Ignore the OpenPGP encryption key if the card doesn't support the MANAGE SECURITY ENVIRONMENT command

Author: ebourg

jsign-core/src/main/java/net/jsign/jca/OpenPGPCard.java

@@ -50,6 +50,9 @@ class OpenPGPCard {
     /** Data Object cache */
     private final Map<Integer, byte[]> dataObjectCache = new HashMap<>();
 
+    /** The extended capabilities flag list */
+    private byte[] extendedCapabilities;
+
     /** Information about the keys */
     private KeyInfo[] keyInfos;
 
@@ -193,13 +196,13 @@ public float getVersion() throws CardException {
     }
 
     /**
-     * Return the available keys.
+     * Return the keys available for signing.
      */
     public Set<Key> getAvailableKeys() throws CardException {
         Set<Key> keys = new LinkedHashSet<>();
 
         for (Key key : Key.values()) {
-            if (getKeyInfo(key).isPresent()) {
+            if (getKeyInfo(key).isPresent() && (key != Key.ENCRYPTION || supportsManageSecurityEnvironment())) {
                 keys.add(key);
             }
         }
@@ -268,9 +271,30 @@ private KeyInfo[] getKeyInfo() throws CardException {
             }
         }
 
+        extendedCapabilities = relatedData.find("73", "C0").value();
+
         return keyInfos;
     }
 
+    /**
+     * Return the extended capabilities.
+     */
+    private byte[] getExtendedCapabilities() throws CardException {
+        if (extendedCapabilities == null) {
+            TLV relatedData = TLV.parse(ByteBuffer.wrap(getData(0x6E)));
+            System.out.println(relatedData);
+            extendedCapabilities = relatedData.find("73", "C0").value();
+        }
+        return extendedCapabilities;
+    }
+
+    /**
+     * Tell if the MANAGE SECURITY ENVIRONMENT command is supported.
+     */
+    protected boolean supportsManageSecurityEnvironment() throws CardException {
+        return getVersion() > 3 && (getExtendedCapabilities()[9] & 0x01) != 0;
+    }
+
     /**
      * Put the specified data object on the card.
      */

jsign-core/src/test/java/net/jsign/jca/OpenPGPCardTest.java

@@ -144,7 +144,7 @@ public void testGetAvailableKeys() throws Exception {
 
         Set<OpenPGPCard.Key> keys = pgpcard.getAvailableKeys();
         assertNotNull(keys);
-        assertEquals("number of keys", 3, keys.size());
+        assertEquals("number of keys", pgpcard.supportsManageSecurityEnvironment() ? 3 : 2, keys.size());
     }
 
     @Test
@@ -212,4 +212,14 @@ public void testPutData() throws Exception {
 
         assertArrayEquals("backup data", backup, pgpcard.getData(0x7F21));
     }
+
+    @Test
+    public void testSupportsManageSecurityEnvironment() throws Exception {
+        assumeCardPresent();
+
+        OpenPGPCard pgpcard = OpenPGPCard.getCard();
+        assertNotNull("card not found", pgpcard);
+
+        assertTrue("MSE is not supported", pgpcard.supportsManageSecurityEnvironment());
+    }
 }