Search in sources :

Example 1 with UserConsentDescription

use of org.openecard.gui.definition.UserConsentDescription in project open-ecard by ecsec.

the class AbstractTerminal method pinUserConsent.

private UserConsentDescription pinUserConsent(String title, int minLength, int maxLength) {
    UserConsentDescription uc = new UserConsentDescription(LANG.translationForKey(title), "pin_entry_dialog");
    // create step
    Step s = new Step("enter-pin", LANG.translationForKey("action.changepin.userconsent.pinstep.title"));
    uc.getSteps().add(s);
    // add text instructing user
    // add text instructing user
    Text i1 = new Text();
    s.getInputInfoUnits().add(i1);
    i1.setText(LANG.translationForKey("action.pinentry.userconsent.pinstep.enter_pin"));
    PasswordField i2 = new PasswordField("pin");
    s.getInputInfoUnits().add(i2);
    i2.setDescription("PIN");
    i2.setMinLength(minLength);
    i2.setMaxLength(maxLength);
    return uc;
}
Also used : UserConsentDescription(org.openecard.gui.definition.UserConsentDescription) Text(org.openecard.gui.definition.Text) Step(org.openecard.gui.definition.Step) PasswordField(org.openecard.gui.definition.PasswordField)

Example 2 with UserConsentDescription

use of org.openecard.gui.definition.UserConsentDescription in project open-ecard by ecsec.

the class AbstractTerminal method verifyUser.

