Open eCard Development Center: Issueshttps://dev.openecard.org/https://dev.openecard.org/favicon.ico?16330801422015-07-23T07:59:30ZOpen eCard Development Center
Redmine Open eCard - Feature #405 (Closed): Rework the error handling in EAC dialoghttps://dev.openecard.org/issues/4052015-07-23T07:59:30ZHans-Martin Haase
<p>In the current situation there are fragments of the ErrorStep class which were used earlier to display the errors and there is the export of the error and exceptions to handle them in the TCTokenHandler class.</p>
<p>The first variant was disabled because of missing gui capabilities (There is no possibility to change the button text to finish or something like that. In an error case there is always Next and Abort.)</p>
<p>A code cleanup should be done.</p> Open eCard - Feature #404 (Closed): Add error note in EAC dialog if the pin was entered wrong the...https://dev.openecard.org/issues/4042015-07-23T07:50:59ZHans-Martin Haase
<p>In the current flow only the retry counter is decrease in case the PIN was entered wrong for the first time.<br />I think we should add an additional line of text to tell the user that the entered PIN was wrong.</p> Open eCard - Bug #402 (Closed): KeyLengthVerifier does not support certificates which use brainpo...https://dev.openecard.org/issues/4022015-07-03T13:16:14ZHans-Martin Haase
<p>The KeyLengthVerifier tries to convert a BouncyCastle Certificate, which contains the complete certificate chain, into an java security CertPath object. This conversion fails in case the certificate uses brainpool curves in the domain parameters.</p>
<p><code><br />2015-07-03 15:04:26,183 [Thread-7] ERROR o.o.crypto.tls.ClientCertDefaultTlsClient:230 - TLS(FATAL): Internal error [internal_error=80] --> Failed to read record<br />org.openecard.crypto.tls.CertificateVerificationException: Failed to convert certificates to JCA format.<br /> at org.openecard.crypto.tls.verify.KeyLengthVerifier.isValid(KeyLengthVerifier.java:58) ~[richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.crypto.tls.auth.CertificateVerifierBuilder$1.isValid(CertificateVerifierBuilder.java:144) ~[richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.crypto.tls.auth.DynamicAuthentication.notifyServerCertificate(DynamicAuthentication.java:156) ~[richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.bouncycastle.crypto.tls.TlsClientProtocol.handleHandshakeMessage(TlsClientProtocol.java:156) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.bouncycastle.crypto.tls.TlsProtocol.processHandshake(TlsProtocol.java:306) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.bouncycastle.crypto.tls.TlsProtocol.processRecord(TlsProtocol.java:228) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.bouncycastle.crypto.tls.RecordStream.readRecord(RecordStream.java:170) ~[richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.bouncycastle.crypto.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:464) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.bouncycastle.crypto.tls.TlsProtocol.completeHandshake(TlsProtocol.java:149) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.bouncycastle.crypto.tls.TlsClientProtocol.connect(TlsClientProtocol.java:77) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ResourceContext.getStreamInt(ResourceContext.java:244) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ResourceContext.getStream(ResourceContext.java:197) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ResourceContext.getStream(ResourceContext.java:174) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.TCTokenContext.generateTCToken(TCTokenContext.java:73) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.TCTokenRequest.parseTCTokenRequestURI(TCTokenRequest.java:201) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.TCTokenRequest.convert(TCTokenRequest.java:115) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ActivationAction.processTcTokenOrActivationObject(ActivationAction.java:375) