use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.
the class CANStepAction method perform.
@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
if (result.isBack()) {
return new StepActionResult(StepActionResultStatus.BACK);
}
if (!state.equals(RecognizedState.PIN_suspended)) {
return new StepActionResult(StepActionResultStatus.NEXT);
}
DIDAuthenticationDataType paceInput = new DIDAuthenticationDataType();
paceInput.setProtocol(ECardConstants.Protocol.PACE);
AuthDataMap tmp;
try {
tmp = new AuthDataMap(paceInput);
} catch (ParserConfigurationException ex) {
LOG.error("Failed to read empty Protocol data.", ex);
return new StepActionResult(StepActionResultStatus.CANCEL);
}
AuthDataResponse paceInputMap = tmp.createResponse(paceInput);
if (capturePin) {
ExecutionResults executionResults = oldResults.get(getStepID());
if (!verifyUserInput(executionResults)) {
// let the user enter the can again, when input verification failed
return new StepActionResult(StepActionResultStatus.REPEAT, createReplacementStep(false, true));
} else {
paceInputMap.addElement(PACEInputType.PIN, can);
}
}
paceInputMap.addElement(PACEInputType.PIN_ID, PIN_ID_CAN);
// perform PACE by EstablishChannelCommand
EstablishChannel establishChannel = new EstablishChannel();
establishChannel.setSlotHandle(conHandle.getSlotHandle());
establishChannel.setAuthenticationProtocolData(paceInputMap.getResponse());
establishChannel.getAuthenticationProtocolData().setProtocol(ECardConstants.Protocol.PACE);
try {
EstablishChannelResponse ecr = (EstablishChannelResponse) dispatcher.safeDeliver(establishChannel);
WSHelper.checkResult(ecr);
// pace was successfully performed, so get to the next step
String title = lang.translationForKey(PINSTEP_TITLE);
int retryCounter = 1;
Step replacementStep = new ChangePINStep("pin-entry", title, capturePin, retryCounter, false, false);
StepAction pinAction = new PINStepAction(capturePin, conHandle, dispatcher, replacementStep, retryCounter);
replacementStep.setAction(pinAction);
return new StepActionResult(StepActionResultStatus.NEXT, replacementStep);
} catch (WSException ex) {
LOG.info("Wrong CAN entered, trying again");
return new StepActionResult(StepActionResultStatus.REPEAT, createReplacementStep(true, false));
}
}
use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.
the class PINStepAction method perform.
@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
if (result.isBack()) {
return new StepActionResult(StepActionResultStatus.BACK);
}
DIDAuthenticationDataType paceInput = new DIDAuthenticationDataType();
paceInput.setProtocol(ECardConstants.Protocol.PACE);
AuthDataMap tmp;
try {
tmp = new AuthDataMap(paceInput);
} catch (ParserConfigurationException ex) {
LOG.error("Failed to read empty Protocol data.", ex);
return new StepActionResult(StepActionResultStatus.CANCEL);
}
AuthDataResponse paceInputMap = tmp.createResponse(paceInput);
if (capturePin) {
ExecutionResults executionResults = oldResults.get(getStepID());
if (!verifyUserInput(executionResults)) {
// let the user enter the pin again, when input verification failed
return new StepActionResult(StepActionResultStatus.REPEAT, createPINReplacementStep(false, true));
} else {
paceInputMap.addElement(PACEInputType.PIN, oldPIN);
}
}
paceInputMap.addElement(PACEInputType.PIN_ID, PIN_ID_PIN);
// perform PACE by EstablishChannel
EstablishChannel establishChannel = new EstablishChannel();
establishChannel.setSlotHandle(conHandle.getSlotHandle());
establishChannel.setAuthenticationProtocolData(paceInputMap.getResponse());
establishChannel.getAuthenticationProtocolData().setProtocol(ECardConstants.Protocol.PACE);
try {
EstablishChannelResponse establishChannelResponse = (EstablishChannelResponse) dispatcher.safeDeliver(establishChannel);
WSHelper.checkResult(establishChannelResponse);
// PACE completed successfully, we now modify the pin
if (capturePin) {
sendResetRetryCounter();
} else {
sendModifyPIN();
}
// PIN modified successfully, proceed with next step
return new StepActionResult(StepActionResultStatus.NEXT);
} catch (WSException ex) {
if (capturePin) {
retryCounter--;
LOG.info("Wrong PIN entered, trying again (remaining tries {}).", retryCounter);
if (retryCounter == 1) {
Step replacementStep = createCANReplacementStep();
return new StepActionResult(StepActionResultStatus.BACK, replacementStep);
} else {
Step replacementStep = createPINReplacementStep(true, false);
return new StepActionResult(StepActionResultStatus.REPEAT, replacementStep);
}
} else {
LOG.warn("PIN not entered successfully in terminal.");
return new StepActionResult(StepActionResultStatus.CANCEL);
}
} catch (APDUException ex) {
LOG.error("Failed to transmit Reset Retry Counter APDU.", ex);
return new StepActionResult(StepActionResultStatus.CANCEL);
} catch (IllegalArgumentException ex) {
LOG.error("Failed to transmit Reset Retry Counter APDU.", ex);
return new StepActionResult(StepActionResultStatus.CANCEL);
} catch (IFDException ex) {
LOG.error("Failed to transmit Reset Retry Counter APDU.", ex);
return new StepActionResult(StepActionResultStatus.CANCEL);
}
}
use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.
