summaryrefslogtreecommitdiff
path: root/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java
diff options
context:
space:
mode:
Diffstat (limited to 'BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java')
-rw-r--r--BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java105
1 files changed, 60 insertions, 45 deletions
diff --git a/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java b/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java
index fcef3191..851bff21 100644
--- a/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java
+++ b/BKUAppletExt/src/main/java/at/gv/egiz/bku/smccstal/ext/PINManagementRequestHandler.java
@@ -22,6 +22,7 @@ import at.gv.egiz.bku.gui.PINManagementGUIFacade.STATUS;
import at.gv.egiz.bku.smccstal.AbstractRequestHandler;
import at.gv.egiz.smcc.PINSpec;
import at.gv.egiz.smcc.SignatureCardException;
+import at.gv.egiz.smcc.VerificationFailedException;
import at.gv.egiz.smcc.util.SMCCHelper;
import at.gv.egiz.stal.ErrorResponse;
import at.gv.egiz.stal.STALRequest;
@@ -31,6 +32,8 @@ import at.gv.egiz.stal.ext.PINManagementResponse;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
import javax.smartcardio.Card;
import javax.smartcardio.CardChannel;
import javax.smartcardio.CardException;
@@ -45,7 +48,6 @@ import org.apache.commons.logging.LogFactory;
*/
public class PINManagementRequestHandler extends AbstractRequestHandler {
- public static final String ERR_NOPIN_SELECTED = "err.no.pin.selected";
protected static final Log log = LogFactory.getLog(PINManagementRequestHandler.class);
// protected ResourceBundle messages;
@@ -70,7 +72,7 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
} else if ("back".equals(actionCommand)) {
showPINManagementDialog(gui);
} else {
- PINSpec selectedPIN = gui.getSelectedPIN();
+ PINSpec selectedPIN = gui.getSelectedPINSpec();
if (selectedPIN == null) {
throw new RuntimeException("no PIN selected for activation/change");
@@ -99,6 +101,11 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
byte[] pin = encodePIN(gui.getPin()); //new byte[]{(byte) 0x25, (byte) 0x40};
changePIN(selectedPIN.getKID(), selectedPIN.getContextAID(), oldPin, pin);
showPINManagementDialog(gui);
+ } catch (VerificationFailedException ex) {
+ log.error("failed to change " + selectedPIN.getLocalizedName() + ": " + ex.getMessage());
+ gui.showErrorDialog(PINManagementGUIFacade.ERR_RETRIES,
+ new Object[] {selectedPIN.getLocalizedName(), ex.getRetries()},
+ this, "back");
} catch (SignatureCardException ex) {
log.error("failed to change " + selectedPIN.getLocalizedName() + ": " + ex.getMessage());
gui.showErrorDialog(PINManagementGUIFacade.ERR_CHANGE,
@@ -132,8 +139,8 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
* @throws at.gv.egiz.smcc.SignatureCardException
*/
private void activatePIN(byte kid, byte[] contextAID, byte[] pin) throws SignatureCardException {
+ Card icc = card.getCard();
try {
- Card icc = card.getCard();
icc.beginExclusive();
CardChannel channel = icc.getBasicChannel();
@@ -141,6 +148,7 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
CommandAPDU selectAPDU = new CommandAPDU(0x00, 0xa4, 0x04, 0x0c, contextAID);
ResponseAPDU responseAPDU = channel.transmit(selectAPDU);
if (responseAPDU.getSW() != 0x9000) {
+ icc.endExclusive();
String msg = "Failed to activate PIN " + SMCCHelper.toString(new byte[]{kid}) +
": Failed to select AID " + SMCCHelper.toString(contextAID) +
": " + SMCCHelper.toString(responseAPDU.getBytes());