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ActivationAction.processRequest(ActivationAction.java:244) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ActivationAction.checkRequestParameters(ActivationAction.java:224) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ActivationAction.execute(ActivationAction.java:111) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.addon.bind.AppPluginActionProxy.execute(AppPluginActionProxy.java:55) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.control.binding.http.handler.HttpAppPluginActionHandler.handle(HttpAppPluginActionHandler.java:111) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.apache.http.protocol.HttpService.doService(HttpService.java:436) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.apache.http.protocol.HttpService.handleRequest(HttpService.java:341) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.control.binding.http.HttpService$1.run(HttpService.java:131) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br />Caused by: java.security.cert.CertificateParsingException: java.io.IOException: Unknown named curve: 1.3.36.3.3.2.8.1.1.7<br /> at sun.security.x509.X509CertInfo.<init>(Unknown Source) ~[na:1.8.0_45]<br /> at sun.security.x509.X509CertImpl.parse(Unknown Source) ~[na:1.8.0_45]<br /> at sun.security.x509.X509CertImpl.<init>(Unknown Source) ~[na:1.8.0_45]<br /> at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source) ~[na:1.8.0_45]<br /> at java.security.cert.CertificateFactory.generateCertificate(Unknown Source) ~[na:1.8.0_45]<br /> at org.openecard.crypto.common.keystore.KeyTools.convertCertificates(KeyTools.java:108) ~[richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.crypto.common.keystore.KeyTools.convertCertificates(KeyTools.java:88) ~[richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.crypto.tls.verify.KeyLengthVerifier.isValid(KeyLengthVerifier.java:54) ~[richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> ... 24 common frames omitted<br />*Caused by: java.io.IOException: Unknown named curve: 1.3.36.3.3.2.8.1.1.7<br /> at sun.security.ec.ECParameters.engineInit(ECParameters.java:143) ~[sunec.jar:1.8.0_20]*<br /> at java.security.AlgorithmParameters.init(Unknown Source) ~[na:1.8.0_45]<br /> at sun.security.x509.AlgorithmId.decodeParams(Unknown Source) ~[na:1.8.0_45]<br /> at sun.security.x509.AlgorithmId.<init>(Unknown Source) ~[na:1.8.0_45]<br /> at sun.security.x509.AlgorithmId.parse(Unknown Source) ~[na:1.8.0_45]<br /> at sun.security.x509.X509Key.parse(Unknown Source) ~[na:1.8.0_45]<br /> at sun.security.x509.CertificateX509Key.<init>(Unknown Source) ~[na:1.8.0_45]<br /> at sun.security.x509.X509CertInfo.parse(Unknown Source) ~[na:1.8.0_45]<br /></code></p> Open eCard - Bug #401 (Closed): TLS 2 Channel with TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 with TLS 1...https://dev.openecard.org/issues/4012015-07-03T12:54:51ZHans-Martin Haase
<p>In this case the Test Suite sends the error No acceptable set of security parameters found to the TLS client of the app.</p>
<p>We should probably evaluate whether:</p>
<p>1. the CipherSuite is allowed/supported in TLS version 1.1 <br />2. are all necessary information sent in the handshake</p> Open eCard - Bug #400 (Rejected): secp192r1 is accepted in TLS 1-2 handshakehttps://dev.openecard.org/issues/4002015-07-03T12:01:59ZHans-Martin Haase
<p>If the used cipher is TLS_DHE_RSA_WITH_AES_* and the elliptic curve is secp192r1 which is not allowed according to BSI-TR03116 or BSI-TR02102-2 the handshake is completed without problems.</p> Open eCard - Bug #399 (Closed): No error message in case of attached eID server and an connection...https://dev.openecard.org/issues/3992015-07-03T08:43:33ZHans-Martin Haase
<p>If the attached eID servers closes the connection an reestablishment is forbidden so we need to communicate this to the user.</p>
<p>There seems to be an unhandled NullPointerException in the activation action.</p>
