listFilters.push_back(item);
}
- bool AccessRule::isAuthorizedAPDUAccess(const ByteArray &command)
+ bool AccessRule::isAuthorizedAPDUAccess(const ByteArray &command) const
{
bool result = false;
- if (command.getLength() < 4) /* apdu header size */
+ if (command.size() < 4) /* apdu header size */
return false;
- if (listFilters.size() > 0)
- {
+ if (command.getBuffer() == NULL)
+ return false;
+
+ if (listFilters.size() > 0) {
unsigned int cmd, mask, rule;
- vector<pair<ByteArray, ByteArray> >::iterator item;
+ vector<pair<ByteArray, ByteArray> >::const_iterator item;
cmd = *(unsigned int *)command.getBuffer();
- for (item = listFilters.begin(); item != listFilters.end(); item++)
- {
- mask = *(unsigned int *)item->second.getBuffer();
- rule = *(unsigned int *)item->first.getBuffer();
+ for (item = listFilters.begin(); item != listFilters.end(); item++) {
+ unsigned int *temp1 = NULL;
+ unsigned int *temp2 = NULL;
+
+ temp1 = (unsigned int *)item->second.getBuffer();
+ temp2 = (unsigned int *)item->first.getBuffer();
+
+ if (temp1 == NULL || temp2 == NULL)
+ continue;
- if ((cmd & mask) == rule)
- {
+ mask = *temp1;
+ rule = *temp2;
+
+ if ((cmd & mask) == rule) {
result = true;
break;
}
}
- }
- else
- {
+ } else {
/* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
result = apduRule;
}
return result;
}
- void AccessRule::printAccessRules()
+ void AccessRule::printAccessRules() const
{
- if (listFilters.size() > 0)
- {
- vector<pair<ByteArray, ByteArray> >::iterator item;
+ if (listFilters.size() > 0) {
+ vector<pair<ByteArray, ByteArray> >::const_iterator item;
- _DBG(" +---- Granted APDUs");
+ _DBG(" +---- Granted APDUs");
- for (item = listFilters.begin(); item != listFilters.end(); item++)
- {
- _DBG(" +----- APDU : %s, Mask : %s", item->first.toString(), item->second.toString());
+ for (item = listFilters.begin(); item != listFilters.end(); item++) {
+ _DBG(" +----- APDU: %s, Mask: %s", item->first.toString().c_str(), item->second.toString().c_str());
}
- }
- else
- {
- _DBG(" +---- APDU Access ALLOW : %s", apduRule ? "ALWAYS" : "NEVER");
+ } else {
+ _DBG(" +---- APDU Access ALLOW: %s", apduRule ? "ALWAYS": "NEVER");
}
- _DBG(" +---- NFC Access ALLOW : %s", nfcRule ? "ALWAYS" : "NEVER");
+ _DBG(" +---- NFC Access ALLOW: %s", nfcRule ? "ALWAYS": "NEVER");
}
- bool AccessRule::isAuthorizedNFCAccess(void)
+ bool AccessRule::isAuthorizedNFCAccess(void) const
{
return nfcRule;
}
return result;
}
+ const AccessRule *AccessCondition::getAccessRule(const ByteArray &certHash) const
+ {
+ const AccessRule *result = NULL;
+ map<ByteArray, AccessRule>::const_iterator item;
+
+ item = mapRules.find(certHash);
+ if (item != mapRules.end()) {
+ result = &item->second;
+ }
+
+ return result;
+ }
+
void AccessCondition::addAccessRule(const ByteArray &hash)
{
AccessRule rule;
mapRules.insert(item);
}
- bool AccessCondition::isAuthorizedAccess(const ByteArray &certHash)
+ void AccessCondition::setAccessCondition(bool rule)
+ {
+ AccessRule *result;
+
+ result = getAccessRule(AccessControlList::ALL_DEVICE_APPS);
+ if (result == NULL) {
+ addAccessRule(AccessControlList::ALL_DEVICE_APPS);
+ result = getAccessRule(AccessControlList::ALL_DEVICE_APPS);
+ if (result == NULL)
+ return;
+ }
+
+ result->setAPDUAccessRule(rule);
+ result->setNFCAccessRule(rule);
+ }
+
+ bool AccessCondition::isAuthorizedAccess(const ByteArray &certHash) const
{
bool result = false;
- map<ByteArray, AccessRule>::iterator item;
+ const AccessRule *rule = getAccessRule(certHash);
- item = mapRules.find(certHash);
- if (item != mapRules.end())
- {
- result = true;
- }
- else
- {
- /* TODO */
- result = permission;
+ if (rule != NULL) {
+ result = rule->isAuthorizedAccess();
}
return result;
}
- void AccessCondition::printAccessConditions()
+ void AccessCondition::printAccessConditions() const
{
_DBG(" +-- Access Condition");
- if (mapRules.size() > 0)
- {
- map<ByteArray, AccessRule>::iterator item;
+ if (mapRules.size() > 0) {
+ map<ByteArray, AccessRule>::const_iterator item;
- for (item = mapRules.begin(); item != mapRules.end(); item++)
- {
+ for (item = mapRules.begin(); item != mapRules.end(); item++) {
ByteArray temp = item->first;
- _DBG(" +--- hash : %s", (temp == AccessControlList::ALL_DEVICE_APPS) ? "All device applications" : temp.toString());
+ _DBG(" +--- hash: %s", (temp == AccessControlList::ALL_DEVICE_APPS) ? "All device applications": temp.toString().c_str());
item->second.printAccessRules();
}
- }
- else
- {
- _DBG(" +--- permission : %s", permission ? "granted all" : "denied all");
+ } else {
+ _DBG(" +--- no rule found");
}
}
void AccessCondition::addAPDUAccessRule(const ByteArray &certHash,
const ByteArray &rule)
{
- if (rule.getLength() != 8)
+ if (rule.size() != 8)
return;
addAPDUAccessRule(certHash, rule.sub(0, 4), rule.sub(4, 4));
}
bool AccessCondition::isAuthorizedAPDUAccess(const ByteArray &certHash,
- const ByteArray &command)
+ const ByteArray &command) const
{
bool result = false;
- AccessRule *access = getAccessRule(certHash);
+ const AccessRule *rule = getAccessRule(certHash);
- if (access != NULL) {
- result = access->isAuthorizedAPDUAccess(command);
+ if (rule != NULL) {
+ result = rule->isAuthorizedAPDUAccess(command);
}
return result;
}
- bool AccessCondition::isAuthorizedNFCAccess(const ByteArray &certHash)
+ bool AccessCondition::isAuthorizedNFCAccess(const ByteArray &certHash) const
{
bool result = false;
- AccessRule *access = getAccessRule(certHash);
+ const AccessRule *rule = getAccessRule(certHash);
- if (access != NULL) {
- result = access->isAuthorizedNFCAccess();
+ if (rule != NULL) {
+ result = rule->isAuthorizedNFCAccess();
}
return result;