int addUser(AB_BANKING *ab, GWEN_DB_NODE *dbArgs, int argc, char **argv) { GWEN_DB_NODE *db; AB_PROVIDER *pro; int rv; GWEN_BUFFER *nameBuffer=NULL; const char *tokenName; const char *tokenType; const char *bankId; const char *userId; const char *customerId; const char *server; const char *userName; int hbciVersion; int rdhType; uint32_t cid; const GWEN_ARGS args[]={ { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "userName", /* name */ 1, /* minnum */ 1, /* maxnum */ "N", /* short option */ "username", /* long option */ "Specify the user name", /* short description */ "Specify the user name (not the userid!)" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "bankId", /* name */ 0, /* minnum */ 1, /* maxnum */ "b", /* short option */ "bank", /* long option */ "Specify the bank code", /* short description */ "Specify the bank code" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "userId", /* name */ 0, /* minnum */ 1, /* maxnum */ "u", /* short option */ "user", /* long option */ "Specify the user id (Benutzerkennung)", /* short description */ "Specify the user id (Benutzerkennung)" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "customerId", /* name */ 0, /* minnum */ 1, /* maxnum */ "c", /* short option */ "customer", /* long option */ "Specify the customer id (Kundennummer)", /* short description */ "Specify the customer id (Kundennummer)" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "tokenType", /* name */ 1, /* minnum */ 1, /* maxnum */ "t", /* short option */ "tokentype", /* long option */ "Specify the crypt token type", /* short description */ "Specify the crypt token type" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "tokenName", /* name */ 0, /* minnum */ 1, /* maxnum */ "n", /* short option */ "tokenname", /* long option */ "Specify the crypt token name", /* short description */ "Specify the crypt token name" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "serverAddr", /* name */ 0, /* minnum */ 1, /* maxnum */ "s", /* short option */ "server", /* long option */ "Specify the server URL", /* short description */ "Specify the server URL" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Int, /* type */ "context", /* name */ 0, /* minnum */ 1, /* maxnum */ 0, /* short option */ "context", /* long option */ "Select a context on the medium", /* short description */ "Select a context on the medium" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, GWEN_ArgsType_Int, "hbciversion", 0, 1, 0, "hbciversion", "Select the HBCI version", "Select the HBCI protocol version" }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, GWEN_ArgsType_Int, "rdhType", 0, 1, 0, "rdhtype", "Select the RDH profile type (1, 2, 3, 5, 10)", "Select the RDH profile type (1, 2, 3, 5, 10)" }, { GWEN_ARGS_FLAGS_HELP | GWEN_ARGS_FLAGS_LAST, /* flags */ GWEN_ArgsType_Int, /* type */ "help", /* name */ 0, /* minnum */ 0, /* maxnum */ "h", /* short option */ "help", /* long option */ "Show this help screen", /* short description */ "Show this help screen" /* long description */ } }; db=GWEN_DB_GetGroup(dbArgs, GWEN_DB_FLAGS_DEFAULT, "local"); rv=GWEN_Args_Check(argc, argv, 1, 0 /*GWEN_ARGS_MODE_ALLOW_FREEPARAM*/, args, db); if (rv==GWEN_ARGS_RESULT_ERROR) { fprintf(stderr, "ERROR: Could not parse arguments\n"); return 