Merge pull request #551 from martenrebane/MOPPAND-1371

Remove pending signature with NFC
open-eid · Dec 16, 2024 · 6c11b3e · 6c11b3e
2 parents 7aa60b2 + f651365
commit 6c11b3e
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 13 deletions.
diff --git a/app/src/main/java/ee/ria/DigiDoc/android/signature/update/nfc/NFCOnSubscribe.java b/app/src/main/java/ee/ria/DigiDoc/android/signature/update/nfc/NFCOnSubscribe.java
@@ -150,7 +150,8 @@ private NFCResponse onTagDiscovered(NfcAdapter adapter, Tag tag) {
                 Timber.log(Log.ERROR, "Wrong NFC CAN number");
                 result = NFCResponse.createWithStatus(SessionStatusResponse.ProcessStatus.TECHNICAL_ERROR, navigator.activity().getString(R.string.signature_update_nfc_wrong_can));
             } else {
-                result = NFCResponse.createWithStatus(SessionStatusResponse.ProcessStatus.TECHNICAL_ERROR, exc.getMessage());
+                Timber.log(Log.ERROR, exc.getMessage());
+                result = NFCResponse.createWithStatus(SessionStatusResponse.ProcessStatus.TECHNICAL_ERROR, navigator.activity().getString(R.string.signature_update_mobile_id_error_general_client));
             }
         } finally {
             adapter.disableReaderMode(navigator.activity());

diff --git a/common-lib/src/main/java/ee/ria/DigiDoc/common/FileUtil.java b/common-lib/src/main/java/ee/ria/DigiDoc/common/FileUtil.java
@@ -15,7 +15,10 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
 import java.nio.charset.Charset;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -286,12 +289,22 @@ public static boolean isFileInZip(String zipFilePath, String fileNameToFind) thr
     }
 
     private static File getFile(ByteSource byteSource, String filePath) throws IOException {
-        byte[] bytes = byteSource.read();
-
         File file = new File(filePath);
-        com.google.common.io.Files.write(bytes, file);
 
-        return file;
+        try (InputStream in = byteSource.openStream();
+             OutputStream outStream = new FileOutputStream(file.getCanonicalPath())) {
+
+            byte[] buffer = new byte[16384];
+            int bytesRead;
+
+            while ((bytesRead = in.read(buffer)) != -1) {
+                outStream.write(buffer, 0, bytesRead);
+            }
+
+            return file;
+        } catch (OutOfMemoryError oomf) {
+            throw new IOException("Unable to get file. Out of memory", oomf);
+        }
     }
 
     public static void logMessage(Level level, String message) {

diff --git a/id-card-lib/src/main/java/ee/ria/DigiDoc/idcard/NFC.java b/id-card-lib/src/main/java/ee/ria/DigiDoc/idcard/NFC.java
@@ -1,6 +1,7 @@
 package ee.ria.DigiDoc.idcard;
 
 import android.content.Context;
+import android.nfc.TagLostException;
 import android.nfc.tech.IsoDep;
 import android.util.Log;
 
@@ -164,7 +165,7 @@ public static TLV decodeResult(String context, byte[] data, int... tags) throws
         }
     }
 
-    public NFC(IsoDep card, byte[] can) throws NFCException {
+    public NFC(IsoDep card, byte[] can) throws IOException, InvalidAlgorithmParameterException, NoSuchPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, BadPaddingException, InvalidKeyException {
         this.card = card;
         this.can = can;
         try {
@@ -173,6 +174,9 @@ public NFC(IsoDep card, byte[] can) throws NFCException {
             keyMAC = keys[1];
         } catch (Exception exc) {
             Timber.log(Log.ERROR, "NFC Error: %s", exc.getMessage());
+            if (exc instanceof TagLostException) {
+                throw exc;
+            }
             throw new NFCException(exc.getMessage());
         }
     }
@@ -184,7 +188,7 @@ public NFC(IsoDep card, byte[] can) throws NFCException {
     private static final byte[] CMD_READ_BINARY = Hex.decode("00B00000");
     private static final byte[] CMD_SIGN = Hex.decode("002A9E9A");
 
-    public byte[] calculateSignature(byte[] data) throws NoSuchPaddingException, BadPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
+    public byte[] calculateSignature(byte[] data) throws NFCException {
 
         Result r = communicateSecure(CMD_SIGN, data);
         Timber.log(Log.DEBUG, "SIGN:%x %s", r.code, Hex.toHexString(r.data));
@@ -202,7 +206,7 @@ private Result communicatePlain(byte[] cmd, byte[] data) throws IOException {
         return new Result(response);
     }
 
