NFC-83 Unify handlePin1SmartCardReaderException and handlePin2SmartCardReaderException. Improve one left viewModelScope.launch. Fix signatureAlgorithm structure.

Author: SanderKondratjevNortal

app/src/main/kotlin/ee/ria/DigiDoc/viewmodel/NFCViewModel.kt

@@ -27,7 +27,6 @@ import android.content.pm.ActivityInfo
 import androidx.lifecycle.LiveData
 import androidx.lifecycle.MutableLiveData
 import androidx.lifecycle.ViewModel
-import androidx.lifecycle.viewModelScope
 import com.google.common.collect.ImmutableMap
 import dagger.hilt.android.lifecycle.HiltViewModel
 import ee.ria.DigiDoc.R
@@ -59,7 +58,6 @@ import ee.ria.DigiDoc.utilsLib.logging.LoggingUtil.Companion.debugLog
 import ee.ria.DigiDoc.utilsLib.logging.LoggingUtil.Companion.errorLog
 import ee.ria.libdigidocpp.ExternalSigner
 import kotlinx.coroutines.Dispatchers.Main
-import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.withContext
 import org.bouncycastle.util.encoders.Hex
@@ -279,7 +277,7 @@ class NFCViewModel
                                 _signStatus.postValue(true)
                                 _signedContainer.postValue(container)
                             } catch (ex: SmartCardReaderException) {
-                                handlePin2SmartCardReaderException(ex, pinType)
+                                handleSmartCardReaderException(ex, CodeType.PIN2, pinType)
                             } catch (ex: Exception) {
                                 _signStatus.postValue(false)
                                 _shouldResetPIN.postValue(true)
@@ -367,7 +365,7 @@ class NFCViewModel
                                 _cryptoContainer.postValue(decryptedContainer)
                             } catch (ex: SmartCardReaderException) {
                                 _decryptStatus.postValue(false)
-                                handlePin1SmartCardReaderException(ex, pinType)
+                                handleSmartCardReaderException(ex, CodeType.PIN1, pinType)
                             } catch (ex: Exception) {
                                 _decryptStatus.postValue(false)
                                 _shouldResetPIN.postValue(true)
@@ -419,9 +417,7 @@ class NFCViewModel
             checkNFCStatus(
                 nfcSmartCardReaderManager.startDiscovery(activity) { nfcReader, exc ->
                     if ((nfcReader != null) && (exc == null)) {
-                        viewModelScope.launch {
-                            _message.postValue(R.string.signature_update_nfc_detected)
-                        }
+                        _message.postValue(R.string.signature_update_nfc_detected)
                         try {
                             val card = TokenWithPace.create(nfcReader)
                             card.tunnel(canNumber)
@@ -510,7 +506,7 @@ class NFCViewModel
                             _shouldResetPIN.postValue(true)
                             _webEidAuthResult.postValue(Triple(authCert, signingCert, signatureArray))
                         } catch (ex: SmartCardReaderException) {
-                            handlePin1SmartCardReaderException(ex, pinType)
+                            handleSmartCardReaderException(ex, CodeType.PIN1, pinType)
                         } catch (ex: Exception) {
                             _shouldResetPIN.postValue(true)
 
@@ -637,7 +633,7 @@ class NFCViewModel
                                 Triple(signerCertB64, signatureArray, responseUri),
                             )
                         } catch (ex: SmartCardReaderException) {
-                            handlePin2SmartCardReaderException(ex, pinType)
+                            handleSmartCardReaderException(ex, CodeType.PIN2, pinType)
                         } catch (ex: Exception) {
                             _signStatus.postValue(false)
                             _shouldResetPIN.postValue(true)
@@ -735,118 +731,59 @@ class NFCViewModel
             errorLog(logTag, "Unable to perform with NFC: ${e.message}", e)
         }
 
-        private fun handlePin1SmartCardReaderException(
+        private fun handleSmartCardReaderException(
             ex: SmartCardReaderException,
+            codeType: CodeType,
             pinType: String,
         ) {
-            if (ex.message?.contains("TagLostException") == true) {
-                _errorState.postValue(Triple(R.string.signature_update_nfc_tag_lost, null, null))
-            } else if (ex.message?.contains("PIN1 verification failed") == true &&
-                ex.message?.contains("Retries left: 2") == true
-            ) {
-                _shouldResetPIN.postValue(true)
-                _errorState.postValue(
-                    Triple(
-                        R.string.id_card_sign_pin_invalid,
-                        pinType,
-                        2,
-                    ),
-                )
-            } else if (ex.message?.contains("PIN1 verification failed") == true &&
-                ex.message?.contains("Retries left: 1") == true
-            ) {
-                _shouldResetPIN.postValue(true)
-                _errorState.postValue(
-                    Triple(
-                        R.string.id_card_sign_pin_invalid_final,
-                        pinType,
-                        null,
-                    ),
-                )
-            } else if (ex.message?.contains("PIN1 verification failed") == true &&
-                ex.message?.contains("Retries left: 0") == true
-            ) {
-                _shouldResetPIN.postValue(true)
-                _errorState.postValue(
-                    Triple(
-                        R.string.id_card_sign_pin_locked,
-                        pinType,
-                        null,
-                    ),
-                )
-            } else if (ex is ApduResponseException) {
-                _errorState.postValue(
-                    Triple(R.string.signature_update_nfc_technical_error, null, null),
-                )
-            } else if (ex is PaceTunnelException) {
-                _errorState.postValue(
-                    Triple(R.string.signature_update_nfc_wrong_can, null, null),
-                )
-            } else {
-                showTechnicalError(ex)
+            val pinName = codeType.name
+            val isSigning = codeType == CodeType.PIN2
+
+            if (isSigning) {
+                _signStatus.postValue(false)
             }
 