the class PUKStepAction method perform.
@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
if (result.isBack()) {
return new StepActionResult(StepActionResultStatus.BACK);
}
DIDAuthenticationDataType paceInput = new DIDAuthenticationDataType();
paceInput.setProtocol(ECardConstants.Protocol.PACE);
AuthDataMap tmp;
try {
tmp = new AuthDataMap(paceInput);
} catch (ParserConfigurationException ex) {
LOG.error("Failed to read empty Protocol data.", ex);
return new StepActionResult(StepActionResultStatus.CANCEL);
}
AuthDataResponse paceInputMap = tmp.createResponse(paceInput);
if (capturePin) {
ExecutionResults executionResults = oldResults.get(getStepID());
if (!verifyUserInput(executionResults)) {
// TODO inform user that something with his input is wrong
return new StepActionResult(StepActionResultStatus.REPEAT);
} else {
paceInputMap.addElement(PACEInputType.PIN, puk);
}
}
paceInputMap.addElement(PACEInputType.PIN_ID, PIN_ID_PUK);
// perform PACE by sending an EstablishChannel
EstablishChannel establishChannel = new EstablishChannel();
establishChannel.setSlotHandle(slotHandle);
establishChannel.setAuthenticationProtocolData(paceInputMap.getResponse());
establishChannel.getAuthenticationProtocolData().setProtocol(ECardConstants.Protocol.PACE);
try {
EstablishChannelResponse establishChannelResponse = (EstablishChannelResponse) dispatcher.safeDeliver(establishChannel);
WSHelper.checkResult(establishChannelResponse);
// pace was successfully performed, so get to the next step
return new StepActionResult(StepActionResultStatus.NEXT);
} catch (WSException ex) {
LOG.info("Wrong PUK entered, trying again");
// TODO update the step to inform the user that he entered the puk wrong
return new StepActionResult(StepActionResultStatus.REPEAT);
} finally {
DestroyChannel destroyChannel = new DestroyChannel();
destroyChannel.setSlotHandle(slotHandle);
dispatcher.safeDeliver(destroyChannel);
}
}
use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.
the class TCTokenHandler method handleActivate.
/**
* Activates the client according to the received TCToken.
*
* @param request The activation request containing the TCToken.
* @return The response containing the result of the activation process.
* @throws InvalidRedirectUrlException Thrown in case no redirect URL could be determined.
* @throws SecurityViolationException
* @throws NonGuiException
*/
public TCTokenResponse handleActivate(TCTokenRequest request) throws InvalidRedirectUrlException, SecurityViolationException, NonGuiException {
TCToken token = request.getTCToken();
if (LOG.isDebugEnabled()) {
try {
WSMarshaller m = WSMarshallerFactory.createInstance();
LOG.debug("TCToken:\n{}", m.doc2str(m.marshal(token)));
} catch (TransformerException | WSMarshallerException ex) {
// it's no use
}
}
final DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
boolean performChecks = isPerformTR03112Checks(request);
if (!performChecks) {
LOG.warn("Checks according to BSI TR03112 3.4.2, 3.4.4 (TCToken specific) and 3.4.5 are disabled.");
}
boolean isObjectActivation = request.getTCTokenURL() == null;
if (isObjectActivation) {
LOG.warn("Checks according to BSI TR03112 3.4.4 (TCToken specific) are disabled.");
}
dynCtx.put(TR03112Keys.TCTOKEN_CHECKS, performChecks);
dynCtx.put(TR03112Keys.OBJECT_ACTIVATION, isObjectActivation);
dynCtx.put(TR03112Keys.TCTOKEN_SERVER_CERTIFICATES, request.getCertificates());
ConnectionHandleType connectionHandle = null;
TCTokenResponse response = new TCTokenResponse();
response.setTCToken(token);
byte[] requestedContextHandle = request.getContextHandle();
String ifdName = request.getIFDName();
BigInteger requestedSlotIndex = request.getSlotIndex();
// we know exactly which card we want
ConnectionHandleType requestedHandle = new ConnectionHandleType();
requestedHandle.setContextHandle(requestedContextHandle);
requestedHandle.setIFDName(ifdName);
requestedHandle.setSlotIndex(requestedSlotIndex);
Set<CardStateEntry> matchingHandles = cardStates.getMatchingEntries(requestedHandle);
if (!matchingHandles.isEmpty()) {
