GithubHelp home page GithubHelp logo

5l1v3r1 / eidclientcore Goto Github PK

View Code? Open in Web Editor NEW

This project forked from beid-lab/eidclientcore

0.0 1.0 0.0 2.55 MB

Präambel: Die Humboldt-Universität zu Berlin, Unter den Linden 6, 10099 Berlin, im Folgenden als Humboldt-Universität bezeichnet, stellt für die Anwendung im Zusammenhang mit deutschen hoheitlichen Dokumenten, wie beispielsweise den neuen Personalausweis und den elektronischen Aufenthaltstitel, eine clientseitige eID-Basis-Software zum Bereitstellen der sogenannten eID-Funktionalität, d.h. Ermöglichen eines elektronischen Identitätsnachweises, die sich an den Richtlinien des BSI TR-03110, TR-03112, TR-03130 orientiert, bereit, und zwar in dem Entwicklungszustand, in dem sie sich zum Zeitpunkt der Bereitstellung befindet. Diese Software, die im Folgenden als eIDClientCore bezeichnet wird, hat die Humboldt-Universität von der Bundesdruckerei GmbH, Oranienstraße 91, 10969 Berlin zur Verwendung in Lehre und Forschung sowie zur Bereitstellung an die Öffentlichkeit („Hosten“) für die allgemeine Prüfung und Verwendung durch jedermann erhalten.

Shell 0.33% C++ 58.04% C 18.35% Java 8.44% Makefile 4.89% CMake 4.32% M4 5.63%

eidclientcore's Introduction

Welcome

All relevant information about the eIDClientCore can be found at: http://sar.informatik.hu-berlin.de/BeID-lab/eIDClientCore

Warning: This is just proof-of-concept code and should NOT be used in production environments

Stories in Ready

Tested platforms:

  • Windows
  • Linux
  • Mac OS X
  • Android
  • iOS
  • Travis CI (Ubuntu Linux) Build Status

Usage

C library interface

For using eIDClientCore applications should use eIDClientCore.h The application initiates the electronic identification by calling nPAeIdPerformAuthenticationProtocol. To enter the PIN, the application shall define a user interaction call back. Also, the state call back informs the application about completed protocol steps.

The application may also choose to use eIDClientConnection.h which, by default, is basically a wrapper around libcurl. However, you may want to choose to replace the implementation of eIDClientConnection with a wrapper to your platform dependent solution.

JNI wrappers for Android

For android we build JNI wrappers to our C++ implementation. The public Java interface is accessed through the EidClient class Electronic identification is triggered similar to its C-counterpart. Additionally the Android application has to pass an implementation of the Reader class to do the actual communication with the card.

Building for Linux

First you have to download the eIDClientCore Git-Repository in your target intstallation directory:

git clone https://github.com/BeID-lab/eIDClientCore.git

You can then change in the eIDClientCore directory and install the prerequisites and the eIDClientCore by:

cd eIDClientCore
make all

If you want to install manually you can use the following guide. We assume that PREFIX is set to the directory eIDClientCore in the target installation directory.

Compiling Prerequisites from source

eIDClientCore has the following dependencies:

  • Crypto++
  • asn1c (at least version 0.9.23)
  • libexpat
  • PC/SC development files (if PC/SC smart card readers shall be used)
  • OpenSSL patched for RSA-PSK
  • libcurl (using the patched OpenSSL)

Crypto++

svn checkout https://svn.code.sf.net/p/cryptopp/code/trunk/c5 cryptopp
sed -i.org -e "s%^#.*\(CXXFLAGS += -fPIC.*\)%\1%g" ${PREFIX}/cryptopp/GNUmakefile
make -C cryptopp all libcryptopp.so
make -C cryptopp install PREFIX=${PREFIX}

You can skip compilation of Crypto++ when using your distributions version of the library.

asn1c

wget https://lionet.info/soft/asn1c-0.9.24.tar.gz --ca-certificate=trusted_ca/COMODORSADomainValidationSecureServerCA.pem
tar xzf asn1c-0.9.24.tar.gz
cd asn1c-0.9.24
./configure --prefix=${PREFIX}
make install
cd -

If you want to use your distributions version of asn1c you will propably have to edit eidasn1's Makefile.am. You need to change the commented lines so that they meet the version of asn1c.

libexpat

wget http://sourceforge.net/projects/expat/files/expat/2.1.0/expat-2.1.0.tar.gz
echo "b08197d146930a5543a7b99e871cba3da614f6f0 expat-2.1.0.tar.gz" | sha1sum -c -
tar xzf expat-2.1.0.tar.gz
cd expat-2.1.0
./configure --prefix=${PREFIX}
make install
cd -

You can skip compilation of libexpat when using your distributions version of the library.

