Better exceptions

martinpaljak · Jan 27, 2016 · 04f2c24 · 04f2c24
1 parent fbfafe9
commit 04f2c24
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 21 deletions.
diff --git a/src/org/esteid/EstEID.java b/src/org/esteid/EstEID.java
@@ -206,14 +206,11 @@ public static EstEID getInstance(CardChannel c) {
 	public static EstEID start(CardChannel c) throws CardException {
 		// FIXME: Try to select AID first
 		ResponseAPDU resp = c.transmit(select_apdu(FID_3F00));
-		if (resp.getSW() == 0x9000) {
-			return getInstance(c);
-		} else if (resp.getSW() == 0x6A83 || resp.getSW() == 0x6D00) {
-			// locked up DigiID MICARDO.
-			throw new EstEIDException("Locked up Digi-ID detected, must reset card before use");
-		} else {
-			throw new EstEIDException(resp.getSW());
+		if (resp.getSW() == 0x6A83 || resp.getSW() == 0x6D00) {
+			EstEIDException.check(resp, "Locked up Digi-ID detected, must reset card before use");
 		}
+		EstEIDException.check(resp);
+		return getInstance(c);
 	}
 
 	public static CardType identify(CardTerminal t) throws CardException {
@@ -467,24 +464,20 @@ public ResponseAPDU transmit(CommandAPDU cmd) throws CardException {
 		return channel.transmit(cmd);
 	}
 	public ResponseAPDU check(CommandAPDU cmd) throws CardException {
-		return check(transmit(cmd));
+		return EstEIDException.check(transmit(cmd));
 	}
-	public static ResponseAPDU check(ResponseAPDU resp) throws EstEIDException {
-		if (resp.getSW() != 0x9000) {
-			throw new EstEIDException(resp.getSW());
-		}
-		return resp;
+	private static ResponseAPDU check(ResponseAPDU r) throws EstEIDException {
+		return EstEIDException.check(r);
 	}
 
 	// Exceptions
 	@SuppressWarnings("serial")
 	public static class EstEIDException extends CardException {
 		private int sw;
-		public EstEIDException(int sw) {
-			super("Card returned: 0x" + Integer.toHexString(sw).toUpperCase());
+		private EstEIDException(int sw, String message) {
+			super(message + ": 0x" + Integer.toHexString(sw).toUpperCase());
 			this.sw = sw;
 		}
-
 		public EstEIDException(String msg) {
 			super(msg);
 			this.sw = 0x0000;
@@ -493,10 +486,18 @@ public EstEIDException(String msg, Throwable reason) {
 			super(msg, reason);
 			this.sw = 0x0000;
 		}
-
 		public int getSW() {
 			return sw;
 		}
+		public static ResponseAPDU check(ResponseAPDU r) throws EstEIDException {
+			return check(r, "Unexpected response");
+		}
+		public static ResponseAPDU check(ResponseAPDU r, String message) throws EstEIDException {
+			if (r.getSW() != 0x9000) {
+				throw new EstEIDException(r.getSW(), message);
+			}
+			return r;
+		}
 	}
 
 	@SuppressWarnings("serial")

diff --git a/src/org/esteid/hacker/SecureChannel.java b/src/org/esteid/hacker/SecureChannel.java
@@ -21,6 +21,7 @@
  */
 package org.esteid.hacker;
 
+import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -52,7 +53,7 @@ public final class SecureChannel {
 	private static IvParameterSpec nulliv = new IvParameterSpec(new byte[8]);
 
 	// the session keys, in a handy package
-	private class SessionState {
+	public class SessionState {
 		boolean authenticated = false;
 		public byte[] SK1, SK2, SSC; // FIXME: too broad access 
 		@Override
@@ -77,7 +78,7 @@ private SecureChannel(CardChannel channel) {
 		this.channel = channel;
 	}
 
-	public SecureChannel getInstance(CardChannel c) {
+	public static SecureChannel getInstance(CardChannel c) {
 		return new SecureChannel(c);
 	}
 
@@ -250,7 +251,7 @@ private static CommandAPDU wrap(SessionState state, CommandAPDU apdu) throws Sec
 		} catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
 			// Must be configured properly
 			throw new RuntimeException("BC not correctly configured?", e);
-		} catch (InvalidKeyException | InvalidAlgorithmParameterException |IllegalBlockSizeException | BadPaddingException e) {
+		} catch (GeneralSecurityException e) {
 			// Generic crypto exception, must be logged
 			throw new SecureChannelException("Failed to wrap APDU", e);
 		} 
@@ -318,7 +319,7 @@ private static ResponseAPDU unwrap(SessionState state, ResponseAPDU apdu) throws
 		} catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
 			// Must be configured properly
 			throw new RuntimeException("BC not correctly configured?", e);
-		} catch (InvalidKeyException | InvalidAlgorithmParameterException |IllegalBlockSizeException | BadPaddingException e) {
+		} catch (GeneralSecurityException e) {
 			// Generic crypto exception, must be logged
 			throw new SecureChannelException("Failed to unwrap APDU", e);
 		}