<p><code>2015-07-03 10:33:15,982 [Thread-36] ERROR o.openecard.binding.tctoken.ActivationAction:408 - null<br />java.lang.NullPointerException: null<br /> at org.openecard.binding.tctoken.TCTokenHandler.createMessageFromUnknownError(TCTokenHandler.java:563) ~[richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.TCTokenHandler.handleActivate(TCTokenHandler.java:358) ~[richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ActivationAction.processTcTokenOrActivationObject(ActivationAction.java:376) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ActivationAction.processRequest(ActivationAction.java:244) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ActivationAction.checkRequestParameters(ActivationAction.java:224) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.binding.tctoken.ActivationAction.execute(ActivationAction.java:111) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.addon.bind.AppPluginActionProxy.execute(AppPluginActionProxy.java:55) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.control.binding.http.handler.HttpAppPluginActionHandler.handle(HttpAppPluginActionHandler.java:111) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.apache.http.protocol.HttpService.doService(HttpService.java:436) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.apache.http.protocol.HttpService.handleRequest(HttpService.java:341) [richclient-1.1.0-rc17-bundle-cifs.jar:na]<br /> at org.openecard.control.binding.http.HttpService$1.run(HttpService.java:131) [richclient-1.1.0-rc17-bundle-cifs.jar:na]</code></p> Open eCard - Feature #391 (Closed): Add cookie supporthttps://dev.openecard.org/issues/3912015-04-02T06:25:59ZHans-Martin Haase
<p>The session management of some services depends on cookies which leads to failed authentication because we do not support cookies currently.</p>
<p>So we need a simple cookie management with at least the following features:</p>
<p>- store cookie<br />- present cookie to server<br />- delete cookie<br />- delete cookies after a authentication (independent whether the authentication was successful or not)</p> Open eCard - Bug #390 (Closed): IFD throws unhandled error.https://dev.openecard.org/issues/3902015-03-31T12:14:40ZHans-Martin Haase
<p>The IFD throws the following error during a wait call:</p>
<p><code><br />2015-03-31 14:00:55,771 [pool-1-thread-1] TRACE org.openecard.scio.PCSCTerminals$PCSCWatcher:310 - Leaving waitForChange() with fresh event.<br />2015-03-31 14:00:55,771 [pool-2-thread-1] ERROR org.openecard.ifd.scio.IFD:507 - Unknown error during wait call.<br />java.util.NoSuchElementException: null<br /> at java.util.LinkedList.removeFirst(LinkedList.java:270) ~[na:1.8.0_40]<br /> at java.util.LinkedList.remove(LinkedList.java:685) ~[na:1.8.0_40]<br /> at org.openecard.scio.PCSCTerminals$PCSCWatcher.waitForChange(PCSCTerminals.java:311) ~[pcsc-1.1.0-SNAPSHOT.jar:na]<br /> at org.openecard.ifd.scio.EventWatcher.call(EventWatcher.java:97) ~[ifd-core-1.1.0-SNAPSHOT.jar:na]<br /> at org.openecard.ifd.scio.EventWatcher.call(EventWatcher.java:51) ~[ifd-core-1.1.0-SNAPSHOT.jar:na]<br /> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_40]<br /> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_40]<br /> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_40]<br /> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40]<br />2015-03-31 14:00:55,771 [pool-2-thread-1] WARN org.openecard.event.EventRunner:77 - IFD Wait returned with error.<br />org.openecard.common.WSHelper$WSException: http://www.bsi.bund.de/ecard/api/1.1/resultminor/al/common#unknownError<br /> ==> Unknown error during wait call.<br /> at org.openecard.common.ECardException.makeException(ECardException.java:64) ~[common-1.1.0-SNAPSHOT.jar:na]<br /> at org.openecard.common.WSHelper$WSException.<init>(WSHelper.java:47) ~[common-1.1.0-SNAPSHOT.jar:na]<br /> at org.openecard.common.WSHelper.checkResult(WSHelper.java:69) ~[common-1.1.0-SNAPSHOT.jar:na]<br /> at org.openecard.event.EventManager.wait(EventManager.java:120) ~[event-manager-1.1.0-SNAPSHOT.jar:na]<br /> at org.openecard.event.EventRunner.run(EventRunner.java:73) ~[event-manager-1.1.0-SNAPSHOT.jar:na]<br /> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_40]<br /> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_40]<br /> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_40]<br /> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_40]<br /> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40]<br />2015-03-31 14:00:55,772 [pool-2-thread-1] TRACE org.openecard.scio.PCSCTerminals$PCSCWatcher:186 - Entering start().<br /></code></p>
