Rebase and/or merge with main

2024-12-22 20:40:16 +02:00 · 2021-12-06 23:18:01 +02:00 · 2021-12-06 23:18:01 +02:00 · b623dadff5
commit b623dadff5
parent 4fcdccfb5e
6 changed files with 93 additions and 28 deletions
--- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/AuthFragment.kt
+++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/AuthFragment.kt
@ -4,7 +4,6 @@ import android.app.Activity
 import android.content.Context
 import android.content.Intent
 import android.nfc.NfcAdapter
 import android.nfc.TagLostException
 import android.nfc.tech.IsoDep
 import android.os.Bundle
 import android.os.CountDownTimer
@ -18,11 +17,16 @@ import androidx.fragment.app.activityViewModels
 import androidx.navigation.fragment.findNavController
 import androidx.navigation.fragment.navArgs
 import com.tarkvaraprojekt.mobileauthapp.NFC.Comms
 import com.tarkvaraprojekt.mobileauthapp.auth.AuthAppException
 import com.tarkvaraprojekt.mobileauthapp.auth.Authenticator
 import com.tarkvaraprojekt.mobileauthapp.auth.InvalidCANException
 import com.tarkvaraprojekt.mobileauthapp.auth.InvalidPINException
 import com.tarkvaraprojekt.mobileauthapp.databinding.FragmentAuthBinding
 import com.tarkvaraprojekt.mobileauthapp.model.ParametersViewModel
 import com.tarkvaraprojekt.mobileauthapp.model.SmartCardViewModel
 import java.io.IOException
 import java.lang.Exception
 import java.security.GeneralSecurityException
 import kotlin.system.exitProcess
 /**
@ -107,6 +111,9 @@ class AuthFragment : Fragment() {
            requireActivity().runOnUiThread {
                binding.timeCounter.text = getString(R.string.card_detected)
            }
            var msgCode = 0
            var msgArg : Int? = null
            val card = IsoDep.get(tag)
            card.timeout = 32768
            card.use {
@ -119,31 +126,49 @@ class AuthFragment : Fragment() {
                    )
                    paramsModel.setToken(jws)
                    requireActivity().runOnUiThread {
                        binding.timeCounter.text = getString(R.string.data_read)
                        goToNextFragment()
                    }
-                } catch (e: Exception) {
+                } catch (e: android.nfc.TagLostException) {
-                    when(e) {
+                    msgCode = R.string.tag_lost
-                        is TagLostException -> requireActivity().runOnUiThread { binding!!.timeCounter.text = getString(R.string.id_card_removed_early) }
+                } catch (e: InvalidCANException) {
-                        else -> {
+                    msgCode = R.string.wrong_can_text
-                            when ("invalid pin") {
+                    // If the CAN is wrong we will also delete the saved CAN so that the user won't use it again.