-            errorLog(logTag, "Exception: " + ex.message, ex)
-        }
+            when {
+                ex.message?.contains("TagLostException") == true -> {
+                    _errorState.postValue(Triple(R.string.signature_update_nfc_tag_lost, null, null))
+                }
 
-        private fun handlePin2SmartCardReaderException(
-            ex: SmartCardReaderException,
-            pinType: String,
-        ) {
-            _signStatus.postValue(false)
-
-            if (ex.message?.contains("TagLostException") == true) {
-                _errorState.postValue(
-                    Triple(
-                        R.string.signature_update_nfc_tag_lost,
-                        null,
-                        null,
-                    ),
-                )
-            } else if (ex.message?.contains("PIN2 has not been changed") == true) {
-                _dialogError.postValue(R.string.sign_blocked_pin2_unchanged_message)
-            } else if (ex.message?.contains("PIN2 verification failed") == true &&
-                ex.message?.contains("Retries left: 2") == true
-            ) {
-                _shouldResetPIN.postValue(true)
-                _errorState.postValue(
-                    Triple(
-                        R.string.id_card_sign_pin_invalid,
-                        pinType,
-                        2,
-                    ),
-                )
-            } else if (ex.message?.contains("PIN2 verification failed") == true &&
-                ex.message?.contains("Retries left: 1") == true
-            ) {
-                _shouldResetPIN.postValue(true)
-                _errorState.postValue(
-                    Triple(
-                        R.string.id_card_sign_pin_invalid_final,
-                        pinType,
-                        null,
-                    ),
-                )
-            } else if (ex.message?.contains("PIN2 verification failed") == true &&
-                ex.message?.contains("Retries left: 0") == true
-            ) {
-                _shouldResetPIN.postValue(true)
-                _errorState.postValue(
-                    Triple(R.string.id_card_sign_pin_locked, pinType, null),
-                )
-            } else if (ex is ApduResponseException) {
-                _errorState.postValue(
-                    Triple(R.string.signature_update_nfc_technical_error, null, null),
-                )
-            } else if (ex is PaceTunnelException) {
-                _errorState.postValue(
-                    Triple(R.string.signature_update_nfc_wrong_can, null, null),
-                )
-            } else {
-                showTechnicalError(ex)
+                isSigning && ex.message?.contains("PIN2 has not been changed") == true -> {
+                    _dialogError.postValue(R.string.sign_blocked_pin2_unchanged_message)
+                }
+
+                ex.message?.contains("$pinName verification failed") == true &&
+                    ex.message?.contains("Retries left: 2") == true -> {
+                    _shouldResetPIN.postValue(true)
+                    _errorState.postValue(Triple(R.string.id_card_sign_pin_invalid, pinType, 2))
+                }
+
+                ex.message?.contains("$pinName verification failed") == true &&
+                    ex.message?.contains("Retries left: 1") == true -> {
+                    _shouldResetPIN.postValue(true)
+                    _errorState.postValue(Triple(R.string.id_card_sign_pin_invalid_final, pinType, null))
+                }
+
+                ex.message?.contains("$pinName verification failed") == true &&
+                    ex.message?.contains("Retries left: 0") == true -> {
+                    _shouldResetPIN.postValue(true)
+                    _errorState.postValue(Triple(R.string.id_card_sign_pin_locked, pinType, null))
+                }
+
+                ex is ApduResponseException -> {
+                    _errorState.postValue(Triple(R.string.signature_update_nfc_technical_error, null, null))
+                }
+
+                ex is PaceTunnelException -> {
+                    _errorState.postValue(Triple(R.string.signature_update_nfc_wrong_can, null, null))
+                }
+
+                else -> {
+                    showTechnicalError(ex)
+                }
             }
 
-            errorLog(logTag, "Exception: " + ex.message, ex)
+            errorLog(logTag, "Exception: ${ex.message}", ex)
         }
 
         private fun handleGeneralException(ex: Exception): Boolean {

web-eid-lib/src/androidTest/java/ee/ria/DigiDoc/webEid/WebEidSignServiceTest.kt

@@ -96,8 +96,11 @@ class WebEidSignServiceTest {
         val expectedSignature = Base64.getEncoder().encodeToString(signatureBytes)
         assertEquals(expectedSignature, result.getString("signature"))
 
