Control Interface » History » Version 24
Tobias Wich, 03/05/2014 05:06 PM
1 | 8 | Tobias Wich | h1. Client Control Interface |
---|---|---|---|
2 | 1 | Moritz Horsch | |
3 | 8 | Tobias Wich | The Client Control Interface is http based. The webserver of the eCard client is available only under http://localhost:24724. |
4 | 1 | Moritz Horsch | |
5 | 8 | Tobias Wich | h2. Activation |
6 | |||
7 | *URL* |
||
8 | @http://127.0.0.1:24727/eID-Client@ |
||
9 | |||
10 | *Method* |
||
11 | GET |
||
12 | |||
13 | *Query* |
||
14 | | tcTokenURL | The URL determines where the client can retrieve the TC Token. See TR-03112-7, section 3.2 | Mandatory | |
||
15 | | ifdName | The ifdName determines the card terminal.| Optional[1] | |
||
16 | 24 | Tobias Wich | | slotIndex | The slotIndex determines the slot in the terminal.| Optional[1] | |
17 | 8 | Tobias Wich | | contextHandle | The contextHandle addresses a specific IFD. | Optional[1] | |
18 | | slotHandle | The slotHandle determines a connected eCard. See TR-03112-6, section 3.2.1. | Optional[1] | |
||
19 | | cardType | The cardType determines the type of card which must be selected. | Optional[1] | |
||
20 | |||
21 | *Returns* |
||
22 | | 200 OK | The refresh address is comprised in the Message Body (Hack for Mac OS Safari). | |
||
23 | | 303 See Other | The Location field in the response should contain the refresh address. | |
||
24 | | 400 Bad Request | Malformed GET request, e.g. parameters are missing. | |
||
25 | | 500 Internal Server Error | Other errors. | |
||
26 | 20 | Tobias Wich | | 502 Bad Gateway | Server where the TCToken was requested, didn't answer or returned an invalid response. | |
27 | 8 | Tobias Wich | |
28 | *Content-Types* |
||
29 | | text/html | Webpage with user evaluatable content. E.g. error page, manual redirect, ... | |
||
30 | |||
31 | |||
32 | *Description* |
||
33 | The interface can be used to start the eID application. |
||
34 | |||
35 | The parameters ifdName, contextHandle, slotHandle and cardType address a particular eCard, or a type of card. |
||
36 | There are three meaningful combinations of the optional parameters: |
||
37 | * _none_ |
||
38 | Use the fist nPa available. Display a "Please insert nPa" dialog if needed. This is the behaviour of the AusweisApp. |
||
39 | 13 | Tobias Wich | In other words the lack of the cardType parameter sets it to the default value @http://bsi.bund.de/cif/npa.xml@, and thus the next rule becomes effective. |
40 | 8 | Tobias Wich | * _cardType_ |
41 | Use the fist card of the specified type which is available. Display a "Please insert <cardType>" dialog if needed. |
||
42 | 13 | Tobias Wich | A special case must be made when software certificates (cardType=@http://openecard.org/cif/soft-credential@) are used. In that case no dialog is shown, when there is no certificate. Instead an error is produced. |
43 | 8 | Tobias Wich | * _ifdName_, _contextHandle_, _slotHandle_ |
44 | Use exactly the card matching the parameters. |
||
45 | 13 | Tobias Wich | cardType is requested from the selected card directly. If there is no such card, an error is produced. |
46 | 8 | Tobias Wich | |
47 | |||
48 | *Notes* |
||
49 | |||
50 | 1 | Moritz Horsch | <pre> |
51 | TODO |
||
52 | * What happens if the Client Activator cannot start an application? |
||
53 | </pre> |
||
54 | |||
55 | 11 | Tobias Wich | During the processing of the activation, a TCToken is fetched from a remote server. |
