Search in sources :

Example 1 with AuthenticationModeLockedException

use of es.gob.jmulticard.card.AuthenticationModeLockedException in project jmulticard by ctt-gob-es.

the class DnieKeyStoreImpl method engineGetCertificateChain.

/**
 * {@inheritDoc}
 */
@Override
public Certificate[] engineGetCertificateChain(final String alias) {
    if (!engineContainsAlias(alias)) {
        return null;
    }
    final List<X509Certificate> certs = new ArrayList<>();
    certs.add((X509Certificate) engineGetCertificate(alias));
    // La cadena disponible del certificado la componen el propio certificado y el
    // certificado de la CA intermedia. Si no se puede recuperar esta ultima, se obvia
    X509Certificate intermediateCaCert;
    try {
        intermediateCaCert = this.cryptoCard.getCertificate(INTERMEDIATE_CA_CERT_ALIAS);
    } catch (final AuthenticationModeLockedException e) {
        throw e;
    } catch (final BadPinException e) {
        throw new BadPasswordProviderException(e);
    } catch (final Exception e) {
        LOGGER.warning(// $NON-NLS-1$
        "No se ha podido cargar el certificado de la CA intermedia: " + e);
        intermediateCaCert = null;
    }
    X509Certificate sha2DnieRoot = null;
    if (intermediateCaCert != null) {
        certs.add(intermediateCaCert);
        // en el proyecto
        try {
            sha2DnieRoot = (X509Certificate) // $NON-NLS-1$
            CertificateFactory.getInstance("X.509").generateCertificate(// $NON-NLS-1$
            DnieKeyStoreImpl.class.getResourceAsStream("/ACRAIZ-SHA2.crt"));
        } catch (final Exception e) {
            sha2DnieRoot = null;
            LOGGER.warning(// $NON-NLS-1$
            "No se ha podido cargar el certificado de la CA raiz: " + e);
        }
        // Comprobamos que efectivamente sea su raiz
        if (sha2DnieRoot != null) {
            try {
                intermediateCaCert.verify(sha2DnieRoot.getPublicKey());
            } catch (final Exception e) {
                sha2DnieRoot = null;
                LOGGER.info(// $NON-NLS-1$
                "La CA raiz de DNIe precargada no es la emisora de este DNIe: " + e);
            }
        }
    }
    if (sha2DnieRoot != null) {
        certs.add(sha2DnieRoot);
    }
    return certs.toArray(new X509Certificate[0]);
}
Also used : AuthenticationModeLockedException(es.gob.jmulticard.card.AuthenticationModeLockedException) BadPinException(es.gob.jmulticard.card.BadPinException) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) AuthenticationModeLockedException(es.gob.jmulticard.card.AuthenticationModeLockedException) CryptoCardException(es.gob.jmulticard.card.CryptoCardException) BadPinException(es.gob.jmulticard.card.BadPinException) ProviderException(java.security.ProviderException) IOException(java.io.IOException) PinException(es.gob.jmulticard.card.PinException)

Example 2 with AuthenticationModeLockedException

use of es.gob.jmulticard.card.AuthenticationModeLockedException in project jmulticard by ctt-gob-es.

the class Dnie method changePIN.