@@ -150,8 +158,9 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
}
if (pin.length > 7) {
- log.error("Invalid PIN");
- throw new SignatureCardException("Invalid PIN");
+ icc.endExclusive();
+ log.error("PIN too long");
+ throw new SignatureCardException("PIN too long");
}
byte length = (byte) (0x20 | pin.length * 2);
@@ -166,24 +175,27 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
ResponseAPDU responseAPDU = channel.transmit(verifyAPDU);
if (responseAPDU.getSW() != 0x9000) {
+ icc.endExclusive();
String msg = "Failed to activate PIN " + SMCCHelper.toString(new byte[]{kid}) + ": " + SMCCHelper.toString(responseAPDU.getBytes());
log.error(msg);
throw new SignatureCardException(msg);
}
-
-
icc.endExclusive();
-
-
} catch (CardException ex) {
- log.error("Failed to get PIN status: " + ex.getMessage());
- throw new SignatureCardException("Failed to get PIN status", ex);
+ log.error("Failed to activate PIN: " + ex.getMessage());
+ throw new SignatureCardException(ex.getMessage(), ex);
+ } finally {
+ try {
+ icc.endExclusive();
+ } catch (CardException ex) {
+ log.trace("failed to end exclusive card access");
+ }
}
}
- private void changePIN(byte kid, byte[] contextAID, byte[] oldPIN, byte[] newPIN) throws SignatureCardException {
+ private void changePIN(byte kid, byte[] contextAID, byte[] oldPIN, byte[] newPIN) throws SignatureCardException, VerificationFailedException {
+ Card icc = card.getCard();
try {
- Card icc = card.getCard();
icc.beginExclusive();
CardChannel channel = icc.getBasicChannel();
@@ -191,6 +203,7 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
CommandAPDU selectAPDU = new CommandAPDU(0x00, 0xa4, 0x04, 0x0c, contextAID);
ResponseAPDU responseAPDU = channel.transmit(selectAPDU);
if (responseAPDU.getSW() != 0x9000) {
+ icc.endExclusive();
String msg = "Failed to change PIN " + SMCCHelper.toString(new byte[]{kid}) +
": Failed to select AID " + SMCCHelper.toString(contextAID) +
": " + SMCCHelper.toString(responseAPDU.getBytes());
@@ -200,8 +213,9 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
}
if (oldPIN.length > 7 || newPIN.length > 7) {
- log.error("Invalid PIN");
- throw new SignatureCardException("Invalid PIN");
+ icc.endExclusive();
+ log.error("PIN too long");
+ throw new SignatureCardException("PIN too long");
}
byte oldLength = (byte) (0x20 | oldPIN.length * 2);
byte newLength = (byte) (0x20 | newPIN.length * 2);
@@ -220,49 +234,43 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
CommandAPDU verifyAPDU = new CommandAPDU(apdu);
ResponseAPDU responseAPDU = channel.transmit(verifyAPDU);
+ if (responseAPDU.getSW1() == 0x63 && responseAPDU.getSW2() >> 4 == 0xc) {
+ icc.endExclusive();
+ int retries = responseAPDU.getSW2() & 0x0f;
+ log.error("Wrong PIN, " + retries + " tries left");
+ throw new VerificationFailedException(retries);
+ }
if (responseAPDU.getSW() != 0x9000) {
- String msg = "Failed to change PIN " + SMCCHelper.toString(new byte[]{kid}) + ": " + SMCCHelper.toString(responseAPDU.getBytes());
+ icc.endExclusive();
+ String msg = "Failed to change PIN "
+ + SMCCHelper.toString(new byte[]{kid}) + ": "
+ + SMCCHelper.toString(responseAPDU.getBytes());
log.error(msg);
throw new SignatureCardException(msg);
}
-
-
- icc.endExclusive();
-
+
} catch (CardException ex) {
- log.error("Failed to get PIN status: " + ex.getMessage());
- throw new SignatureCardException("Failed to get PIN status", ex);
