result = 0;
break;
-#if 0
- case (unsigned char)0x61 : /* SW2 encodes the number of data bytes still available */
- break;
-
- /* Warning processing */
- case (unsigned char)0x62 : /* State of non-volatile memory is unchanged (further qualification in SW2) */
- break;
-
- case (unsigned char)0x63 : /* State of non-volatile memory has changed (further qualification in SW2) */
- break;
-
- /* Execution error */
- case (unsigned char)0x64 : /* State of non-volatile memory is unchanged (further qualification in SW2) */
- result = -1;
- break;
-
- case (unsigned char)0x65 : /* State of non-volatile memory has changed (further qualification in SW2) */
- result = -1;
- break;
-
- case (unsigned char)0x66 : /* Security-related issues */
- result = -1;
- break;
-
- /* Checking error */
- case (unsigned char)0x67 : /* SW2:00, Wrong length; no further indication */
- result = -1;
- break;
-
- case (unsigned char)0x68 : /* Functions in CLA not supported (further qualification in SW2) */
- result = -1;
- break;
-
- case (unsigned char)0x69 : /* Command not allowed (further qualification in SW2) */
- result = -1;
- break;
-
- case (unsigned char)0x6A : /* Wrong parameters P1-P2 (further qualification in SW2) */
- result = -1;
- break;
-
- case (unsigned char)0x6B : /* SW2:00, Wrong parameters P1-P2 */
- result = -1;
- break;
-
- case (unsigned char)0x6C : /* Wrong Le field; SW2 encodes the exact number of available data bytes */
- result = -1;
- break;
-
- case (unsigned char)0x6D : /* SW2:00, Instruction code not supported or invalid */
- result = -1;
- break;
-
- case (unsigned char)0x6E : /* SW2:00, Class not supported */
- result = -1;
- break;
-
- case (unsigned char)0x6F : /* SW2:00, No precise diagnosis */
- result = -1;
- break;
-#endif
default :
result *= -1;
break;
namespace smartcard_service_api
{
- int SignatureHelper::getProcessName(int pid, char *processName, uint32_t length)
- {
- int ret = -1;
- char buffer[1024] = { 0, };
- char filename[2048] = { 0, };
- int len = 0;
-
- if (pid < 0 || processName == NULL || length == 0)
- return ret;
-
- snprintf(buffer, sizeof(buffer), "/proc/%d/exe", pid);
- SCARD_DEBUG("pid : %d, exe : %s", pid, buffer);
-
- if ((len = readlink(buffer, filename, sizeof(filename) - 1)) < sizeof(filename) - 1)
- {
- char *name = NULL;
- ByteArray hash, result;
-
- name = basename(filename);
- SCARD_DEBUG("file name : %s", name);
-
- OpensslHelper::digestBuffer("sha256", (uint8_t *)name, strlen(name), hash);
- SCARD_DEBUG("digest [%d] : %s", hash.getLength(), hash.toString());
-
- OpensslHelper::encodeBase64String(hash, result, false);
-
- memset(processName, 0, length);
- memcpy(processName, result.getBuffer(), (result.getLength() < length - 1) ? result.getLength() : length - 1);
-
- ret = 0;
- }
- else
- {
- SCARD_DEBUG_ERR("readlink failed");
- }
-
- return ret;
- }
-
ByteArray SignatureHelper::getCertificationHash(const char *packageName)
{
ByteArray result;
return NULL;
}
-EXTERN_API int signature_helper_get_process_name(int pid, char *processName, uint32_t length)
-{
- int ret = -1;
-
- if (pid < 0 || processName == NULL || length == 0)
- return ret;
-
