Search in sources :

Example 1 with PinBlockedException

use of org.openecard.mdlw.sal.exceptions.PinBlockedException in project open-ecard by ecsec.

the class PinChangeStepAction method perform.

@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
    try {
        if (pinStep.isCapturePuk()) {
            if (pinStep.isProtectedAuthPath()) {
                pinStep.getSession().loginExternal(UserType.Security_Officer);
                pinStep.getSession().initPinExternal();
            } else {
                char[] puk = getPuk();
                pinStep.getSession().login(UserType.Security_Officer, puk);
                char[] newPin = getNewPin();
                pinStep.getSession().initPin(newPin);
            }
        } else {
            if (pinStep.isProtectedAuthPath()) {
                // pinStep.getSession().loginExternal(UserType.User);
                pinStep.getSession().changePinExternal();
            } else {
                char[] oldPin = getOldPin();
                char[] newPin = getNewPin();
                pinStep.getSession().changePin(oldPin, newPin);
            }
        }
        pinStep.setPinChangeSuccessful();
        pinStep.updateState();
        return new StepActionResult(StepActionResultStatus.REPEAT);
    } catch (PinIncorrectException ex) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("PIN incorrect.", ex);
        } else {
            LOG.info("PIN incorrect.");
        }
        pinStep.setLastTryFailed();
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex1) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (PinsDoNotMatchException ex) {
        LOG.debug("Mismatching PINs entered.", ex);
        try {
            pinStep.setPinsDoNotMatch();
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (PinBlockedException ex) {
        // let the UI take care of producing a blocked error
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (AuthenticationException ex) {
        LOG.error("Authentication error while entering the PIN.", ex);
        try {
            pinStep.setUnkownError();
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (CryptokiException ex) {
        LOG.error("Unknown error while entering the PIN.", ex);
        try {
            pinStep.setUnkownError();
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    }
}
Also used : CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) AuthenticationException(org.openecard.mdlw.sal.exceptions.AuthenticationException) PinBlockedException(org.openecard.mdlw.sal.exceptions.PinBlockedException) PinIncorrectException(org.openecard.mdlw.sal.exceptions.PinIncorrectException) StepActionResult(org.openecard.gui.executor.StepActionResult)

Example 2 with PinBlockedException

use of org.openecard.mdlw.sal.exceptions.PinBlockedException in project open-ecard by ecsec.

the class PinEntryStepAction method perform.

@Override
public StepActionResult perform(Map<String, ExecutionResults> oldResults, StepResult result) {
    try {
        if (pinStep.isProtectedAuthPath()) {
            pinStep.getSession().loginExternal(UserType.User);
        } else {
            char[] pPin = getPin();
            pinStep.getSession().login(UserType.User, pPin);
        }
        pinStep.setPinAuthenticated();
        return new StepActionResult(StepActionResultStatus.NEXT);
    } catch (PinIncorrectException ex) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("PIN incorrect.", ex);
        } else {
            LOG.info("PIN incorrect.");
        }
        pinStep.setLastTryFailed();
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex1) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (PinBlockedException ex) {
        // let the UI take care of producing a blocked error
        try {
            pinStep.setPinBlocked();
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex2) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (AuthenticationException ex) {
        LOG.error("Authentication error while entering the PIN.", ex);
        pinStep.setLastTryFailed();
        pinStep.setUnkownError();
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex1) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    } catch (CryptokiException ex) {
        LOG.error("Unkonw error while entering the PIN.", ex);
        pinStep.setLastTryFailed();
        pinStep.setUnkownError();
        try {
            pinStep.updateState();
            return new StepActionResult(StepActionResultStatus.REPEAT);
        } catch (CryptokiException ex1) {
            // I suspect user removed card
            return new StepActionResult(StepActionResultStatus.CANCEL);
        }
    }
}
Also used : CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) AuthenticationException(org.openecard.mdlw.sal.exceptions.AuthenticationException) PinBlockedException(org.openecard.mdlw.sal.exceptions.PinBlockedException) PinIncorrectException(org.openecard.mdlw.sal.exceptions.PinIncorrectException) StepActionResult(org.openecard.gui.executor.StepActionResult)

Example 3 with PinBlockedException

use of org.openecard.mdlw.sal.exceptions.PinBlockedException in project open-ecard by ecsec.

the class MiddlewareSAL method didAuthenticate.

