Search in sources :

Example 6 with CryptokiException

use of org.openecard.mdlw.sal.exceptions.CryptokiException in project open-ecard by ecsec.

the class CIFCreator method createPinDID.

private DIDInfoType createPinDID() throws WSMarshallerException {
    LOG.debug("Creating PinCompare DID object.");
    DIDInfoType di = new DIDInfoType();
    // create differential identity
    DifferentialIdentityType did = new DifferentialIdentityType();
    di.setDifferentialIdentity(did);
    String didName = PIN_NAME;
    did.setDIDName(didName);
    did.setDIDProtocol("urn:oid:1.3.162.15480.3.0.9");
    did.setDIDScope(DIDScopeType.GLOBAL);
    // create pin compare marker
    PinMarkerBuilder markerBuilder = new PinMarkerBuilder();
    KeyRefType kr = new KeyRefType();
    // value is irrelevant
    kr.setKeyRef(new byte[] { 0x01 });
    markerBuilder.setPinRef(kr);
    try {
        PasswordAttributesType pw = new PasswordAttributesType();
        MwToken tok = session.getSlot().getTokenInfo();
        long minPinLen = tok.getUlMinPinLen();
        long maxPinLen = tok.getUlMinPinLen();
        pw.setMinLength(BigInteger.valueOf(minPinLen));
        pw.setMaxLength(BigInteger.valueOf(maxPinLen));
        markerBuilder.setPwAttributes(pw);
    } catch (CryptokiException | NullPointerException ex) {
        LOG.warn("Unable to read min and max PIN length from middleware.");
    }
    // wrap pin compare marker and add to parent
    PinCompareMarkerType marker = markerBuilder.build();
    DIDMarkerType markerWrapper = new DIDMarkerType();
    markerWrapper.setPinCompareMarker(marker);
    did.setDIDMarker(markerWrapper);
    // create acl
    AccessControlListType acl = new AccessControlListType();
    di.setDIDACL(acl);
    List<AccessRuleType> rules = acl.getAccessRule();
    rules.add(createRuleTrue(AuthorizationServiceActionName.ACL_LIST));
    rules.add(createRuleTrue(DifferentialIdentityServiceActionName.DID_LIST));
    rules.add(createRuleTrue(DifferentialIdentityServiceActionName.DID_GET));
    rules.add(createRuleTrue(DifferentialIdentityServiceActionName.DID_AUTHENTICATE));
    return di;
}
Also used : KeyRefType(iso.std.iso_iec._24727.tech.schema.KeyRefType) PasswordAttributesType(iso.std.iso_iec._24727.tech.schema.PasswordAttributesType) AccessControlListType(iso.std.iso_iec._24727.tech.schema.AccessControlListType) PinMarkerBuilder(org.openecard.mdlw.sal.didfactory.PinMarkerBuilder) DIDMarkerType(iso.std.iso_iec._24727.tech.schema.DIDMarkerType) DifferentialIdentityType(iso.std.iso_iec._24727.tech.schema.DifferentialIdentityType) PinCompareMarkerType(iso.std.iso_iec._24727.tech.schema.PinCompareMarkerType) DIDInfoType(iso.std.iso_iec._24727.tech.schema.DIDInfoType) CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType)

Example 7 with CryptokiException

use of org.openecard.mdlw.sal.exceptions.CryptokiException in project open-ecard by ecsec.

the class MwSession method getCertificates.

/**
 * Returns all Certificates from the Token of the selected Session
 *
 * @return List of certificates.
 * @throws CryptokiException
 */
public List<MwCertificate> getCertificates() throws CryptokiException {
    NativeLongByReference temp = new NativeLongByReference(new NativeLong(CryptokiLibrary.CKO_CERTIFICATE, true));
    CK_ATTRIBUTE pTemplate = new CK_ATTRIBUTE();
    pTemplate.setType(CKA_CLASS);
    pTemplate.setPValue(temp.getPointer());
    pTemplate.setUlValueLen(new NativeLong(NativeLong.SIZE));
    List<Long> res = findObjects(pTemplate);
    List<MwCertificate> cerList = new ArrayList<>();
    for (long l : res) {
        try {
            cerList.add(new MwCertificate(l, mw, this));
        } catch (CryptokiException ex) {
            LOG.warn("Skipping certificate due to error.", ex);
        }
    }
    return cerList;
}
Also used : CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) NativeLong(com.sun.jna.NativeLong) NativeLong(com.sun.jna.NativeLong) ArrayList(java.util.ArrayList) CK_ATTRIBUTE(org.openecard.mdlw.sal.cryptoki.CK_ATTRIBUTE) NativeLongByReference(com.sun.jna.ptr.NativeLongByReference)

Example 8 with CryptokiException

use of org.openecard.mdlw.sal.exceptions.CryptokiException in project open-ecard by ecsec.

the class MwSession method getData.

/**
 * Returns all Data Objects from the Token of the selected Session
 *
 * @return List of data objects.
 * @throws CryptokiException
 */
public List<MwData> getData() throws CryptokiException {
    NativeLongByReference temp = new NativeLongByReference(new NativeLong(CryptokiLibrary.CKO_DATA, true));
    CK_ATTRIBUTE pTemplate = new CK_ATTRIBUTE();
    pTemplate.setType(CKA_CLASS);
    pTemplate.setPValue(temp.getPointer());
    pTemplate.setUlValueLen(new NativeLong(NativeLong.SIZE));
    List<Long> res = findObjects(pTemplate);
    List<MwData> dataList = new ArrayList<>();
    for (long l : res) {
        try {
            dataList.add(new MwData(l, mw, this));
        } catch (CryptokiException ex) {
            LOG.warn("Skipping data object due to error.", ex);
        }
    }
    return dataList;
}
Also used : CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) NativeLong(com.sun.jna.NativeLong) NativeLong(com.sun.jna.NativeLong) ArrayList(java.util.ArrayList) CK_ATTRIBUTE(org.openecard.mdlw.sal.cryptoki.CK_ATTRIBUTE) NativeLongByReference(com.sun.jna.ptr.NativeLongByReference)

Example 9 with CryptokiException

use of org.openecard.mdlw.sal.exceptions.CryptokiException in project open-ecard by ecsec.

the class PinChangeStepAction method perform.