1; } else if (rv==GWEN_ARGS_RESULT_HELP) { GWEN_BUFFER *ubuf; ubuf=GWEN_Buffer_new(0, 1024, 0, 1); if (GWEN_Args_Usage(args, ubuf, GWEN_ArgsOutType_Txt)) { fprintf(stderr, "ERROR: Could not create help string\n"); return 1; } fprintf(stderr, "%s\n", GWEN_Buffer_GetStart(ubuf)); GWEN_Buffer_free(ubuf); return 0; } rv=AB_Banking_Init(ab); if (rv) { DBG_ERROR(0, "Error on init (%d)", rv); return 2; } rv=AB_Banking_OnlineInit(ab); if (rv) { DBG_ERROR(0, "Error on init (%d)", rv); return 2; } pro=AB_Banking_GetProvider(ab, "aqhbci"); assert(pro); tokenType=GWEN_DB_GetCharValue(db, "tokenType", 0, 0); tokenName=GWEN_DB_GetCharValue(db, "tokenName", 0, 0); bankId=GWEN_DB_GetCharValue(db, "bankId", 0, 0); userId=GWEN_DB_GetCharValue(db, "userId", 0, 0); customerId=GWEN_DB_GetCharValue(db, "customerId", 0, 0); server=GWEN_DB_GetCharValue(db, "serverAddr", 0, 0); cid=GWEN_DB_GetIntValue(db, "context", 0, 1); hbciVersion=GWEN_DB_GetIntValue(db, "hbciVersion", 0, 0); rdhType=GWEN_DB_GetIntValue(db, "rdhType", 0, 1); userName=GWEN_DB_GetCharValue(db, "userName", 0, 0); assert(userName); /* generic check for some arguments */ if (hbciVersion>0 && rdhType>1) { if (hbciVersion<300 && rdhType>1) { DBG_ERROR(0, "RDH Types 2 and above only work with HBCI version 300 or later"); return 1; } } if (hbciVersion>0) { switch(hbciVersion) { case 201: case 210: case 220: case 300: /* supported */ break; default: DBG_ERROR(0, "HBCI/FinTS version %d not supported", hbciVersion); return 1; } } if (rdhType>0) { switch(rdhType) { case 1: case 2: case 10: /* supported */ break; case 3: case 4: case 5: case 6: case 7: case 8: case 9: default: DBG_ERROR(0, "RDH type %d not supported", rdhType); return 1; } } if (1) { const char *lbankId; const char *luserId; const char *lcustomerId; const char *lserverAddr; AH_CRYPT_MODE cm; GWEN_URL *url; GWEN_CRYPT_TOKEN_CONTEXT *ctx=NULL; AB_USER *user; if (strcasecmp(tokenType, "pintan")==0) { lbankId=bankId; luserId=userId; lcustomerId=customerId?customerId:luserId; lserverAddr=server; cm=AH_CryptMode_Pintan; } else { GWEN_PLUGIN_MANAGER *pm; GWEN_PLUGIN *pl; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *cctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; GWEN_CRYPT_CRYPTALGOID algo; if (cid==0) { DBG_ERROR(0, "No context given."); return 1; } /* get crypt token */ pm=GWEN_PluginManager_FindPluginManager("ct"); if (pm==0) { DBG_ERROR(0, "Plugin manager not found"); return 3; } pl=GWEN_PluginManager_GetPlugin(pm, tokenType); if (pl==0) { DBG_ERROR(0, "Plugin not found"); return 3; } DBG_INFO(0, "Plugin found"); ct=GWEN_Crypt_Token_Plugin_CreateToken(pl, tokenName); if (ct==0) { DBG_ERROR(0, "Could not create crypt token"); return 3; } /* open crypt token */ rv=GWEN_Crypt_Token_Open(ct, 0, 0); if (rv) { DBG_ERROR(0, "Could not open token (%d)", rv); GWEN_Crypt_Token_free(ct); return 3; } /* get real token name */ nameBuffer=GWEN_Buffer_new(0, 64, 0, 1); GWEN_Buffer_AppendString(nameBuffer, GWEN_Crypt_Token_GetTokenName(ct)); tokenName=GWEN_Buffer_GetStart(nameBuffer); cctx=GWEN_Crypt_Token_GetContext(ct, cid, 0); if (cctx==NULL) { DBG_ERROR(0, "Context %02x not found", cid); GWEN_Buffer_free(nameBuffer); GWEN_Crypt_Token_Close(ct, 1, 0); GWEN_Crypt_Token_free(ct); return 