@Override
public DIDAuthenticateResponse didAuthenticate(DIDAuthenticate request) {
    DIDAuthenticateResponse response = WSHelper.makeResponse(DIDAuthenticateResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        connectionHandle = cardStateEntry.handleCopy();
        byte[] application = cardStateEntry.getImplicitlySelectedApplicationIdentifier();
        byte[] slotHandle = connectionHandle.getSlotHandle();
        DIDAuthenticationDataType didAuthenticationData = request.getAuthenticationProtocolData();
        Assert.assertIncorrectParameter(didAuthenticationData, "The parameter AuthenticationProtocolData is empty.");
        String didName = SALUtils.getDIDName(request);
        DIDStructureType didStruct = cardStateEntry.getDIDStructure(didName, application);
        if (didStruct == null) {
            String msg = String.format("DID %s does not exist.", didName);
            throw new NamedEntityNotFoundException(msg);
        }
        PINCompareMarkerType pinCompareMarker = new PINCompareMarkerType(didStruct.getDIDMarker());
        String protocolURI = didAuthenticationData.getProtocol();
        if (!"urn:oid:1.3.162.15480.3.0.9".equals(protocolURI)) {
            String msg = String.format("Protocol %s is not supported by this SAL.", protocolURI);
            throw new UnknownProtocolException(msg);
        }
        PINCompareDIDAuthenticateInputType pinCompareInput = new PINCompareDIDAuthenticateInputType(didAuthenticationData);
        PINCompareDIDAuthenticateOutputType pinCompareOutput = pinCompareInput.getOutputType();
        // extract pin value from auth data
        char[] pinValue = pinCompareInput.getPIN();
        pinCompareInput.setPIN(null);
        MwSession session = managedSessions.get(slotHandle);
        boolean protectedAuthPath = connectionHandle.getSlotInfo().isProtectedAuthPath();
        boolean pinAuthenticated;
        boolean pinBlocked = false;
        if (!(pinValue == null || pinValue.length == 0) && !protectedAuthPath) {
            // we don't need a GUI if the PIN is known
            try {
                session.login(UserType.User, pinValue);
            } finally {
                Arrays.fill(pinValue, ' ');
            }
            pinAuthenticated = true;
        // TODO: display error GUI if the PIN entry failed
        } else {
            // omit GUI when Middleware has its own PIN dialog for class 2 readers
            if (protectedAuthPath && builtinPinDialog) {
                session.loginExternal(UserType.User);
                pinAuthenticated = true;
            } else {
                PinEntryDialog dialog = new PinEntryDialog(gui, protectedAuthPath, pinCompareMarker, session);
                dialog.show();
                pinAuthenticated = dialog.isPinAuthenticated();
                pinBlocked = dialog.isPinBlocked();
            }
        }
        if (pinAuthenticated) {
            cardStateEntry.addAuthenticated(didName, application);
        } else if (pinBlocked) {
            String msg = "PIN is blocked.";
            Result r = WSHelper.makeResultError(ECardConstants.Minor.IFD.PASSWORD_BLOCKED, msg);
            response.setResult(r);
        } else {
            String msg = "Failed to enter PIN.";
            Result r = WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, msg);
            response.setResult(r);
        }
        // create did authenticate response
        response.setAuthenticationProtocolData(pinCompareOutput.getAuthDataType());
    } catch (PinBlockedException ex) {
        // TODO: set retry counter
        String minor = ECardConstants.Minor.IFD.PASSWORD_BLOCKED;
        Result r = WSHelper.makeResultError(minor, ex.getMessage());
        response.setResult(r);
    } catch (PinIncorrectException ex) {
        // TODO: set retry counter
        String minor = ECardConstants.Minor.SAL.SECURITY_CONDITION_NOT_SATISFIED;
        Result r = WSHelper.makeResultError(minor, ex.getMessage());
        response.setResult(r);
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) DIDAuthenticationDataType(iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType) PINCompareMarkerType(org.openecard.common.anytype.pin.PINCompareMarkerType) PINCompareDIDAuthenticateInputType(org.openecard.common.anytype.pin.PINCompareDIDAuthenticateInputType) PinIncorrectException(org.openecard.mdlw.sal.exceptions.PinIncorrectException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) InitializationException(org.openecard.mdlw.sal.exceptions.InitializationException) ECardException(org.openecard.common.ECardException) FinalizationException(org.openecard.mdlw.sal.exceptions.FinalizationException) PinBlockedException(org.openecard.mdlw.sal.exceptions.PinBlockedException) CryptokiException(org.openecard.mdlw.sal.exceptions.CryptokiException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) TokenException(org.openecard.mdlw.sal.exceptions.TokenException) WSMarshallerException(org.openecard.ws.marshal.WSMarshallerException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) UnsupportedAlgorithmException(org.openecard.crypto.common.UnsupportedAlgorithmException) PinIncorrectException(org.openecard.mdlw.sal.exceptions.PinIncorrectException) Result(oasis.names.tc.dss._1_0.core.schema.Result) ECardException(org.openecard.common.ECardException) DIDAuthenticateResponse(iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) PinBlockedException(org.openecard.mdlw.sal.exceptions.PinBlockedException) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) PINCompareDIDAuthenticateOutputType(org.openecard.common.anytype.pin.PINCompareDIDAuthenticateOutputType)

Aggregations

CryptokiException (org.openecard.mdlw.sal.exceptions.CryptokiException)3 PinBlockedException (org.openecard.mdlw.sal.exceptions.PinBlockedException)3 PinIncorrectException (org.openecard.mdlw.sal.exceptions.PinIncorrectException)3 StepActionResult (org.openecard.gui.executor.StepActionResult)2 AuthenticationException (org.openecard.mdlw.sal.exceptions.AuthenticationException)2 ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)1 DIDAuthenticateResponse (iso.std.iso_iec._24727.tech.schema.DIDAuthenticateResponse)1 DIDAuthenticationDataType (iso.std.iso_iec._24727.tech.schema.DIDAuthenticationDataType)1 DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)1 Result (oasis.names.tc.dss._1_0.core.schema.Result)1 ECardException (org.openecard.common.ECardException)1 ThreadTerminateException (org.openecard.common.ThreadTerminateException)1 PINCompareDIDAuthenticateInputType (org.openecard.common.anytype.pin.PINCompareDIDAuthenticateInputType)1 PINCompareDIDAuthenticateOutputType (org.openecard.common.anytype.pin.PINCompareDIDAuthenticateOutputType)1 PINCompareMarkerType (org.openecard.common.anytype.pin.PINCompareMarkerType)1 IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)1 NamedEntityNotFoundException (org.openecard.common.sal.exception.NamedEntityNotFoundException)1 UnknownProtocolException (org.openecard.common.sal.exception.UnknownProtocolException)1 CardStateEntry (org.openecard.common.sal.state.CardStateEntry)1 UnsupportedAlgorithmException (org.openecard.crypto.common.UnsupportedAlgorithmException)1