@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
    try {
        if (pinStep.isCapturePuk()) {
            if (pinStep.isProtectedAuthPath()) {
                pinStep.getSession().loginExternal(UserType.Security_Officer);
                pinStep.getSession().initPinExternal();
            } else {
                char[] puk = getPuk();
                pinStep.getSession().login(UserType.Security_Officer, puk);
                char[] newPin = getNewPin();
                pinStep.getSession().initPin(newPin);
            }
        } else {
            if (pinStep.isProtectedAuthPath()) {
                // pinStep.getSession().loginExternal(UserType.User);
                pinStep.getSession().changePinExternal();
            } else {
                char[] oldPin = getOldPin();
                char[] newPin = getNewPin();
                pinStep.getSession().changePin(oldPin, newPin);
            }
        }
        pinStep.setPinChangeSuccessful();
        pinStep.updateState();
        return new StepActionResult(StepActionResultStatus.REPEAT);
    } catch (PinIncorrectException ex) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("PIN incorrect.", ex);
        } else {
            LOG.info("PIN incorrect.");
        }
        pinStep.setLastTryFailed();
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex1) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (PinsDoNotMatchException ex) {
        LOG.debug("Mismatching PINs entered.", ex);
        try {
            pinStep.setPinsDoNotMatch();
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (PinBlockedException ex) {
        // let the UI take care of producing a blocked error
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (AuthenticationException ex) {
        LOG.error("Authentication error while entering the PIN.", ex);
        try {
            pinStep.setUnkownError();
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (CryptokiException ex) {
        LOG.error("Unknown error while entering the PIN.", ex);
        try {
            pinStep.setUnkownError();
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    }
}
Also used : CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) AuthenticationException(org.openecard.mdlw.sal.exceptions.AuthenticationException) PinBlockedException(org.openecard.mdlw.sal.exceptions.PinBlockedException) PinIncorrectException(org.openecard.mdlw.sal.exceptions.PinIncorrectException) StepActionResult(org.openecard.gui.executor.StepActionResult)

Example 10 with CryptokiException

use of org.openecard.mdlw.sal.exceptions.CryptokiException in project open-ecard by ecsec.

the class PinEntryStepAction method perform.

@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
    try {
        if (pinStep.isProtectedAuthPath()) {
            pinStep.getSession().loginExternal(UserType.User);
        } else {
            char[] pPin = getPin();
            pinStep.getSession().login(UserType.User, pPin);
        }
        pinStep.setPinAuthenticated();
        return new StepActionResult(StepActionResultStatus.NEXT);
    } catch (PinIncorrectException ex) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("PIN incorrect.", ex);
        } else {
            LOG.info("PIN incorrect.");
        }
        pinStep.setLastTryFailed();
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex1) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (PinBlockedException ex) {
        // let the UI take care of producing a blocked error
        try {
            pinStep.setPinBlocked();
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (AuthenticationException ex) {
        LOG.error("Authentication error while entering the PIN.", ex);
        pinStep.setLastTryFailed();
        pinStep.setUnkownError();
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex1) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (CryptokiException ex) {
        LOG.error("Unkonw error while entering the PIN.", ex);
        pinStep.setLastTryFailed();
        pinStep.setUnkownError();
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex1) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    }
}
Also used : CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) AuthenticationException(org.openecard.mdlw.sal.exceptions.AuthenticationException) PinBlockedException(org.openecard.mdlw.sal.exceptions.PinBlockedException) PinIncorrectException(org.openecard.mdlw.sal.exceptions.PinIncorrectException) StepActionResult(org.openecard.gui.executor.StepActionResult)

Aggregations

CryptokiException (org.openecard.mdlw.sal.exceptions.CryptokiException)24 ArrayList (java.util.ArrayList)7 NativeLong (com.sun.jna.NativeLong)5 ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)5 PinBlockedException (org.openecard.mdlw.sal.exceptions.PinBlockedException)5 PinIncorrectException (org.openecard.mdlw.sal.exceptions.PinIncorrectException)5 TokenException (org.openecard.mdlw.sal.exceptions.TokenException)5 NativeLongByReference (com.sun.jna.ptr.NativeLongByReference)4 DIDInfoType (iso.std.iso_iec._24727.tech.schema.DIDInfoType)4 CardStateEntry (org.openecard.common.sal.state.CardStateEntry)4 UnsupportedAlgorithmException (org.openecard.crypto.common.UnsupportedAlgorithmException)4 CK_ATTRIBUTE (org.openecard.mdlw.sal.cryptoki.CK_ATTRIBUTE)4 InitializationException (org.openecard.mdlw.sal.exceptions.InitializationException)4 ECardException (org.openecard.common.ECardException)3 ThreadTerminateException (org.openecard.common.ThreadTerminateException)3 IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)3 WSMarshallerException (org.openecard.ws.marshal.WSMarshallerException)3 AccessControlListType (iso.std.iso_iec._24727.tech.schema.AccessControlListType)2 AccessRuleType (iso.std.iso_iec._24727.tech.schema.AccessRuleType)2 CardInfoType (iso.std.iso_iec._24727.tech.schema.CardInfoType)2