                                in e.message.toString().lowercase() -> requireActivity().runOnUiThread {
                                    val messagePieces = e.message.toString().split(" ")
                                    binding.timeCounter.text = getString(R.string.wrong_pin, messagePieces[messagePieces.size - 1])
                                    viewModel.deletePin(requireContext())
                                }
                                else -> requireActivity().runOnUiThread {
                                    binding.timeCounter.text = getString(R.string.wrong_can_text)
                    viewModel.deleteCan(requireContext())
                } catch (e: InvalidPINException) {
                    msgCode = R.string.wrong_pin
                    msgArg = e.remainingAttempts
                    viewModel.deletePin(requireContext())
                } catch (e: AuthAppException) {
                    msgCode = when (e.code) {
                        400 -> R.string.err_parameter
                        401 -> R.string.err_authentication
                        446 -> R.string.err_card_locked
                        448 -> R.string.err_bad_data
                        500 -> R.string.err_internal
                        else -> R.string.err_unknown
                    }
-                            }
+                } catch (e: GeneralSecurityException) {
-                        }
+                    msgCode = R.string.err_internal
-                    }
+                } catch (e: IOException) {
-                    // Give user some time to read the error message
+                    msgCode = R.string.err_reading_card
-                    Thread.sleep(2000)
+                } catch (e: Exception) {
-                    cancelAuth()
+                    msgCode = R.string.err_unknown
                } finally {
                    adapter.disableReaderMode(activity)
                }
                if (msgCode != 0) {
                    requireActivity().runOnUiThread {
                        var msg = getString(msgCode)
                        if (msgArg != null)
                            msg = String.format(msg, msgArg)
                        binding.timeCounter.text = msg
                    }
                    // Gives user some time to read the error message
                    Thread.sleep(2000)
                    cancelAuth()
                }
            }
        }, NfcAdapter.FLAG_READER_NFC_A, null)
    }
--- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/NFC/Comms.java
+++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/NFC/Comms.java
@ -3,6 +3,9 @@ package com.tarkvaraprojekt.mobileauthapp.NFC;
 import android.nfc.tech.IsoDep;
 import android.util.Log;
 import com.tarkvaraprojekt.mobileauthapp.auth.AuthAppException;
 import com.tarkvaraprojekt.mobileauthapp.auth.InvalidPINException;
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.engines.AESEngine;
 import org.bouncycastle.crypto.macs.CMac;
@ -204,7 +207,7 @@ public class Comms {
        // verify chip's MAC and return session keys
        MAC = getMAC(createAPDU(dataForMACIncomplete, publicKey.getEncoded(false), 65), keyMAC);
        if (!Hex.toHexString(response, 4, 8).equals(Hex.toHexString(MAC))) {
-            throw new RuntimeException("Could not verify chip's MAC."); // *Should* never happen.
+            throw new AuthAppException("Could not verify chip's MAC.", 448); // *Should* never happen.
        }
        return new byte[][]{keyEnc, keyMAC};
@ -315,7 +318,7 @@ public class Comms {
        // select and read the personal data elementary files
        for (byte index : lastBytes) {
-            if (index > 15 || index < 1) throw new RuntimeException("Invalid personal data FID.");
+            if (index > 15 || index < 1) throw new AuthAppException("Invalid personal data FID.", 500);
            FID[1] = index;
            // store the decrypted datum
@ -350,7 +353,7 @@ public class Comms {
            if (response[response.length - 2] == 0x69 && response[response.length - 1] == (byte) 0x83) {
                throw new AuthAppException("Invalid PIN. Authentication method blocked.", 446);
            } else {
-                throw new AuthAppException(String.format("Invalid PIN. Attempts left: %d.", response[response.length - 1] + 64), 401);
+                throw new InvalidPINException(response[response.length - 1] + 64);
            }
        }
    }
--- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/InvalidPINException.kt
+++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/InvalidPINException.kt
@ -0,0 +1,10 @@
 package com.tarkvaraprojekt.mobileauthapp.auth
 /**
 * An AuthAppException for when the user entered PIN is not correct
