Search in sources :

Example 1 with InvalidRedirectUrlException

use of org.openecard.addons.cg.ex.InvalidRedirectUrlException in project open-ecard by ecsec.

the class ChipGateway method sendMessageInterruptable.

private <T> T sendMessageInterruptable(final String resource, final String msg, final Class<T> resClass) throws ConnectionError, InvalidRedirectUrlException, ChipGatewayDataError, ThreadTerminateException {
    FutureTask<T> task = new FutureTask<>(new Callable<T>() {

        @Override
        public T call() throws Exception {
            return sendMessage(resource, msg, resClass);
        }
    });
    new Thread(task, "HTTP-Client-" + HTTP_THREAD_NUM.getAndIncrement()).start();
    try {
        return task.get();
    } catch (ExecutionException ex) {
        Throwable cause = ex.getCause();
        if (cause instanceof ConnectionError) {
            throw (ConnectionError) cause;
        } else if (cause instanceof InvalidRedirectUrlException) {
            throw (InvalidRedirectUrlException) cause;
        } else if (cause instanceof ChipGatewayDataError) {
            throw (ChipGatewayDataError) cause;
        } else if (cause instanceof RuntimeException) {
            throw (RuntimeException) cause;
        } else {
            throw new RuntimeException("Unexpected exception raised by HTTP message sending thread.", cause);
        }
    } catch (InterruptedException ex) {
        LOG.debug("Sending HTTP message interrupted.");
        task.cancel(true);
        // force new connection because this one may be unfinished and thus unusable
        try {
            conn.shutdown();
        } catch (IOException ignore) {
        }
        throw new ThreadTerminateException("Interrupt received while sending HTTP message.");
    }
}
Also used : InvalidRedirectUrlException(org.openecard.addons.cg.ex.InvalidRedirectUrlException) ConnectionError(org.openecard.addons.cg.ex.ConnectionError) ChipGatewayDataError(org.openecard.addons.cg.ex.ChipGatewayDataError) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RemotePinException(org.openecard.addons.cg.ex.RemotePinException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) HttpException(org.openecard.apache.http.HttpException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) InvalidRedirectUrlException(org.openecard.addons.cg.ex.InvalidRedirectUrlException) URISyntaxException(java.net.URISyntaxException) TimeoutException(java.util.concurrent.TimeoutException) JoseException(org.jose4j.lang.JoseException) AuthServerException(org.openecard.addons.cg.ex.AuthServerException) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) MalformedURLException(java.net.MalformedURLException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) CertificateException(java.security.cert.CertificateException) FutureTask(java.util.concurrent.FutureTask) ExecutionException(java.util.concurrent.ExecutionException) ThreadTerminateException(org.openecard.common.ThreadTerminateException)

Example 2 with InvalidRedirectUrlException

use of org.openecard.addons.cg.ex.InvalidRedirectUrlException in project open-ecard by ecsec.

the class ChipGateway method processCertificatesRequest.

private CommandType processCertificatesRequest(final ListCertificatesRequestType certReq) throws ConnectionError, JsonProcessingException, InvalidRedirectUrlException, ChipGatewayDataError {
    // check if we have been interrupted
    checkProcessCancelled();
    BigInteger waitSecondsBig = certReq.getMaxWaitSeconds();
    long waitMillis = getWaitMillis(waitSecondsBig);
    // run the actual stuff in the background, so we can wait and terminate if needed
    FutureTask<ListCertificatesResponseType> action = new FutureTask<>(new Callable<ListCertificatesResponseType>() {

