Search in sources :

Example 11 with WSException

use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.

the class CANStepAction method perform.

@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
    if (result.isBack()) {
        return new StepActionResult(StepActionResultStatus.BACK);
    }
    if (!state.equals(RecognizedState.PIN_suspended)) {
        return new StepActionResult(StepActionResultStatus.NEXT);
    }
    DIDAuthenticationDataType paceInput = new DIDAuthenticationDataType();
    paceInput.setProtocol(ECardConstants.Protocol.PACE);
    AuthDataMap tmp;
    try {
        tmp = new AuthDataMap(paceInput);
    } catch (ParserConfigurationException ex) {
        LOG.error("Failed to read empty Protocol data.", ex);
        return new StepActionResult(StepActionResultStatus.CANCEL);
    }
    AuthDataResponse paceInputMap = tmp.createResponse(paceInput);
    if (capturePin) {
        ExecutionResults executionResults = oldResults.get(getStepID());
        if (!verifyUserInput(executionResults)) {
            // let the user enter the can again, when input verification failed
            return new StepActionResult(StepActionResultStatus.REPEAT, createReplacementStep(false, true));
        } else {
            paceInputMap.addElement(PACEInputType.PIN, can);
        }
    }
    paceInputMap.addElement(PACEInputType.PIN_ID, PIN_ID_CAN);
    // perform PACE by EstablishChannelCommand
    EstablishChannel establishChannel = new EstablishChannel();
    establishChannel.setSlotHandle(conHandle.getSlotHandle());
    establishChannel.setAuthenticationProtocolData(paceInputMap.getResponse());
    establishChannel.getAuthenticationProtocolData().setProtocol(ECardConstants.Protocol.PACE);
    try {
        EstablishChannelResponse ecr = (EstablishChannelResponse) dispatcher.safeDeliver(establishChannel);
        WSHelper.checkResult(ecr);
        // pace was successfully performed, so get to the next step
        String title = lang.translationForKey(PINSTEP_TITLE);
        int retryCounter = 1;
        Step replacementStep = new ChangePINStep("pin-entry", title, capturePin, retryCounter, false, false);
        StepAction pinAction = new PINStepAction(capturePin, conHandle, dispatcher, replacementStep, retryCounter);
        replacementStep.setAction(pinAction);
        return new StepActionResult(StepActionResultStatus.NEXT, replacementStep);
    } catch (WSException ex) {
        LOG.info("Wrong CAN entered, trying again");
        return new StepActionResult(StepActionResultStatus.REPEAT, createReplacementStep(true, false));
    }
}
Also used : ExecutionResults(org.openecard.gui.executor.ExecutionResults) EstablishChannelResponse(iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse) DIDAuthenticationDataType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType) Step(org.openecard.gui.definition.Step) StepActionResult(org.openecard.gui.executor.StepActionResult) EstablishChannel(iso.std.iso_iec._24727.tech.schema.EstablishChannel) StepAction(org.openecard.gui.executor.StepAction) AuthDataMap(org.openecard.common.anytype.AuthDataMap) WSException(org.openecard.common.WSHelper.WSException) AuthDataResponse(org.openecard.common.anytype.AuthDataResponse) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)

Example 12 with WSException

use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.

the class PINStepAction method perform.