/**
 * Realiza la operaci&oacute;n de cambio de PIN. Necesita tener un canal administrativo abierto.
 * @param oldPin PIN actual.
 * @param newPin PIN nuevo.
 * @return APDU de respuesta de la operaci&oacute;n.
 * @throws CryptoCardException Cuando se produce un error en el cambio de PIN.
 * @throws PinException Si el PIN actual es incorrecto.
 * @throws AuthenticationModeLockedException Cuando el DNIe est&aacute; bloqueado.
 */
public byte[] changePIN(final String oldPin, final String newPin) throws CryptoCardException, PinException, AuthenticationModeLockedException {
    openSecureChannelIfNotAlreadyOpened();
    try {
        // Seleccion de directorio maestro
        selectMasterFile();
        // Seleccion de fichero de PIN por Id
        final byte[] pinFile = new byte[] { (byte) 0x00, (byte) 0x00 };
        selectFileById(pinFile);
        // Envio de APDU de cambio de PIN
        final CommandApdu apdu = new ChangePINApduCommand(oldPin.getBytes(), newPin.getBytes());
        final ResponseApdu res = getConnection().transmit(apdu);
        if (!res.isOk()) {
            throw new DnieCardException(// $NON-NLS-1$
            "Error en el establecimiento de las variables de entorno para el cambio de PIN", // $NON-NLS-1$
            res.getStatusWord());
        }
        return res.getData();
    } catch (final LostChannelException e) {
        // $NON-NLS-1$
        LOGGER.warning("Se ha perdido el canal seguro para cambiar el PIN, se procede a recuperarlo: " + e);
        try {
            getConnection().close();
            if (getConnection() instanceof Cwa14890Connection) {
                setConnection(((Cwa14890Connection) getConnection()).getSubConnection());
            }
            // se terminara provocando un desbordamiento de pila.
            return changePIN(oldPin, newPin);
        } catch (final Exception ex) {
            // $NON-NLS-1$
            throw new DnieCardException("No se pudo recuperar el canal seguro para firmar: " + ex, ex);
        }
    } catch (final ApduConnectionException e) {
        // $NON-NLS-1$
        throw new DnieCardException("Error en la transmision de comandos a la tarjeta: " + e, e);
    } catch (final Iso7816FourCardException e) {
        // $NON-NLS-1$
        throw new DnieCardException("No se pudo seleccionar el fichero de PIN de la tarjeta: " + e, e);
    }
}
Also used : LostChannelException(es.gob.jmulticard.apdu.connection.LostChannelException) Iso7816FourCardException(es.gob.jmulticard.card.iso7816four.Iso7816FourCardException) CommandApdu(es.gob.jmulticard.apdu.CommandApdu) Cwa14890Connection(es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890Connection) ResponseApdu(es.gob.jmulticard.apdu.ResponseApdu) ChangePINApduCommand(es.gob.jmulticard.apdu.dnie.ChangePINApduCommand) ApduConnectionException(es.gob.jmulticard.apdu.connection.ApduConnectionException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthenticationModeLockedException(es.gob.jmulticard.card.AuthenticationModeLockedException) BadPinException(es.gob.jmulticard.card.BadPinException) PinException(es.gob.jmulticard.card.PinException) Iso7816FourCardException(es.gob.jmulticard.card.iso7816four.Iso7816FourCardException) AccessControlException(java.security.AccessControlException) SecureChannelException(es.gob.jmulticard.apdu.connection.cwa14890.SecureChannelException) CryptoCardException(es.gob.jmulticard.card.CryptoCardException) LostChannelException(es.gob.jmulticard.apdu.connection.LostChannelException) CancelledOperationException(es.gob.jmulticard.CancelledOperationException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) ApduConnectionException(es.gob.jmulticard.apdu.connection.ApduConnectionException)

Example 3 with AuthenticationModeLockedException

use of es.gob.jmulticard.card.AuthenticationModeLockedException in project jmulticard by ctt-gob-es.

the class Ceres method verifyPin.

@Override
public void verifyPin(final PasswordCallback pinPc) throws ApduConnectionException, PinException {
    if (pinPc == null) {
        // $NON-NLS-1$
        throw new PinException("No se ha establecido un PasswordCallback");
    }
    final CommandApdu chv = new CeresVerifyApduCommand(CLA, pinPc);
    final ResponseApdu verifyResponse = sendArbitraryApdu(chv);
    if (!verifyResponse.isOk()) {
        if (verifyResponse.getStatusWord().getMsb() == ERROR_PIN_SW1 || verifyResponse.getStatusWord().getMsb() == ERROR_PIN_SW2) {
            if (AUTO_RETRY) {
                this.passwordCallback = null;
                verifyPin(getInternalPasswordCallback());
                return;
            }
            throw new BadPinException(verifyResponse.getStatusWord().getLsb() - (byte) 0xC0);
        } else if (new StatusWord((byte) 0x69, (byte) 0x83).equals(verifyResponse.getStatusWord())) {
            throw new AuthenticationModeLockedException();
        }
        throw new ApduConnectionException(new Iso7816FourCardException(// $NON-NLS-1$ //$NON-NLS-2$
        "Error en la verificacion de PIN (" + verifyResponse.getStatusWord() + ")", verifyResponse.getStatusWord()));
    }
}
Also used : AuthenticationModeLockedException(es.gob.jmulticard.card.AuthenticationModeLockedException) Iso7816FourCardException(es.gob.jmulticard.card.iso7816four.Iso7816FourCardException) CommandApdu(es.gob.jmulticard.apdu.CommandApdu) CeresVerifyApduCommand(es.gob.jmulticard.apdu.ceres.CeresVerifyApduCommand) BadPinException(es.gob.jmulticard.card.BadPinException) StatusWord(es.gob.jmulticard.apdu.StatusWord) ResponseApdu(es.gob.jmulticard.apdu.ResponseApdu) BadPinException(es.gob.jmulticard.card.BadPinException) PinException(es.gob.jmulticard.card.PinException) ApduConnectionException(es.gob.jmulticard.apdu.connection.ApduConnectionException)

Example 4 with AuthenticationModeLockedException

use of es.gob.jmulticard.card.AuthenticationModeLockedException in project jmulticard by ctt-gob-es.

the class Ceres method getInternalPasswordCallback.

