common/AccessCondition.cpp

   1 /*
   2  * Copyright (c) 2012, 2013 Samsung Electronics Co., Ltd.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /* standard library header */
  18 #include <stdio.h>
  19
  20 /* SLP library header */
  21
  22 /* local header */
  23 #include "Debug.h"
  24 #include "SimpleTLV.h"
  25 #include "AccessControlList.h"
  26 #include "AccessCondition.h"
  27
  28 namespace smartcard_service_api
  29 {
  30         void AccessRule::addAPDUAccessRule(const ByteArray &apdu,
  31                 const ByteArray &mask)
  32         {
  33                 pair<ByteArray, ByteArray> item(apdu, mask);
  34
  35                 listFilters.push_back(item);
  36         }
  37
  38         bool AccessRule::isAuthorizedAPDUAccess(const ByteArray &command) const
  39         {
  40                 bool result = false;
  41
  42                 if (command.size() < 4) /* apdu header size */
  43                         return false;
  44
  45                 if (listFilters.size() > 0)
  46                 {
  47                         unsigned int cmd, mask, rule;
  48                         vector<pair<ByteArray, ByteArray> >::const_iterator item;
  49
  50                         cmd = *(unsigned int *)command.getBuffer();
  51                         for (item = listFilters.begin(); item != listFilters.end(); item++)
  52                         {
  53                                 mask = *(unsigned int *)item->second.getBuffer();
  54                                 rule = *(unsigned int *)item->first.getBuffer();
  55
  56                                 if ((cmd & mask) == rule)
  57                                 {
  58                                         result = true;
  59                                         break;
  60                                 }
  61                         }
  62                 }
  63                 else
  64                 {
  65                         /* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
  66                         result = apduRule;
  67                 }
  68
  69                 return result;
  70         }
  71
  72         bool AccessRule::isAuthorizedNFCAccess(void) const
  73         {
  74                 return nfcRule;
  75         }
  76
  77         AccessRule *AccessCondition::getAccessRule(const ByteArray &certHash)
  78         {
  79                 AccessRule *result = NULL;
  80                 map<ByteArray, AccessRule>::iterator item;
  81
  82                 item = mapRules.find(certHash);
  83                 if (item != mapRules.end()) {
  84                         result = &item->second;
  85                 }
  86
  87                 return result;
  88         }
  89
  90         const AccessRule *AccessCondition::getAccessRule(const ByteArray &certHash) const
  91         {
  92                 const AccessRule *result = NULL;
  93                 map<ByteArray, AccessRule>::const_iterator item;
  94
  95                 item = mapRules.find(certHash);
  96                 if (item != mapRules.end()) {
  97                         result = &item->second;
  98                 }
  99
 100                 return result;
 101         }
 102
 103         void AccessCondition::addAccessRule(const ByteArray &hash)
 104         {
 105                 AccessRule rule;
 106
 107                 pair<ByteArray, AccessRule> item(hash, rule);
 108
 109                 mapRules.insert(item);
 110         }
 111
 112         bool AccessCondition::isAuthorizedAccess(const ByteArray &certHash) const
 113         {
 114                 bool result = permission;
 115                 const AccessRule *rule = getAccessRule(certHash);
 116
 117                 if (rule != NULL) {
 118                         result = true;
 119                 }
 120
 121                 return result;
 122         }
 123
 124         void AccessCondition::setAPDUAccessRule(const ByteArray &certHash,
 125                 bool rule)
 126         {
 127                 AccessRule *access = getAccessRule(certHash);
 128
 129                 if (access != NULL) {
 130                         access->setAPDUAccessRule(rule);
 131                 }
 132         }
 133
 134         void AccessCondition::addAPDUAccessRule(const ByteArray &certHash,
 135                 const ByteArray &apdu, const ByteArray &mask)
 136         {
 137                 AccessRule *access = getAccessRule(certHash);
 138
 139                 if (access != NULL) {
 140                         access->addAPDUAccessRule(apdu, mask);
 141                 }
 142         }
 143
 144         void AccessCondition::addAPDUAccessRule(const ByteArray &certHash,
 145                 const ByteArray &rule)
 146         {
 147                 if (rule.size() != 8)
 148                         return;
 149
 150                 addAPDUAccessRule(certHash, rule.sub(0, 4), rule.sub(4, 4));
 151         }
 152
 153         void AccessCondition::setNFCAccessRule(const ByteArray &certHash,
 154                         bool rule)
 155         {
 156                 AccessRule *access = getAccessRule(certHash);
 157
 158                 if (access != NULL) {
 159                         access->setNFCAccessRule(rule);
 160                 }
 161         }
 162
 163         bool AccessCondition::isAuthorizedAPDUAccess(const ByteArray &certHash,
 164                 const ByteArray &command) const
 165         {
 166                 bool result = false;
 167                 const AccessRule *rule = getAccessRule(certHash);
 168
 169                 if (rule != NULL) {
 170                         result = rule->isAuthorizedAPDUAccess(command);
 171                 }
 172
 173                 return result;
 174         }
 175
 176         bool AccessCondition::isAuthorizedNFCAccess(const ByteArray &certHash) const
 177         {
 178                 bool result = false;
 179                 const AccessRule *rule = getAccessRule(certHash);
 180
 181                 if (rule != NULL) {
 182                         result = rule->isAuthorizedNFCAccess();
 183                 }
 184
 185                 return result;
 186         }
 187 } /* namespace smartcard_service_api */