@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
    if (result.isBack()) {
        return new StepActionResult(StepActionResultStatus.BACK);
    }
    DIDAuthenticationDataType paceInput = new DIDAuthenticationDataType();
    paceInput.setProtocol(ECardConstants.Protocol.PACE);
    AuthDataMap tmp;
    try {
        tmp = new AuthDataMap(paceInput);
    } catch (ParserConfigurationException ex) {
        LOG.error("Failed to read empty Protocol data.", ex);
        return new StepActionResult(StepActionResultStatus.CANCEL);
    }
    AuthDataResponse paceInputMap = tmp.createResponse(paceInput);
    if (capturePin) {
        ExecutionResults executionResults = oldResults.get(getStepID());
        if (!verifyUserInput(executionResults)) {
            // let the user enter the pin again, when input verification failed
            return new StepActionResult(StepActionResultStatus.REPEAT, createPINReplacementStep(false, true));
        } else {
            paceInputMap.addElement(PACEInputType.PIN, oldPIN);
        }
    }
    paceInputMap.addElement(PACEInputType.PIN_ID, PIN_ID_PIN);
    // perform PACE by EstablishChannel
    EstablishChannel establishChannel = new EstablishChannel();
    establishChannel.setSlotHandle(conHandle.getSlotHandle());
    establishChannel.setAuthenticationProtocolData(paceInputMap.getResponse());
    establishChannel.getAuthenticationProtocolData().setProtocol(ECardConstants.Protocol.PACE);
    try {
        EstablishChannelResponse establishChannelResponse = (EstablishChannelResponse) dispatcher.safeDeliver(establishChannel);
        WSHelper.checkResult(establishChannelResponse);
        // PACE completed successfully, we now modify the pin
        if (capturePin) {
            sendResetRetryCounter();
        } else {
            sendModifyPIN();
        }
        // PIN modified successfully, proceed with next step
        return new StepActionResult(StepActionResultStatus.NEXT);
    } catch (WSException ex) {
        if (capturePin) {
            retryCounter--;
            LOG.info("Wrong PIN entered, trying again (remaining tries {}).", retryCounter);
            if (retryCounter == 1) {
                Step replacementStep = createCANReplacementStep();
                return new StepActionResult(StepActionResultStatus.BACK, replacementStep);
            } else {
                Step replacementStep = createPINReplacementStep(true, false);
                return new StepActionResult(StepActionResultStatus.REPEAT, replacementStep);
            }
        } else {
            LOG.warn("PIN not entered successfully in terminal.");
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (APDUException ex) {
        LOG.error("Failed to transmit Reset Retry Counter APDU.", ex);
        return new StepActionResult(StepActionResultStatus.CANCEL);
    } catch (IllegalArgumentException ex) {
        LOG.error("Failed to transmit Reset Retry Counter APDU.", ex);
        return new StepActionResult(StepActionResultStatus.CANCEL);
    } catch (IFDException ex) {
        LOG.error("Failed to transmit Reset Retry Counter APDU.", ex);
        return new StepActionResult(StepActionResultStatus.CANCEL);
    }
}
Also used : APDUException(org.openecard.common.apdu.exception.APDUException) ExecutionResults(org.openecard.gui.executor.ExecutionResults) EstablishChannelResponse(iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse) DIDAuthenticationDataType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType) Step(org.openecard.gui.definition.Step) StepActionResult(org.openecard.gui.executor.StepActionResult) EstablishChannel(iso.std.iso_iec._24727.tech.schema.EstablishChannel) AuthDataMap(org.openecard.common.anytype.AuthDataMap) WSException(org.openecard.common.WSHelper.WSException) AuthDataResponse(org.openecard.common.anytype.AuthDataResponse) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) IFDException(org.openecard.ifd.scio.IFDException)

Example 13 with WSException

use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.

the class PUKStepAction method perform.

