2 * Copyright (c) 2012, 2013 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* standard library header */
20 /* SLP library header */
24 #include "SimpleTLV.h"
25 #include "AccessCondition.h"
27 namespace smartcard_service_api
29 void APDUAccessRule::loadAPDUAccessRule(const ByteArray &data)
33 if (tlv.decodeTLV() == true)
37 case 0xA0 : /* CHOICE 0 : APDUPermission */
38 permission = SimpleTLV::getBoolean(tlv.getValue());
41 case 0xA1 : /* CHOICE 1 : APDUFilters */
42 tlv.enterToValueTLV();
43 while (tlv.decodeTLV() == true)
45 if (tlv.getTag() == 0x04) /* OCTET STRING */
47 ByteArray apdu, mask, value;
49 value = tlv.getValue();
51 SCARD_DEBUG("APDU rule : %s", value.toString());
53 if (value.getLength() == 8) /* apdu 4 bytes + mask 4 bytes */
55 apdu.setBuffer(value.getBuffer(), 4);
56 mask.setBuffer(value.getBuffer(4), 4);
58 pair<ByteArray, ByteArray> newItem(apdu, mask);
60 mapApduFilters.insert(newItem);
64 SCARD_DEBUG_ERR("Invalid APDU rule : %s", value.toString());
69 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
72 tlv.returnToParentTLV();
76 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
82 bool APDUAccessRule::isAuthorizedAccess(const ByteArray &command)
86 if (mapApduFilters.size() > 0)
88 /* TODO : search command and check validity */
92 /* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
99 void APDUAccessRule::printAPDUAccessRules()
101 SCARD_DEBUG(" +-- APDU Access Rule");
103 if (mapApduFilters.size() > 0)
105 map<ByteArray, ByteArray>::iterator iterMap;
107 for (iterMap = mapApduFilters.begin(); iterMap != mapApduFilters.end(); iterMap++)
109 SCARD_DEBUG(" +--- APDU : %s, Mask : %s", ((ByteArray)(iterMap->first)).toString(), iterMap->second.toString());
114 SCARD_DEBUG(" +--- permission : %s", permission ? "granted all" : "denied all");
118 void NFCAccessRule::loadNFCAccessRule(const ByteArray &data)
120 permission = SimpleTLV::getBoolean(data);
123 bool NFCAccessRule::isAuthorizedAccess(void)
132 void NFCAccessRule::printNFCAccessRules()
134 SCARD_DEBUG(" +-- NFC Access Rule");
135 SCARD_DEBUG(" +--- permission : %s", permission ? "granted all" : "denied all");
138 void AccessCondition::loadAccessCondition(ByteArray &aid, ByteArray &data)
140 if (data.getLength() > 0)
144 while (tlv.decodeTLV() == true && tlv.getTag() == 0x30) /* SEQUENCE */
146 if (tlv.getLength() > 0)
148 /* access granted for specific applications */
149 tlv.enterToValueTLV();
152 switch (tlv.getTag())
154 case 0x04 : /* OCTET STRING : CertHash */
155 SCARD_DEBUG("aid : %s, hash : %s", aid.toString(), tlv.getValue().toString());
157 hashes.push_back(tlv.getValue());
160 case 0xA0 : /* CHOICE 0 : AccessRules */
161 tlv.enterToValueTLV();
164 switch (tlv.getTag())
166 case 0xA0 : /* CHOICE 0 : APDUAccessRule */
167 apduRule.loadAPDUAccessRule(tlv.getValue());
170 case 0xA1 : /* CHOICE 1 : NFCAccessRule */
171 nfcRule.loadNFCAccessRule(tlv.getValue());
175 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
181 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
183 tlv.returnToParentTLV();
187 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
193 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
195 tlv.returnToParentTLV();
199 SCARD_DEBUG("access granted for all applications, aid : %s", aid.toString());
208 SCARD_DEBUG("access denied for all applications, aid : %s", aid.toString());
214 bool AccessCondition::isAuthorizedAccess(ByteArray &certHash)
218 if (hashes.size() > 0)
222 for (i = 0; i < hashes.size(); i++)
224 if (certHash == hashes[i])
239 bool AccessCondition::isAuthorizedAPDUAccess(ByteArray &command)
243 result = apduRule.isAuthorizedAccess(command);
248 bool AccessCondition::isAuthorizedNFCAccess()
252 result = nfcRule.isAuthorizedAccess();
257 void AccessCondition::printAccessConditions()
259 SCARD_DEBUG(" +-- Access Condition");
261 if (hashes.size() > 0)
265 for (i = 0; i < hashes.size(); i++)
267 SCARD_DEBUG(" +--- hash : %s", hashes[i].toString());
272 SCARD_DEBUG(" +--- permission : %s", permission ? "granted all" : "denied all");
275 } /* namespace smartcard_service_api */