56 | The TCToken is defined as follows: |
||
57 | <pre><code class="xml"> |
||
58 | <element name="TCToken" type="TCTokenType" /> |
||
59 | 1 | Moritz Horsch | |
60 | 11 | Tobias Wich | <complexType name="TCTokenType"> |
61 | <sequence> |
||
62 | <element name="ServerAddress" type="anyURI" /> |
||
63 | <element name="SessionIdentifier" type="string" /> |
||
64 | <element name="RefreshAddress" type="anyURI" /> |
||
65 | <element name="Binding" type="anyURI" maxOccurs="1" minOccurs="0"/> |
||
66 | <element name="PathSecurity-Protocol" type="anyURI" /> |
||
67 | 21 | Johannes Schmölz | <element name="PathSecurity-Parameters" maxOccurs="1" minOccurs="0"> |
68 | 11 | Tobias Wich | <complexType> |
69 | <choice> |
||
70 | <element name="PSK" type="hexBinary" /> |
||
71 | </choice> |
||
72 | </complexType> |
||
73 | </element> |
||
74 | </sequence> |
||
75 | </complexType> |
||
76 | </code></pre> |
||
77 | 1 | Moritz Horsch | |
78 | 11 | Tobias Wich | The contents of the elements are defined as follows: |
79 | * ServerAddress |
||
80 | Must contain a https-URL which shall be used by the eCA to connect to the authentication server. |
||
81 | * SessionIdentifier |
||
82 | Must contain a unique identifier of the current authentication session. |
||
83 | * RefreshAddress |
||
84 | Must be a https-URL. The eCA redirects the browser to this URL (or the URL retrieved by following redirects starting from this URL) after conclusion of the online authentication. |
||
85 | * Binding |
||
86 | May be used to indicate that an authentication protocol according to [ISO24727-3] is to be performed over the session between eCA and the authentication server. |
||
87 | Currently the following values are defined: |
||
88 | ** @urn:liberty:paos:2006-08@ |
||
89 | 23 | Tobias Wich | ** @urn:ietf:rfc:2616@ |
90 | 11 | Tobias Wich | * PathSecurity-Protocol |
91 | This element specifies the security protocol, which is to be used for securing the connection between eCA and AS. |
||
92 | Currently the following values are defined: |
||
93 | 12 | Tobias Wich | ** @urn:ietf:rfc:4346@ |
94 | 11 | Tobias Wich | TLS according to [RFC4346]. |
95 | ** @urn:ietf:rfc:4279@ |
||
96 | TLS-PSK according to [RFC4279]. |
||
97 | ** @urn:ietf:rfc:5487@ |
||
98 | TLS-PSK with a cipher suite according to [RFC5487]. |
||
99 | * PathSecurity-Parameter |
||
100 | Must be present to supply path security parameters such as PSK values. |
||
101 | |||
102 | The following changes are made to the token type defined in [eCard-7]: |
||
103 | * Binding is optional to use solely the transport protocol for authentication. |
||
104 | 12 | Tobias Wich | * PathSecurity-Protocol has an additional value. (@urn:ietf:rfc:4346@) |
105 | 11 | Tobias Wich | * PathSecurity-Parameter is optional because of the additional default TLS Protocol. |
106 | 8 | Tobias Wich | |
107 | h2. GetStatus[1] |
||
108 | |||
109 | *URL* |
||
110 | @http://127.0.0.1:24727/getStatus@ |
||
111 | |||
112 | *Method* |
||
113 | GET |
||
114 | |||
115 | *Query* |
||
116 | | session | The session parameter establishes an event queue for further requests with waitforChange. | Optional | |
||
117 | |||
118 | *Returns* |
||
119 | | 200 OK | Status element (see below). | |
||
120 | 14 | Tobias Wich | | 400 Bad Request | Malformed GET request, e.g. session parameter is too weak. | |
121 | 8 | Tobias Wich | | 500 Internal Server Error | Errors in the smartcard stack or the webserver. | |
