From 73efb00368e461f0f910f0705bcb16bb51c4c510 Mon Sep 17 00:00:00 2001 From: stargateprovider Date: Mon, 8 Nov 2021 23:51:07 +0200 Subject: [PATCH] Added basic notifications to the user For when exceptions occur when communicating with the ID-card --- .../mobileauthapp/AuthFragment.kt | 38 +++++++++++++++---- .../mobileauthapp/NFC/Comms.java | 9 +++-- .../mobileauthapp/auth/AuthAppException.kt | 10 +++++ .../mobileauthapp/auth/InvalidCANException.kt | 7 ++++ .../app/src/main/res/values-en/strings.xml | 7 +++- .../app/src/main/res/values-et/strings.xml | 7 +++- .../app/src/main/res/values/strings.xml | 7 +++- 7 files changed, 72 insertions(+), 13 deletions(-) create mode 100644 MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/AuthAppException.kt create mode 100644 MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/InvalidCANException.kt diff --git a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/AuthFragment.kt b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/AuthFragment.kt index fa5de12..55f82f3 100644 --- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/AuthFragment.kt +++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/AuthFragment.kt @@ -5,7 +5,6 @@ import android.nfc.NfcAdapter import android.nfc.tech.IsoDep import android.os.Bundle import android.os.CountDownTimer -import android.util.Log import android.view.LayoutInflater import android.view.View import android.view.ViewGroup @@ -15,10 +14,14 @@ import androidx.fragment.app.activityViewModels import androidx.navigation.fragment.findNavController import androidx.navigation.fragment.navArgs import com.tarkvaraprojekt.mobileauthapp.NFC.Comms +import com.tarkvaraprojekt.mobileauthapp.auth.AuthAppException +import com.tarkvaraprojekt.mobileauthapp.auth.InvalidCANException import com.tarkvaraprojekt.mobileauthapp.databinding.FragmentAuthBinding import com.tarkvaraprojekt.mobileauthapp.model.ParametersViewModel import com.tarkvaraprojekt.mobileauthapp.model.SmartCardViewModel +import java.io.IOException import java.lang.Exception +import java.security.GeneralSecurityException import kotlin.system.exitProcess /** @@ -80,6 +83,8 @@ class AuthFragment : Fragment() { requireActivity().runOnUiThread { binding!!.timeCounter.text = getString(R.string.card_detected) } + var msgCode = 0 + val card = IsoDep.get(tag) card.timeout = 32768 card.use { @@ -95,17 +100,36 @@ class AuthFragment : Fragment() { requireActivity().runOnUiThread { binding!!.timeCounter.text = getString(R.string.data_read) } - } catch (e: Exception) { - requireActivity().runOnUiThread { - binding!!.timeCounter.text = getString(R.string.no_success) - } + + } catch (e: android.nfc.TagLostException) { + msgCode = R.string.tag_lost + } catch (e: InvalidCANException) { + msgCode = R.string.invalid_can // If the CAN is wrong we will also delete the saved CAN so that the user won't use it again. viewModel.deleteCan(requireContext()) + } catch (e: AuthAppException) { + msgCode = when (e.code) { + 448 -> R.string.err_bad_data + 500 -> R.string.err_internal + else -> R.string.err_unknown + } + } catch (e: GeneralSecurityException) { + msgCode = R.string.err_internal + } catch (e: IOException) { + msgCode = R.string.err_reading_card + } catch (e: Exception) { + msgCode = R.string.err_unknown + } finally { + adapter.disableReaderMode(activity) + } + + if (msgCode != 0) { + requireActivity().runOnUiThread { + binding!!.timeCounter.text = getString(msgCode) + } // Gives user some time to read the error message Thread.sleep(1000) goToTheStart() - } finally { - adapter.disableReaderMode(activity) } } }, NfcAdapter.FLAG_READER_NFC_A, null) diff --git a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/NFC/Comms.java b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/NFC/Comms.java index a4d184b..76b8c4f 100644 --- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/NFC/Comms.java +++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/NFC/Comms.java @@ -3,6 +3,9 @@ package com.tarkvaraprojekt.mobileauthapp.NFC; import android.nfc.tech.IsoDep; import android.util.Log; +import com.tarkvaraprojekt.mobileauthapp.auth.AuthAppException; +import com.tarkvaraprojekt.mobileauthapp.auth.InvalidCANException; + import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.engines.AESEngine; import org.bouncycastle.crypto.macs.CMac; @@ -209,13 +212,13 @@ public class Comms { Log.i("Mutual authentication", Hex.toHexString(response)); // if the chip-side verification fails, crash and burn - if (response.length == 2) throw new RuntimeException("Invalid CAN."); + if (response.length == 2) throw new InvalidCANException(); // otherwise verify chip's MAC and return session keys APDU = createAPDU(dataForMACIncomplete, publicKey.getEncoded(false), 65); MAC = getMAC(APDU, keyMAC); if (!Hex.toHexString(response, 4, 8).equals(Hex.toHexString(MAC))) { - throw new RuntimeException("Could not verify chip's MAC."); // Should never happen. + throw new AuthAppException("Could not verify chip's MAC.", 448); // Should never happen. } return new byte[][]{keyEnc, keyMAC}; @@ -304,7 +307,7 @@ public class Comms { for (int i = 0; i < FID.length; i++) { byte index = FID[i]; - if (index > 15 || index < 1) throw new RuntimeException("Invalid personal data FID."); + if (index > 15 || index < 1) throw new AuthAppException("Invalid personal data FID.", 500); data[1] = index; APDU = createSecureAPDU(data, personal); diff --git a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/AuthAppException.kt b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/AuthAppException.kt new file mode 100644 index 0000000..96b05d5 --- /dev/null +++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/AuthAppException.kt @@ -0,0 +1,10 @@ +package com.tarkvaraprojekt.mobileauthapp.auth + +/** + * A specialised RuntimeException class for exceptions related to the mobile authentication app. + * Possible error codes can be found at + * https://github.com/TanelOrumaa/Estonian-ID-card-mobile-authenticator-POC/wiki/Error-codes + * @param message Error message + * @param code An error code defined in the project wiki + */ +open class AuthAppException(message: String, var code: Int) : RuntimeException(message) \ No newline at end of file diff --git a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/InvalidCANException.kt b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/InvalidCANException.kt new file mode 100644 index 0000000..073c790 --- /dev/null +++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/InvalidCANException.kt @@ -0,0 +1,7 @@ +package com.tarkvaraprojekt.mobileauthapp.auth + +/** + * An AuthAppException for when the user entered CAN does not match the one read from the ID-card + * @see AuthAppException + */ +class InvalidCANException : AuthAppException("Invalid CAN", 400) \ No newline at end of file diff --git a/MobileAuthApp/app/src/main/res/values-en/strings.xml b/MobileAuthApp/app/src/main/res/values-en/strings.xml index 7aa4439..f169ccd 100644 --- a/MobileAuthApp/app/src/main/res/values-en/strings.xml +++ b/MobileAuthApp/app/src/main/res/values-en/strings.xml @@ -44,7 +44,9 @@ Put the ID card against the phone to establish connection Time left %d sek No time left - Wrong CAN + Unknown error + Wrong CAN + Connection between device and ID-card lost NAME @@ -75,4 +77,7 @@ **** Settings currently unavailabe CAN is currently not saved. Do you wish to save the CAN? Saved CAN will be entered automatically in the future. Saved CAN can be changed and deleted in the settings menu. + Failed to read data from the ID-card + Internal error + Read bad data from the ID-card, try using the card again \ No newline at end of file diff --git a/MobileAuthApp/app/src/main/res/values-et/strings.xml b/MobileAuthApp/app/src/main/res/values-et/strings.xml index 66afcfb..b630b90 100644 --- a/MobileAuthApp/app/src/main/res/values-et/strings.xml +++ b/MobileAuthApp/app/src/main/res/values-et/strings.xml @@ -43,7 +43,9 @@ ID kaardiga ühenduse loomiseks pane kaart vastu telefoni Aega on jäänud %d sek Aeg on otsas - Vale CAN + Tundmatu viga + Vale CAN + Ühendus seadme ja kaardi vahel katkes NIMI @@ -73,4 +75,7 @@ PEIDA **** Seaded pole hetkel saadaval + Ei saanud ID-kaardilt andmeid lugeda + Rakendusesisene viga + ID-kaardilt loeti vigased andmed, proovi uuesti kaarti kasutada \ No newline at end of file diff --git a/MobileAuthApp/app/src/main/res/values/strings.xml b/MobileAuthApp/app/src/main/res/values/strings.xml index 0a39206..178763c 100644 --- a/MobileAuthApp/app/src/main/res/values/strings.xml +++ b/MobileAuthApp/app/src/main/res/values/strings.xml @@ -43,7 +43,9 @@ Put the ID card against the phone to establish connection Time left %d sek No time left - Wrong CAN + Unknown error + Wrong CAN + Connection between device and ID-card lost NAME @@ -73,4 +75,7 @@ HIDE **** Settings currently unavailable + Failed to read data from the ID-card + Internal error + Read bad data from the ID-card, try using the card again \ No newline at end of file