/// <summary> /// Validates the certificate based on EMVCO rules /// </summary> /// <param name="certificate">The certificate to validate</param> /// <param name="remainder">The key remainder</param> /// <param name="type">The certificate Type</param> /// <returns></returns> private EmvCertificate validateCertificate(string certificate, string remainder, CertificateType type) { var expTag = type == CertificateType.CA ? "9F32" : "9F47"; EmvCertificate cert = new EmvCertificate(certificate, remainder, type); var hashData = cert.GetHashData() + _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, expTag); var hash = GetSha1(hashData); if (hash != StringTools.ByteArrayToHexString(cert.Hash)) { throw new ApplicationException("Failed to Validate CA Hash"); } return(cert); }
/// <summary> /// The offline authentication implementation.(Currently DDA only) /// </summary> private void BasicAuth() { var aid = StringTools.ByteArrayToHexString(_app.AID); var capkIndex = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "8F"); var IssuerPkCertificate = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "90"); var IssuerPkExponent = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "9F32"); _caKey = CaKeyStore.GetCaKey(aid.Substring(0, 10), capkIndex); var decryptedCACert = DecryptRsa(IssuerPkCertificate, IssuerPkExponent); var caRemainder = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "92"); EmvCertificate caCertificate = validateCertificate(decryptedCACert, caRemainder, CertificateType.CA); var iccPkCertificate = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "9F46"); var iccPkExponent = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "9F47"); var decryptedIccCert = DecryptRsa(iccPkCertificate, iccPkExponent, StringTools.ByteArrayToHexString(caCertificate.PublicKey)); EmvCertificate iccCertificate = validateCertificate(decryptedCACert, caRemainder, CertificateType.ICC); ICC_KEY_HASH = iccCertificate.Hash; }