SIGNATURE ON ANDROID
Basic Electroinc Signature (BES) can be created on Android platform. Current version only supports AKIS smartcards.
While creating signature on Android, APDU commands are used in order to communicate with the smartcard.
The class APDUSmartCard is constructed with proper parameters and the BaseSigner object taken with the method getSigner() is used in signature creation. When APDUSmartCard is being constructed, a proper TerminalHandler must be created and used. Current version has the class ACSTerminalHandler.
For the operations requiring smartcard, the system wants confirmation from the user that he or she allows the application for usb access. For proper display of this confirmation dialog in the android system, an object of PendingIntent must be given to ACSTerminalHandler. Due to similer work flows in android systems card operations must not be performed in the main GUI class. They must be performed in a class derived from AsyncTask.
An example application (as an eclipse project) listing the certificates in a smart card and signing a selected file, is included in the package. The required jar files can be seen by examining this eclipse project. When using API with the test licence, only the test certificates can be used and a slight delay of 5 seconds will be suffered during each operation.
The work flow mentioned above is demonstrated in the function below which is explained by comments
public void signWithFirstCertificate()
{
try {
//Embedded licence file is loaded here
Resources res = getResources();
InputStream lisansStream = res.openRawResource(R.raw.lisans);
LicenseUtil.setLicenseXml(lisansStream);
lisansStream.close();
Activity callerActivity = this;
//The calling Activity must be given as a parameter when constructing ACSTerminalHandler
ACSTerminalHandler acsTerminalHandler = new ACSTerminalHandler((Activity)this);
//APDUSmartCard must be called with a proper TerminalHandler object
APDUSmartCard apduSmartCard = new APDUSmartCard(acsTerminalHandler);
// PendingIntent object created for usb access confirmation must be given to TerminalHandler.
PendingIntent permissionIntent = PendingIntent.getBroadcast(callerActivity, 0, new Intent("tr.gov.tubitak.bilgem.esya.android.signexample.USB_PERMISSION"), 0);
acsTerminalHandler.setPermissionIntent(permissionIntent);
//SecureMessaging must be disabled.
apduSmartCard.setDisableSecureMessaging(true);
//Getting connected card readers.
CardTerminal[] terminalList = apduSmartCard.getTerminalList();
if(terminalList == null || terminalList.length == 0)
{
throw new Exception("Bağlı kart okuyucu sayısı 0");
}
CardTerminal cardTerminal = terminalList[0];
apduSmartCard.openSession(cardTerminal);
//The certificate list is collected from the first card reader
List<byte[]> signCertValueList = mApduSmartCard.getSignatureCertificates();
if(signCertValueList == null || signCertValueList.size() == 0)
{
throw new Exception("Kart içerisinde sertifika sayısı 0");
}
//The first certficate will be used
ECertificate signingCert = new ECertificate(signCertValueList.get(0));
String cardPin = "511661";
apduSmartCard.login(cardPin);
// BaseSigner object is retrieved from APDUSmartCard
BaseSigner signer = apduSmartCard.getSigner(signingCert.asX509Certificate(), Algorithms.SIGNATURE_RSA_SHA1);
BaseSignedData bsd = new BaseSignedData();
//The path of the file to be signed
String sourceFilePath = "/tmp/TextForSign.txt";
ISignable content = new SignableFile(new File(sourceFilePath));
bsd.addContent(content);
//Since SigningTime attribute is optional,add it to optional attributes list
List<IAttribute> optionalAttributes = new ArrayList<IAttribute>();
optionalAttributes.add(new SigningTimeAttr(Calendar.getInstance()));
HashMap<String, Object> params = new HashMap<String, Object>();
//On Android, certificate validation must be disabled when signing
//The current version does not support certificate validation
params.put(EParameters.P_VALIDATE_CERTIFICATE_BEFORE_SIGNING,false);
bsd.addSigner(ESignatureType.TYPE_BES, signingCert, signer, optionalAttributes, params);
byte [] signedDocument = bsd.getEncoded();
String destFilePath = sourceFilePath+ ".imz";
//Signed document is being written to the target file.
AsnIO.dosyayaz(signedDocument, destFilePath);
apduSmartCard.logout();
apduSmartCard.closeSession();
}
catch (Exception e) {
e.printStackTrace();
}
}