- ret = SignatureHelper::getProcessName(pid, processName, length);
-
- return ret;
-}
-
EXTERN_API int signature_helper_get_certificate_hashes(const char *packageName, certiHash **hash)
{
int ret = -1;
class SignatureHelper
{
public:
- static int getProcessName(int pid, char *processName, uint32_t length);
static ByteArray getCertificationHash(const char *packageName);
static ByteArray getCertificationHash(int pid);
static bool getCertificationHashes(int pid, vector<ByteArray> &certHashes);
typedef void (*signature_helper_get_certificate_hashes_cb)(void *user_param, uint8_t *hash, uint32_t length);
-int signature_helper_get_process_name(int pid, char *processName, uint32_t length);
int signature_helper_get_certificate_hashes(const char *packageName, certiHash **hash);
int signature_helper_get_certificate_hashes_by_pid(int pid, certiHash **hash);
namespace smartcard_service_api
{
-#if 1
gboolean ClientInstance::_getCertificationHashes(gpointer user_data)
{
gboolean result = false;
return result;
}
-#endif
void ClientInstance::setPID(int pid)
{
this->pid = pid;
-#if 0
- if (pid > 0)
- {
- certHash = SignatureHelper::getCertificationHash(pid);
- }
-#endif
}
ServiceInstance *ClientInstance::createService(unsigned int context)
void ClientInstance::generateCertificationHashes()
{
-#if 1
g_idle_add(_getCertificationHashes, (gpointer)this);
-#else
- SignatureHelper::getCertificationHashes(getPID(), certHashes);
-#endif
}
} /* namespace smartcard_service_api */
{
SCARD_DEBUG("[MSG_REQUEST_READERS]");
-#if 0
- seService->dispatcherCallback(msg, msg->getPeerSocket());
-#else
int count = 0;
Message response(*msg);
ByteArray info;
/* response to client */
ServerIPC::getInstance()->sendMessage(socket, &response);
-#endif
}
break;
case Message::MSG_REQUEST_SHUTDOWN :
-#if 0
- {
- Message response(*msg);
-
- SCARD_DEBUG("[MSG_REQUEST_SHUTDOWN]");
-
- if (msg->param1 != 0)
- {
- ServerChannel *channel = NULL;
-
- channel = (ServerChannel *)msg->param1;
-
- channel->closeSync();
- }
-
- /* response to client */
- ServerIPC::getInstance()->sendMessage(msg->getPeerSocket(), &response);
- }
-#else
{
Message response(*msg);
/* response to client */
ServerIPC::getInstance()->sendMessage(socket, &response);
}
-#endif
break;
case Message::MSG_REQUEST_OPEN_SESSION :
-#if 0
- {
- Message response(*msg);
- ServerReader *reader = NULL;
- ServerSession *session = NULL;
-
- SCARD_DEBUG("[MSG_REQUEST_OPEN_SESSION]");
-
- if (msg->param1 != 0)
- {
- reader = (ServerReader *)msg->param1;
-
- session = reader->openSessionSync(msg->data, msg->caller);
- }
-
- /* TODO : attach atr??? */
- response.param1 = (unsigned int)session;
-
- /* response to client */
- ServerIPC::getInstance()->sendMessage(msg->getPeerSocket(), &response);
- }
-#else
{
Message response(*msg);
unsigned int handle = IntegerHandle::INVALID_HANDLE;
/* response to client */
ServerIPC::getInstance()->sendMessage(socket, &response);
}
-#endif
break;
case Message::MSG_REQUEST_CLOSE_SESSION :
-#if 0
- {
- Message response(*msg);
- ServerSession *session = NULL;
-
- SCARD_DEBUG("[MSG_REQUEST_CLOSE_SESSION]");
-
- if (msg->param1 != 0)
- {
- session = (ServerSession *)msg->param1;
-
- session->closeSync();
- }
