Project

General

Profile

Control Interface » History » Version 24

Tobias Wich, 03/05/2014 05:06 PM

1 8 Tobias Wich
h1. Client Control Interface
2 1 Moritz Horsch
3 8 Tobias Wich
The Client Control Interface is http based. The webserver of the eCard client is available only under http://localhost:24724.
4 1 Moritz Horsch
5 8 Tobias Wich
h2. Activation
6
7
*URL*
8
@http://127.0.0.1:24727/eID-Client@
9
10
*Method*
11
GET
12
13
*Query*
14
| tcTokenURL    | The URL determines where the client can retrieve the TC Token. See TR-03112-7, section 3.2 | Mandatory | 
15
| ifdName       | The ifdName determines the card terminal.|  Optional[1] | 
16 24 Tobias Wich
| slotIndex     | The slotIndex determines the slot in the terminal.| Optional[1] |
17 8 Tobias Wich
| contextHandle | The contextHandle addresses a specific IFD. | Optional[1] | 
18
| slotHandle    | The slotHandle determines a connected eCard. See TR-03112-6, section 3.2.1. | Optional[1] | 
19
| cardType      | The cardType determines the type of card which must be selected. | Optional[1] |
20
21
*Returns*
22
| 200 OK                    | The refresh address is comprised in the Message Body (Hack for Mac OS Safari). |
23
| 303 See Other             | The Location field in the response should contain the refresh address. |
24
| 400 Bad Request           | Malformed GET request, e.g. parameters are missing. |
25
| 500 Internal Server Error | Other errors. |
26 20 Tobias Wich
| 502 Bad Gateway           | Server where the TCToken was requested, didn't answer or returned an invalid response. |
27 8 Tobias Wich
28
*Content-Types*
29
| text/html | Webpage with user evaluatable content. E.g. error page, manual redirect, ... |
30
31
32
*Description*
33
The interface can be used to start the eID application.
34
35
The parameters ifdName, contextHandle, slotHandle and cardType address a particular eCard, or a type of card.
36
There are three meaningful combinations of the optional parameters:
37
* _none_
38
 Use the fist nPa available. Display a "Please insert nPa" dialog if needed. This is the behaviour of the AusweisApp.
39 13 Tobias Wich
 In other words the lack of the cardType parameter sets it to the default value @http://bsi.bund.de/cif/npa.xml@, and thus the next rule becomes effective.
40 8 Tobias Wich
* _cardType_
41
 Use the fist card of the specified type which is available. Display a "Please insert <cardType>" dialog if needed.
42 13 Tobias Wich
 A special case must be made when software certificates (cardType=@http://openecard.org/cif/soft-credential@) are used. In that case no dialog is shown, when there is no certificate. Instead an error is produced.
43 8 Tobias Wich
* _ifdName_, _contextHandle_, _slotHandle_
44
 Use exactly the card matching the parameters.
45 13 Tobias Wich
  cardType is requested from the selected card directly. If there is no such card, an error is produced.
46 8 Tobias Wich
47
48
*Notes*
49
50 1 Moritz Horsch
<pre>
51
TODO
52
* What happens if the Client Activator cannot start an application?
53
</pre>
54
55 11 Tobias Wich
During the processing of the activation, a TCToken is fetched from a remote server.
56
The TCToken is defined as follows:
57
<pre><code class="xml">
58
<element name="TCToken" type="TCTokenType" />
59 1 Moritz Horsch
60 11 Tobias Wich
<complexType name="TCTokenType">
61
  <sequence>
62
    <element name="ServerAddress" type="anyURI" />
63
    <element name="SessionIdentifier" type="string" />
64
    <element name="RefreshAddress" type="anyURI" />
65
    <element name="Binding" type="anyURI" maxOccurs="1" minOccurs="0"/>
66
    <element name="PathSecurity-Protocol" type="anyURI" />
67 21 Johannes Schmölz
    <element name="PathSecurity-Parameters" maxOccurs="1" minOccurs="0">
68 11 Tobias Wich
      <complexType>
69
        <choice>
70
          <element name="PSK" type="hexBinary" />
71
        </choice>
72
      </complexType>
73
    </element>
74
  </sequence>
75
</complexType>
76
</code></pre>
77 1 Moritz Horsch
78 11 Tobias Wich
The contents of the elements are defined as follows:
79
* ServerAddress
80
 Must contain a https-URL which shall be used by the eCA to connect to the authentication server.
81