<p>The error does not seem to influence the authentication but it appears in the log as error.</p> Open eCard - Feature #389 (Closed): Use header definition for action response according to BSI-TR...https://dev.openecard.org/issues/3892015-03-19T11:22:41ZHans-Martin Haase
<p>Set the correct Server http header in the response of an action call (see <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Implement the Status action according to BSI-TR-03124-1 v1.2 (Closed)" href="https://dev.openecard.org/issues/387">#387</a> and <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Implement Open User Interface action from BSI-TR-03124-1 v1.2 (Closed)" href="https://dev.openecard.org/issues/388">#388</a>)</p>
<p>BSI-TR-03124-1 v1.2 states to set the http header <em>Server</em> in the response of an action call. The header shall be set to the name and version of the eID client and the comment field of the header shall contain the supported versions of BSI-TR-03124-1. See also RFC2616 for the http specification.</p>
<p>Example header: </p>
<pre><code>Server: eIDApp/2.0 (TR-03124-1/1.1 TR-03124-1/1.2)</code></pre> Open eCard - Feature #388 (Closed): Implement Open User Interface action from BSI-TR-03124-1 v1.2https://dev.openecard.org/issues/3882015-03-19T11:09:28ZHans-Martin Haase
<p>BSI-TR-03124-1 v1.2 describes localhost calls to open parts of the user interface.</p>
<p>The URL defined for this purpose is:</p>
<p><a class="external" href="http://127.0.0.1:24727/eIDClient">http://127.0.0.1:24727/eIDClient</a> with the query parameter ShowUI=<em>Module</em></p>
<p><em>Module</em> is currently defined for the following values:</p>
<ul>
<li>PINManagement<br /> Opens the user interface for the PINManagement</li>
</ul>
<ul>
<li>Settings<br /> Opens the settings dialog if available</li>
</ul>
<p>If <em>Module</em> is not set or unknown the default UI should be opened.</p> Open eCard - Feature #387 (Closed): Implement the Status action according to BSI-TR-03124-1 v1.2https://dev.openecard.org/issues/3872015-03-19T10:50:41ZHans-Martin Haase
<p>Implement the Status call according to BSI-TR-03124-1 v1.2.<br />This means to return status information to the caller. The endpoint to get the information is:</p>
<p><a class="external" href="http://127.0.0.1:24727/eIDClient">http://127.0.0.1:24727/eIDClient</a> with the query parameter "Status" <br />localhost may be used as alternative for the IP address.</p>
<p>The TR does not specify a format of the returned data. So we probably should return data in the format the ausweisapp2 is returning.</p> Open eCard - Feature #386 (Closed): [TR-03112 Addon] Support result minors according to BSI-TR-31...https://dev.openecard.org/issues/3862015-03-19T10:22:01ZHans-Martin Haase
<p>BSI-TR-03124-1 v1.2 defines the result minor for the communication as follows:</p>
<ul>
<li>trustedChannelEstablishmentFailed<br /> The eID client failed to set up a trusted channel to the eID-Server</li>
</ul>
<ul>
<li>cancellationByUser<br /> The user aborted the authentication. This includes abortion due to entering wrong PIN or no card present.</li>
</ul>
<ul>
<li>serverError<br /> The eID-server encountered an error. The exact error is communicated tot eh eService directly by the eID-Server.</li>
</ul>
<ul>
<li>clientError<br /> Anny error not covered by the other error codes occurred.</li>
</ul>
