
165 | * Deal with the request for personalize data
166 | *
167 | * @param token Token for personalize data
168 | * @param request Request for personalize data
169 | * @return Response data for return
170 | */
171 | public PersonalizeResponse dealWithPersonalizeDataRequest(String token, PersonalizeRequest request) {
172 | PersonalizeResponse response = new PersonalizeResponse();
173 | RequestBody requestBody = request.getRequestBody();
174 | String userDeviceId = requestBody.getUserDeviceId();
175 | Certificate spCertFromRequest = request.getCertificate();
176 | LogUtil.info(TAG, "Personalize: token=" + LogUtil.parseSensitiveinfo(token));
177 | String cachedToken = deviceIdTokenMap.remove(userDeviceId);
178 | if (cachedToken == null || !cachedToken.equals(token)) {
179 | LogUtil.info("Personalize:Invalid token.");
180 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_PARAM_ERROR));
181 | return response;
182 | }
183 | if (CommonUtils.isStringEmpty(userDeviceId) || !ParamChecker.checkSpServerCertificate(spCertFromRequest)) {
184 | LogUtil.info("Personalize:User device id or sp certificate is empty");
185 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_PARAM_ERROR));
186 | return response;
187 | }
188 |
189 | Certificate cachedCert = deviceIdCertMap.get(userDeviceId);
190 | if (cachedCert == null) {
191 | LogUtil.info("Personalize:Certificate not match");
192 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_PARAM_ERROR));
193 | return response;
194 | }
195 | if (!ParamChecker.hashSignatureCheck(request.toJsonString(token), request.getSignature(),
196 | appletAuthPublicKey, DataConvertUtil.SIGN_MODE_SHA256_RSA_MGF1)) {
197 | LogUtil.info("dealWithPersonalizeDataRequest, check body sign fail.");
198 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_SIGN_ERROR));
199 | return response;
200 | }
201 | String personalizePKSign = requestBody.getPersonalizeCert();
202 | byte[] srcBytes = DataConvertUtil.base64Decode(requestBody.getPersonalizePublicKey());
203 | if (!DataConvertUtil.checkSign(srcBytes, personalizePKSign,
204 | appletAuthPublicKey, DataConvertUtil.SIGN_MODE_SHA256_RSA_MGF1)) {
205 | LogUtil.info("dealWithPersonalizeDataRequest, check PK sign fail.");
206 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_SIGN_ERROR));
207 | return response;
208 | }
209 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_OK));
210 | PassDataResponse passData = getDevicePassData(requestBody);
211 | response.setResponse(passData);
212 | String passDataStr = passData.toJsonString();
213 | String passHashValue = DataConvertUtil.encodeSHA256(passDataStr);
214 | LogUtil.info(TAG, "Personalize, body=" + LogUtil.parseSensitiveinfo(passDataStr));
215 | LogUtil.info(TAG, "Personalize, passHashValue=" + LogUtil.parseSensitiveinfo(passHashValue));
216 | String signature = DataConvertUtil.signData(passHashValue, Constants.SERVER_SECRET_KEY);
217 | LogUtil.info(TAG, "Personalize, signature=" + LogUtil.parseSensitiveinfo(signature));
218 | response.setSignature(signature);
219 | return response;
220 | }
221 |
222 | private PassDataResponse getDevicePassData(RequestBody requestBody) {
223 | DevicePassUnit devicePassUnit;
224 | if (CommonUtils.isICCECarKey(requestBody.getPassTypeIdentifier())) {
225 | devicePassUnit = new ICCECarKeyDevicePassUnit();
226 | } else {
227 | devicePassUnit = new DevicePassUnit();
228 | }
229 | String serialNumber = requestBody.getSerialNumber();
230 | LogUtil.info(TAG, "getDevicePassData, serialNumber=" + serialNumber, true);
231 | devicePassUnit.setSerialNumber(serialNumber);
232 | devicePassUnit.setOrganizationPassId(serialNumber);
233 | devicePassUnit.setPassVersion(requestBody.getPassVersion());
234 | devicePassUnit.setPassTypeIdentifier(requestBody.getPassTypeIdentifier());
235 | PassDataResponse devicePassJson = devicePassUnit.toJson(requestBody.getTransId(),
