diff options
| author | Harald Welte <laforge@osmocom.org> | 2022-07-23 14:07:00 +0200 |
|---|---|---|
| committer | Harald Welte <laforge@osmocom.org> | 2022-07-23 14:07:00 +0200 |
| commit | 04897d5f255d092a36d414a189dc2eb92145aef5 (patch) | |
| tree | 11ce64abcf01007b9666cf187b8cdaf7a7554fa3 | |
| parent | 3f3b45a27b5b2f4b8913ab5308da33c41bc3531e (diff) | |
sim-rest-server: Report meaningful error message if PIN is blocked
Instead of a cryptic backtrace, we now return a meaningful error like this:
{"error": {"message": "Security Status not satisfied - Card PIN enabled?", "status_word": "6982"}
Change-Id: I6dafd37dfd9fa3d52ca2c2e5ec37a6d274ba651b
Closes: OS#5606
| -rwxr-xr-x | contrib/sim-rest-server.py | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/contrib/sim-rest-server.py b/contrib/sim-rest-server.py index 62498b4..f2ed63e 100755 --- a/contrib/sim-rest-server.py +++ b/contrib/sim-rest-server.py @@ -2,7 +2,7 @@ # RESTful HTTP service for performing authentication against USIM cards # -# (C) 2021 by Harald Welte <laforge@osmocom.org> +# (C) 2021-2022 by Harald Welte <laforge@osmocom.org> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -51,11 +51,15 @@ def connect_to_card(slot_nr:int): return tp, scc, card class ApiError: - def __init__(self, msg:str): + def __init__(self, msg:str, sw=None): self.msg = msg + self.sw = sw def __str__(self): - return json.dumps({'error': {'message':self.msg}}) + d = {'error': {'message':self.msg}} + if self.sw: + d['error']['status_word'] = self.sw + return json.dumps(d) def set_headers(request): @@ -80,13 +84,19 @@ class SimRestServer: def protocol_error(self, request, failure): set_headers(request) request.setResponseCode(500) - return str(ApiError("Protocol Error")) + return str(ApiError("Protocol Error: %s" % failure.value)) @app.handle_errors(SwMatchError) def sw_match_error(self, request, failure): set_headers(request) request.setResponseCode(500) - return str(ApiError("Card Communication Error %s" % failure)) + sw = failure.value.sw_actual + if sw == '9862': + return str(ApiError("Card Authentication Error - Incorrect MAC", sw)) + elif sw == '6982': + return str(ApiError("Security Status not satisfied - Card PIN enabled?", sw)) + else: + return str(ApiError("Card Communication Error %s" % failure.value), sw) @app.route('/sim-auth-api/v1/slot/<int:slot>') |