Please help with eidreader applet
195 views
Skip to first unread message
Luc Saffre
Nov 7, 2013, 12:29:03 PM11/7/13
to eid-a...@googlegroups.com
I started a project "eidreader", an applet to read the publicly available information (name, birth date, national id,...) on electronic ID cards of different countries and make them accessible to the Javascript code of a web page. Currently supported countries are Estonia and Belgium. The Belgian reader uses some part (the TLV parser) from eid-applet. It still fails due to the following problem.
How to reproduce:
you need a Belgien eID card and a card reader
eid-applet must be in your classPath
download the sources from https://github.com/lsaffre/eidreader
open the file applets/eid_test.html in your browser
confirm security warning
Insert your card and click on "Click here after having inserted your eID card"
Result: the Java console then shows the following traceback:
java.lang.RuntimeException: error parsing file: be.fedict.eid.applet.service.Identity
at be.fedict.eid.applet.service.impl.tlv.TlvParser.parse(TlvParser.java:58)
at src.eidreader.BelgianReader.<init>(EIDReader.java:275)
at src.eidreader.EIDReader.readCard(EIDReader.java:447)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at sun.applet.PluginAppletSecurityContext$4.run(PluginAppletSecurityContext.java:670)
at java.security.AccessController.doPrivileged(Native Method)
at sun.applet.PluginAppletSecurityContext.handleMessage(PluginAppletSecurityContext.java:667)
at sun.applet.AppletSecurityContextManager.handleMessage(AppletSecurityContextManager.java:68)
at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:235)
at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:78)
Caused by: java.lang.NumberFormatException: For input string: "01.JUN."
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Integer.parseInt(Integer.java:492)
at java.lang.Integer.parseInt(Integer.java:527)
at be.fedict.eid.applet.service.impl.tlv.DateOfBirthDataConvertor.convert(DateOfBirthDataConvertor.java:54)
at be.fedict.eid.applet.service.impl.tlv.DateOfBirthDataConvertor.convert(DateOfBirthDataConvertor.java:33)
at be.fedict.eid.applet.service.impl.tlv.TlvParser.parseThrowing(TlvParser.java:117)
at be.fedict.eid.applet.service.impl.tlv.TlvParser.parse(TlvParser.java:56)
... 12 more
The source code is here:
Any ideas on what I am doing wrong?
Luc
Frank Cornelis
Nov 7, 2013, 1:54:39 PM11/7/13
to eid-a...@googlegroups.com
Hi Luc,
Could you send over the corresponding identity file to
in...@e-contract.be so I can investigate this case?
Could you retry with the TLV parser from the recently released eID
Applet version 1.1.0?
Kind Regards,
Frank.
> --
> You received this message because you are subscribed to the Google
> Groups "eID Applet" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to eid-applet+...@googlegroups.com.
> To post to this group, send email to eid-a...@googlegroups.com.
> Visit this group at http://groups.google.com/group/eid-applet.
> For more options, visit https://groups.google.com/groups/opt_out.
Could you send over the corresponding identity file to
in...@e-contract.be so I can investigate this case?
Could you retry with the TLV parser from the recently released eID
Applet version 1.1.0?
Kind Regards,
Frank.
> You received this message because you are subscribed to the Google
> Groups "eID Applet" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to eid-applet+...@googlegroups.com.
> To post to this group, send email to eid-a...@googlegroups.com.
> Visit this group at http://groups.google.com/group/eid-applet.
> For more options, visit https://groups.google.com/groups/opt_out.
Luc Saffre
Nov 13, 2013, 12:23:22 AM11/13/13
to eid-a...@googlegroups.com
Great, the problem no longer occurs with version 1.1.0! Thanks for your quick answer, Frank!
(and sorry: in fact I posted this already the next day but discovered only now that Google didn't accept my reply...) I continue to work on my eidreader project <https://github.com/lsaffre/eidreader>. Any remarks are welcome, especially your feedback on questions like Does this project make sense? Is there an easier or better way to do it? Luc
Frank Cornelis
Nov 13, 2013, 6:32:43 AM11/13/13
to eid-a...@googlegroups.com
Hi Luc,
About your post not being accepted. A week or so ago I messed up the moderation, letting spam go through and removing valid posts. My mistake.
About your eID reader applet. Although I welcome such initiatives, I have some doubts about the end result. The reason why I started the eID Applet project is because the old eID Middleware SDK applet was inherently insecure because of the missing signature integrity checks that can only be performed in a meaningful way at the server-side. You re-introduce such insecure design. Of course I understand that the focus is purely on (unverified) identification, not authentication. But soon you'll notice that people start abusing your applet and think they can do a secure eID based authentication based on it. Next hackers will find out, and it will eventually point to your project. Something you might want to avoid. The eID Applet is designed in such a way that it is very hard for integrating parties to mess up the security checks as it only injects eID data into the server-side HTTP session after going through all integrity verification rules. We live in an unfortunate reality where you need to position truly idiot-proof components, else sooner or later it will backfire.
Kind Regards,
Frank.
About your post not being accepted. A week or so ago I messed up the moderation, letting spam go through and removing valid posts. My mistake.
About your eID reader applet. Although I welcome such initiatives, I have some doubts about the end result. The reason why I started the eID Applet project is because the old eID Middleware SDK applet was inherently insecure because of the missing signature integrity checks that can only be performed in a meaningful way at the server-side. You re-introduce such insecure design. Of course I understand that the focus is purely on (unverified) identification, not authentication. But soon you'll notice that people start abusing your applet and think they can do a secure eID based authentication based on it. Next hackers will find out, and it will eventually point to your project. Something you might want to avoid. The eID Applet is designed in such a way that it is very hard for integrating parties to mess up the security checks as it only injects eID data into the server-side HTTP session after going through all integrity verification rules. We live in an unfortunate reality where you need to position truly idiot-proof components, else sooner or later it will backfire.
Kind Regards,
Frank.
Dieter Houthooft
Nov 13, 2013, 10:13:19 AM11/13/13
to eid-a...@googlegroups.com
> But soon you'll notice that people start abusing your applet and think they can do a secure eID based authentication based on it. Next hackers will find out, and it will eventually point to your project.
Dieter.
Frank Cornelis
Dec 17, 2013, 4:21:00 PM12/17/13
to eid-a...@googlegroups.com, dieter.h...@lin-k.net
Even more fun at: http://thedailywtf.com/
Op woensdag 13 november 2013 16:13:19 UTC+1 schreef Dieter Houthooft:
Reply all
Reply to author
Forward
0 new messages