236 | requestBody.getTransPublicKey(), requestBody.getPersonalizePublicKey());
237 | return devicePassJson;
238 | }
239 |
240 | /**
241 | * Deal with the unregister request
242 | *
243 | * @param request Request for unregister
244 | * @return Response data for return
245 | */
246 | public UnregistrationsResponse dealWithUnregisterRequest(UnregistrationsRequest request) {
247 | UnregistrationsResponse response = new UnregistrationsResponse();
248 | String userDeviceId = request.getRequestBody().getUserDeviceId();
249 | if (CommonUtils.isStringEmpty(userDeviceId)) {
250 | LogUtil.info("Personalize:User device id or sp certificate is empty");
251 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_PARAM_ERROR));
252 | return response;
253 | }
254 | Certificate cachedCert = deviceIdCertMap.remove(userDeviceId);
255 | if (cachedCert == null) {
256 | LogUtil.info("Personalize:Certificate not exist.");
257 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_PARAM_ERROR));
258 | return response;
259 | }
260 | String signature = request.getSignature();
261 | String jsonString = request.toJsonString();
262 | LogUtil.info(TAG, "dealWithUnregisterRequest, jsonString=" + jsonString, true);
263 | if (!DataConvertUtil.checkSign(jsonString, signature, Constants.WALLET_PUBLIC_KEY,
264 | DataConvertUtil.SIGN_MODE_SHA256_RSA_PSS)) {
265 | LogUtil.info("dealWithUnregisterRequest, checkSign fail.");
266 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_SIGN_ERROR));
267 | return response;
268 | }
269 | LogUtil.info("dealWithUnregisterRequest, success.");
270 | response.setHttpStatus(String.valueOf(Constants.RESULT_CODE_OK));
271 | return response;
272 | }
273 | }
274 |
--------------------------------------------------------------------------------
/src/main/java/com/huawei/walletkit/tool/security/whitecard/manager/DataConvertUtil.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) Huawei Technologies Co., Ltd. 2019-2020. All rights reserved.
3 | */
4 |
5 | package com.huawei.walletkit.tool.security.whitecard.manager;
6 |
7 | import com.huawei.walletkit.tool.security.LogUtil;
8 |
9 | import javax.crypto.BadPaddingException;
10 | import javax.crypto.Cipher;
11 | import javax.crypto.IllegalBlockSizeException;
12 | import javax.crypto.NoSuchPaddingException;
13 | import java.io.UnsupportedEncodingException;
14 | import java.security.InvalidKeyException;
15 | import java.security.KeyFactory;
16 | import java.security.MessageDigest;
17 | import java.security.NoSuchAlgorithmException;
18 | import java.security.PrivateKey;
19 | import java.security.PublicKey;
20 | import java.security.Signature;
21 | import java.security.SignatureException;
22 | import java.security.spec.InvalidKeySpecException;
23 | import java.security.spec.PKCS8EncodedKeySpec;
24 | import java.security.spec.X509EncodedKeySpec;
25 | import java.util.Base64;
26 |
27 | /**
28 | * Tool class for data convert
29 | *
30 | * @since 2020-01-19
31 | */
32 | public class DataConvertUtil {
33 | /**
34 | * The encryption mode of wallet TA
35 | */
36 | public static final String TA_PUBLIC_KEY_ENCRYPT_MODE = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
37 |
38 | /**
39 | * The encryption mode of applet
40 | */
41 | public static final String PERSONALIZE_DATA_ENCRYPT_MODE = "RSA/NONE/OAEPWithSHA1AndMGF1Padding";
42 |
43 | /**
44 | * The signature algorithm, used by wallet server
45 | */
46 | public static final String SIGN_MODE_SHA256_RSA_PSS = "SHA256WithRSA/PSS";
47 |
48 | public static final String SIGN_MODE_SHA256_RSA = "SHA256WithRSA";
49 |
50 | /**
51 | * The signature algorithm, used by applet
52 | */
53 | public static final String SIGN_MODE_SHA256_RSA_MGF1 = "SHA256WithRSAandMGF1";
54 |
55 | /**
56 | * Encrypt with SHA256 to get the hash value of string
57 | *