@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
    if (result.isBack()) {
        return new StepActionResult(StepActionResultStatus.BACK);
    }
    DIDAuthenticationDataType paceInput = new DIDAuthenticationDataType();
    paceInput.setProtocol(ECardConstants.Protocol.PACE);
    AuthDataMap tmp;
    try {
        tmp = new AuthDataMap(paceInput);
    } catch (ParserConfigurationException ex) {
        LOG.error("Failed to read empty Protocol data.", ex);
        return new StepActionResult(StepActionResultStatus.CANCEL);
    }
    AuthDataResponse paceInputMap = tmp.createResponse(paceInput);
    if (capturePin) {
        ExecutionResults executionResults = oldResults.get(getStepID());
        if (!verifyUserInput(executionResults)) {
            // TODO inform user that something with his input is wrong
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } else {
            paceInputMap.addElement(PACEInputType.PIN, puk);
        }
    }
    paceInputMap.addElement(PACEInputType.PIN_ID, PIN_ID_PUK);
    // perform PACE by sending an EstablishChannel
    EstablishChannel establishChannel = new EstablishChannel();
    establishChannel.setSlotHandle(slotHandle);
    establishChannel.setAuthenticationProtocolData(paceInputMap.getResponse());
    establishChannel.getAuthenticationProtocolData().setProtocol(ECardConstants.Protocol.PACE);
    try {
        EstablishChannelResponse establishChannelResponse = (EstablishChannelResponse) dispatcher.safeDeliver(establishChannel);
        WSHelper.checkResult(establishChannelResponse);
        // pace was successfully performed, so get to the next step
        return new StepActionResult(StepActionResultStatus.NEXT);
    } catch (WSException ex) {
        LOG.info("Wrong PUK entered, trying again");
        // TODO update the step to inform the user that he entered the puk wrong
        return new StepActionResult(StepActionResultStatus.REPEAT);
    } finally {
        DestroyChannel destroyChannel = new DestroyChannel();
        destroyChannel.setSlotHandle(slotHandle);
        dispatcher.safeDeliver(destroyChannel);
    }
}
Also used : EstablishChannel(iso.std.iso_iec._24727.tech.schema.EstablishChannel) DestroyChannel(iso.std.iso_iec._24727.tech.schema.DestroyChannel) AuthDataMap(org.openecard.common.anytype.AuthDataMap) ExecutionResults(org.openecard.gui.executor.ExecutionResults) EstablishChannelResponse(iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse) DIDAuthenticationDataType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType) WSException(org.openecard.common.WSHelper.WSException) AuthDataResponse(org.openecard.common.anytype.AuthDataResponse) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) StepActionResult(org.openecard.gui.executor.StepActionResult)

Example 14 with WSException

use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.

the class TCTokenHandler method handleActivate.