        @Override
        public ListCertificatesResponseType call() throws Exception {
            ListCertificatesResponseType certResp = new ListCertificatesResponseType();
            certResp.setSessionIdentifier(sessionId);
            char[] pin = null;
            try {
                pin = getPin(certReq.getPIN());
                byte[] slotHandle = certReq.getSlotHandle();
                ListCertificates helper = new ListCertificates(tokenCache, slotHandle, certReq.getCertificateFilter(), pin);
                List<CertificateInfoType> certInfos = helper.getCertificates();
                certResp.getCertificateInfo().addAll(certInfos);
                certResp.setResult(ChipGatewayStatusCodes.OK);
                return certResp;
            } finally {
                if (pin != null) {
                    Arrays.fill(pin, ' ');
                }
            }
        }
    });
    Thread t = new Thread(action, "CertificatesRequest-Task-" + TASK_THREAD_NUM.getAndIncrement());
    t.setDaemon(true);
    t.start();
    ListCertificatesResponseType certResp = new ListCertificatesResponseType();
    certResp.setSessionIdentifier(sessionId);
    try {
        // wait for thread to finish
        certResp = action.get(waitMillis, TimeUnit.MILLISECONDS);
    } catch (TimeoutException ex) {
        LOG.info("Background task took longer than the timeout value permitted.", ex);
        // cancel task
        action.cancel(true);
        // wait for task to finish, so the SC stack can not get confused
        try {
            t.join();
            certResp.setResult(ChipGatewayStatusCodes.TIMEOUT);
        } catch (InterruptedException ignore) {
            // send stop message
            certResp.setResult(ChipGatewayStatusCodes.STOPPED);
        }
    } catch (ExecutionException ex) {
        LOG.error("Background task produced an exception.", ex);
        Throwable cause = ex.getCause();
        if (cause instanceof RemotePinException) {
            LOG.error("Error getting encrypted PIN.", ex);
            certResp.setResult(ChipGatewayStatusCodes.INCORRECT_PARAMETER);
        } else if (cause instanceof ParameterInvalid) {
            LOG.error("Error while processing the certificate filter parameters.", ex);
            certResp.setResult(ChipGatewayStatusCodes.INCORRECT_PARAMETER);
        } else if (cause instanceof SlotHandleInvalid) {
            LOG.error("No token for the given slot handle found.", cause);
            certResp.setResult(ChipGatewayStatusCodes.UNKNOWN_SLOT);
        } else if (cause instanceof NoSuchDid) {
            LOG.error("DID does not exist.", cause);
            certResp.setResult(ChipGatewayStatusCodes.UNKNOWN_DID);
        } else if (cause instanceof SecurityConditionUnsatisfiable) {
            LOG.error("DID can not be authenticated.", cause);
            certResp.setResult(ChipGatewayStatusCodes.SECURITY_NOT_SATISFIED);
        } else if (cause instanceof CertificateException) {
            LOG.error("Certificate could not be processed.", cause);
            certResp.setResult(ChipGatewayStatusCodes.OTHER);
        } else if (cause instanceof WSHelper.WSException) {
            LOG.error("Unknown error.", cause);
            certResp.setResult(ChipGatewayStatusCodes.OTHER);
        } else if (cause instanceof ThreadTerminateException) {
            LOG.error("Chipgateway process interrupted.", cause);
            certResp.setResult(ChipGatewayStatusCodes.STOPPED);
        } else {
            LOG.error("Unknown error during list certificate operation.", cause);
            certResp.setResult(ChipGatewayStatusCodes.OTHER);
        }
    } catch (InterruptedException ex) {
        String msg = "Interrupted while waiting for background task.";
        if (LOG.isDebugEnabled()) {
            LOG.debug(msg, ex);
        } else {
            LOG.info(msg);
        }
        // cancel task
        action.cancel(true);
        // send stop message
        certResp.setResult(ChipGatewayStatusCodes.STOPPED);
    }
    return sendMessageInterruptableAndCheckTermination(getResource(listCertsUrl), certResp);
}
Also used : ListCertificatesResponseType(org.openecard.ws.chipgateway.ListCertificatesResponseType) SecurityConditionUnsatisfiable(org.openecard.common.SecurityConditionUnsatisfiable) CertificateException(java.security.cert.CertificateException) RemotePinException(org.openecard.addons.cg.ex.RemotePinException) FutureTask(java.util.concurrent.FutureTask) List(java.util.List) ExecutionException(java.util.concurrent.ExecutionException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) TimeoutException(java.util.concurrent.TimeoutException) WSHelper(org.openecard.common.WSHelper) SlotHandleInvalid(org.openecard.addons.cg.ex.SlotHandleInvalid) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RemotePinException(org.openecard.addons.cg.ex.RemotePinException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) HttpException(org.openecard.apache.http.HttpException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) InvalidRedirectUrlException(org.openecard.addons.cg.ex.InvalidRedirectUrlException) URISyntaxException(java.net.URISyntaxException) TimeoutException(java.util.concurrent.TimeoutException) JoseException(org.jose4j.lang.JoseException) AuthServerException(org.openecard.addons.cg.ex.AuthServerException) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) MalformedURLException(java.net.MalformedURLException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) CertificateException(java.security.cert.CertificateException) BigInteger(java.math.BigInteger) ParameterInvalid(org.openecard.addons.cg.ex.ParameterInvalid) NoSuchDid(org.openecard.crypto.common.sal.did.NoSuchDid)