 * @see AuthAppException
 */
 class InvalidPINException(val remainingAttempts: Int) : AuthAppException(
        "Invalid PIN" + (if (remainingAttempts>0) "" else ". Authentication method blocked."),
        if (remainingAttempts>0) 401 else 446
 )
--- a/MobileAuthApp/app/src/main/res/values-en/strings.xml
+++ b/MobileAuthApp/app/src/main/res/values-en/strings.xml
@ -19,7 +19,7 @@
    <string name="nfc_not_available">NFC is not turned on or is not supported by the phone</string>
    <string name="nfc_reading_error">The provided CAN does not match the ID card</string>
    <string name="id_card_removed_early">ID card was removed too early</string>
-    <string name="wrong_pin">Wrong PIN 1. Tries on the card left %s</string>
+    <string name="wrong_pin">Wrong PIN 1. %s tries left on the card</string>
    <!-- string resources for HomeFragment -->
    <string name="pin_status_saved">PIN 1 saved</string>
@ -84,4 +84,13 @@
    <string name="menu_unavailable_message">Settings are currently unavailable</string>
    <string name="can_deleted">CAN deleted</string>
    <string name="pin_deleted">PIN 1 deleted</string>
    <string name="err_unknown">Unknown error</string>
    <string name="tag_lost">Connection between device and ID-card lost</string>
    <string name="err_reading_card">Failed to read data from the ID-card</string>
    <string name="err_internal">Internal error</string>
    <string name="err_bad_data">Read bad data from the ID-card, try using the card again</string>
    <string name="err_parameter">Required parameter is missing or invalid</string>
    <string name="err_authentication">Failed to authenticate</string>
    <string name="err_card_locked">Card locked</string>
 </resources>
--- a/MobileAuthApp/app/src/main/res/values-et/strings.xml
+++ b/MobileAuthApp/app/src/main/res/values-et/strings.xml
@ -18,7 +18,7 @@
    <string name="nfc_not_available">NFC ei ole sisse lülitatud või puudub telefonil NFC võimekus</string>
    <string name="nfc_reading_error">Sisestatud CAN ei ole vastavuses ID kaardiga</string>
    <string name="id_card_removed_early">ID kaart eemaldati liiga vara</string>
-    <string name="wrong_pin">Vale PIN 1. ID kaardil PIN 1 sisetamise kordi alles: %s</string>
+    <string name="wrong_pin">Vale PIN 1. ID kaardil PIN 1 sisetamise katseid järel: %s</string>
    <!-- string resources for HomeFragment -->
    <string name="pin_status_saved">PIN 1 on salvestatud</string>
@ -83,4 +83,13 @@
    <string name="menu_unavailable_message">Seaded pole hetkel saadaval</string>
    <string name="can_deleted">CAN kustatud</string>
    <string name="pin_deleted">PIN 1 kustatud</string>
    <string name="err_unknown">Tundmatu viga</string>
    <string name="tag_lost">Ühendus seadme ja kaardi vahel katkes</string>
    <string name="err_reading_card">Ei saanud ID-kaardilt andmeid lugeda</string>
    <string name="err_internal">Rakendusesisene viga</string>
    <string name="err_bad_data">ID-kaardilt loeti vigased andmed, proovi uuesti kaarti kasutada</string>
    <string name="err_parameter">Vigane või puuduv parameeter</string>
    <string name="err_authentication">Autentimine ebaõnnestus</string>
    <string name="err_card_locked">Kaart lukus</string>
 </resources>
--- a/MobileAuthApp/app/src/main/res/values/strings.xml
+++ b/MobileAuthApp/app/src/main/res/values/strings.xml
@ -17,7 +17,7 @@
    <string name="nfc_not_available">NFC is not turned on or is not supported by the phone</string>
    <string name="nfc_reading_error">The provided CAN does not match the ID card</string>
    <string name="id_card_removed_early">ID card was removed too early</string>
-    <string name="wrong_pin">Wrong PIN 1. Tries on the card left %s</string>
+    <string name="wrong_pin">Wrong PIN 1. %s tries left on the card</string>
    <!-- string resources for HomeFragment -->
    <string name="pin_status_saved">PIN 1 saved</string>
@ -82,4 +82,13 @@
    <string name="menu_unavailable_message">Settings are currently unavailable</string>
    <string name="can_deleted">CAN deleted</string>
    <string name="pin_deleted">PIN 1 deleted</string>
    <string name="err_unknown">Unknown error</string>
    <string name="tag_lost">Connection between device and ID-card lost</string>
    <string name="err_reading_card">Failed to read data from the ID-card</string>
    <string name="err_internal">Internal error</string>
    <string name="err_bad_data">Read bad data from the ID-card, try using the card again</string>
    <string name="err_parameter">Required parameter is missing or invalid</string>
    <string name="err_authentication">Failed to authenticate</string>
    <string name="err_card_locked">Card locked</string>
 </resources>