update the latest source
[platform/core/connectivity/smartcard-service.git] / common / AccessCondition.cpp
1 /*
2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17
18 /* standard library header */
19 #include <stdio.h>
20
21 /* SLP library header */
22
23 /* local header */
24 #include "Debug.h"
25 #include "SimpleTLV.h"
26 #include "AccessCondition.h"
27
28 namespace smartcard_service_api
29 {
30         void APDUAccessRule::loadAPDUAccessRule(const ByteArray &data)
31         {
32                 SimpleTLV tlv(data);
33
34                 if (tlv.decodeTLV() == true)
35                 {
36                         switch (tlv.getTag())
37                         {
38                         case 0xA0 : /* CHOICE 0 : APDUPermission */
39                                 permission = SimpleTLV::getBoolean(tlv.getValue());
40                                 break;
41
42                         case 0xA1 : /* CHOICE 1 : APDUFilters */
43                                 tlv.enterToValueTLV();
44                                 while (tlv.decodeTLV() == true)
45                                 {
46                                         if (tlv.getTag() == 0x04) /* OCTET STRING */
47                                         {
48                                                 ByteArray apdu, mask, value;
49
50                                                 value = tlv.getValue();
51
52                                                 SCARD_DEBUG("APDU rule : %s", value.toString());
53
54                                                 if (value.getLength() == 8) /* apdu 4 bytes + mask 4 bytes */
55                                                 {
56                                                         apdu.setBuffer(value.getBuffer(), 4);
57                                                         mask.setBuffer(value.getBuffer(4), 4);
58
59                                                         pair<ByteArray, ByteArray> newItem(apdu, mask);
60
61                                                         mapApduFilters.insert(newItem);
62                                                 }
63                                                 else
64                                                 {
65                                                         SCARD_DEBUG_ERR("Invalid APDU rule : %s", value.toString());
66                                                 }
67                                         }
68                                         else
69                                         {
70                                                 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
71                                         }
72                                 }
73                                 tlv.returnToParentTLV();
74                                 break;
75
76                         default :
77                                 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
78                                 break;
79                         }
80                 }
81         }
82
83         bool APDUAccessRule::isAuthorizedAccess(const ByteArray &command)
84         {
85                 bool result = false;
86
87                 if (mapApduFilters.size() > 0)
88                 {
89                         /* TODO : search command and check validity */
90                 }
91                 else
92                 {
93                         /* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
94                         result = permission;
95                 }
96
97                 return result;
98         }
99
100         void APDUAccessRule::printAPDUAccessRules()
101         {
102                 SCARD_DEBUG("  +-- APDU Access Rule");
103
104                 if (mapApduFilters.size() > 0)
105                 {
106                         map<ByteArray, ByteArray>::iterator iterMap;
107
108                         for (iterMap = mapApduFilters.begin(); iterMap != mapApduFilters.end(); iterMap++)
109                         {
110                                 SCARD_DEBUG("  +--- APDU : %s, Mask : %s", ((ByteArray)(iterMap->first)).toString(), iterMap->second.toString());
111                         }
112                 }
113                 else
114                 {
115                         SCARD_DEBUG("  +--- permission : %s", permission ? "granted all" : "denied all");
116                 }
117         }
118
119         void NFCAccessRule::loadNFCAccessRule(const ByteArray &data)
120         {
121                 permission = SimpleTLV::getBoolean(data);
122         }
123
124         bool NFCAccessRule::isAuthorizedAccess(void)
125         {
126                 bool result = false;
127
128                 result = permission;
129
130                 return result;
131         }
132
133         void NFCAccessRule::printNFCAccessRules()
134         {
135                 SCARD_DEBUG("   +-- NFC Access Rule");
136                 SCARD_DEBUG("   +--- permission : %s", permission ? "granted all" : "denied all");
137         }
138
139         void AccessCondition::loadAccessCondition(ByteArray &aid, ByteArray &data)
140         {
141                 if (data.getLength() > 0)
142                 {
143                         SimpleTLV tlv(data);
144
145                         while (tlv.decodeTLV() == true && tlv.getTag() == 0x30) /* SEQUENCE */
146                         {
147                                 if (tlv.getLength() > 0)
148                                 {
149                                         /* access granted for specific applications */
150                                         tlv.enterToValueTLV();
151                                         if (tlv.decodeTLV())
152                                         {
153                                                 switch (tlv.getTag())
154                                                 {
155                                                 case 0x04 : /* OCTET STRING : CertHash */
156                                                         SCARD_DEBUG("aid : %s, hash : %s", aid.toString(), tlv.getValue().toString());
157
158                                                         hashes.push_back(tlv.getValue());
159                                                         break;
160
161                                                 case 0xA0 : /* CHOICE 0 : AccessRules */
162                                                         tlv.enterToValueTLV();
163                                                         if (tlv.decodeTLV())
164                                                         {
165                                                                 switch (tlv.getTag())
166                                                                 {
167                                                                 case 0xA0 : /* CHOICE 0 : APDUAccessRule */
168                                                                         apduRule.loadAPDUAccessRule(tlv.getValue());
169                                                                         break;
170
171                                                                 case 0xA1 : /* CHOICE 1 : NFCAccessRule */
172                                                                         nfcRule.loadNFCAccessRule(tlv.getValue());
173                                                                         break;
174
175                                                                 default :
176                                                                         SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
177                                                                         break;
178                                                                 }
179                                                         }
180                                                         else
181                                                         {
182                                                                 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
183                                                         }
184                                                         tlv.returnToParentTLV();
185                                                         break;
186
187                                                 default :
188                                                         SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
189                                                         break;
190                                                 }
191                                         }
192                                         else
193                                         {
194                                                 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
195                                         }
196                                         tlv.returnToParentTLV();
197                                 }
198                                 else
199                                 {
200                                         SCARD_DEBUG("access granted for all applications, aid : %s", aid.toString());
201
202                                         permission = true;
203                                         break;
204                                 }
205                         }
206                 }
207                 else
208                 {
209                         SCARD_DEBUG("access denied for all applications, aid : %s", aid.toString());
210
211                         permission = false;
212                 }
213         }
214
215         bool AccessCondition::isAuthorizedAccess(ByteArray &certHash)
216         {
217                 bool result = false;
218
219                 if (hashes.size() > 0)
220                 {
221                         size_t i;
222
223                         for (i = 0; i < hashes.size(); i++)
224                         {
225                                 if (certHash == hashes[i])
226                                 {
227                                         result = true;
228                                         break;
229                                 }
230                         }
231                 }
232                 else
233                 {
234                         result = permission;
235                 }
236
237                 return result;
238         }
239
240         bool AccessCondition::isAuthorizedAPDUAccess(ByteArray &command)
241         {
242                 bool result = false;
243
244                 result = apduRule.isAuthorizedAccess(command);
245
246                 return result;
247         }
248
249         bool AccessCondition::isAuthorizedNFCAccess()
250         {
251                 bool result = false;
252
253                 result = nfcRule.isAuthorizedAccess();
254
255                 return result;
256         }
257
258         void AccessCondition::printAccessConditions()
259         {
260                 SCARD_DEBUG(" +-- Access Condition");
261
262                 if (hashes.size() > 0)
263                 {
264                         size_t i;
265
266                         for (i = 0; i < hashes.size(); i++)
267                         {
268                                 SCARD_DEBUG(" +--- hash : %s", hashes[i].toString());
269                         }
270                 }
271                 else
272                 {
273                         SCARD_DEBUG(" +--- permission : %s", permission ? "granted all" : "denied all");
274                 }
275         }
276 } /* namespace smartcard_service_api */