3; } ctx=GWEN_Crypt_Token_Context_dup(cctx); lbankId=bankId?bankId:GWEN_Crypt_Token_Context_GetServiceId(ctx); luserId=userId?userId:GWEN_Crypt_Token_Context_GetUserId(ctx); lcustomerId=customerId?customerId:luserId; lserverAddr=server?server:GWEN_Crypt_Token_Context_GetAddress(ctx); /* determine crypt mode */ keyId=GWEN_Crypt_Token_Context_GetSignKeyId(ctx); if (keyId==0) keyId=GWEN_Crypt_Token_Context_GetVerifyKeyId(ctx); if (keyId==0) keyId=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx); if (keyId==0) keyId=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx); GWEN_Crypt_Token_Context_free(ctx); if (keyId==0) { DBG_ERROR(0, "No keys, unable to determine crypt mode"); GWEN_Buffer_free(nameBuffer); GWEN_Crypt_Token_Close(ct, 1, 0); GWEN_Crypt_Token_free(ct); return 3; } ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, 0); if (ki==NULL) { DBG_ERROR(0, "Could not get keyinfo for key %d, " "unable to determine crypt mode", keyId); GWEN_Buffer_free(nameBuffer); GWEN_Crypt_Token_Close(ct, 1, 0); GWEN_Crypt_Token_free(ct); return 3; } algo=GWEN_Crypt_Token_KeyInfo_GetCryptAlgoId(ki); if (algo==GWEN_Crypt_CryptAlgoId_Des3K) cm=AH_CryptMode_Ddv; else if (algo==GWEN_Crypt_CryptAlgoId_Rsa) cm=AH_CryptMode_Rdh; else { DBG_ERROR(0, "Unexpected crypt algorithm \"%s\", " "unable to determine crypt mode", GWEN_Crypt_CryptAlgoId_toString(algo)); GWEN_Buffer_free(nameBuffer); GWEN_Crypt_Token_Close(ct, 1, 0); GWEN_Crypt_Token_free(ct); return 3; } rv=GWEN_Crypt_Token_Close(ct, 0, 0); GWEN_Crypt_Token_free(ct); if (rv) { DBG_ERROR(0, "Could not close token (%d)", rv); GWEN_Buffer_free(nameBuffer); return 3; } } if (!lbankId || !*lbankId) { DBG_ERROR(0, "No bank id stored and none given"); GWEN_Buffer_free(nameBuffer); return 3; } if (!luserId || !*luserId) { DBG_ERROR(0, "No user id (Benutzerkennung) stored and none given"); GWEN_Buffer_free(nameBuffer); return 3; } user=AB_Banking_FindUser(ab, AH_PROVIDER_NAME, "de", lbankId, luserId, lcustomerId); if (user) { DBG_ERROR(0, "User %s already exists", luserId); return 3; } user=AB_Banking_CreateUser(ab, AH_PROVIDER_NAME); assert(user); AB_User_SetUserName(user, userName); AB_User_SetCountry(user, "de"); AB_User_SetBankCode(user, lbankId); AB_User_SetUserId(user, luserId); AB_User_SetCustomerId(user, lcustomerId); AH_User_SetTokenType(user, tokenType); AH_User_SetTokenName(user, tokenName); AH_User_SetTokenContextId(user, cid); AH_User_SetCryptMode(user, cm); if (rdhType>0) AH_User_SetRdhType(user, rdhType); GWEN_Buffer_free(nameBuffer); if (hbciVersion==0) { if (cm==AH_CryptMode_Pintan) AH_User_SetHbciVersion(user, 220); else { if (rdhType>1) AH_User_SetHbciVersion(user, 300); else AH_User_SetHbciVersion(user, 210); } } else { AH_User_SetHbciVersion(user, hbciVersion); } /* try to get server address from database if still unknown */ if (!lserverAddr || *lserverAddr==0) { GWEN_BUFFER *tbuf; tbuf=GWEN_Buffer_new(0, 256, 0, 1); if (getBankUrl(ab, cm, lbankId, tbuf)) { DBG_INFO(0, "Could not find server address for \"%s\"", lbankId); } if (GWEN_Buffer_GetUsedBytes(tbuf)==0) { DBG_ERROR(0, "No address given and none available in internal db"); return 3; } url=GWEN_Url_fromString(GWEN_Buffer_GetStart(tbuf)); if (url==NULL) { DBG_ERROR(0, "Bad URL \"%s\" in internal db", GWEN_Buffer_GetStart(tbuf)); return 