-
- /* response to client */
- ServerIPC::getInstance()->sendMessage(msg->getPeerSocket(), &response);
- }
-#else
{
Message response(*msg);
/* response to client */
ServerIPC::getInstance()->sendMessage(socket, &response);
}
-#endif
break;
case Message::MSG_REQUEST_OPEN_CHANNEL :
-#if 0
- {
- Message response(*msg);
- ServerSession *session = NULL;
-
- SCARD_DEBUG("[MSG_REQUEST_OPEN_CHANNEL]");
-
- if (/* check valid session handle */msg->param2 != 0)
- {
- ServerChannel *channel = NULL;
-
- session = (ServerSession *)msg->param2;
-
- if (msg->param1 == 0)
- channel = (ServerChannel *)session->openBasicChannelSync(msg->data, msg->caller);
- else
- channel = (ServerChannel *)session->openLogicalChannelSync(msg->data, msg->caller);
-
- if (channel != NULL)
- {
- response.param1 = (unsigned int)channel;
- response.param2 = channel->getChannelID();
- response.error = 0;
- response.data = channel->getSelectResponse();
- }
- else
- {
- SCARD_DEBUG_ERR("channel is null.");
-
- /* set error value */
- response.param1 = 0;
- response.param2 = 0;
- response.error = -4;
- response.data.releaseBuffer();
- }
- }
- else
- {
- SCARD_DEBUG_ERR("session is invalid");
-
- response.param1 = 0;
- response.param2 = 0;
- response.error = -1;
- response.data.releaseBuffer();
- }
-
- /* response to client */
- ServerIPC::getInstance()->sendMessage(msg->getPeerSocket(), &response);
- }
-#else
{
Message response(*msg);
/* response to client */
ServerIPC::getInstance()->sendMessage(socket, &response);
}
-#endif
break;
case Message::MSG_REQUEST_GET_CHANNEL_COUNT :
break;
case Message::MSG_REQUEST_CLOSE_CHANNEL :
-#if 0
- {
- Message response(*msg);
-
- SCARD_DEBUG("[MSG_REQUEST_CLOSE_CHANNEL]");
-
- if (msg->param1 != 0)
- {
- ServerChannel *channel = NULL;
-
- channel = (ServerChannel *)msg->param1;
-
- channel->closeSync();
- }
-
- /* response to client */
- ServerIPC::getInstance()->sendMessage(msg->getPeerSocket(), &response);
- }
-#else
{
Message response(*msg);
/* response to client */
ServerIPC::getInstance()->sendMessage(socket, &response);
}
-#endif
break;
case Message::MSG_REQUEST_GET_ATR :
-#if 0
- {
- Message response(*msg);
-
- SCARD_DEBUG("[MSG_REQUEST_GET_ATR]");
-
- if (msg->param1 != 0)
- {
- ServerChannel *channel = NULL;
-
- channel = (ServerChannel *)msg->param1;
-
- channel->closeSync();
- }
-
- /* response to client */
- ServerIPC::getInstance()->sendMessage(msg->getPeerSocket(), &response);
- }
-#else
{
int rv;
Message response(*msg);
/* response to client */
ServerIPC::getInstance()->sendMessage(socket, &response);
}
-#endif
break;
case Message::MSG_REQUEST_TRANSMIT :
-#if 0
- {
- Message response(*msg);
- ByteArray result;
- int rv;
-
- SCARD_DEBUG("[MSG_REQUEST_TRANSMIT]");
-
- if (msg->param1 != 0)
- {
- ServerChannel *channel = NULL;
-
- channel = (ServerChannel *)msg->param1;
-
- if ((rv = channel->transmitSync(msg->data, result)) == 0)
- {
- response.data = result;
- }
- else
- {
- SCARD_DEBUG_ERR("transmit failed [%d]", rv);
- }
- }
-
-// if (resource->isValidChannelHandle((void *)msg->param1))
-// {
-// }
-
- /* response to client */
- ServerIPC::getInstance()->sendMessage(msg->getPeerSocket(), &response);