protected PasswordCallback getInternalPasswordCallback() throws PinException {
    if (this.passwordCallback != null) {
        final int retriesLeft = getPinRetriesLeft();
        if (retriesLeft == 0) {
            throw new AuthenticationModeLockedException();
        }
        return this.passwordCallback;
    }
    if (this.callbackHandler != null) {
        final int retriesLeft = getPinRetriesLeft();
        if (retriesLeft == 0) {
            throw new AuthenticationModeLockedException();
        }
        final PasswordCallback pwc = new PasswordCallback(// $NON-NLS-1$
        CardMessages.getString("Gen.0", Integer.toString(retriesLeft)), false);
        try {
            this.callbackHandler.handle(new Callback[] { pwc });
        } catch (final IOException e) {
            throw new PinException(// $NON-NLS-1$
            "Error obteniendo el PIN del CallbackHandler: " + e, // $NON-NLS-1$
            e);
        } catch (final UnsupportedCallbackException e) {
            throw new PinException(// $NON-NLS-1$
            "El CallbackHandler no soporta pedir el PIN al usuario: " + e, // $NON-NLS-1$
            e);
        }
        return pwc;
    }
    // $NON-NLS-1$
    throw new PinException("No hay ningun metodo para obtener el PIN");
}
Also used : AuthenticationModeLockedException(es.gob.jmulticard.card.AuthenticationModeLockedException) PasswordCallback(javax.security.auth.callback.PasswordCallback) IOException(java.io.IOException) BadPinException(es.gob.jmulticard.card.BadPinException) PinException(es.gob.jmulticard.card.PinException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 5 with AuthenticationModeLockedException

use of es.gob.jmulticard.card.AuthenticationModeLockedException in project jmulticard by ctt-gob-es.

the class SmartCafePkcs15Applet method verifyPin.

@Override
public void verifyPin(final PasswordCallback psc) throws ApduConnectionException, PinException {
    if (psc == null) {
        throw new IllegalArgumentException(// $NON-NLS-1$
        "No se puede verificar el titular con un PasswordCallback nulo");
    }
    VerifyApduCommand verifyCommandApdu = new VerifyApduCommand(psc);
    final ResponseApdu verifyResponse = getConnection().transmit(verifyCommandApdu);
    verifyCommandApdu = null;
    if (!verifyResponse.isOk()) {
        if (verifyResponse.getStatusWord().getMsb() == ERROR_PIN_SW1) {
            throw new BadPinException(verifyResponse.getStatusWord().getLsb() - (byte) 0xC0);
        } else if (verifyResponse.getStatusWord().getMsb() == (byte) 0x69 && verifyResponse.getStatusWord().getLsb() == (byte) 0x83) {
            throw new AuthenticationModeLockedException();
        } else {
            throw new ApduConnectionException(new Iso7816FourCardException(// $NON-NLS-1$ //$NON-NLS-2$
            "Error en la verificacion de PIN (" + verifyResponse.getStatusWord() + ")", verifyResponse.getStatusWord()));
        }
    }
}
Also used : AuthenticationModeLockedException(es.gob.jmulticard.card.AuthenticationModeLockedException) Iso7816FourCardException(es.gob.jmulticard.card.iso7816four.Iso7816FourCardException) BadPinException(es.gob.jmulticard.card.BadPinException) ResponseApdu(es.gob.jmulticard.apdu.ResponseApdu) VerifyApduCommand(es.gob.jmulticard.apdu.gide.VerifyApduCommand) ApduConnectionException(es.gob.jmulticard.apdu.connection.ApduConnectionException)

Aggregations

AuthenticationModeLockedException (es.gob.jmulticard.card.AuthenticationModeLockedException)9 BadPinException (es.gob.jmulticard.card.BadPinException)9 PinException (es.gob.jmulticard.card.PinException)7 IOException (java.io.IOException)6 ResponseApdu (es.gob.jmulticard.apdu.ResponseApdu)4 ApduConnectionException (es.gob.jmulticard.apdu.connection.ApduConnectionException)4 Iso7816FourCardException (es.gob.jmulticard.card.iso7816four.Iso7816FourCardException)4 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4 CryptoCardException (es.gob.jmulticard.card.CryptoCardException)3 PasswordCallback (javax.security.auth.callback.PasswordCallback)3 CommandApdu (es.gob.jmulticard.apdu.CommandApdu)2 ProviderException (java.security.ProviderException)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 CancelledOperationException (es.gob.jmulticard.CancelledOperationException)1 StatusWord (es.gob.jmulticard.apdu.StatusWord)1 CeresVerifyApduCommand (es.gob.jmulticard.apdu.ceres.CeresVerifyApduCommand)1 LostChannelException (es.gob.jmulticard.apdu.connection.LostChannelException)1 Cwa14890Connection (es.gob.jmulticard.apdu.connection.cwa14890.Cwa14890Connection)1 SecureChannelException (es.gob.jmulticard.apdu.connection.cwa14890.SecureChannelException)1