* SessionIdentifier
82
 Must contain a unique identifier of the current authentication session.
83
* RefreshAddress
84
 Must be a https-URL. The eCA redirects the browser to this URL (or the URL retrieved by following redirects starting from this URL) after conclusion of the online authentication.
85
* Binding
86
 May be used to indicate that an authentication protocol according to [ISO24727-3] is to be performed over the session between eCA and the authentication server.
87
 Currently the following values are defined:
88
** @urn:liberty:paos:2006-08@
89 23 Tobias Wich
** @urn:ietf:rfc:2616@
90 11 Tobias Wich
* PathSecurity-Protocol
91
 This element specifies the security protocol, which is to be used for securing the connection between eCA and AS.
92
 Currently the following values are defined:
93 12 Tobias Wich
** @urn:ietf:rfc:4346@
94 11 Tobias Wich
   TLS according to [RFC4346].
95
** @urn:ietf:rfc:4279@
96
   TLS-PSK according to [RFC4279].
97
** @urn:ietf:rfc:5487@
98
   TLS-PSK with a cipher suite according to [RFC5487].
99
* PathSecurity-Parameter
100
   Must be present to supply path security parameters such as PSK values.
101
102
The following changes are made to the token type defined in [eCard-7]:
103
* Binding is optional to use solely the transport protocol for authentication.
104 12 Tobias Wich
* PathSecurity-Protocol has an additional value. (@urn:ietf:rfc:4346@)
105 11 Tobias Wich
* PathSecurity-Parameter is optional because of the additional default TLS Protocol.
106 8 Tobias Wich
107
h2. GetStatus[1]
108
109
*URL*
110
@http://127.0.0.1:24727/getStatus@
111
112
*Method*
113
GET
114
115
*Query*
116
| session | The session parameter establishes an event queue for further requests with waitforChange. | Optional | 
117
118
*Returns*
119
| 200 OK                    | Status element (see below). |
120 14 Tobias Wich
| 400 Bad Request           | Malformed GET request, e.g. session parameter is too weak. | 
121 8 Tobias Wich
| 500 Internal Server Error | Errors in the smartcard stack or the webserver. |
122
123 16 Tobias Wich
<pre><code class="xml">
124 18 Tobias Wich
<complexType name="StatusType" xmlns:oec="http://ws.openecard.org/schema" targetNamespace="http://ws.openecard.org/schema">
125 16 Tobias Wich
  <sequence>
126
    <element name="ConnectionHandle" type="iso:ConnectionHandleType" maxOccurs="unbounded" minOccurs="0" />
127
    <element name="UserAgent"                                        maxOccurs="1"         minOccurs="0">
128
      <complexType>
129 17 Tobias Wich
        <sequence>
130
          <element name="Name"            type="string" />
131
          <element name="VersionMajor"    type="integer" />
132
          <element name="VersionMinor"    type="integer" maxOccurs="1" minOccurs="0" />
133
          <element name="VersionSubminor" type="integer" maxOccurs="1" minOccurs="0" />
134
        </sequence>
135 16 Tobias Wich
      </complexType>
136
    </element>
137
    <element name="SupportedAPIVersions" maxOccurs="unbounded" minOccurs="0">
138
      <complexType>
139 17 Tobias Wich
        <sequence>
140
          <element name="Name"            type="string" />
141
          <element name="VersionMajor"    type="integer" />
142
          <element name="VersionMinor"    type="integer" maxOccurs="1" minOccurs="0"/>
143
          <element name="VersionSubminor" type="integer" maxOccurs="1" minOccurs="0"/>
144
        </sequence>
145 16 Tobias Wich
      </complexType>
146
    </element>
147 22 Tobias Wich
    <element name="SupportedCards" maxOccurs="unbounded" minOccurs="0">
148
      <complexType>
149
        <sequence>
150
          <element name="CardType" type="anyURI" maxOccurs="1" minOccurs="1" />
151
          <element name="DIDProtocols" type="anyURI" maxOccurs="unbounded" minOccurs="0" />
152
        </sequence>
153
      </complexType>
154
    </element>
155 16 Tobias Wich
    <element name="SupportedDIDProtocols" type="anyURI" maxOccurs="unbounded" minOccurs="0" />
156
    <element name="AdditionalFeatures"    type="anyURI" maxOccurs="unbounded" minOccurs="0" />
157 1 Moritz Horsch
  </sequence>
158
</complexType>
159
160
<element name="Status">
161
  <complexType>
162