58 | * @param str String to be encrypted
59 | * @return String after encryption,hex format
60 | */
61 | public static String encodeSHA256(String str) {
62 | MessageDigest messageDigest;
63 | String encodedResult = "";
64 | try {
65 | messageDigest = MessageDigest.getInstance("SHA-256");
66 | messageDigest.update(str.getBytes(Constants.UTF8_ENCODING));
67 | encodedResult = byteArrayToHexString(messageDigest.digest());
68 | } catch (NoSuchAlgorithmException e) {
69 | LogUtil.info("DataConvertUtil", "NoSuchAlgorithmException " + LogUtil.parseSensitiveinfo(e.toString()));
70 | } catch (UnsupportedEncodingException e) {
71 | LogUtil.info("DataConvertUtil", "UnsupportedEncodingException " + LogUtil.parseSensitiveinfo(e.toString()));
72 | }
73 | return encodedResult;
74 | }
75 |
76 | /**
77 | * RSA encryption with public key
78 | *
79 | * @param data data to be encrypted
80 | * @param key public key, encoded in Base64
81 | * @param mode encryption mode
82 | * @return encryption result, encoded in base64 mode
83 | */
84 | public static String encryptToBase64ByPublicKey(String data, String key, String mode) {
85 | if (CommonUtils.isStringEmpty(key) || CommonUtils.isStringEmpty(mode) || CommonUtils.isStringEmpty(data)) {
86 | LogUtil.info("encryptByPublicKey, some param is empty.");
87 | return null;
88 | }
89 | try {
90 | byte[] byteResult = encryptByPublicKey(data.getBytes(Constants.UTF8_ENCODING), key, mode);
91 | if (byteResult != null) {
92 | return base64EncodeToString(byteResult);
93 | }
94 | } catch (UnsupportedEncodingException e) {
95 | LogUtil.info("encryptByPublicKey, UnsupportedEncodingException.");
96 | }
97 | return null;
98 | }
99 |
100 | /**
101 | * RSA encryption with public key
102 | *
103 | * @param data data to be encrypted
104 | * @param key public key, encoded in Base64
105 | * @param mode encryption mode
106 | * @return encryption result
107 | */
108 | public static String encryptToHexByPublicKey(String data, String key, String mode) {
109 | if (CommonUtils.isStringEmpty(key) || CommonUtils.isStringEmpty(mode) || CommonUtils.isStringEmpty(data)) {
110 | LogUtil.info("encryptByPublicKey, some param is empty.");
111 | return null;
112 | }
113 | try {
114 | return encryptToHexByPublicKey(data.getBytes(Constants.UTF8_ENCODING), key, mode);
115 | } catch (UnsupportedEncodingException e) {
116 | LogUtil.info("encryptByPublicKey, UnsupportedEncodingException.");
117 | }
118 | return null;
119 | }
120 |
121 | /**
122 | * RSA encryption with public key
123 | *
124 | * @param data data to be encrypted
125 | * @param key public key, encoded in Base64
126 | * @param mode encryption mode
127 | * @return encryption result
128 | */
129 | public static String encryptToHexByPublicKey(byte[] data, String key, String mode) {
130 | byte[] byteResult = encryptByPublicKey(data, key, mode);
131 | if (byteResult == null) {
132 | return null;
133 | } else {
134 | return byteArrayToHexString(byteResult);
135 | }
136 | }
137 |
138 | /**
139 | * RSA encryption with public key
140 | *
141 | * @param data data to be encrypted
142 | * @param key public key, encoded in Base64
143 | * @param mode encryption mode
144 | * @return encryption result, byte array
145 | */
146 | private static byte[] encryptByPublicKey(byte[] data, String key, String mode) {
147 | if (CommonUtils.isStringEmpty(key) || CommonUtils.isStringEmpty(mode) || data == null) {
148 | LogUtil.info("encryptByPublicKey, some param is empty.");
149 | return null;
150 | }
151 | PublicKey pubKey = generateRSAPublicKey(key);
152 | if (pubKey == null) {
153 | LogUtil.info("encryptByPublicKey, generateRSAPublicKey error.");
154 | return null;
155 | }
156 | try {
157 | Cipher cipher = Cipher.getInstance(mode);
158 | cipher.init(Cipher.ENCRYPT_MODE, pubKey);
159 | return cipher.doFinal(data);
160 | } catch (NoSuchAlgorithmException e) {
