Examples with MSESetATPACE - org.openecard.ifd.protocol.pace.apdu.MSESetATPACE

Example 1 with MSESetATPACE

use of org.openecard.ifd.protocol.pace.apdu.MSESetATPACE in project open-ecard by ecsec.

the class PACEImplementation method mseSetAT.

/**
 * Initialize Chip Authentication. Sends an MSE:Set AT APDU. (S
 * Step 1: Initialise PACE.
 * See BSI-TR-03110, version 2.10, part 3, B.11.1.
 */
private void mseSetAT(byte passwordID, byte[] chat) throws Exception {
    byte[] oID = ObjectIdentifierUtils.getValue(psip.getPACEInfo().getProtocol());
    CardCommandAPDU mseSetAT = new MSESetATPACE(oID, passwordID, psip.getPACEInfo().getParameterID(), chat);
    try {
        response = mseSetAT.transmit(dispatcher, slotHandle);
        // Continue with step 2
        generalAuthenticateEncryptedNonce();
    } catch (APDUException e) {
        if (e.getResponseAPDU() == null) {
            if (e.getCause() instanceof Exception) {
                throw (Exception) e.getCause();
            } else {
                throw new ProtocolException(ECardConstants.Minor.IFD.UNKNOWN_ERROR, e.getMessage());
            }
        }
        LOG.error(e.getMessage(), e);
        short sw = e.getResponseAPDU().getSW();
        if (sw == PACEConstants.PASSWORD_DEACTIVATED) {
            // Password is deactivated
            throw new ProtocolException(ECardConstants.Minor.IFD.PASSWORD_DEACTIVATED);
        } else if ((sw & (short) 0xFFF0) == (short) 0x63C0) {
            retryCounter = (byte) (sw & (short) 0x000F);
            if (retryCounter == (byte) 0x00) {
                // The password is blocked
                LOG.warn("The password is blocked. The password MUST be unblocked.");
                if (passwordID == PACEConstants.PASSWORD_PUK) {
                    generalAuthenticateEncryptedNonce();
                } else {
                    throw new ProtocolException(ECardConstants.Minor.IFD.PASSWORD_BLOCKED, "The password is blocked. The password MUST be unblocked.");
                }
            } else if (retryCounter == (byte) 0x01) {
                // The password is suspended
                LOG.warn("The password is suspended. The password MUST be resumed.");
                // TODO check for an existing SM-Channel with the CAN
                // if (mseSetAT.isSecureMessaging()) {
                generalAuthenticateEncryptedNonce();
            /*} else {
			throw new ProtocolException(
				ECardConstants.Minor.IFD.PASSWORD_SUSPENDED,
				"The password is suspended. The password MUST be resumed.");
		    }*/
            } else if (retryCounter == (byte) 0x02) {
                // The password is suspended
                LOG.warn("The password is wrong.");
                generalAuthenticateEncryptedNonce();
            }
        }
    } catch (ProtocolException e) {
        LOG.error(e.getMessage(), e);
        throw e;
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throw new ProtocolException(ECardConstants.Minor.IFD.UNKNOWN_ERROR, e.getMessage());
    }
}

Also used : CardCommandAPDU(org.openecard.common.apdu.common.CardCommandAPDU) MSESetATPACE(org.openecard.ifd.protocol.pace.apdu.MSESetATPACE) ProtocolException(org.openecard.common.ifd.protocol.exception.ProtocolException) APDUException(org.openecard.common.apdu.exception.APDUException) APDUException(org.openecard.common.apdu.exception.APDUException) GeneralSecurityException(java.security.GeneralSecurityException) ProtocolException(org.openecard.common.ifd.protocol.exception.ProtocolException)

Aggregations

GeneralSecurityException (java.security.GeneralSecurityException)1 CardCommandAPDU (org.openecard.common.apdu.common.CardCommandAPDU)1 APDUException (org.openecard.common.apdu.exception.APDUException)1 ProtocolException (org.openecard.common.ifd.protocol.exception.ProtocolException)1 MSESetATPACE (org.openecard.ifd.protocol.pace.apdu.MSESetATPACE)1