    <complexContent>
163
      <extension base="oec:StatusType">
164 17 Tobias Wich
        <sequence />
165 1 Moritz Horsch
      </extension>
166
    </complexContent>
167
  </complexType>
168
</element>
169
</code></pre>
170 17 Tobias Wich
171
The contents of the Status element are defined as follows:
172
* ConnectionHandle
173
  List of ConnectionHandles reflecting the currently available terminals, cards and their types.
174
* UserAgent
175
  Description of the user agent (client). 
176
** Name must be set to "Open eCard App" for all client types of the Open eCard App.
177
** VersionMajor, VersionMinor and VersionSubminor correspond to the major, minor and patch fields in the Version class.
178
   (see source:common/src/main/java/org/openecard/client/common/Version.java)
179
* SupportedAPIVersions
180 1 Moritz Horsch
  This element names and describes all supported API versions. At the moment, this is solely the eCard-API.
181
** Name and the version elements are one of
182 17 Tobias Wich
*** @http://www.bsi.bund.de/ecard/api@, 1, 1, @not set@
183 22 Tobias Wich
* SupportedCards
184
  List of supported DIDProtocols per card type. That means the list of DIDProtocols, for which an implementation exists and which are listed in the respective CardInfo file.
185 17 Tobias Wich
* SupportedDIDProtocols
186
  List of supported DID protocols. That means the list of SAL modules' DID protocol URIs registered in the client.
187
* AdditionalFeatures
188
  Not yet defined, but could be further stuff like a Signature plugin etc.
189 8 Tobias Wich
190
*Content-Types*
191
| text/xml  | The Status element. |
192 15 Tobias Wich
| text/html | Message in case of an error. |
193 8 Tobias Wich
194
195
*Description*
196
The interface can be used to request information about the eID application and its current state.
197
198
h2. WaitForChange
199
200
*URL*
201
@http://127.0.0.1:24727/waitForChange@
202
203
*Method*
204 1 Moritz Horsch
GET
205 8 Tobias Wich
206
*Query*
207 10 Tobias Wich
| session | The session of a previously set up event queue (see [[Client_Activation#GetStatus1|GetStatus]]). | Mandatory | 
208 8 Tobias Wich
209
*Returns*
210
| 200 OK                    | StatusChange element (see below). |
211 14 Tobias Wich
| 400 Bad Request           | Malformed GET request, e.g. session parameter is too weak. |
212 8 Tobias Wich
| 500 Internal Server Error | Errors in the smartcard stack or the webserver. |
213
214 19 Tobias Wich
<pre><code class="xml">
215
<complexType name="StatusChangeType" xmlns:oec="http://ws.openecard.org/schema" targetNamespace="http://ws.openecard.org/schema">
216
  <sequence>
217
    <element name="ConnectionHandle" type="iso:ConnectionHandleType" maxOccurs="1" minOccurs="1" />
218
    <element name="Action"           type="anyURI"                   maxOccurs="1" minOccurs="1" />
219
  </sequence>
220
</complexType>
221
222
<element name="StatusChange">
223
  <complexType>
224
    <complexContent>
225
      <extension base="oec:StatusChangeType">
226
        <sequence />
227
      </extension>
228
    </complexContent>
229
  </complexType>
230
</element>
231
</code></pre>
232
233
The contents of the StatusChange element are defined as follows:
234
235
* ConnectionHandle
236
  The meaning of the ConnectionHandle parameter is exactly as in the StartPAOS call defined in [BSI-TR-03112-7, Section 2.6].
237
* Action
238
  This element contains the URI describing the event. Currently there are the following event types defined:
239
** http://openecard.org/event/terminal_added
240
** http://openecard.org/event/terminal_removed
241
** http://openecard.org/event/card_inserted
242
** http://openecard.org/event/card_removed
243
** http://openecard.org/event/card_recognized
244
245 8 Tobias Wich
246
*Content-Types*
247
| text/xml  | The StatusChange element. |
248 15 Tobias Wich
| text/html | Message in case of an error. |
249 8 Tobias Wich
250
251
*Description*
252
The interface can be used to request status change information after an initial GetStatus call.
253
254
255
---
256
257
fn1. Openecard proposal: This parameter/interface is an Open eCard specific extension. It is not part of the official eCard specification.