Change in pysim[master]: sim-rest-server: Report meaningful error message if PIN is blocked

Sat, 23 Jul 2022 05:29:08 -0700 

laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/28747 
)

Change subject: sim-rest-server: Report meaningful error message if PIN is 
blocked
......................................................................

sim-rest-server: Report meaningful error message if PIN is blocked

Instead of a cryptic backtrace, we now return a meaningful error like this:

{"error": {"message": "Security Status not satisfied - Card PIN enabled?", 
"status_word": "6982"}

Change-Id: I6dafd37dfd9fa3d52ca2c2e5ec37a6d274ba651b
Closes: OS#5606
---
M contrib/sim-rest-server.py
1 file changed, 15 insertions(+), 5 deletions(-)

Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, approved; Verified



diff --git a/contrib/sim-rest-server.py b/contrib/sim-rest-server.py
index 62498b4..f2ed63e 100755
--- a/contrib/sim-rest-server.py
+++ b/contrib/sim-rest-server.py
@@ -2,7 +2,7 @@

 # RESTful HTTP service for performing authentication against USIM cards
 #
-# (C) 2021 by Harald Welte <[email protected]>
+# (C) 2021-2022 by Harald Welte <[email protected]>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -51,11 +51,15 @@
     return tp, scc, card

 class ApiError:
-    def __init__(self, msg:str):
+    def __init__(self, msg:str, sw=None):
         self.msg = msg
+        self.sw = sw

     def __str__(self):
-        return json.dumps({'error': {'message':self.msg}})
+        d = {'error': {'message':self.msg}}
+        if self.sw:
+            d['error']['status_word'] = self.sw
+        return json.dumps(d)


 def set_headers(request):
@@ -80,13 +84,19 @@
     def protocol_error(self, request, failure):
         set_headers(request)
         request.setResponseCode(500)
-        return str(ApiError("Protocol Error"))
+        return str(ApiError("Protocol Error: %s" % failure.value))

     @app.handle_errors(SwMatchError)
     def sw_match_error(self, request, failure):
         set_headers(request)
         request.setResponseCode(500)
-        return str(ApiError("Card Communication Error %s" % failure))
+        sw = failure.value.sw_actual
+        if sw == '9862':
+            return str(ApiError("Card Authentication Error - Incorrect MAC", 
sw))
+        elif sw == '6982':
+            return str(ApiError("Security Status not satisfied - Card PIN 
enabled?", sw))
+        else:
+            return str(ApiError("Card Communication Error %s" % 
failure.value), sw)


     @app.route('/sim-auth-api/v1/slot/<int:slot>')

--
To view, visit https://gerrit.osmocom.org/c/pysim/+/28747
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: I6dafd37dfd9fa3d52ca2c2e5ec37a6d274ba651b
Gerrit-Change-Number: 28747
Gerrit-PatchSet: 1
Gerrit-Owner: laforge <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <[email protected]>
Gerrit-MessageType: merged

Reply via email to