+ log.error("Failed to change PIN: " + ex.getMessage());
+ throw new SignatureCardException(ex.getMessage(), ex);
+ } finally {
+ try {
+ icc.endExclusive();
+ } catch (CardException ex) {
+ log.trace("failed to end exclusive card access");
+ }
}
}
public Map<PINSpec, STATUS> getPINStatuses() throws SignatureCardException {
+ Card icc = card.getCard();
try {
- Card icc = card.getCard();
icc.beginExclusive();
CardChannel channel = icc.getBasicChannel();
HashMap<PINSpec, STATUS> pinStatuses = new HashMap<PINSpec, STATUS>();
List<PINSpec> pins = card.getPINSpecs();
- //select DF_SichereSignatur 00 A4 04 0C 08 D0 40 00 00 17 00 12 01
-// CommandAPDU selectAPDU = new CommandAPDU(new byte[]{(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x0c, (byte) 0x08,
-// (byte) 0xd0, (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x12, (byte) 0x01});
-// ResponseAPDU rAPDU = channel.transmit(selectAPDU);
-// log.debug("SELECT FILE DF_SichereSignatur: " + SMCCHelper.toString(rAPDU.getBytes()));
-
- //select DF_SIG DF 70
-// CommandAPDU selectAPDU = new CommandAPDU(new byte[]{(byte) 0x00, (byte) 0xa4, (byte) 0x00, (byte) 0x0c, (byte) 0x02,
-// (byte) 0xdf, (byte) 0x70 });
-// ResponseAPDU rAPDU = channel.transmit(selectAPDU);
-// log.debug("SELECT FILE DF_SIG: " + SMCCHelper.toString(rAPDU.getBytes()));
-
- //select DF_DEC DF 71
-// CommandAPDU selectAPDU = new CommandAPDU(new byte[]{(byte) 0x00, (byte) 0xa4, (byte) 0x04, (byte) 0x0c, (byte) 0x08,
-// (byte) 0xd0, (byte) 0x40, (byte) 0x00, (byte) 0x00, (byte) 0x17, (byte) 0x00, (byte) 0x12, (byte) 0x01});
-// ResponseAPDU rAPDU = channel.transmit(selectAPDU);
-// log.debug("SELECT FILE DF_SichereSignatur: " + SMCCHelper.toString(rAPDU.getBytes()));
-
for (PINSpec pinSpec : pins) {
byte kid = pinSpec.getKID();
byte[] contextAID = pinSpec.getContextAID();
@@ -271,6 +279,7 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
CommandAPDU selectAPDU = new CommandAPDU(0x00, 0xa4, 0x04, 0x0c, contextAID);
ResponseAPDU responseAPDU = channel.transmit(selectAPDU);
if (responseAPDU.getSW() != 0x9000) {
+ icc.endExclusive();
String msg = "Failed to activate PIN " + SMCCHelper.toString(new byte[]{kid}) +
": Failed to select AID " + SMCCHelper.toString(contextAID) +
": " + SMCCHelper.toString(responseAPDU.getBytes());
@@ -296,13 +305,19 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
pinStatuses.put(pinSpec, status);
}
- icc.endExclusive();
+// icc.endExclusive();
return pinStatuses;
} catch (CardException ex) {
log.error("Failed to get PIN status: " + ex.getMessage());
- throw new SignatureCardException("Failed to get PIN status", ex);
+ throw new SignatureCardException(ex.getMessage(), ex);
+ } finally {
+ try {
+ icc.endExclusive();
+ } catch (CardException ex) {
+ log.trace("failed to end exclusive card access");
+ }
}
}
@@ -312,7 +327,7 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
for (int i = 0; i < length; i++) {
pin[i] = (byte) (16*Character.digit(pinChars[i*2], 16) + Character.digit(pinChars[i*2+1], 16));
}
- log.trace("***** " + SMCCHelper.toString(pin) + " ******");
+// log.trace("***** " + SMCCHelper.toString(pin) + " ******");
return pin;
}
@@ -324,7 +339,7 @@ public class PINManagementRequestHandler extends AbstractRequestHandler {
this, "cancel");
} catch (SignatureCardException ex) {
gui.showErrorDialog(BKUGUIFacade.ERR_UNKNOWN_WITH_PARAM,
- new Object[]{"FAILED TO GET PIN STATUSES: " + ex.getMessage()},
+ new Object[]{ex.getMessage()},
this, "cancel");
}
}