sim-rest-server: Report meaningful error message if PIN is blocked

Instead of a cryptic backtrace, we now return a meaningful error like this:

{"error": {"message": "Security Status not satisfied - Card PIN enabled?", "status_word": "6982"}

Change-Id: I6dafd37dfd9fa3d52ca2c2e5ec37a6d274ba651b
Closes: OS#5606
This commit is contained in:
Harald Welte 2022-07-23 14:07:00 +02:00
parent 3f3b45a27b
commit 04897d5f25
1 changed files with 15 additions and 5 deletions

View File

@ -2,7 +2,7 @@
# RESTful HTTP service for performing authentication against USIM cards # RESTful HTTP service for performing authentication against USIM cards
# #
# (C) 2021 by Harald Welte <laforge@osmocom.org> # (C) 2021-2022 by Harald Welte <laforge@osmocom.org>
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -51,11 +51,15 @@ def connect_to_card(slot_nr:int):
return tp, scc, card return tp, scc, card
class ApiError: class ApiError:
def __init__(self, msg:str): def __init__(self, msg:str, sw=None):
self.msg = msg self.msg = msg
self.sw = sw
def __str__(self): def __str__(self):
return json.dumps({'error': {'message':self.msg}}) d = {'error': {'message':self.msg}}
if self.sw:
d['error']['status_word'] = self.sw
return json.dumps(d)
def set_headers(request): def set_headers(request):
@ -80,13 +84,19 @@ class SimRestServer:
def protocol_error(self, request, failure): def protocol_error(self, request, failure):
set_headers(request) set_headers(request)
request.setResponseCode(500) request.setResponseCode(500)
return str(ApiError("Protocol Error")) return str(ApiError("Protocol Error: %s" % failure.value))
@app.handle_errors(SwMatchError) @app.handle_errors(SwMatchError)
def sw_match_error(self, request, failure): def sw_match_error(self, request, failure):
set_headers(request) set_headers(request)
request.setResponseCode(500) request.setResponseCode(500)
return str(ApiError("Card Communication Error %s" % failure)) sw = failure.value.sw_actual
if sw == '9862':
return str(ApiError("Card Authentication Error - Incorrect MAC", sw))
elif sw == '6982':
return str(ApiError("Security Status not satisfied - Card PIN enabled?", sw))
else:
return str(ApiError("Card Communication Error %s" % failure.value), sw)
@app.route('/sim-auth-api/v1/slot/<int:slot>') @app.route('/sim-auth-api/v1/slot/<int:slot>')