122 | |||
123 | 16 | Tobias Wich | <pre><code class="xml"> |
124 | 18 | Tobias Wich | <complexType name="StatusType" xmlns:oec="http://ws.openecard.org/schema" targetNamespace="http://ws.openecard.org/schema"> |
125 | 16 | Tobias Wich | <sequence> |
126 | <element name="ConnectionHandle" type="iso:ConnectionHandleType" maxOccurs="unbounded" minOccurs="0" /> |
||
127 | <element name="UserAgent" maxOccurs="1" minOccurs="0"> |
||
128 | <complexType> |
||
129 | 17 | Tobias Wich | <sequence> |
130 | <element name="Name" type="string" /> |
||
131 | <element name="VersionMajor" type="integer" /> |
||
132 | <element name="VersionMinor" type="integer" maxOccurs="1" minOccurs="0" /> |
||
133 | <element name="VersionSubminor" type="integer" maxOccurs="1" minOccurs="0" /> |
||
134 | </sequence> |
||
135 | 16 | Tobias Wich | </complexType> |
136 | </element> |
||
137 | <element name="SupportedAPIVersions" maxOccurs="unbounded" minOccurs="0"> |
||
138 | <complexType> |
||
139 | 17 | Tobias Wich | <sequence> |
140 | <element name="Name" type="string" /> |
||
141 | <element name="VersionMajor" type="integer" /> |
||
142 | <element name="VersionMinor" type="integer" maxOccurs="1" minOccurs="0"/> |
||
143 | <element name="VersionSubminor" type="integer" maxOccurs="1" minOccurs="0"/> |
||
144 | </sequence> |
||
145 | 16 | Tobias Wich | </complexType> |
146 | </element> |
||
147 | 22 | Tobias Wich | <element name="SupportedCards" maxOccurs="unbounded" minOccurs="0"> |
148 | <complexType> |
||
149 | <sequence> |
||
150 | <element name="CardType" type="anyURI" maxOccurs="1" minOccurs="1" /> |
||
151 | <element name="DIDProtocols" type="anyURI" maxOccurs="unbounded" minOccurs="0" /> |
||
152 | </sequence> |
||
153 | </complexType> |
||
154 | </element> |
||
155 | 16 | Tobias Wich | <element name="SupportedDIDProtocols" type="anyURI" maxOccurs="unbounded" minOccurs="0" /> |
156 | <element name="AdditionalFeatures" type="anyURI" maxOccurs="unbounded" minOccurs="0" /> |
||
157 | 1 | Moritz Horsch | </sequence> |
158 | </complexType> |
||
159 | |||
160 | <element name="Status"> |
||
161 | <complexType> |
||
162 | <complexContent> |
||
163 | <extension base="oec:StatusType"> |
||
164 | 17 | Tobias Wich | <sequence /> |
165 | 1 | Moritz Horsch | </extension> |
166 | </complexContent> |
||
167 | </complexType> |
||
168 | </element> |
||
169 | </code></pre> |
||
170 | 17 | Tobias Wich | |
171 | The contents of the Status element are defined as follows: |
||
172 | * ConnectionHandle |
||
173 | List of ConnectionHandles reflecting the currently available terminals, cards and their types. |
||
174 | * UserAgent |
||
175 | Description of the user agent (client). |
||
176 | ** Name must be set to "Open eCard App" for all client types of the Open eCard App. |
||
177 | ** VersionMajor, VersionMinor and VersionSubminor correspond to the major, minor and patch fields in the Version class. |
||
178 | (see source:common/src/main/java/org/openecard/client/common/Version.java) |
||
179 | * SupportedAPIVersions |
||
180 | 1 | Moritz Horsch | This element names and describes all supported API versions. At the moment, this is solely the eCard-API. |
181 | ** Name and the version elements are one of |
||
182 | 17 | Tobias Wich | *** @http://www.bsi.bund.de/ecard/api@, 1, 1, @not set@ |
183 | 22 | Tobias Wich | * SupportedCards |