161 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey NoSuchAlgorithmException.");
162 | } catch (NoSuchPaddingException e) {
163 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey NoSuchPaddingException. ");
164 | } catch (InvalidKeyException e) {
165 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey InvalidKeyException.");
166 | } catch (IllegalBlockSizeException e) {
167 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey IllegalBlockSizeException.");
168 | } catch (BadPaddingException e) {
169 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey BadPaddingException.");
170 | }
171 | return null;
172 | }
173 |
174 | /**
175 | * RSA signature
176 | *
177 | * @param data data to be signed
178 | * @param privateKeyStr private key
179 | * @return signature result
180 | */
181 | public static String signData(String data, String privateKeyStr) {
182 | try {
183 | Base64.Decoder decoder = Base64.getDecoder();
184 | byte[] keyBytes = decoder.decode(privateKeyStr);
185 | PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
186 | KeyFactory keyFactory = KeyFactory.getInstance("RSA");
187 | PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
188 | Signature signature = Signature.getInstance(SIGN_MODE_SHA256_RSA_PSS);
189 | signature.initSign(privateKey);
190 | signature.update(data.getBytes(Constants.UTF8_ENCODING));
191 | byte[] mi = signature.sign();
192 | return base64EncodeToString(mi);
193 | } catch (NoSuchAlgorithmException e) {
194 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey NoSuchAlgorithmException.");
195 | } catch (InvalidKeyException e) {
196 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey InvalidKeyException.");
197 | } catch (InvalidKeySpecException e) {
198 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey InvalidKeySpecException.");
199 | } catch (SignatureException e) {
200 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey SignatureException.");
201 | } catch (UnsupportedEncodingException e) {
202 | LogUtil.info("requestBoardWhiteCardInfo encryptByPublicKey UnsupportedEncodingException.");
203 | }
204 | return null;
205 | }
206 |
207 | /**
208 | * Check sign with RSA
209 | *
210 | * @param content Unsigned content
211 | * @param sign Signature content, encoded in base64
212 | * @param publicKey public key, encoded in base64
213 | * @param signMode sign mode
214 | * @return boolean Signature check result
215 | */
216 | public static boolean checkSign(String content, String sign, String publicKey, String signMode) {
217 | if (CommonUtils.isStringEmpty(content)) {
218 | LogUtil.info("checkSign, some param is empty.");
219 | return false;
220 | }
221 | try {
222 | byte[] srcBytes = (content.getBytes(Constants.UTF8_ENCODING));
223 | return checkSign(srcBytes, sign, publicKey, signMode);
224 | } catch (UnsupportedEncodingException e) {
225 | LogUtil.info("checkSign:UnsupportedEncodingException");
226 | }
227 | return false;
228 | }
229 |
230 | /**
231 | * Check sign with RSA
232 | *
233 | * @param content Unsigned content
234 | * @param sign Signature content, encoded in base64
235 | * @param publicKey public key, encoded in base64
236 | * @param signMode sign mode
237 | * @return boolean Signature check result
238 | */
239 | public static boolean checkSign(byte[] content, String sign, String publicKey, String signMode) {
240 | if (content == null || CommonUtils.isStringEmpty(sign) || CommonUtils.isStringEmpty(publicKey)
241 | || CommonUtils.isStringEmpty(signMode)) {
242 | LogUtil.info("checkSign, some param is empty.");
243 | return false;
244 | }
245 | PublicKey pubKey = generateRSAPublicKey(publicKey);
246 | if (pubKey == null) {
247 | LogUtil.info("checkSign, generateRSAPublicKey error.");
248 | return false;
249 | }
250 | try {
251 | Signature signature = Signature.getInstance(signMode);