public VerifyUserResponse verifyUser(VerifyUser verify) throws SCIOException, IFDException {
    byte[] handle = verify.getSlotHandle();
    // get capabilities
    getCapabilities();
    // check if is possible to perform PinCompare protocol
    List<String> protoList = this.capabilities.getSlotCapability().get(0).getProtocol();
    if (!protoList.contains(ECardConstants.Protocol.PIN_COMPARE)) {
        throw new IFDException("PinCompare protocol is not supported by this IFD.");
    }
    // get values from requested command
    InputUnitType inputUnit = verify.getInputUnit();
    AltVUMessagesType allMsgs = getMessagesOrDefaults(verify.getAltVUMessages());
    BigInteger firstTimeout = verify.getTimeoutUntilFirstKey();
    firstTimeout = (firstTimeout == null) ? BigInteger.valueOf(60000) : firstTimeout;
    BigInteger otherTimeout = verify.getTimeoutAfterFirstKey();
    otherTimeout = (otherTimeout == null) ? BigInteger.valueOf(15000) : otherTimeout;
    final byte[] template = verify.getTemplate();
    VerifyUserResponse response;
    Result result;
    // check which type of authentication to perform
    if (inputUnit.getBiometricInput() != null) {
        // TODO: implement
        String msg = "Biometric authentication not supported by IFD.";
        IFDException ex = new IFDException(ECardConstants.Minor.IFD.IO.UNKNOWN_INPUT_UNIT, msg);
        LOG.warn(ex.getMessage(), ex);
        throw ex;
    } else if (inputUnit.getPinInput() != null) {
        final PinInputType pinInput = inputUnit.getPinInput();
        // we have a sophisticated card reader
        if (terminalInfo.supportsPinCompare()) {
            // create custom pinAction to submit pin to terminal
            NativePinStepAction pinAction = new NativePinStepAction("enter-pin", pinInput, channel, terminalInfo, template);
            // display message instructing user what to do
            UserConsentDescription uc = pinUserConsent("action.changepin.userconsent.pinstep.title", pinAction);
            UserConsentNavigator ucr = gui.obtainNavigator(uc);
            ExecutionEngine exec = new ExecutionEngine(ucr);
            // run gui
            ResultStatus status = exec.process();
            if (status == ResultStatus.CANCEL) {
                String msg = "PIN entry cancelled by user.";
                LOG.warn(msg);
                result = WSHelper.makeResultError(ECardConstants.Minor.IFD.CANCELLATION_BY_USER, msg);
                response = WSHelper.makeResponse(VerifyUserResponse.class, result);
            } else if (pinAction.exception != null) {
                LOG.warn(pinAction.exception.getMessage(), pinAction.exception);
                result = WSHelper.makeResultError(ECardConstants.Minor.IFD.AUTHENTICATION_FAILED, pinAction.exception.getMessage());
                response = WSHelper.makeResponse(VerifyUserResponse.class, result);
            } else {
                // input by user
                byte[] verifyResponse = pinAction.response;
                // evaluate result
                result = checkNativePinVerify(verifyResponse);
                response = WSHelper.makeResponse(VerifyUserResponse.class, result);
                response.setResponse(verifyResponse);
            }
            return response;
        } else if (isVirtual()) {
            // software method
            // get pin, encode and send
            int minLength = pinInput.getPasswordAttributes().getMinLength().intValue();
            int maxLength = pinInput.getPasswordAttributes().getMaxLength().intValue();
            UserConsentDescription uc = pinUserConsent("action.changepin.userconsent.pinstep.title", minLength, maxLength);
            UserConsentNavigator ucr = gui.obtainNavigator(uc);
            ExecutionEngine exec = new ExecutionEngine(ucr);
            ResultStatus status = exec.process();
            if (status == ResultStatus.CANCEL) {
                String msg = "PIN entry cancelled by user.";
                LOG.warn(msg);
                result = WSHelper.makeResultError(ECardConstants.Minor.IFD.CANCELLATION_BY_USER, msg);
                response = WSHelper.makeResponse(VerifyUserResponse.class, result);
                return response;
            }
            char[] rawPIN = getPinFromUserConsent(exec);
            PasswordAttributesType attributes = pinInput.getPasswordAttributes();
            Transmit verifyTransmit;
            try {
                verifyTransmit = PINUtils.buildVerifyTransmit(rawPIN, attributes, template, handle);
            } catch (UtilException e) {
                String msg = "Failed to create the verifyTransmit message.";
                LOG.error(msg, e);
                result = WSHelper.makeResultError(ECardConstants.Minor.IFD.UNKNOWN_ERROR, msg);
                response = WSHelper.makeResponse(VerifyUserResponse.class, result);
                return response;
            } finally {
                Arrays.fill(rawPIN, ' ');
            }
            // send to reader
            TransmitResponse transResp;
            try {
                transResp = ifd.transmit(verifyTransmit);
            } finally {
                // blank PIN APDU
                for (InputAPDUInfoType apdu : verifyTransmit.getInputAPDUInfo()) {
                    byte[] rawApdu = apdu.getInputAPDU();
                    if (rawApdu != null) {
                        Arrays.fill(rawApdu, (byte) 0);
                    }
                }
            }
            // produce messages
            if (transResp.getResult().getResultMajor().equals(ECardConstants.Major.ERROR)) {
                if (transResp.getOutputAPDU().isEmpty()) {
                    result = WSHelper.makeResultError(ECardConstants.Minor.IFD.AUTHENTICATION_FAILED, transResp.getResult().getResultMessage().getValue());
                    response = WSHelper.makeResponse(VerifyUserResponse.class, result);
                    return response;
                } else {
                    response = WSHelper.makeResponse(VerifyUserResponse.class, transResp.getResult());
                    response.setResponse(transResp.getOutputAPDU().get(0));
                    // TODO: move this code to the PIN Compare protocol
                    if (response.getResponse() != null) {
                        CardResponseAPDU resApdu = new CardResponseAPDU(response.getResponse());
                        byte[] statusBytes = resApdu.getStatusBytes();
                        boolean isMainStatus = statusBytes[0] == (byte) 0x63;
                        boolean isMinorStatus = (statusBytes[1] & (byte) 0xF0) == (byte) 0xC0;
                        int triesLeft = statusBytes[1] & 0x0F;
                        if (isMainStatus && isMinorStatus && triesLeft > 0) {
                            LOG.info("PIN not entered successful. There are {} tries left.", statusBytes[1] & 0x0F);
                            return verifyUser(verify);
                        }
                    }
                    return response;
                }
            } else {
                response = WSHelper.makeResponse(VerifyUserResponse.class, transResp.getResult());
                response.setResponse(transResp.getOutputAPDU().get(0));
                return response;
            }
        } else {
            IFDException ex = new IFDException("No input unit available to perform PinCompare protocol.");
            LOG.warn(ex.getMessage(), ex);
            throw ex;
        }
    } else {
        String msg = "Unsupported authentication input method requested.";
        IFDException ex = new IFDException(ECardConstants.Minor.IFD.IO.UNKNOWN_INPUT_UNIT, msg);
        LOG.warn(ex.getMessage(), ex);
        throw ex;
    }
}
Also used : Transmit(iso.std.iso_iec._24727.tech.schema.Transmit) PasswordAttributesType(iso.std.iso_iec._24727.tech.schema.PasswordAttributesType) ResultStatus(org.openecard.gui.ResultStatus) AltVUMessagesType(iso.std.iso_iec._24727.tech.schema.AltVUMessagesType) VerifyUserResponse(iso.std.iso_iec._24727.tech.schema.VerifyUserResponse) UtilException(org.openecard.common.util.UtilException) InputAPDUInfoType(iso.std.iso_iec._24727.tech.schema.InputAPDUInfoType) UserConsentNavigator(org.openecard.gui.UserConsentNavigator) Result(oasis.names.tc.dss._1_0.core.schema.Result) InputUnitType(iso.std.iso_iec._24727.tech.schema.InputUnitType) ExecutionEngine(org.openecard.gui.executor.ExecutionEngine) UserConsentDescription(org.openecard.gui.definition.UserConsentDescription) BigInteger(java.math.BigInteger) TransmitResponse(iso.std.iso_iec._24727.tech.schema.TransmitResponse) CardResponseAPDU(org.openecard.common.apdu.common.CardResponseAPDU) PinInputType(iso.std.iso_iec._24727.tech.schema.PinInputType)