Example 3 with InvalidRedirectUrlException

use of org.openecard.addons.cg.ex.InvalidRedirectUrlException in project open-ecard by ecsec.

the class ChipGateway method processSignRequest.

private CommandType processSignRequest(final SignRequestType signReq) throws ConnectionError, JsonProcessingException, InvalidRedirectUrlException, ChipGatewayDataError {
    // check if we have been interrupted
    checkProcessCancelled();
    BigInteger waitSecondsBig = signReq.getMaxWaitSeconds();
    long waitMillis = getWaitMillis(waitSecondsBig);
    // run the actual stuff in the background, so we can wait and terminate if needed
    FutureTask<SignResponseType> action = new FutureTask<>(new Callable<SignResponseType>() {

        @Override
        public SignResponseType call() throws Exception {
            SignResponseType signResp = new SignResponseType();
            signResp.setSessionIdentifier(sessionId);
            byte[] slotHandle = signReq.getSlotHandle();
            String didName = signReq.getDIDName();
            char[] pin = null;
            try {
                pin = getPin(signReq.getPIN());
                Signer signer = new Signer(tokenCache, slotHandle, didName, pin);
                byte[] signature = signer.sign(signReq.getMessage());
                signResp.setSignature(signature);
                signResp.setResult(ChipGatewayStatusCodes.OK);
                return signResp;
            } finally {
                if (pin != null) {
                    Arrays.fill(pin, ' ');
                }
            }
        }
    });
    Thread t = new Thread(action, "SignRequest-Task-" + TASK_THREAD_NUM.getAndIncrement());
    t.setDaemon(true);
    t.start();
    SignResponseType signResp = new SignResponseType();
    signResp.setSessionIdentifier(sessionId);
    try {
        // wait for thread to finish
        signResp = action.get(waitMillis, TimeUnit.MILLISECONDS);
    } catch (TimeoutException ex) {
        LOG.info("Background task took longer than the timeout value permitted.", ex);
        // cancel task
        action.cancel(true);
        // wait for task to finish, so the SC stack can not get confused
        try {
            t.join();
            signResp.setResult(ChipGatewayStatusCodes.TIMEOUT);
        } catch (InterruptedException ignore) {
            // send stop message
            signResp.setResult(ChipGatewayStatusCodes.STOPPED);
        }
    } catch (ExecutionException ex) {
        LOG.error("Background task produced an exception.", ex);
        Throwable cause = ex.getCause();
        if (cause instanceof RemotePinException) {
            LOG.error("Error getting encrypted PIN.", cause);
            signResp.setResult(ChipGatewayStatusCodes.INCORRECT_PARAMETER);
        } else if (cause instanceof ParameterInvalid) {
            LOG.error("Error while processing the certificate filter parameters.", cause);
            signResp.setResult(ChipGatewayStatusCodes.INCORRECT_PARAMETER);
        } else if (cause instanceof SlotHandleInvalid) {
            LOG.error("No token for the given slot handle found.", cause);
            signResp.setResult(ChipGatewayStatusCodes.UNKNOWN_SLOT);
        } else if (cause instanceof NoSuchDid) {
            LOG.error("DID does not exist.", cause);
            signResp.setResult(ChipGatewayStatusCodes.UNKNOWN_DID);
        } else if (cause instanceof PinBlocked) {