- }
-#else
{
int rv;
Message response(*msg);
/* response to client */
ServerIPC::getInstance()->sendMessage(socket, &response);
}
-#endif
break;
case Message::MSG_OPERATION_RELEASE_CLIENT :
-#if 0
- {
- Message response(*msg);
-
- SCARD_DEBUG("[MSG_REQUEST_CLOSE_CHANNEL]");
-
- if (msg->param1 != 0)
- {
- ServerChannel *channel = NULL;
-
- channel = (ServerChannel *)msg->param1;
-
- channel->closeSync();
- }
-
- /* response to client */
- ServerIPC::getInstance()->sendMessage(msg->getPeerSocket(), &response);
- }
-#else
{
SCARD_DEBUG("[MSG_OPERATION_RELEASE_CLIENT]");
resource->removeClient(msg->param1);
SCARD_DEBUG("remain client [%d]", resource->getClientCount());
}
-#endif
#ifdef USE_AUTOSTART
if (resource->getClientCount() == 0)
{
bool ServerResource::_isAuthorizedAccess(ServerChannel *channel, int pid, ByteArray aid, vector<ByteArray> &hashes)
{
bool result = true;
-
-#if 1 /* disable for temporary */
- char filename[1024] = { 0, };
AccessControlList *acList = NULL;
- /* check exceptional case */
- SignatureHelper::getProcessName(pid, filename, sizeof(filename));
- if (strncmp(filename, "ozD3Dw1MZruTDKHWGgYaDib2B2LV4/nfT+8b/g1Vsk8=", sizeof(filename)) != 0)
- {
- /* request open channel sequence */
- if ((acList = getAccessControlList(channel)) != NULL)
- {
-#if 1
- PKCS15 pkcs15(channel);
-
- acList->loadACL(channel);
- result = acList->isAuthorizedAccess(aid, hashes);
-#else
- result = acList->isAuthorizedAccess(aid, session->packageCert);
-#endif
- }
- else
- {
- SCARD_DEBUG_ERR("acList is null");
- result = false;
- }
- }
-#endif
-
- return result;
- }
-
-#if 0
- unsigned int ServerResource::_createChannel(Terminal *terminal, ServiceInstance *service, int channelType, unsigned int sessionID, ByteArray aid)
- {
- unsigned int result = IntegerHandle::INVALID_HANDLE;
- int rv = 0;
- int channelNum = 0;
- ByteArray command;
- ByteArray response;
-
- if (channelType == 1)
- {
- /* open channel */
- command = APDUHelper::generateAPDU(APDUHelper::COMMAND_OPEN_LOGICAL_CHANNEL, 0, ByteArray::EMPTY);
- rv = terminal->transmitSync(command, response);
-
- if (rv == 0 && response.getLength() >= 2)
- {
- ResponseHelper resp(response);
-
- if (resp.getStatus() == 0)
- {
- channelNum = resp.getDataField()[0];
-
- SCARD_DEBUG("channelNum [%d]", channelNum);
- }
- else
- {
- SCARD_DEBUG_ERR("status word [%d][ %02X %02X ]", resp.getStatus(), resp.getSW1(), resp.getSW2());
-
- return result;
- }
- }
- else
- {
- SCARD_DEBUG_ERR("select apdu is failed, rv [%d], length [%d]", rv, response.getLength());
-
- return result;
- }
- }
-
- /* select aid */
- APDUCommand apdu;
- apdu.setCommand(0, APDUCommand::INS_SELECT_FILE, APDUCommand::P1_SELECT_BY_DF_NAME, APDUCommand::P2_SELECT_GET_FCP, aid, 0);
- apdu.setChannel(1, channelNum);
- apdu.getBuffer(command);
-
- rv = terminal->transmitSync(command, response);
- if (rv == 0 && response.getLength() >= 2)
+ /* request open channel sequence */
+ if ((acList = getAccessControlList(channel)) != NULL)
{
- ResponseHelper resp(response);
+ PKCS15 pkcs15(channel);
- if (resp.getStatus() == 0)
- {
- result = service->openChannel(sessionID, channelNum, response);
- if (result == IntegerHandle::INVALID_HANDLE)