-    public Result communicateSecure(byte[] cmd, byte[] data) {
+    public Result communicateSecure(byte[] cmd, byte[] data) throws NFCException {
         byte [] response = null;
         try {
             byte[] APDU = createSecureAPDU(cmd[1], cmd[2], cmd[3], data);
@@ -237,10 +241,11 @@ public Result communicateSecure(byte[] cmd, byte[] data) {
             return new Result(code, response);
         } catch (RuntimeException e) {
             Timber.log(Log.ERROR, "Exception in app with NFC: %s", e.getMessage());
+            throw new NFCException(e.getMessage());
         } catch (Exception exc) {
             Timber.log(Log.ERROR, "NFC Error: %s", exc.getMessage());
+            throw new NFCException(exc.getMessage());
         }
-        return new Result(response);
     }
 
     public byte[] readCertificate() {

diff --git a/sign-lib/src/main/java/ee/ria/DigiDoc/sign/SignedContainer.java b/sign-lib/src/main/java/ee/ria/DigiDoc/sign/SignedContainer.java
@@ -210,6 +210,8 @@ public final SignedContainer addAdEsSignature(byte[] adEsSignature) throws Excep
     public final SignedContainer sign(Context context, ByteString certificate,
                                       Function<ByteString, ByteString> signFunction,
                                       @Nullable RoleData roleData) throws Exception {
+        ee.ria.libdigidocpp.Signature signature = null;
+
         try {
             Container container = container(file(), false);
 
@@ -223,7 +225,7 @@ public final SignedContainer sign(Context context, ByteString certificate,
                         roleData.getZip(), roleData.getCountry());
             }
 
-            ee.ria.libdigidocpp.Signature signature = container.prepareSignature(signer);
+            signature = container.prepareSignature(signer);
 
             if (signature != null) {
                 ByteString signatureData = signFunction.apply(ByteString.of(signature.dataToSign()));
@@ -234,6 +236,8 @@ public final SignedContainer sign(Context context, ByteString certificate,
             }
             throw new Exception("Empty signature value");
         } catch (Exception e) {
+            removePendingSignature(signature);
+
             if (e.getMessage() != null && e.getMessage().contains("Too Many Requests")) {
                 Timber.log(Log.ERROR, e, "Failed to sign with ID-card - Too Many Requests");
                 throw new TooManyRequestsException();
@@ -259,6 +263,17 @@ public final SignedContainer sign(Context context, ByteString certificate,
         }
     }
 
+    public final void removePendingSignature(ee.ria.libdigidocpp.Signature signature) throws Exception {
+        if (signature != null) {
+            Signature lastSignature = signature(signature, false);
+            boolean isLastSignatureValid = lastSignature.valid();
+
+            if (!isLastSignatureValid) {
+                removeSignature(lastSignature);
+            }
+        }
+    }
+
     public final SignedContainer removeSignature(Signature signature) throws Exception {
         Container container = container(file(), false);
         Signatures signatures = container.signatures();
@@ -421,9 +436,25 @@ private static Signature signature(ee.ria.libdigidocpp.Signature signature, bool
         String signersCertificateIssuer = "";
         X509Certificate signingCertificate = null;
 
-        byte[] encodedSigningCertificate = signature.signingCertificate().getEncoded();
-        byte[] encodedTimestampCertificate = signature.TimeStampCertificate().getEncoded();
-        byte[] encodedOcspCertificate = signature.OCSPCertificate().getEncoded();
+        byte[] encodedSigningCertificate = null;
+        byte[] encodedTimestampCertificate = null;
+        byte[] encodedOcspCertificate = null;
+
+        try {
+            encodedSigningCertificate = signature.signingCertificate().getEncoded();
+        } catch (Exception e) {
+            Timber.log(Log.ERROR, String.format("Signature %s does not have signingCertificate", id));
+        }
+        try {
+            encodedTimestampCertificate = signature.TimeStampCertificate().getEncoded();
+        } catch (Exception e) {
+            Timber.log(Log.ERROR, String.format("Signature %s does not have TimeStampCertificate", id));
+        }
+        try {
+            encodedOcspCertificate = signature.OCSPCertificate().getEncoded();
+        } catch (Exception e) {
+            Timber.log(Log.ERROR, String.format("Signature %s does not have OCSPCertificate", id));
+        }
 
         if (x509Certificate(encodedSigningCertificate) != null) {
             signersCertificateIssuer = getX509CertificateIssuer(x509Certificate(encodedSigningCertificate));