            LOG.error("PIN is blocked.", ex);
            signResp.setResult(ChipGatewayStatusCodes.PIN_BLOCKED);
        } else if (cause instanceof SecurityConditionUnsatisfiable) {
            LOG.error("DID can not be authenticated.", cause);
            signResp.setResult(ChipGatewayStatusCodes.SECURITY_NOT_SATISFIED);
        } else if (cause instanceof WSHelper.WSException) {
            LOG.error("Unknown error.", cause);
            signResp.setResult(ChipGatewayStatusCodes.OTHER);
        } else if (cause instanceof ThreadTerminateException) {
            LOG.error("Chipgateway process interrupted.", cause);
            signResp.setResult(ChipGatewayStatusCodes.STOPPED);
        } else {
            LOG.error("Unknown error during sign operation.", cause);
            signResp.setResult(ChipGatewayStatusCodes.OTHER);
        }
    } catch (InterruptedException ex) {
        String msg = "Interrupted while waiting for background task.";
        if (LOG.isDebugEnabled()) {
            LOG.debug(msg, ex);
        } else {
            LOG.info(msg);
        }
        // cancel task
        action.cancel(true);
        // send stop message
        signResp.setResult(ChipGatewayStatusCodes.STOPPED);
    }
    return sendMessageInterruptableAndCheckTermination(getResource(signUrl), signResp);
}
Also used : PinBlocked(org.openecard.addons.cg.ex.PinBlocked) WSHelper(org.openecard.common.WSHelper) SecurityConditionUnsatisfiable(org.openecard.common.SecurityConditionUnsatisfiable) SlotHandleInvalid(org.openecard.addons.cg.ex.SlotHandleInvalid) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RemotePinException(org.openecard.addons.cg.ex.RemotePinException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) HttpException(org.openecard.apache.http.HttpException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) InvalidRedirectUrlException(org.openecard.addons.cg.ex.InvalidRedirectUrlException) URISyntaxException(java.net.URISyntaxException) TimeoutException(java.util.concurrent.TimeoutException) JoseException(org.jose4j.lang.JoseException) AuthServerException(org.openecard.addons.cg.ex.AuthServerException) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) MalformedURLException(java.net.MalformedURLException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) CertificateException(java.security.cert.CertificateException) RemotePinException(org.openecard.addons.cg.ex.RemotePinException) FutureTask(java.util.concurrent.FutureTask) BigInteger(java.math.BigInteger) ParameterInvalid(org.openecard.addons.cg.ex.ParameterInvalid) ExecutionException(java.util.concurrent.ExecutionException) NoSuchDid(org.openecard.crypto.common.sal.did.NoSuchDid) ThreadTerminateException(org.openecard.common.ThreadTerminateException) SignResponseType(org.openecard.ws.chipgateway.SignResponseType) TimeoutException(java.util.concurrent.TimeoutException)

Example 4 with InvalidRedirectUrlException

use of org.openecard.addons.cg.ex.InvalidRedirectUrlException in project open-ecard by ecsec.

the class ActivateCGAction method execute.

@Override
public BindingResult execute(RequestBody body, Map<String, String> params, Headers headers, List<Attachment> att) {
    BindingResult response;
    boolean aquired = false;
    try {
        checkMethod(headers);
        final TCToken token = TCToken.generateToken(params);
        Runnable cgAction = new Runnable() {