- {
- SCARD_DEBUG_ERR("channel is null.");
- }
- }
- else
- {
- SCARD_DEBUG_ERR("status word [%d][ %02X %02X ]", resp.getStatus(), resp.getSW1(), resp.getSW2());
- }
+ acList->loadACL(channel);
+ result = acList->isAuthorizedAccess(aid, hashes);
}
else
{
- SCARD_DEBUG_ERR("select apdu is failed, rv [%d], length [%d]", rv, response.getLength());
+ SCARD_DEBUG_ERR("acList is null");
+ result = false;
}
return result;
}
-#else
+
int ServerResource::_openLogicalChannel(Terminal *terminal)
{
int result = -1;
return result;
}
-#endif
unsigned int ServerResource::createChannel(int socket, unsigned int context, unsigned int sessionID, int channelType, ByteArray aid)
throw(ExceptionBase &)
ServerSEService::ServerSEService():SEServiceHelper()
{
-#if 0
- openSELibraries();
-#endif
}
ServerSEService::~ServerSEService()
{
-#if 0
- closeSELibraries();
-#endif
}
ServerSEService &ServerSEService::getInstance()
}
}
-#if 0
- bool ServerSEService::isValidReaderHandle(void *handle)
- {
- bool result = false;
- size_t i;
-
- for (i = 0; i < readers.size(); i++)
- {
- if ((void *)readers[i] == handle)
- {
- result = true;
- break;
- }
- }
-
- return false;
- }
-#endif
-
-#if 0
- bool ServerSEService::dispatcherCallback(void *message, int socket)
- {
- unsigned char *buffer = NULL;
- unsigned int length = 0;
- unsigned int offset = 0;
- unsigned int nameLen = 0;
-
- ByteArray result;
- vector<ReaderHelper *> readers;
- Message response(*(Message *)message);
-
-// response.param1 = resource->getSECount();
-// response.data = resource->getReadersInformation();
-
- readers = ServerSEService::getInstance().getReaders();
- if (readers.size() > 0)
- {
- size_t i;
- ServerReader *reader;
-
- for (i = 0; i < readers.size(); i++)
- {
- reader = (ServerReader *)readers[i];
-
- /* check se existance */
- if (reader->isSecureElementPresent() == true)
- {
- length += sizeof(nameLen) + strlen(reader->getName()) + sizeof(reader);
- }
- }
-
- if (length > 0)
- {
- buffer = new unsigned char[length];
- if (buffer == NULL)
- {
- SCARD_DEBUG_ERR("alloc failed");
-
- return false;
- }
- memset(buffer, 0, length);
-
- for (i = 0; i < readers.size(); i++)
- {
- reader = (ServerReader *)readers[i];
-
- /* check se existance */
- if (reader->isSecureElementPresent() == true)
- {
- nameLen = strlen(reader->getName());
-
- memcpy(buffer + offset, &nameLen, sizeof(nameLen));
- offset += sizeof(nameLen);
-
- memcpy(buffer + offset, reader->getName(), nameLen);
- offset += nameLen;
-
- memcpy(buffer + offset, &reader, sizeof(reader));
- offset += sizeof(reader);
- }
- }
-
- result.setBuffer(buffer, length);
- }
- }
-
- response.param1 = readers.size();
- response.data = result;
-
- /* response to client */
- ServerIPC::getInstance()->sendMessage(socket, &response);
-
- return true;
- }
-#else
bool ServerSEService::dispatcherCallback(void *message, int socket)
{
int count;
return false;
}
-#endif
void ServerSEService::terminalCallback(void *terminal, int event, int error, void *user_param)
{
switch (event)
{
case Terminal::NOTIFY_SE_AVAILABLE :
- /* add right se reader */
-// if ((term = ServerResource::getInstance().getTerminal((char *)terminal)) != NULL)