3; } GWEN_Buffer_free(tbuf); } else { /* set address */ url=GWEN_Url_fromString(lserverAddr); if (url==NULL) { DBG_ERROR(0, "Bad URL \"%s\"", lserverAddr); return 3; } } if (cm==AH_CryptMode_Pintan) { GWEN_Url_SetProtocol(url, "https"); if (GWEN_Url_GetPort(url)==0) GWEN_Url_SetPort(url, 443); } else { GWEN_Url_SetProtocol(url, "hbci"); if (GWEN_Url_GetPort(url)==0) GWEN_Url_SetPort(url, 3000); } AH_User_SetServerUrl(user, url); GWEN_Url_free(url); if (cm==AH_CryptMode_Ddv) AH_User_SetStatus(user, AH_UserStatusEnabled); AB_Banking_AddUser(ab, user); } rv=AB_Banking_OnlineFini(ab); if (rv) { fprintf(stderr, "ERROR: Error on deinit (%d)\n", rv); return 5; } rv=AB_Banking_Fini(ab); if (rv) { fprintf(stderr, "ERROR: Error on deinit (%d)\n", rv); return 5; } return 0; }
int EBC_Provider_XchgHiaRequest_H003(AB_PROVIDER *pro, GWEN_HTTP_SESSION *sess, AB_USER *u) { int rv; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; uint32_t kid; const GWEN_CRYPT_TOKEN_KEYINFO *cryptKeyInfo=NULL; const GWEN_CRYPT_TOKEN_KEYINFO *authKeyInfo=NULL; xmlNsPtr ns; EB_MSG *msg; const char *userId; const char *partnerId; EB_MSG *mRsp; EB_RC rc; xmlDocPtr doc; xmlNodePtr root_node = NULL; xmlNodePtr node = NULL; /*xmlNodePtr nodeX = NULL;*/ GWEN_BUFFER *mbuf; GWEN_BUFFER *tbuf; const char *s; userId=AB_User_GetUserId(u); partnerId=AB_User_GetCustomerId(u); /* get crypt token and context */ rv=EBC_Provider_MountToken(pro, u, &ct, &ctx); if (rv<0) { DBG_INFO(AQEBICS_LOGDOMAIN, "here (%d)", rv); return rv; } /* get crypt key info */ kid=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx); if (kid) { cryptKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid, GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS | GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER, 0); if (cryptKeyInfo==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Crypt key info not found on crypt token"); GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Error, I18N("Crypt key info not found on crypt token")); return GWEN_ERROR_NOT_FOUND; } } /* get auth sign key info */ kid=GWEN_Crypt_Token_Context_GetAuthSignKeyId(ctx); if (kid) { authKeyInfo=GWEN_Crypt_Token_GetKeyInfo(ct, kid, GWEN_CRYPT_TOKEN_KEYFLAGS_HASMODULUS | GWEN_CRYPT_TOKEN_KEYFLAGS_HASEXPONENT | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYVERSION | GWEN_CRYPT_TOKEN_KEYFLAGS_HASKEYNUMBER, 0); if (authKeyInfo==NULL) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Auth key info not found on crypt token"); GWEN_Gui_ProgressLog(0, GWEN_LoggerLevel_Error, I18N("Auth key info not found on crypt token")); return GWEN_ERROR_NOT_FOUND; } } /* create HIARequestOrderData */ doc=xmlNewDoc(BAD_CAST "1.0"); doc->encoding=xmlCharStrdup("UTF-8"); root_node=xmlNewNode(NULL, BAD_CAST "HIARequestOrderData"); xmlDocSetRootElement(doc, root_node); ns=xmlNewNs(root_node, BAD_CAST "http://www.ebics.org/H003", NULL); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2000/09/xmldsig#", BAD_CAST "ds"); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2001/XMLSchema-instance", BAD_CAST "xsi"); xmlNewNsProp(root_node, ns, BAD_CAST "schemaLocation", /* xsi:schemaLocation */ BAD_CAST "http://www.ebics.org/H003 " "http://www.ebics.org/H003/ebics_orders.xsd"); /* create auth key tree */ node=xmlNewChild(root_node, NULL, BAD_CAST "AuthenticationPubKeyInfo", NULL); rv=EB_Key_Info_toXml(authKeyInfo, node); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv); xmlFreeDoc(doc); return GWEN_ERROR_INVALID; } xmlNewChild(node, NULL, BAD_CAST "AuthenticationVersion", BAD_CAST "X002"); /* create crypt key tree */ node=xmlNewChild(root_node, NULL, BAD_CAST "EncryptionPubKeyInfo", NULL); rv=EB_Key_Info_toXml(cryptKeyInfo, node); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%d)", rv); xmlFreeDoc(doc); return rv; } xmlNewChild(node, NULL, BAD_CAST "EncryptionVersion", BAD_CAST "E002"); /* store partner id and user id */ node=xmlNewChild(root_node, NULL, BAD_CAST "PartnerID", BAD_CAST partnerId); node=xmlNewChild(root_node, NULL, BAD_CAST "UserID", BAD_CAST userId); /* compress and base64 doc */ mbuf=GWEN_Buffer_new(0, 512, 0, 1); rv=EB_Xml_Compress64Doc(doc, mbuf); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error compressing/encoding doc (%d)", rv); xmlFreeDoc(doc); return rv; } xmlFreeDoc(doc); /* create request */ msg=EB_Msg_new(); doc=EB_Msg_GetDoc(msg); root_node=xmlNewNode(NULL, BAD_CAST "ebicsUnsecuredRequest"); xmlDocSetRootElement(doc, root_node); ns=xmlNewNs(root_node, BAD_CAST "http://www.ebics.org/H003", NULL); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2000/09/xmldsig#", BAD_CAST "ds"); assert(ns); ns=xmlNewNs(root_node, BAD_CAST "http://www.w3.org/2001/XMLSchema-instance", BAD_CAST "xsi"); xmlNewNsProp(root_node, ns, BAD_CAST "schemaLocation", /* xsi:schemaLocation */ BAD_CAST "http://www.ebics.org/H003 " "http://www.ebics.org/H003/ebics_keymgmt_request.xsd"); xmlNewProp(root_node, BAD_CAST "Version", BAD_CAST "H003"); xmlNewProp(root_node, BAD_CAST "Revision", BAD_CAST "1"); /* header */ node=xmlNewChild(root_node, NULL, BAD_CAST "header", NULL); xmlNewProp(node, BAD_CAST "authenticate", BAD_CAST "true"); xmlNewChild(node, NULL, BAD_CAST "static", NULL); xmlNewChild(node, NULL, BAD_CAST "mutable", NULL); /* body */ node=xmlNewChild(root_node, NULL, BAD_CAST "body", NULL); /* fill */ s=EBC_User_GetPeerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/HostID", s); s=AB_User_GetCustomerId(u); if (s) EB_Msg_SetCharValue(msg, "header/static/PartnerID", s); EB_Msg_SetCharValue(msg, "header/static/UserID", AB_User_GetUserId(u)); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderType", "HIA"); tbuf=GWEN_Buffer_new(0, 16, 0, 1); rv=EBC_Provider_Generate_OrderId(pro, tbuf); if (rv<0) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv); GWEN_Buffer_free(tbuf); GWEN_Buffer_free(mbuf); EB_Msg_free(msg); return rv; } EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderID", GWEN_Buffer_GetStart(tbuf)); GWEN_Buffer_free(tbuf); EB_Msg_SetCharValue(msg, "header/static/OrderDetails/OrderAttribute", "DZNNN"); EB_Msg_SetCharValue(msg, "header/static/SecurityMedium", "0200"); EB_Msg_SetCharValue(msg, "body/DataTransfer/OrderData", GWEN_Buffer_GetStart(mbuf)); GWEN_Buffer_free(mbuf); /* exchange requests */ rv=EBC_Dialog_ExchangeMessages(sess, msg, &mRsp); if (rv<0 || rv>=300) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error exchanging messages (%d)", rv); EB_Msg_free(msg); return rv; } EB_Msg_free(msg); /* check response */ assert(mRsp); /* log results */ EBC_Provider_LogRequestResults(pro, mRsp, NULL); rc=EB_Msg_GetResultCode(mRsp); if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); return AB_ERROR_SECURITY; } rc=EB_Msg_GetBodyResultCode(mRsp); if (rc) { if ((rc & 0xff0000)==0x090000 || (rc & 0xff0000)==0x060000) { DBG_ERROR(AQEBICS_LOGDOMAIN, "Error response: (%06x)", rc); EB_Msg_free(mRsp); if ((rc & 0xfff00)==0x091300 || (rc & 0xfff00)==0x091200) return AB_ERROR_SECURITY; else return GWEN_ERROR_GENERIC; } } EB_Msg_free(mRsp); /* adjust user status and flags */ DBG_NOTICE(AQEBICS_LOGDOMAIN, "Adjusting user flags"); EBC_User_AddFlags(u, EBC_USER_FLAGS_HIA); if ((EBC_User_GetFlags(u) & (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) == (EBC_USER_FLAGS_INI | EBC_USER_FLAGS_HIA)) EBC_User_SetStatus(u, EBC_UserStatus_Init2); else EBC_User_SetStatus(u, EBC_UserStatus_Init1); return 0; }
int AH_Msg_DecryptRdh2(AH_MSG *hmsg, GWEN_DB_NODE *gr){ AH_HBCI *h; GWEN_BUFFER *mbuf; uint32_t l; int rv; const uint8_t *p; GWEN_MSGENGINE *e; AB_USER *u; const char *peerId; // uint32_t uFlags; GWEN_CRYPT_TOKEN *ct; const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const GWEN_CRYPT_TOKEN_KEYINFO *ki; uint32_t keyId; GWEN_CRYPT_KEY *sk=NULL; uint8_t decKey[300]; GWEN_DB_NODE *nhead=NULL; GWEN_DB_NODE *ndata=NULL; const char *crypterId; uint32_t gid; assert(hmsg); h=AH_Dialog_GetHbci(hmsg->dialog); assert(h); e=AH_Dialog_GetMsgEngine(hmsg->dialog); assert(e); GWEN_MsgEngine_SetMode(e, "rdh"); gid=0; u=AH_Dialog_GetDialogOwner(hmsg->dialog); // uFlags=AH_User_GetFlags(u); peerId=AH_User_GetPeerId(u); if (!peerId || *peerId==0) peerId=AB_User_GetUserId(u); /* get crypt token of signer */ rv=AB_Banking_GetCryptToken(AH_HBCI_GetBankingApi(h), AH_User_GetTokenType(u), AH_User_GetTokenName(u), &ct); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not get crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } /* open CryptToken if necessary */ if (!GWEN_Crypt_Token_IsOpen(ct)) { GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_DIRECT_SIGN); rv=GWEN_Crypt_Token_Open(ct, 0, gid); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not open crypt token for user \"%s\" (%d)", AB_User_GetUserId(u), rv); return rv; } } /* get context and key info */ ctx=GWEN_Crypt_Token_GetContext(ct, AH_User_GetTokenContextId(u), gid); if (ctx==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Context %d not found on crypt token [%s:%s]", AH_User_GetTokenContextId(u), GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } keyId=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx); ki=GWEN_Crypt_Token_GetKeyInfo(ct, keyId, 0xffffffff, gid); if (ki==NULL) { DBG_INFO(AQHBCI_LOGDOMAIN, "Keyinfo %04x not found on crypt token [%s:%s]", keyId, GWEN_Crypt_Token_GetTypeName(ct), GWEN_Crypt_Token_GetTokenName(ct)); return GWEN_ERROR_NOT_FOUND; } /* get encrypted session key */ nhead=GWEN_DB_GetGroup(gr, GWEN_DB_FLAGS_DEFAULT | GWEN_PATH_FLAGS_NAMEMUSTEXIST, "CryptHead"); if (!nhead) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt head"); return GWEN_ERROR_BAD_DATA; } ndata=GWEN_DB_GetGroup(gr, GWEN_DB_FLAGS_DEFAULT | GWEN_PATH_FLAGS_NAMEMUSTEXIST, "CryptData"); if (!ndata) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data"); return GWEN_ERROR_BAD_DATA; } crypterId=GWEN_DB_GetCharValue(nhead, "key/userId", 