/// <summary>
/// Validates the certificate based on EMVCO rules
/// </summary>
/// <param name="certificate">The certificate to validate</param>
/// <param name="remainder">The key remainder</param>
/// <param name="type">The certificate Type</param>
/// <returns></returns>
private EmvCertificate validateCertificate(string certificate, string remainder, CertificateType type)
{
var expTag = type == CertificateType.CA ? "9F32" : "9F47";
EmvCertificate cert = new EmvCertificate(certificate, remainder, type);
var hashData = cert.GetHashData() + _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, expTag);
var hash = GetSha1(hashData);
if (hash != StringTools.ByteArrayToHexString(cert.Hash))
{
throw new ApplicationException("Failed to Validate CA Hash");
}
return(cert);
}
/// <summary>
/// The offline authentication implementation.(Currently DDA only)
/// </summary>
private void BasicAuth()
{
var aid = StringTools.ByteArrayToHexString(_app.AID);
var capkIndex = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "8F");
var IssuerPkCertificate = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "90");
var IssuerPkExponent = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "9F32");
_caKey = CaKeyStore.GetCaKey(aid.Substring(0, 10), capkIndex);
var decryptedCACert = DecryptRsa(IssuerPkCertificate, IssuerPkExponent);
var caRemainder = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "92");
EmvCertificate caCertificate = validateCertificate(decryptedCACert, caRemainder, CertificateType.CA);
var iccPkCertificate = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "9F46");
var iccPkExponent = _app.GetTagValue(EmvConstants.ResponceType.ReaderRecord, "9F47");
var decryptedIccCert = DecryptRsa(iccPkCertificate, iccPkExponent, StringTools.ByteArrayToHexString(caCertificate.PublicKey));
EmvCertificate iccCertificate = validateCertificate(decryptedCACert, caRemainder, CertificateType.ICC);
ICC_KEY_HASH = iccCertificate.Hash;
}
