From f2b5589ccf26d1f1fdea7dffbe587d2c7d976603 Mon Sep 17 00:00:00 2001 From: clemenso Date: Tue, 5 Jan 2010 12:03:17 +0000 Subject: do not allow pinmanagement on not activated cards git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@566 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../src/main/java/at/gv/egiz/smcc/STARCOSCard.java | 15 +++++++------ .../bku/smccstal/PINManagementRequestHandler.java | 26 +++++++++++++++------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java index ad05352f..b876847f 100644 --- a/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java +++ b/smcc/src/main/java/at/gv/egiz/smcc/STARCOSCard.java @@ -637,12 +637,13 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu throw new NotActivatedException(); } else if (resp.getSW() >> 4 == 0x63c) { return 0x0f & resp.getSW(); - } else if (version > 1.2 && resp.getSW() == 0x6400) { - log.warn("cannot query pin status prior to card activation"); - throw new NotActivatedException(); + } else if (version >= 1.2 && resp.getSW() == 0x6400) { + String msg = "VERIFY failed, card not activated. SW=0x6400"; + log.error(msg); + throw new SignatureCardException(msg); } else { String msg = "VERIFY failed. SW=" + Integer.toHexString(resp.getSW()); - log.info(msg); + log.error(msg); throw new SignatureCardException(msg); } } @@ -673,7 +674,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu return 0x0f & resp.getSW(); } else { String msg = "CHANGE REFERENCE DATA failed. SW=" + Integer.toHexString(resp.getSW()); - log.info(msg); + log.error(msg); throw new SignatureCardException(msg); } } @@ -709,7 +710,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu return -1; } else { String msg = "CHANGE REFERENCE DATA failed. SW=" + Integer.toHexString(resp.getSW()); - log.info(msg); + log.error(msg); throw new SignatureCardException(msg); } } @@ -745,7 +746,7 @@ public class STARCOSCard extends AbstractSignatureCard implements PINMgmtSignatu return 0x0f & resp.getSW(); } else { String msg = "RESET RETRY COUNTER failed. SW=" + Integer.toHexString(resp.getSW()); - log.info(msg); + log.error(msg); throw new SignatureCardException(msg); } } diff --git a/smccSTALExt/src/main/java/at/gv/egiz/bku/smccstal/PINManagementRequestHandler.java b/smccSTALExt/src/main/java/at/gv/egiz/bku/smccstal/PINManagementRequestHandler.java index 0d49afd0..3a431a92 100644 --- a/smccSTALExt/src/main/java/at/gv/egiz/bku/smccstal/PINManagementRequestHandler.java +++ b/smccSTALExt/src/main/java/at/gv/egiz/bku/smccstal/PINManagementRequestHandler.java @@ -39,6 +39,7 @@ import at.gv.egiz.smcc.PINSpec; import at.gv.egiz.smcc.SignatureCardException; import at.gv.egiz.smcc.TimeoutException; import at.gv.egiz.smcc.PINMgmtSignatureCard.PIN_STATE; +import at.gv.egiz.smcc.SignatureCard.KeyboxName; import at.gv.egiz.stal.ErrorResponse; import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; @@ -67,15 +68,24 @@ public class PINManagementRequestHandler extends AbstractRequestHandler { if (card instanceof PINMgmtSignatureCard) { - // update all PIN states - for (PINSpec pinSpec : ((PINMgmtSignatureCard) card).getPINSpecs()) { - updatePINState(pinSpec, STATUS.UNKNOWN); + try { + // check if activated + card.getCertificate(KeyboxName.SECURE_SIGNATURE_KEYPAIR); + + // update all PIN states + for (PINSpec pinSpec : ((PINMgmtSignatureCard) card).getPINSpecs()) { + updatePINState(pinSpec, STATUS.UNKNOWN); + } + + gui.showPINManagementDialog(pinStates, this, "activate_enterpin", + "change_enterpin", "unblock_enterpuk", "verify_enterpin", this, + "cancel"); + + } catch (NotActivatedException ex) { + log.error("pin management not allowed, card not activated"); + gui.showErrorDialog(PINManagementGUIFacade.ERR_CARD_NOTACTIVATED, + null, this, "cancel"); } - - gui.showPINManagementDialog(pinStates, this, "activate_enterpin", - "change_enterpin", "unblock_enterpuk", "verify_enterpin", this, - "cancel"); - } else { // card does not support PIN management -- cgit v1.2.3