Example 3 with UserConsentDescription

use of org.openecard.gui.definition.UserConsentDescription in project open-ecard by ecsec.

the class RunGUI method setUp.

@BeforeTest
public void setUp() throws Exception {
    uc = new UserConsentDescription("Identitätsnachweis");
    uc.getSteps().add(identityCheckStep());
    uc.getSteps().add(providerInfoStep());
    Step requestedDataStep = requestedDataStep();
    uc.getSteps().add(requestedDataStep);
    uc.getSteps().add(pinInputStep(requestedDataStep));
    uc.getSteps().add(checkDataStep());
    GUIDefaults.initialize();
}
Also used : UserConsentDescription(org.openecard.gui.definition.UserConsentDescription) Step(org.openecard.gui.definition.Step) BeforeTest(org.testng.annotations.BeforeTest)

Example 4 with UserConsentDescription

use of org.openecard.gui.definition.UserConsentDescription in project open-ecard by ecsec.

the class PinEntryDialog method createUserConsentDescription.

private UserConsentDescription createUserConsentDescription() throws CryptokiException {
    String title = LANG.translationForKey("action.changepin.userconsent.pinstep.title");
    UserConsentDescription uc = new UserConsentDescription(title, "pin_entry_dialog");
    pinStep = new PinEntryStep(protectedAuthPath, pinMarker, session);
    uc.getSteps().add(pinStep);
    return uc;
}
Also used : UserConsentDescription(org.openecard.gui.definition.UserConsentDescription)

Example 5 with UserConsentDescription

use of org.openecard.gui.definition.UserConsentDescription in project open-ecard by ecsec.

the class PACEUserConsent method show.

/**
 * Shows the user consent.
 *
 * @param content GUI content
 */
public void show(GUIContentMap content) {
    final UserConsentDescription uc = new UserConsentDescription(lang.translationForKey(USER_CONSENT));
    final PINStep pinStep = new PINStep(content);
    uc.getSteps().add(pinStep.getStep());
    UserConsentNavigator navigator = gui.obtainNavigator(uc);
    ExecutionEngine exec = new ExecutionEngine(navigator);
    exec.process();
    pinStep.processResult(exec.getResults());
}
Also used : ExecutionEngine(org.openecard.gui.executor.ExecutionEngine) PINStep(org.openecard.ifd.protocol.pace.gui.PINStep) UserConsentDescription(org.openecard.gui.definition.UserConsentDescription) UserConsentNavigator(org.openecard.gui.UserConsentNavigator)

Aggregations

UserConsentDescription (org.openecard.gui.definition.UserConsentDescription)18 Step (org.openecard.gui.definition.Step)8 Text (org.openecard.gui.definition.Text)7 ExecutionEngine (org.openecard.gui.executor.ExecutionEngine)6 UserConsentNavigator (org.openecard.gui.UserConsentNavigator)4 ResultStatus (org.openecard.gui.ResultStatus)3 ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)2 InputAPDUInfoType (iso.std.iso_iec._24727.tech.schema.InputAPDUInfoType)2 Transmit (iso.std.iso_iec._24727.tech.schema.Transmit)2 TransmitResponse (iso.std.iso_iec._24727.tech.schema.TransmitResponse)2 Result (oasis.names.tc.dss._1_0.core.schema.Result)2 CardResponseAPDU (org.openecard.common.apdu.common.CardResponseAPDU)2 UserConsent (org.openecard.gui.UserConsent)2 Test (org.testng.annotations.Test)2 AltVUMessagesType (iso.std.iso_iec._24727.tech.schema.AltVUMessagesType)1 DIDAuthenticate (iso.std.iso_iec._24727.tech.schema.DIDAuthenticate)1 DIDAuthenticateResponse (iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse)1 DIDAuthenticationDataType (iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType)1 InputUnitType (iso.std.iso_iec._24727.tech.schema.InputUnitType)1 PasswordAttributesType (iso.std.iso_iec._24727.tech.schema.PasswordAttributesType)1