/**
 * Activates the client according to the received TCToken.
 *
 * @param request The activation request containing the TCToken.
 * @return The response containing the result of the activation process.
 * @throws InvalidRedirectUrlException Thrown in case no redirect URL could be determined.
 * @throws SecurityViolationException
 * @throws NonGuiException
 */
public TCTokenResponse handleActivate(TCTokenRequest request) throws InvalidRedirectUrlException, SecurityViolationException, NonGuiException {
    TCToken token = request.getTCToken();
    if (LOG.isDebugEnabled()) {
        try {
            WSMarshaller m = WSMarshallerFactory.createInstance();
            LOG.debug("TCToken:\n{}", m.doc2str(m.marshal(token)));
        } catch (TransformerException | WSMarshallerException ex) {
        // it's no use
        }
    }
    final DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
    boolean performChecks = isPerformTR03112Checks(request);
    if (!performChecks) {
        LOG.warn("Checks according to BSI TR03112 3.4.2, 3.4.4 (TCToken specific) and 3.4.5 are disabled.");
    }
    boolean isObjectActivation = request.getTCTokenURL() == null;
    if (isObjectActivation) {
        LOG.warn("Checks according to BSI TR03112 3.4.4 (TCToken specific) are disabled.");
    }
    dynCtx.put(TR03112Keys.TCTOKEN_CHECKS, performChecks);
    dynCtx.put(TR03112Keys.OBJECT_ACTIVATION, isObjectActivation);
    dynCtx.put(TR03112Keys.TCTOKEN_SERVER_CERTIFICATES, request.getCertificates());
    ConnectionHandleType connectionHandle = null;
    TCTokenResponse response = new TCTokenResponse();
    response.setTCToken(token);
    byte[] requestedContextHandle = request.getContextHandle();
    String ifdName = request.getIFDName();
    BigInteger requestedSlotIndex = request.getSlotIndex();
    // we know exactly which card we want
    ConnectionHandleType requestedHandle = new ConnectionHandleType();
    requestedHandle.setContextHandle(requestedContextHandle);
    requestedHandle.setIFDName(ifdName);
    requestedHandle.setSlotIndex(requestedSlotIndex);
    Set<CardStateEntry> matchingHandles = cardStates.getMatchingEntries(requestedHandle);
    if (!matchingHandles.isEmpty()) {
        connectionHandle = matchingHandles.toArray(new CardStateEntry[] {})[0].handleCopy();
    }
    if (connectionHandle == null) {
        String msg = LANG_TOKEN.translationForKey("cancel");
        LOG.error(msg);
        response.setResult(WSHelper.makeResultError(ResultMinor.CANCELLATION_BY_USER, msg));
        // fill in values, so it is usuable by the transport module
        response = determineRefreshURL(request, response);
        response.finishResponse(true);
        return response;
    }
    try {
        // process binding and follow redirect addresses afterwards
        response = processBinding(request, connectionHandle);
        // fill in values, so it is usuable by the transport module
        response = determineRefreshURL(request, response);
        response.finishResponse(isObjectActivation);
        return response;
    } catch (DispatcherException w) {
        LOG.error(w.getMessage(), w);
        response.setResultCode(BindingResultCode.INTERNAL_ERROR);
        response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, w.getMessage()));
        showErrorMessage(w.getMessage());
        throw new NonGuiException(response, w.getMessage(), w);
    } catch (PAOSException w) {
        LOG.error(w.getMessage(), w);
        // find actual error to display to the user
        Throwable innerException = w.getCause();
        if (innerException == null) {
            innerException = w;
        } else if (innerException instanceof ExecutionException) {
            innerException = innerException.getCause();
        }
        String errorMsg = innerException.getLocalizedMessage();
        // fix NPE when null is returned instead of a message
        errorMsg = errorMsg == null ? "" : errorMsg;
        switch(errorMsg) {
            case "The target server failed to respond":
                errorMsg = LANG_TR.translationForKey(NO_RESPONSE_FROM_SERVER);
                break;
            case ECardConstants.Minor.App.INT_ERROR + " ==> Unknown eCard exception occurred.":
                errorMsg = LANG_TR.translationForKey(UNKNOWN_ECARD_ERROR);
                break;
            case "Internal TLS error, this could be an attack":
                errorMsg = LANG_TR.translationForKey(INTERNAL_TLS_ERROR);
                break;
        }
        if (innerException instanceof WSException) {
            WSException ex = (WSException) innerException;
            errorMsg = createResponseFromWsEx(ex, response);
        } else if (innerException instanceof PAOSConnectionException) {
            response.setResult(WSHelper.makeResultError(ResultMinor.TRUSTED_CHANNEL_ESTABLISCHMENT_FAILED, w.getLocalizedMessage()));
        } else {
            errorMsg = createMessageFromUnknownError(w);
            response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, w.getMessage()));
        }
        showErrorMessage(errorMsg);
        try {
            // fill in values, so it is usuable by the transport module
            response = determineRefreshURL(request, response);
            response.finishResponse(true);
        } catch (InvalidRedirectUrlException ex) {
            LOG.error(ex.getMessage(), ex);
            response.setResultCode(BindingResultCode.INTERNAL_ERROR);
            response.setResult(WSHelper.makeResultError(ResultMinor.CLIENT_ERROR, ex.getLocalizedMessage()));
            throw new NonGuiException(response, ex.getMessage(), ex);
        } catch (SecurityViolationException ex) {
            String msg2 = "The RefreshAddress contained in the TCToken is invalid. Redirecting to the " + "CommunicationErrorAddress.";
            LOG.error(msg2, ex);
            response.setResultCode(BindingResultCode.REDIRECT);
            response.setResult(WSHelper.makeResultError(ResultMinor.COMMUNICATION_ERROR, msg2));
            response.addAuxResultData(AuxDataKeys.REDIRECT_LOCATION, ex.getBindingResult().getAuxResultData().get(AuxDataKeys.REDIRECT_LOCATION));
        }
        return response;
    }
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) InvalidRedirectUrlException(org.openecard.binding.tctoken.ex.InvalidRedirectUrlException) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) WSMarshallerException(org.openecard.ws.marshal.WSMarshallerException) SecurityViolationException(org.openecard.binding.tctoken.ex.SecurityViolationException) WSMarshaller(org.openecard.ws.marshal.WSMarshaller) DispatcherException(org.openecard.common.interfaces.DispatcherException) PAOSException(org.openecard.transport.paos.PAOSException) PAOSConnectionException(org.openecard.transport.paos.PAOSConnectionException) BigInteger(java.math.BigInteger) WSException(org.openecard.common.WSHelper.WSException) NonGuiException(org.openecard.binding.tctoken.ex.NonGuiException) ExecutionException(java.util.concurrent.ExecutionException) TransformerException(javax.xml.transform.TransformerException) DynamicContext(org.openecard.common.DynamicContext)