            @Override
            public void run() {
                try {
                    tokenHandler.handleNoCardActivate(token);
                    // run a full GC to free some heap memory
                    System.gc();
                    System.runFinalization();
                    System.gc();
                } catch (ThreadTerminateException ex) {
                    LOG.debug("Activation task terminated by an interrupt.", ex);
                } catch (RuntimeException ex) {
                    LOG.error("Unhandled exception in activation process.", ex);
                } finally {
                    currentTaskThread = null;
                    // in some cases an error does not lead to a removal of the dynamic context so remove it here
                    DynamicContext.remove();
                }
            }
        };
        // guard thread creation
        MUTEX.acquire();
        aquired = true;
        Thread t = currentTaskThread;
        if (t != null) {
            if (token.isForceProcessing()) {
                LOG.info("Stopping already running ChipGateway Protocol instance.");
                t.interrupt();
                // wait for other task to complete
                t.join();
            } else {
                LOG.info("Another ChipGateway Protocol instance is already running, return status=busy.");
                response = new BindingResult(BindingResultCode.REDIRECT);
                response.getAuxResultData().put(AuxDataKeys.REDIRECT_LOCATION, token.finalizeBusyAddress());
                return response;
            }
        }
        // perform ChipGateway Protocol in background thread, so that we can return directly
        currentTaskThread = new Thread(cgAction);
        currentTaskThread.setDaemon(true);
        currentTaskThread.setName("ChipGateway-Activation-" + THREAD_NUM.getAndIncrement());
        currentTaskThread.start();
        // create redirect
        response = new BindingResult(BindingResultCode.REDIRECT);
        response.getAuxResultData().put(AuxDataKeys.REDIRECT_LOCATION, token.finalizeOkAddress());
    } catch (WrongMethodException ex) {
        LOG.warn(ex.getMessage());
        response = new BindingResult(BindingResultCode.WRONG_PARAMETER);
        response.setResultMessage(ex.getMessage());
    } catch (NoMethodException ex) {
        LOG.error("No method given in headers, maybe wrong binging.", ex);
        response = new BindingResult(BindingResultCode.INTERNAL_ERROR);
        response.setResultMessage(ex.getMessage());
    } catch (InvalidRedirectUrlException | InvalidTCTokenElement ex) {
        LOG.error("Failed to create TCToken.", ex);
        response = ex.getBindingResult();
    } catch (InterruptedException ex) {
        LOG.info("ChipGateway activation interrupted.");
        response = new BindingResult(BindingResultCode.INTERNAL_ERROR);
        response.setResultMessage(ex.getMessage());
    } finally {
        if (aquired) {
            MUTEX.release();
        }
    }
    return response;
}
Also used : InvalidRedirectUrlException(org.openecard.addons.cg.ex.InvalidRedirectUrlException) BindingResult(org.openecard.addon.bind.BindingResult) InvalidTCTokenElement(org.openecard.addons.cg.ex.InvalidTCTokenElement) TCToken(org.openecard.addons.cg.tctoken.TCToken) ThreadTerminateException(org.openecard.common.ThreadTerminateException)

Aggregations

InvalidRedirectUrlException (org.openecard.addons.cg.ex.InvalidRedirectUrlException)4 ThreadTerminateException (org.openecard.common.ThreadTerminateException)4 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)3 IOException (java.io.IOException)3 MalformedURLException (java.net.MalformedURLException)3 URISyntaxException (java.net.URISyntaxException)3 KeyStoreException (java.security.KeyStoreException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateException (java.security.cert.CertificateException)3 ExecutionException (java.util.concurrent.ExecutionException)3 FutureTask (java.util.concurrent.FutureTask)3 TimeoutException (java.util.concurrent.TimeoutException)3 JoseException (org.jose4j.lang.JoseException)3 AuthServerException (org.openecard.addons.cg.ex.AuthServerException)3 RemotePinException (org.openecard.addons.cg.ex.RemotePinException)3 HttpException (org.openecard.apache.http.HttpException)3 UnsupportedAlgorithmException (org.openecard.crypto.common.UnsupportedAlgorithmException)3 BigInteger (java.math.BigInteger)2 ParameterInvalid (org.openecard.addons.cg.ex.ParameterInvalid)2 SlotHandleInvalid (org.openecard.addons.cg.ex.SlotHandleInvalid)2