-        val algorithm = result.getString("signatureAlgorithm")
-        assertTrue(algorithm.startsWith("ES"))
+        val signatureAlgorithm = result.getJSONObject("signatureAlgorithm")
+
+        assertEquals("ECC", signatureAlgorithm.getString("cryptoAlgorithm"))
+        assertEquals("NONE", signatureAlgorithm.getString("paddingScheme"))
+        assertTrue(signatureAlgorithm.getString("hashFunction").startsWith("SHA-"))
     }
 
     @Test

web-eid-lib/src/androidTest/java/ee/ria/DigiDoc/webEid/utils/WebEidAlgorithmUtilTest.kt

@@ -113,4 +113,42 @@ class WebEidAlgorithmUtilTest {
             }
         assertTrue(exception.message!!.contains("Unsupported key type"))
     }
+
+    @Test
+    fun buildSignatureAlgorithm_ec256_returnsCorrectAlgorithmObject() {
+        val result =
+            WebEidAlgorithmUtil.buildSignatureAlgorithm(ecPublicKey256)
+
+        assertEquals("ECC", result.getString("cryptoAlgorithm"))
+        assertEquals("SHA-256", result.getString("hashFunction"))
+        assertEquals("NONE", result.getString("paddingScheme"))
+    }
+
+    @Test
+    fun buildSignatureAlgorithm_ec384_returnsCorrectAlgorithmObject() {
+        val result =
+            WebEidAlgorithmUtil.buildSignatureAlgorithm(ecPublicKey384)
+
+        assertEquals("ECC", result.getString("cryptoAlgorithm"))
+        assertEquals("SHA-384", result.getString("hashFunction"))
+        assertEquals("NONE", result.getString("paddingScheme"))
+    }
+
+    @Test
+    fun buildSignatureAlgorithm_unsupportedKeyType_throwsException() {
+        val rsaKey =
+            KeyPairGenerator
+                .getInstance("RSA")
+                .apply {
+                    initialize(2048)
+                }.generateKeyPair()
+                .public
+
+        val exception =
+            assertThrows(IllegalArgumentException::class.java) {
+                WebEidAlgorithmUtil.buildSignatureAlgorithm(rsaKey)
+            }
+
+        assertTrue(exception.message!!.contains("Unsupported key type"))
+    }
 }

web-eid-lib/src/main/java/ee/ria/DigiDoc/webEid/WebEidSignServiceImpl.kt

@@ -21,8 +21,8 @@
 
 package ee.ria.DigiDoc.webEid
 
+import ee.ria.DigiDoc.webEid.utils.WebEidAlgorithmUtil.buildSignatureAlgorithm
 import ee.ria.DigiDoc.webEid.utils.WebEidAlgorithmUtil.buildSupportedSignatureAlgorithms
-import ee.ria.DigiDoc.webEid.utils.WebEidAlgorithmUtil.getAlgorithm
 import org.json.JSONObject
 import java.security.cert.CertificateFactory
 import java.security.cert.X509Certificate
@@ -59,11 +59,11 @@ class WebEidSignServiceImpl
                     .generateCertificate(certBytes.inputStream()) as X509Certificate
 
             val publicKey = cert.publicKey
-            val algorithm = getAlgorithm(publicKey)
+            val signatureAlgorithm = buildSignatureAlgorithm(publicKey)
 
             return JSONObject().apply {
                 put("signature", Base64.getEncoder().encodeToString(signature))
-                put("signatureAlgorithm", algorithm)
+                put("signatureAlgorithm", signatureAlgorithm)
             }
         }
     }

web-eid-lib/src/main/java/ee/ria/DigiDoc/webEid/utils/WebEidAlgorithmUtil.kt

@@ -59,16 +59,32 @@ object WebEidAlgorithmUtil {
         }
 
     fun getAlgorithm(publicKey: PublicKey): String =
-        when (publicKey) {
-            is ECPublicKey -> {
-                when (publicKey.params.curve.field.fieldSize) {
-                    256 -> "ES256"
-                    384 -> "ES384"
-                    521 -> "ES512"
-                    else -> throw IllegalArgumentException("Unsupported EC key length")
-                }
+        when (getEcKeySize(publicKey)) {
+            256 -> "ES256"
+            384 -> "ES384"
+            521 -> "ES512"
+            else -> throw IllegalArgumentException("Unsupported EC key length")
+        }
+
+    fun buildSignatureAlgorithm(publicKey: PublicKey): JSONObject {
+        val hashFunction =
+            when (getEcKeySize(publicKey)) {
+                256 -> "SHA-256"
+                384 -> "SHA-384"
+                521 -> "SHA-512"
+                else -> throw IllegalArgumentException("Unsupported EC key length")
             }
 
+        return JSONObject().apply {
+            put("cryptoAlgorithm", "ECC")
+            put("hashFunction", hashFunction)
+            put("paddingScheme", "NONE")
+        }
+    }
+
+    private fun getEcKeySize(publicKey: PublicKey): Int =
+        when (publicKey) {
+            is ECPublicKey -> publicKey.params.curve.field.fieldSize
             else -> throw IllegalArgumentException("Unsupported key type")
         }
 }