0, I18N("unknown")); p=GWEN_DB_GetBinValue(nhead, "CryptAlgo/MsgKey", 0, 0,0, &l); if (p && l) { uint32_t elen; GWEN_CRYPT_PADDALGO *algo; uint8_t encKey[300]; int ksize; ksize=GWEN_Crypt_Token_KeyInfo_GetKeySize(ki); if (ksize<l) { DBG_WARN(AQHBCI_LOGDOMAIN, "Keyinfo keysize is smaller than size of transmitted key, adjusting"); ksize=l; } assert(ksize<=256); /* fill encoded key with 0 */ memset(encKey, 0, sizeof(encKey)); memmove(encKey+(ksize-l), p, l); algo=GWEN_Crypt_PaddAlgo_new(GWEN_Crypt_PaddAlgoId_None); elen=sizeof(decKey); rv=GWEN_Crypt_Token_Decipher(ct, keyId, algo, encKey, ksize, decKey, &elen, gid); GWEN_Crypt_PaddAlgo_free(algo); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "here (%d)", rv); return rv; } /* unpadd key (take right-handed 16 bytes) */ p=decKey+(elen-16); sk=GWEN_Crypt_KeyDes3K_fromData(GWEN_Crypt_CryptMode_Cbc, 24, p, 16); if (sk==NULL) { DBG_ERROR(AQHBCI_LOGDOMAIN, "Could not create DES key from data"); return GWEN_ERROR_BAD_DATA; } } else { DBG_ERROR(AQHBCI_LOGDOMAIN, "Missing message key"); return GWEN_ERROR_BAD_DATA; } /* get encrypted data */ p=GWEN_DB_GetBinValue(ndata, "CryptData", 0, 0,0, &l); if (!p || !l) { DBG_ERROR(AQHBCI_LOGDOMAIN, "No crypt data"); GWEN_Crypt_Key_free(sk); return GWEN_ERROR_BAD_DATA; } /* decipher message with session key */ mbuf=GWEN_Buffer_new(0, l, 0, 1); rv=GWEN_Crypt_Key_Decipher(sk, (const uint8_t*)p, l, (uint8_t*)GWEN_Buffer_GetPosPointer(mbuf), &l); GWEN_Crypt_Key_free(sk); if (rv<0) { DBG_INFO(AQHBCI_LOGDOMAIN, "Could not decipher with DES session key (%d)", rv); GWEN_Buffer_free(mbuf); return rv; } GWEN_Buffer_IncrementPos(mbuf, l); GWEN_Buffer_AdjustUsedBytes(mbuf); /* unpadd message */ rv=GWEN_Padd_UnpaddWithAnsiX9_23(mbuf); if (rv) { DBG_INFO(AQHBCI_LOGDOMAIN, "Error unpadding message with ANSI X9.23 (%d)", rv); GWEN_Buffer_free(mbuf); return rv; } /* store crypter id */ AH_Msg_SetCrypterId(hmsg, crypterId); /* store new buffer inside message */ GWEN_Buffer_free(hmsg->origbuffer); hmsg->origbuffer=hmsg->buffer; GWEN_Buffer_Rewind(mbuf); hmsg->buffer=mbuf; return 0; }
int showUser(GWEN_DB_NODE *dbArgs, int argc, char **argv) { GWEN_DB_NODE *db; const char *ttype; const char *tname; GWEN_CRYPT_TOKEN *ct; unsigned int cid; int shown=0; int rv; const GWEN_ARGS args[]= { { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Int, /* type */ "contextId", /* name */ 0, /* minnum */ 1, /* maxnum */ "i", /* short option */ "id", /* long option */ "Context id (0 for any)", /* short description */ "Context id (0 for any)" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "tokenType", /* name */ 1, /* minnum */ 1, /* maxnum */ "t", /* short option */ "ttype", /* long option */ "Specify the crypt token type", /* short description */ "Specify the crypt token type" /* long description */ }, { GWEN_ARGS_FLAGS_HAS_ARGUMENT, /* flags */ GWEN_ArgsType_Char, /* type */ "tokenName", /* name */ 0, /* minnum */ 1, /* maxnum */ "n", /* short option */ "tname", /* long option */ "Specify the crypt token name", /* short description */ "Specify the crypt token name" /* long description */ }, { GWEN_ARGS_FLAGS_HELP | GWEN_ARGS_FLAGS_LAST, /* flags */ GWEN_ArgsType_Int, /* type */ "help", /* name */ 0, /* minnum */ 0, /* maxnum */ "h", /* short option */ "help", /* long option */ "Show this help