<p>This result minors should be used at least for the complete communication when using the nPA.</p> Open eCard - Bug #384 (Closed): PACE Channel not closed after authentication with comfort readerhttps://dev.openecard.org/issues/3842015-03-09T13:30:57ZHans-Martin Haase
<p>After an authentication with an comfort reader from reinert sct the PACE channel is not closed. The reader reader displays "Tunnel aktiv".</p>
<p>There is probably an begin and end transaction missing.</p> Open eCard - Bug #381 (Rejected): Modify BouncyCastle code to return exceptions.https://dev.openecard.org/issues/3812015-03-06T12:46:05ZHans-Martin Haase
<p>The currently used BouncyCastle version does not provide the TLS error code to handle exceptions correctly.</p> Open eCard - Bug #380 (Closed): App does not start in case there are no terminal available (new IFD)https://dev.openecard.org/issues/3802015-03-06T08:16:10ZHans-Martin Haase
<p>Starting the App fails on Windows (not checked on Linux or Mac).<br />It appears an error message "Die Anwendung konnte nicht gestartet werden \n Failed to request initial status from IFD.".</p>
<p>Log is attached.</p> Open eCard - Feature #378 (New): Handle IFDProtocols correctly in AddonManagerhttps://dev.openecard.org/issues/3782015-03-05T12:32:00ZHans-Martin Haase
<p>Currently the richclient class registers the IFDProtocols in the AddonManager but the IFDProtocols which are part of the internal addons should be loaded by the AddonManager itself.</p> Open eCard - Bug #377 (Closed): When using Cherry SmartBoard pressing the OK Button results in an...https://dev.openecard.org/issues/3772015-03-04T07:19:58ZHans-Martin Haase
<p>The authentication starts normally and i get to the state where the gui tells me to enter the PIN on the terminal.<br />After pressing the ok button i receive the typical TLS error "This could be an attack". The log states an cancalation by user error which seems to be caused by null reference (See log line 3605 ff.)</p> Common eID - Bug #356 (New): Wrong HTTP Status Code in PAOS communicationhttps://dev.openecard.org/issues/3562014-10-10T12:26:54ZHans-Martin Haase
<p>According to PAOS specifikation (<a class="external" href="http://www.projectliberty.org/liberty/content/download/909/6303/file/liberty-paos-v2.0.pdf">http://www.projectliberty.org/liberty/content/download/909/6303/file/liberty-paos-v2.0.pdf</a>) Abschnitt 9.4 Processing Rules the PAOS Requester has to sent HTTP Status Code 202 in the HTTP Response.</p>
<p>The eid servers</p>
<p>eID-S#1<br />eID-S#2<br />eID-S#3</p>
<p>sent the status code 200.</p> Common eID - Feature #353 (New): Feig ABID myAXXESS basic Windows 8 Driverhttps://dev.openecard.org/issues/3532014-10-10T07:01:22ZHans-Martin Haase
<p>There is currently no driver available which supports Windows 8.</p>
<p>The installation routine says that the operating system is not supported (see attached picture).</p> Open eCard - Bug #327 (Rejected): Move translations of TR-03112 Addon into the addon packagehttps://dev.openecard.org/issues/3272014-08-28T07:43:43ZHans-Martin Haase
<p>The files containing the translations of the TR-03112 Addon are currently contained in the Open eCard I18n package.<br />This translations should be moved into the Addon package.</p> Common eID - Bug #324 (New): meineschufa.de delivers a wrong RefreshAddress in the TCTokenhttps://dev.openecard.org/issues/3242014-08-19T13:07:50ZHans-Martin Haase
<p>The service at <a class="external" href="https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA">https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA</a> delivers a TCToken which is not standard compliant. The RefreshAddress is placed in a CDATA block. This leads to failures in the eID Clients. According to TR-03124-1 section 2.3 contains the RefreshAddress element just an https-URL.</p> Common eID - Bug #323 (New): meineschufa.de does not support recommended TLS ciphers from TR-2102-2https://dev.openecard.org/issues/3232014-08-19T12:54:22ZHans-Martin Haase
