From 04897d5f255d092a36d414a189dc2eb92145aef5 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@osmocom.org>
Date: Sat, 23 Jul 2022 14:07:00 +0200
Subject: [PATCH] sim-rest-server: Report meaningful error message if PIN is
 blocked

Instead of a cryptic backtrace, we now return a meaningful error like this:

{"error": {"message": "Security Status not satisfied - Card PIN enabled?", "status_word": "6982"}

Change-Id: I6dafd37dfd9fa3d52ca2c2e5ec37a6d274ba651b
Closes: OS#5606
---
 contrib/sim-rest-server.py | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/contrib/sim-rest-server.py b/contrib/sim-rest-server.py
index 62498b45..f2ed63e1 100755
--- a/contrib/sim-rest-server.py
+++ b/contrib/sim-rest-server.py
@@ -2,7 +2,7 @@
 
 # RESTful HTTP service for performing authentication against USIM cards
 #
-# (C) 2021 by Harald Welte <laforge@osmocom.org>
+# (C) 2021-2022 by Harald Welte <laforge@osmocom.org>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -51,11 +51,15 @@ def connect_to_card(slot_nr:int):
     return tp, scc, card
 
 class ApiError:
-    def __init__(self, msg:str):
+    def __init__(self, msg:str, sw=None):
         self.msg = msg
+        self.sw = sw
 
     def __str__(self):
-        return json.dumps({'error': {'message':self.msg}})
+        d = {'error': {'message':self.msg}}
+        if self.sw:
+            d['error']['status_word'] = self.sw
+        return json.dumps(d)
 
 
 def set_headers(request):
@@ -80,13 +84,19 @@ class SimRestServer:
     def protocol_error(self, request, failure):
         set_headers(request)
         request.setResponseCode(500)
-        return str(ApiError("Protocol Error"))
+        return str(ApiError("Protocol Error: %s" % failure.value))
 
     @app.handle_errors(SwMatchError)
     def sw_match_error(self, request, failure):
         set_headers(request)
         request.setResponseCode(500)
-        return str(ApiError("Card Communication Error %s" % failure))
+        sw = failure.value.sw_actual
+        if sw == '9862':
+            return str(ApiError("Card Authentication Error - Incorrect MAC", sw))
+        elif sw == '6982':
+            return str(ApiError("Security Status not satisfied - Card PIN enabled?", sw))
+        else:
+            return str(ApiError("Card Communication Error %s" % failure.value), sw)
 
 
     @app.route('/sim-auth-api/v1/slot/<int:slot>')