screen", /* short description */ "Show this help screen" /* long description */ } }; db=GWEN_DB_GetGroup(dbArgs, GWEN_DB_FLAGS_DEFAULT, "local"); rv=GWEN_Args_Check(argc, argv, 1, GWEN_ARGS_MODE_ALLOW_FREEPARAM, args, db); if (rv==GWEN_ARGS_RESULT_ERROR) { fprintf(stderr, "ERROR: Could not parse arguments\n"); return 1; } else if (rv==GWEN_ARGS_RESULT_HELP) { GWEN_BUFFER *ubuf; ubuf=GWEN_Buffer_new(0, 1024, 0, 1); if (GWEN_Args_Usage(args, ubuf, GWEN_ArgsOutType_Txt)) { fprintf(stderr, "ERROR: Could not create help string\n"); return 1; } fprintf(stderr, "%s\n", GWEN_Buffer_GetStart(ubuf)); GWEN_Buffer_free(ubuf); return 0; } cid=GWEN_DB_GetIntValue(db, "contextId", 0, 0); ttype=GWEN_DB_GetCharValue(db, "tokenType", 0, 0); assert(ttype); tname=GWEN_DB_GetCharValue(db, "tokenName", 0, 0); /* get crypt token */ ct=getCryptToken(ttype, tname); if (ct==0) return 3; if (GWEN_DB_GetIntValue(dbArgs, "forcePin", 0, 0)) GWEN_Crypt_Token_AddModes(ct, GWEN_CRYPT_TOKEN_MODE_FORCE_PIN_ENTRY); /* open crypt token for use */ rv=GWEN_Crypt_Token_Open(ct, 0, 0); if (rv) { DBG_ERROR(0, "Could not open token"); return 3; } else { uint32_t ctxIds[32]; uint32_t ctxCount; uint32_t i; ctxCount=32; rv=GWEN_Crypt_Token_GetContextIdList(ct, ctxIds, &ctxCount, 0); if (rv<0) { DBG_ERROR(0, "Error filling context list"); GWEN_Crypt_Token_Close(ct, 0, 0); return 3; } for (i=0; i<ctxCount; i++) { if (cid==0 || cid==ctxIds[i]) { const GWEN_CRYPT_TOKEN_CONTEXT *ctx; const char *s; uint32_t kid; ctx=GWEN_Crypt_Token_GetContext(ct, ctxIds[i], 0); if (ctx) { fprintf(stdout, "-------------------------------------------------\n"); fprintf(stdout, "Context %u\n", (unsigned int)GWEN_Crypt_Token_Context_GetId(ctx)); s=GWEN_Crypt_Token_Context_GetServiceId(ctx); if (s) fprintf(stdout, "Service : %s\n", s); s=GWEN_Crypt_Token_Context_GetUserId(ctx); if (s) fprintf(stdout, "User Id : %s\n", s); s=GWEN_Crypt_Token_Context_GetCustomerId(ctx); if (s) fprintf(stdout, "Customer Id : %s\n", s); s=GWEN_Crypt_Token_Context_GetUserName(ctx); if (s) fprintf(stdout, "User Name : %s\n", s); s=GWEN_Crypt_Token_Context_GetPeerId(ctx); if (s) fprintf(stdout, "Peer Id : %s\n", s); s=GWEN_Crypt_Token_Context_GetPeerName(ctx); if (s) fprintf(stdout, "Peer Name : %s\n", s); s=GWEN_Crypt_Token_Context_GetAddress(ctx); if (s) fprintf(stdout, "Address : %s\n", s); fprintf(stdout, "Port : %d\n", GWEN_Crypt_Token_Context_GetPort(ctx)); s=GWEN_Crypt_Token_Context_GetSystemId(ctx); if (s) fprintf(stdout, "System Id : %s\n", s); kid=GWEN_Crypt_Token_Context_GetSignKeyId(ctx); if (kid!=0) fprintf(stdout, "Sign Key Id : %d\n", kid); kid=GWEN_Crypt_Token_Context_GetVerifyKeyId(ctx); if (kid!=0) fprintf(stdout, "Verify Key Id : %d\n", kid); kid=GWEN_Crypt_Token_Context_GetEncipherKeyId(ctx); if (kid!=0) fprintf(stdout, "Encipher Key Id: %d\n", kid); kid=GWEN_Crypt_Token_Context_GetDecipherKeyId(ctx); if (kid!=0) fprintf(stdout, "Decipher Key Id: %d\n", kid); shown++; } else { fprintf(stderr, "Context %d not found (%d)\n", i, ctxIds[i]); } } } } /* close crypt token */ rv=GWEN_Crypt_Token_Close(ct, 0, 0); if (rv) { DBG_ERROR(0, "Could not close token"); return 3; } if (!shown) { if (cid==0) { DBG_ERROR(0, "No context found"); } else { DBG_ERROR(0, "Context %u not found", cid); } return 1; } return 0; }