Examples with NonGuiException org.openecard.binding.tctoken.ex.NonGuiException used on opensource projects

Example 1 with NonGuiException

use of org.openecard.binding.tctoken.ex.NonGuiException in project open-ecard by ecsec.

the class ActivateAction method processTcToken.

/**
 * Process the tcTokenURL or the activation object and perform a authentication.
 *
 * @param params Parameters of the request.
 * @return A {@link BindingResult} representing the result of the authentication.
 */
private BindingResult processTcToken(Map<String, String> params) {
    BindingResult response;
    DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
    dynCtx.put(TR03112Keys.COOKIE_MANAGER, new CookieManager());
    try {
        TCTokenRequest tcTokenRequest = null;
        try {
            tcTokenRequest = TCTokenRequest.convert(params, ctx);
            response = tokenHandler.handleActivate(tcTokenRequest);
            // Show success message. If we get here we have a valid StartPAOSResponse and a valid refreshURL
            showFinishMessage((TCTokenResponse) response);
        } catch (ActivationError ex) {
            if (ex instanceof NonGuiException) {
            // error already displayed to the user so do not repeat it here
            } else {
                if (ex.getMessage().equals("Invalid HTTP message received.")) {
                    showErrorMessage(lang.translationForKey(ACTIVATION_INVALID_REFRESH_ADDRESS));
                } else {
                    showErrorMessage(ex.getLocalizedMessage());
                }
            }
            LOG.error(ex.getMessage());
            // stack trace only in debug level
            LOG.debug(ex.getMessage(), ex);
            LOG.debug("Returning result: \n{}", ex.getBindingResult());
            if (ex instanceof FatalActivationError) {
                LOG.info("Authentication failed, displaying error in Browser.");
            } else {
                LOG.info("Authentication failed, redirecting to with errors attached to the URL.");
            }
            response = ex.getBindingResult();
        } finally {
            if (tcTokenRequest != null && tcTokenRequest.getTokenContext() != null) {
                // close connection to tctoken server in case PAOS didn't already perform this action
                tcTokenRequest.getTokenContext().closeStream();
            }
        }
    } catch (RuntimeException e) {
        response = new BindingResult(BindingResultCode.INTERNAL_ERROR);
        LOG.error(e.getMessage(), e);
    }
    return response;
}

Example 2 with NonGuiException

use of org.openecard.binding.tctoken.ex.NonGuiException in project open-ecard by ecsec.

the class TCTokenHandler method handleActivate.