184 | List of supported DIDProtocols per card type. That means the list of DIDProtocols, for which an implementation exists and which are listed in the respective CardInfo file. |
||
185 | 17 | Tobias Wich | * SupportedDIDProtocols |
186 | List of supported DID protocols. That means the list of SAL modules' DID protocol URIs registered in the client. |
||
187 | * AdditionalFeatures |
||
188 | Not yet defined, but could be further stuff like a Signature plugin etc. |
||
189 | 8 | Tobias Wich | |
190 | *Content-Types* |
||
191 | | text/xml | The Status element. | |
||
192 | 15 | Tobias Wich | | text/html | Message in case of an error. | |
193 | 8 | Tobias Wich | |
194 | |||
195 | *Description* |
||
196 | The interface can be used to request information about the eID application and its current state. |
||
197 | |||
198 | h2. WaitForChange |
||
199 | |||
200 | *URL* |
||
201 | @http://127.0.0.1:24727/waitForChange@ |
||
202 | |||
203 | *Method* |
||
204 | 1 | Moritz Horsch | GET |
205 | 8 | Tobias Wich | |
206 | *Query* |
||
207 | 10 | Tobias Wich | | session | The session of a previously set up event queue (see [[Client_Activation#GetStatus1|GetStatus]]). | Mandatory | |
208 | 8 | Tobias Wich | |
209 | *Returns* |
||
210 | | 200 OK | StatusChange element (see below). | |
||
211 | 14 | Tobias Wich | | 400 Bad Request | Malformed GET request, e.g. session parameter is too weak. | |
212 | 8 | Tobias Wich | | 500 Internal Server Error | Errors in the smartcard stack or the webserver. | |
213 | |||
214 | 19 | Tobias Wich | <pre><code class="xml"> |
215 | <complexType name="StatusChangeType" xmlns:oec="http://ws.openecard.org/schema" targetNamespace="http://ws.openecard.org/schema"> |
||
216 | <sequence> |
||
217 | <element name="ConnectionHandle" type="iso:ConnectionHandleType" maxOccurs="1" minOccurs="1" /> |
||
218 | <element name="Action" type="anyURI" maxOccurs="1" minOccurs="1" /> |
||
219 | </sequence> |
||
220 | </complexType> |
||
221 | |||
222 | <element name="StatusChange"> |
||
223 | <complexType> |
||
224 | <complexContent> |
||
225 | <extension base="oec:StatusChangeType"> |
||
226 | <sequence /> |
||
227 | </extension> |
||
228 | </complexContent> |
||
229 | </complexType> |
||
230 | </element> |
||
231 | </code></pre> |
||
232 | |||
233 | The contents of the StatusChange element are defined as follows: |
||
234 | |||
235 | * ConnectionHandle |
||
236 | The meaning of the ConnectionHandle parameter is exactly as in the StartPAOS call defined in [BSI-TR-03112-7, Section 2.6]. |
||
237 | * Action |
||
238 | This element contains the URI describing the event. Currently there are the following event types defined: |
||
239 | ** http://openecard.org/event/terminal_added |
||
240 | ** http://openecard.org/event/terminal_removed |
||
241 | ** http://openecard.org/event/card_inserted |
||
242 | ** http://openecard.org/event/card_removed |
||
243 | ** http://openecard.org/event/card_recognized |
||
244 | |||
245 | 8 | Tobias Wich | |
246 | *Content-Types* |
||
247 | | text/xml | The StatusChange element. | |
||
248 | 15 | Tobias Wich | | text/html | Message in case of an error. | |
249 | 8 | Tobias Wich | |
250 | |||
251 | *Description* |
||
252 | The interface can be used to request status change information after an initial GetStatus call. |
||
253 | |||
254 | |||
255 | --- |
||
256 | |||
257 | fn1. Openecard proposal: This parameter/interface is an Open eCard specific extension. It is not part of the official eCard specification. |