Example 15 with WSException

use of org.openecard.common.WSHelper.WSException in project open-ecard by ecsec.

the class ChangePINAction method execute.

@Override
public void execute() {
    // check if a german identity card is inserted, if not wait for it
    ConnectionHandleType cHandle = waitForCardType(GERMAN_IDENTITY_CARD);
    if (cHandle == null) {
        LOG.debug("User cancelled card insertion.");
        return;
    }
    cHandle = connectToRootApplication(cHandle);
    RecognizedState pinState = recognizeState(cHandle);
    boolean nativePace;
    try {
        nativePace = genericPACESupport(cHandle);
    } catch (WSException e) {
        LOG.error("Could not get capabilities from reader.");
        return;
    }
    ChangePINDialog uc = new ChangePINDialog(gui, dispatcher, cHandle, pinState, !nativePace);
    uc.show();
    Disconnect d = new Disconnect();
    d.setSlotHandle(cHandle.getSlotHandle());
    dispatcher.safeDeliver(d);
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) ChangePINDialog(org.openecard.plugins.pinplugin.gui.ChangePINDialog) Disconnect(iso.std.iso_iec._24727.tech.schema.Disconnect) WSException(org.openecard.common.WSHelper.WSException)

Aggregations

WSException (org.openecard.common.WSHelper.WSException)16 ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)5 EstablishChannelResponse (iso.std.iso_iec._24727.tech.schema.EstablishChannelResponse)4 StepActionResult (org.openecard.gui.executor.StepActionResult)4 DIDAuthenticationDataType (iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType)3 Disconnect (iso.std.iso_iec._24727.tech.schema.Disconnect)3 EstablishChannel (iso.std.iso_iec._24727.tech.schema.EstablishChannel)3 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)3 AuthDataMap (org.openecard.common.anytype.AuthDataMap)3 AuthDataResponse (org.openecard.common.anytype.AuthDataResponse)3 DispatcherException (org.openecard.common.interfaces.DispatcherException)3 ExecutionResults (org.openecard.gui.executor.ExecutionResults)3 IOException (java.io.IOException)2 ArrayList (java.util.ArrayList)2 TransformerException (javax.xml.transform.TransformerException)2 APDUException (org.openecard.common.apdu.exception.APDUException)2 Step (org.openecard.gui.definition.Step)2 CardApplicationConnect (iso.std.iso_iec._24727.tech.schema.CardApplicationConnect)1 CardApplicationConnectResponse (iso.std.iso_iec._24727.tech.schema.CardApplicationConnectResponse)1 CardApplicationDisconnect (iso.std.iso_iec._24727.tech.schema.CardApplicationDisconnect)1