connectionHandle = matchingHandles.toArray(new CardStateEntry[] {})[0].handleCopy();
}
if (connectionHandle == null) {
String msg = LANG_TOKEN.translationForKey("cancel");
LOG.error(msg);
response.setResult(WSHelper.makeResultError(ResultMinor.CANCELLATION_BY_USER, msg));
// fill in values, so it is usuable by the transport module
response = determineRefreshURL(request, response);
response.finishResponse(true);
return response;
}
try {
// process binding and follow redirect addresses afterwards
response = processBinding(request, connectionHandle);
// fill in values, so it is usuable by the transport module
response = determineRefreshURL(request, response);
response.finishResponse(isObjectActivation);
return response;
} catch (DispatcherException w) {
LOG.error(w.getMessage(), w);
response.setResultCode(BindingResultCode.INTERNAL_ERROR);
response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, w.getMessage()));
showErrorMessage(w.getMessage());
throw new NonGuiException(response, w.getMessage(), w);
} catch (PAOSException w) {
LOG.error(w.getMessage(), w);
// find actual error to display to the user
Throwable innerException = w.getCause();
if (innerException == null) {
innerException = w;
} else if (innerException instanceof ExecutionException) {
innerException = innerException.getCause();
}
String errorMsg = innerException.getLocalizedMessage();
// fix NPE when null is returned instead of a message
errorMsg = errorMsg == null ? "" : errorMsg;
switch(errorMsg) {
case "The target server failed to respond":
errorMsg = LANG_TR.translationForKey(NO_RESPONSE_FROM_SERVER);
break;
case ECardConstants.Minor.App.INT_ERROR + " ==> Unknown eCard exception occurred.":
errorMsg = LANG_TR.translationForKey(UNKNOWN_ECARD_ERROR);
break;
case "Internal TLS error, this could be an attack":
errorMsg = LANG_TR.translationForKey(INTERNAL_TLS_ERROR);
break;
}
if (innerException instanceof WSException) {
WSException ex = (WSException) innerException;
errorMsg = createResponseFromWsEx(ex, response);
} else if (innerException instanceof PAOSConnectionException) {
response.setResult(WSHelper.makeResultError(ResultMinor.TRUSTED_CHANNEL_ESTABLISCHMENT_FAILED, w.getLocalizedMessage()));
} else {
errorMsg = createMessageFromUnknownError(w);
response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, w.getMessage()));
}
showErrorMessage(errorMsg);
try {
// fill in values, so it is usuable by the transport module
response = determineRefreshURL(request, response);
response.finishResponse(true);
} catch (InvalidRedirectUrlException ex) {
LOG.error(ex.getMessage(), ex);
response.setResultCode(BindingResultCode.INTERNAL_ERROR);
response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, ex.getLocalizedMessage()));
throw new NonGuiException(response, ex.getMessage(), ex);
} catch (SecurityViolationException ex) {
String msg2 = "The RefreshAddress contained in the TCToken is invalid. Redirecting to the " + "CommunicationErrorAddress.";
LOG.error(msg2, ex);
response.setResultCode(BindingResultCode.REDIRECT);
response.setResult(WSHelper.makeResultError(ResultMinor.COMMUNICATION_ERROR, msg2));
response.addAuxResultData(AuxDataKeys.REDIRECT_LOCATION, ex.getBindingResult().getAuxResultData().get(AuxDataKeys.REDIRECT_LOCATION));
}
return response;
}
}
use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.
the class ChangePINAction method execute.
@Override
public void execute() {
// check if a german identity card is inserted, if not wait for it
ConnectionHandleType cHandle = waitForCardType(GERMAN_IDENTITY_CARD);
if (cHandle == null) {
LOG.debug("User cancelled card insertion.");
return;
}
cHandle = connectToRootApplication(cHandle);
RecognizedState pinState = recognizeState(cHandle);
boolean nativePace;
try {
nativePace = genericPACESupport(cHandle);
} catch (WSException e) {
LOG.error("Could not get capabilities from reader.");
return;
}
ChangePINDialog uc = new ChangePINDialog(gui, dispatcher, cHandle, pinState, !nativePace);
uc.show();
Disconnect d = new Disconnect();
d.setSlotHandle(cHandle.getSlotHandle());
dispatcher.safeDeliver(d);
}
Aggregations