2 * Copyright (c) 2012, 2013 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 /* standard library header */
21 /* SLP library header */
25 #include "SimpleTLV.h"
26 #include "AccessCondition.h"
28 namespace smartcard_service_api
30 void APDUAccessRule::loadAPDUAccessRule(const ByteArray &data)
34 if (tlv.decodeTLV() == true)
38 case 0xA0 : /* CHOICE 0 : APDUPermission */
39 permission = SimpleTLV::getBoolean(tlv.getValue());
42 case 0xA1 : /* CHOICE 1 : APDUFilters */
43 tlv.enterToValueTLV();
44 while (tlv.decodeTLV() == true)
46 if (tlv.getTag() == 0x04) /* OCTET STRING */
48 ByteArray apdu, mask, value;
50 value = tlv.getValue();
52 SCARD_DEBUG("APDU rule : %s", value.toString());
54 if (value.getLength() == 8) /* apdu 4 bytes + mask 4 bytes */
56 apdu.setBuffer(value.getBuffer(), 4);
57 mask.setBuffer(value.getBuffer(4), 4);
59 pair<ByteArray, ByteArray> newItem(apdu, mask);
61 mapApduFilters.insert(newItem);
65 SCARD_DEBUG_ERR("Invalid APDU rule : %s", value.toString());
70 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
73 tlv.returnToParentTLV();
77 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
83 bool APDUAccessRule::isAuthorizedAccess(const ByteArray &command)
87 if (mapApduFilters.size() > 0)
89 /* TODO : search command and check validity */
93 /* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
100 void APDUAccessRule::printAPDUAccessRules()
102 SCARD_DEBUG(" +-- APDU Access Rule");
104 if (mapApduFilters.size() > 0)
106 map<ByteArray, ByteArray>::iterator iterMap;
108 for (iterMap = mapApduFilters.begin(); iterMap != mapApduFilters.end(); iterMap++)
110 SCARD_DEBUG(" +--- APDU : %s, Mask : %s", ((ByteArray)(iterMap->first)).toString(), iterMap->second.toString());
115 SCARD_DEBUG(" +--- permission : %s", permission ? "granted all" : "denied all");
119 void NFCAccessRule::loadNFCAccessRule(const ByteArray &data)
121 permission = SimpleTLV::getBoolean(data);
124 bool NFCAccessRule::isAuthorizedAccess(void)
133 void NFCAccessRule::printNFCAccessRules()
135 SCARD_DEBUG(" +-- NFC Access Rule");
136 SCARD_DEBUG(" +--- permission : %s", permission ? "granted all" : "denied all");
139 void AccessCondition::loadAccessCondition(ByteArray &aid, ByteArray &data)
141 if (data.getLength() > 0)
145 while (tlv.decodeTLV() == true && tlv.getTag() == 0x30) /* SEQUENCE */
147 if (tlv.getLength() > 0)
149 /* access granted for specific applications */
150 tlv.enterToValueTLV();
153 switch (tlv.getTag())
155 case 0x04 : /* OCTET STRING : CertHash */
156 SCARD_DEBUG("aid : %s, hash : %s", aid.toString(), tlv.getValue().toString());
158 hashes.push_back(tlv.getValue());
161 case 0xA0 : /* CHOICE 0 : AccessRules */
162 tlv.enterToValueTLV();
165 switch (tlv.getTag())
167 case 0xA0 : /* CHOICE 0 : APDUAccessRule */
168 apduRule.loadAPDUAccessRule(tlv.getValue());
171 case 0xA1 : /* CHOICE 1 : NFCAccessRule */
172 nfcRule.loadNFCAccessRule(tlv.getValue());
176 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
182 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
184 tlv.returnToParentTLV();
188 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
194 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
196 tlv.returnToParentTLV();
200 SCARD_DEBUG("access granted for all applications, aid : %s", aid.toString());
209 SCARD_DEBUG("access denied for all applications, aid : %s", aid.toString());
215 bool AccessCondition::isAuthorizedAccess(ByteArray &certHash)
219 if (hashes.size() > 0)
223 for (i = 0; i < hashes.size(); i++)
225 if (certHash == hashes[i])
240 bool AccessCondition::isAuthorizedAPDUAccess(ByteArray &command)
244 result = apduRule.isAuthorizedAccess(command);
249 bool AccessCondition::isAuthorizedNFCAccess()
253 result = nfcRule.isAuthorizedAccess();
258 void AccessCondition::printAccessConditions()
260 SCARD_DEBUG(" +-- Access Condition");
262 if (hashes.size() > 0)
266 for (i = 0; i < hashes.size(); i++)
268 SCARD_DEBUG(" +--- hash : %s", hashes[i].toString());
273 SCARD_DEBUG(" +--- permission : %s", permission ? "granted all" : "denied all");
276 } /* namespace smartcard_service_api */