OpenSSL

cd ${PREFIX}/OpenSSL_1_0_2-stable 
git submodule init 
git submodule update 
./config --prefix=${PREFIX} shared 
make 
make install_sw

OpenSSL is the only library that needs to be patched since it does currently not support RSA-PSK.

libcurl

wget https://github.com/bagder/curl/releases/download/curl-7_44_0/curl-7.44.0.tar.gz
tar xzf curl-7.44.0.tar.gz
cd curl-7.44.0
./configure --prefix=${PREFIX} \
    PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig:${PREFIX}/lib64/pkgconfig
make install
cd -

If you want to use your distributions version of curl will need to make sure it uses the patched version of OpenSSL at runtime (see above).

wxWidgets

To build the SimpleClient wxWidgets (Release >= 3.0.0) is required. The name of the required package in OpenSuse is wxWidgets-3_0-devel. Alternatively wxWidgets can be downloaded and compiled manually (https://wiki.wxwidgets.org/Install):

wget https://github.com/wxWidgets/wxWidgets/releases/download/v3.1.0/wxWidgets-3.1.0.tar.bz2
tar -xjf wxWidgets-3.1.0.tar.bz2 
cd wxWidgets-3.1.0
mkdir gtk-build
cd gtk-build
../configure --enable-unicode --enable-debug --prefix=${PREFIX}
make > /dev/null
make install
cd -

Compiling eIDClientCore from source

git clone https://github.com/BeID-lab/eIDClientCore.git
cd eIDClientCore
autoreconf -vis
env LD_LIBRARY_PATH=${PREFIX}/lib:${PREFIX}/lib64 ./configure --prefix=${PREFIX} \
    --with-openssl=${PREFIX} --with-libcurl=${PREFIX} \
    PKG_CONFIG_PATH=${PREFIX}/lib/pkgconfig:${PREFIX}/lib64/pkgconfig \
    ASN1C=${PREFIX}/bin/asn1c
make install
cd -

Building for Android

We added a Makefile to automatically build eIDClientCore and its prerequisites for android. We assume that ANDROID_NDK_ROOT and ANDROID_SDK_ROOT are set to the root directory of Android's SDK and NDK respectively. Also, asn1c and ant should be available in the PATH.

git clone https://github.com/BeID-lab/eIDClientCore.git
cd eIDClientCore/android
make ANDROID_NDK_ROOT=$ANDROID_NDK_ROOT ANDROID_SDK_ROOT=$ANDROID_SDK_ROOT

On successfull compilation you can find a jar-file containing the library in eIDClientCore/android. Building for android has been verified on Debian/Wheezy with android-ndk-r9 and adt-bundle-linux-x86-20130729.

  • ANDROID_API defines the Android API version to use, we choose 'android-14' as default
  • ANDROID_ARCH defines the architecture to use, we choose 'arm' as default

Including the library in your Android project

To use the library in your project, you have two possibilities:

  1. Add eIDClientLib/bin/classes.jar to your build path and copy the following listed shared objects into your libs/armeabi folder:

    • libeidclient-wrapper.so
    • libexternalReader.so
    • libstlport_shared.so

  2. Reference the library with the android tools (see Android documentation). In this case all necessary files are copied automatically.

android update project \
  --path path/to/your/project \
  --library path/to/eiDClientLib

Android example app

Projects using eIDClientCore

The eIDClientCore is used in the project Selbstauskunft in the middle. This project provides a docker image containing the eIDClientCore to simplify performing the scenario "Selbstauskunft in the middle". The docker images for this project can be found here.

TODO

  • Add abstraction layer between ePACard and cryptographic functions
  • Remove unused/bloated interfaces
  • Check try...catch block around C-Interfaces
  • use OOP in nPA-EAC
  • Check the hash of the SSL/TLS certificate from the SP with the SP's Terminal certificate
  • Check if the Terminal certificate is up to date
  • Check the Subject URL of the Terminal certificate
  • remove the use of exceptions

eidclientcore's People

Contributors

beid-lab avatar d0 avatar ebfe avatar eriknellessen avatar olerichter00 avatar psytester avatar schromar avatar waffle-iron avatar wilhelmpaul avatar wolfmueller avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.