252 | signature.initVerify(pubKey);
253 | signature.update(content);
254 | byte[] signatureBytes = base64Decode(sign);
255 | return signature.verify(signatureBytes);
256 | } catch (NoSuchAlgorithmException e) {
257 | LogUtil.info("checkSign:NoSuchAlgorithmException");
258 | } catch (InvalidKeyException e) {
259 | LogUtil.info("checkSign:InvalidKeyException");
260 | } catch (SignatureException e) {
261 | LogUtil.info("checkSign:SignatureException");
262 | }
263 | return false;
264 | }
265 |
266 | private static PublicKey generateRSAPublicKey(String publicKey) {
267 | try {
268 | Base64.Decoder decoder = Base64.getDecoder();
269 | byte[] encodedKey = decoder.decode(publicKey);
270 | KeyFactory keyFactory = KeyFactory.getInstance("RSA");
271 | return keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
272 | } catch (NoSuchAlgorithmException e) {
273 | LogUtil.info("generateRSAPublicKey:NoSuchAlgorithmException");
274 | } catch (InvalidKeySpecException e) {
275 | LogUtil.info("generateRSAPublicKey:InvalidKeySpecException");
276 | } catch (IllegalArgumentException e) {
277 | LogUtil.info("generateRSAPublicKey:IllegalArgumentException");
278 | }
279 | return null;
280 | }
281 |
282 | /**
283 | * Convert byte array to string in base64 format
284 | *
285 | * @param valueByte data to be converted
286 | * @return Base64 encoded string
287 | */
288 | public static String base64EncodeToString(byte[] valueByte) {
289 | Base64.Encoder encoder = Base64.getEncoder();
290 | return encoder.encodeToString(valueByte);
291 | }
292 |
293 | /**
294 | * Decode string in base64 format
295 | *
296 | * @param srcData data to be converted
297 | * @return byte array decoded
298 | */
299 | public static byte[] base64Decode(String srcData) {
300 | Base64.Decoder decoder = Base64.getDecoder();
301 | try {
302 | return decoder.decode(srcData);
303 | } catch (IllegalArgumentException e) {
304 | LogUtil.info("base64Decode, IllegalArgumentException");
305 | return null;
306 | }
307 | }
308 |
309 | /**
310 | * Convert byte array to hex string
311 | *
312 | * @param bytes Byte array to be converted
313 | * @return Hex string result
314 | */
315 | public static String byteArrayToHexString(byte[] bytes) {
316 | final char[] hexArray = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
317 | char[] hexChars = new char[bytes.length * 2];
318 | int temp;
319 | for (int j = 0; j < bytes.length; j++) {
320 | temp = bytes[j] & 0xFF;
321 | hexChars[j * 2] = hexArray[temp >>> 4];
322 | hexChars[j * 2 + 1] = hexArray[temp & 0x0F];
323 | }
324 | return new String(hexChars);
325 | }
326 |
327 | /**
328 | * Convert hex string to byte array
329 | *
330 | * @param s hex string
331 | * @return byte array result
332 | */
333 | public static byte[] hexStringToByteArray(String s) {
334 | int len = s.length();
335 | byte[] data = new byte[len / 2];
336 | for (int i = 0; i < len; i += 2) {
337 | data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));
338 | }
339 | return data;
340 | }
341 |
342 | /**
343 | * Get the byte error of data length, adapter to applet encryption
344 | *
345 | * @param length data length
346 | * @return byte array of data length
347 | */
348 | public static byte[] dataLengthToBytes(int length) {
349 | byte[] result = null;
350 | if (length < 128) {
351 | result = new byte[1];
352 | result[0] = (byte) length;
353 | } else if (length < 256) {
354 | result = new byte[2];
355 | result[0] = (byte) 0x81;
356 | result[1] = (byte) length;
357 | } else if (length < 65536) {
358 | result = new byte[3];
359 | result[0] = (byte) 0x82;
360 | result[1] = (byte) (length >> 8);
361 | result[2] = (byte) length;
362 | } else {
363 | return new byte[0];
364 | }
365 | return result;
366 | }
367 | }
368 |
--------------------------------------------------------------------------------