<p>The service available at <a class="external" href="https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA">https://www.meineschufa.de/index.php?site=30_2_1_pa&#tabNPA</a> does not support the recommended cipher suits from TR-2102-2.<br />This leads to Handshake failures in the eID clients.</p> Open eCard - Feature #321 (New): Add support for cards which do not support the FCP return data o...https://dev.openecard.org/issues/3212014-08-18T05:49:05ZHans-Martin Haase
<p>The current implementation of DataSetSelect supports only cards which which are able to return an FCP as answer to the select command.</p>
<p>This implementation should be extended to support cards which only support the FCI, like the Peruvian ID card, or which do not support return data at all for the select command like the Austrian ecard Generation 2 or the Belgium ID card.</p>
<p>Probably a kind of wrapper has to be implemented which converts between FCI and FCP and creates a FCP from scratch just with the context information in case of no response data.</p> Open eCard - Feature #320 (Closed): Update the wiki description of the add-on creation.https://dev.openecard.org/issues/3202014-08-13T09:43:54ZHans-Martin Haase
<p>The current wiki page for the addon creation does not represent the current status of the development.</p>
<p>There is a need to fix the file name of the manifest and to add a more detailed description of the configuration options.</p>
<p>The wiki page is available at <a class="external" href="https://dev.openecard.org/projects/open-ecard/wiki/Add-on_System">https://dev.openecard.org/projects/open-ecard/wiki/Add-on_System</a></p> Open eCard - Feature #319 (Closed): Finish implementation of the AddonSettings gui representationhttps://dev.openecard.org/issues/3192014-08-13T05:26:14ZHans-Martin Haase
<p>The Swing GUI does not implement methods to handle all possible options available in an add-ons configuration description.</p> Open eCard - Bug #312 (Rejected): Fix the link for demo authentication in android apphttps://dev.openecard.org/issues/3122014-07-08T09:20:10ZHans-Martin Haase
<p>The TCTokenURL used in the Demo Tab of the Android App point currently to</p>
<p><a class="external" href="https://eservice.openecard.org/tcToken?card-type=http%3A%2F%2Fbsi.bund.de%2Fcif%2Fnpa.xml&with-html=">https://eservice.openecard.org/tcToken?card-type=http%3A%2F%2Fbsi.bund.de%2Fcif%2Fnpa.xml&with-html=</a></p>
<p>This url is not available anymore and should be replaced with a valid url from the current testing environment.</p> Open eCard - Bug #311 (Closed): Fix ObjectIdentifier of VR-BankCardhttps://dev.openecard.org/issues/3112014-07-07T13:20:19ZHans-Martin Haase
<p>The identifier should be more issuer specific</p> Open eCard - Bug #310 (Closed): Fix AlgorithmIdentifiers for pure RSA signature in CardInfo fileshttps://dev.openecard.org/issues/3102014-07-04T11:46:48ZHans-Martin Haase
<p>Some CardInfo files contain a wrong algorithm identifier for pure RSA signature/encryption.</p>
<p>Affected CIFs are</p>
<p>D-TRUST*<br />EstID<br />eA-light<br />eGk</p>
<p>In this files the AlgorithmIdentifier there is urn:oid:1.2.840.113549.1.1 but it have to be urn:oid:1.2.840.113549.1.1.1</p> Common eID - PartnerIssue #305 (New): e-card AT PINs verhalten sich nicht wie in EF.AOD angegebenhttps://dev.openecard.org/issues/3052014-05-15T07:12:21ZHans-Martin Haase
<p>In den EF.AODs ist für die PINs eine storedLength von 0 angegeben und kein Padding-Indikator was laut ISO Standard gültig ist, allerdings verhält sich die Karte nicht danach. Für eine Verifikation der PINs ist ein Padding mit "FF" auf eine storedLength von 8 notwending.</p> Open eCard - Feature #300 (Closed): Extract the certificate chain if available and sent it in an ...https://dev.openecard.org/issues/3002014-04-17T05:21:26ZHans-Martin Haase
<p>If the certificate chain is not included in a single certificate file than the chain should be extracted from the files which contain the parts of the chain.</p>
<p>This is necessary for TLS certificate validation</p>