/**
 * Activates the client according to the received TCToken.
 *
 * @param request The activation request containing the TCToken.
 * @return The response containing the result of the activation process.
 * @throws InvalidRedirectUrlException Thrown in case no redirect URL could be determined.
 * @throws SecurityViolationException
 * @throws NonGuiException
 */
public TCTokenResponse handleActivate(TCTokenRequest request) throws InvalidRedirectUrlException, SecurityViolationException, NonGuiException {
    TCToken token = request.getTCToken();
    if (LOG.isDebugEnabled()) {
        try {
            WSMarshaller m = WSMarshallerFactory.createInstance();
            LOG.debug("TCToken:\n{}", m.doc2str(m.marshal(token)));
        } catch (TransformerException | WSMarshallerException ex) {
        // it's no use
        }
    }
    final DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
    boolean performChecks = isPerformTR03112Checks(request);
    if (!performChecks) {
        LOG.warn("Checks according to BSI TR03112 3.4.2, 3.4.4 (TCToken specific) and 3.4.5 are disabled.");
    }
    boolean isObjectActivation = request.getTCTokenURL() == null;
    if (isObjectActivation) {
        LOG.warn("Checks according to BSI TR03112 3.4.4 (TCToken specific) are disabled.");
    }
    dynCtx.put(TR03112Keys.TCTOKEN_CHECKS, performChecks);
    dynCtx.put(TR03112Keys.OBJECT_ACTIVATION, isObjectActivation);
    dynCtx.put(TR03112Keys.TCTOKEN_SERVER_CERTIFICATES, request.getCertificates());
    ConnectionHandleType connectionHandle = null;
    TCTokenResponse response = new TCTokenResponse();
    response.setTCToken(token);
    byte[] requestedContextHandle = request.getContextHandle();
    String ifdName = request.getIFDName();
    BigInteger requestedSlotIndex = request.getSlotIndex();
    // we know exactly which card we want
    ConnectionHandleType requestedHandle = new ConnectionHandleType();
    requestedHandle.setContextHandle(requestedContextHandle);
    requestedHandle.setIFDName(ifdName);
    requestedHandle.setSlotIndex(requestedSlotIndex);
    Set<CardStateEntry> matchingHandles = cardStates.getMatchingEntries(requestedHandle);
    if (!matchingHandles.isEmpty()) {
        connectionHandle = matchingHandles.toArray(new CardStateEntry[] {})[0].handleCopy();
    }
    if (connectionHandle == null) {
        String msg = LANG_TOKEN.translationForKey("cancel");
        LOG.error(msg);
        response.setResult(WSHelper.makeResultError(ResultMinor.CANCELLATION_BY_USER, msg));
        // fill in values, so it is usuable by the transport module
        response = determineRefreshURL(request, response);
        response.finishResponse(true);
        return response;
    }
    try {
        // process binding and follow redirect addresses afterwards
        response = processBinding(request, connectionHandle);
        // fill in values, so it is usuable by the transport module
        response = determineRefreshURL(request, response);
        response.finishResponse(isObjectActivation);
        return response;
    } catch (DispatcherException w) {
        LOG.error(w.getMessage(), w);
        response.setResultCode(BindingResultCode.INTERNAL_ERROR);
        response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, w.getMessage()));
        showErrorMessage(w.getMessage());
        throw new NonGuiException(response, w.getMessage(), w);
    } catch (PAOSException w) {
        LOG.error(w.getMessage(), w);
        // find actual error to display to the user
        Throwable innerException = w.getCause();
        if (innerException == null) {
            innerException = w;
        } else if (innerException instanceof ExecutionException) {
            innerException = innerException.getCause();
        }
        String errorMsg = innerException.getLocalizedMessage();
        // fix NPE when null is returned instead of a message
        errorMsg = errorMsg == null ? "" : errorMsg;
        switch(errorMsg) {
            case "The target server failed to respond":
                errorMsg = LANG_TR.translationForKey(NO_RESPONSE_FROM_SERVER);
                break;
            case ECardConstants.Minor.App.INT_ERROR + " ==> Unknown eCard exception occurred.":
                errorMsg = LANG_TR.translationForKey(UNKNOWN_ECARD_ERROR);
                break;
            case "Internal TLS error, this could be an attack":
                errorMsg = LANG_TR.translationForKey(INTERNAL_TLS_ERROR);
                break;
        }
        if (innerException instanceof WSException) {
            WSException ex = (WSException) innerException;
            errorMsg = createResponseFromWsEx(ex, response);
        } else if (innerException instanceof PAOSConnectionException) {
            response.setResult(WSHelper.makeResultError(ResultMinor.TRUSTED_CHANNEL_ESTABLISCHMENT_FAILED, w.getLocalizedMessage()));
        } else {
            errorMsg = createMessageFromUnknownError(w);
            response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, w.getMessage()));
        }
        showErrorMessage(errorMsg);
        try {
            // fill in values, so it is usuable by the transport module
            response = determineRefreshURL(request, response);
            response.finishResponse(true);
        } catch (InvalidRedirectUrlException ex) {
            LOG.error(ex.getMessage(), ex);
            response.setResultCode(BindingResultCode.INTERNAL_ERROR);
            response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, ex.getLocalizedMessage()));
            throw new NonGuiException(response, ex.getMessage(), ex);
        } catch (SecurityViolationException ex) {
            String msg2 = "The RefreshAddress contained in the TCToken is invalid. Redirecting to the " + "CommunicationErrorAddress.";
            LOG.error(msg2, ex);
            response.setResultCode(BindingResultCode.REDIRECT);
            response.setResult(WSHelper.makeResultError(ResultMinor.COMMUNICATION_ERROR, msg2));
            response.addAuxResultData(AuxDataKeys.REDIRECT_LOCATION, ex.getBindingResult().getAuxResultData().get(AuxDataKeys.REDIRECT_LOCATION));
        }
        return response;
    }
}