-// {
-// SCARD_DEBUG("terminal : [%s]", (char *)terminal);
-//
-// term->initialize();
-// }
-// else
-// {
-// SCARD_DEBUG("unknown terminal : [%s]", (char *)terminal);
-// }
-
/* send all client to refresh reader */
msg.message = msg.MSG_NOTIFY_SE_INSERTED;
msg.data.setBuffer((unsigned char *)terminal,
break;
case Terminal::NOTIFY_SE_NOT_AVAILABLE :
- /* remove right se reader */
-// if ((term = ServerResource::getInstance().getTerminal((char *)terminal)) != NULL)
-// {
-// SCARD_DEBUG("terminal : [%s]", (char *)terminal);
-//
-// term->finalize();
-// }
-// else
-// {
-// SCARD_DEBUG("unknown terminal : [%s]", (char *)terminal);
-// }
-
/* send all client to refresh reader */
msg.message = msg.MSG_NOTIFY_SE_REMOVED;
msg.data.setBuffer((unsigned char *)terminal,
throw(ErrorIO &, ErrorIllegalState &, ErrorIllegalParameter &, ErrorSecurity &)
{
ServerChannel *channel = NULL;
-#if 0
- AccessControlList *acList = NULL;
- ByteArray command, result;
- int channelID = 0;
- int rv = 0;
-
- SCARD_BEGIN();
-
- acList = ((ServerReader *)reader)->getAccessControlList();
- if (acList == NULL)
- {
- SCARD_DEBUG_ERR("acList is null");
-
- return channel;
- }
-
- if (acList->isAuthorizedAccess(aid, certHashes) == false)
- {
- SCARD_DEBUG_ERR("unauthorized access, aid : %s", aid.toString());
-
- return channel;
- }
-
- /* select aid */
- command = APDUHelper::generateAPDU(APDUHelper::COMMAND_SELECT_BY_DF_NAME, channelID, aid);
- rv = terminal->transmitSync(command, result);
- if (rv == 0 && result.getLength() >= 2)
- {
- ResponseHelper resp(result);
-
- if (resp.getStatus() == 0)
- {
- channel = new ServerChannel(this, caller, channelID, terminal);
- if (channel != NULL)
- {
- channel->selectResponse = result;
-
- channels.push_back(channel);
- }
- else
- {
- SCARD_DEBUG_ERR("alloc failed");
- }
- }
- else
- {
- SCARD_DEBUG_ERR("status word [%d][ %02X %02X ]", resp.getStatus(), resp.getSW1(), resp.getSW2());
- }
- }
- else
- {
- SCARD_DEBUG_ERR("select apdu is failed, rv [%d], length [%d]", rv, result.getLength());
- }
-#endif
return channel;
}
throw(ErrorIO &, ErrorIllegalState &, ErrorIllegalParameter &, ErrorSecurity &)
{
ServerChannel *channel = NULL;
-#if 0
- AccessControlList *acList = NULL;
- ByteArray command, result;
- int channelID = 1;
- int rv;
-
- acList = ((ServerReader *)reader)->getAccessControlList();
- if (acList == NULL)
- {
- SCARD_DEBUG_ERR("unauthorized access, aid %s, hash %s");
-
- return channel;
- }
-
- if (acList->isAuthorizedAccess(aid, certHashes) == false)
- {
- SCARD_DEBUG_ERR("unauthorized access, aid : %s", aid.toString());
-
- return channel;
- }
-
- /* open channel */
- command = APDUHelper::generateAPDU(APDUHelper::COMMAND_OPEN_LOGICAL_CHANNEL, 0, ByteArray::EMPTY);
- rv = terminal->transmitSync(command, result);
-
- if (rv == 0 && result.getLength() >= 2)
- {
- ResponseHelper resp(result);
-
- if (resp.getStatus() == 0)
- {
- channelID = resp.getDataField()[0];
- }
- else
- {
- SCARD_DEBUG_ERR("status word [%d][ %02X %02X ]", resp.getStatus(), resp.getSW1(), resp.getSW2());
-
- return channel;
- }
- }
- else
- {
- SCARD_DEBUG_ERR("select apdu is failed, rv [%d], length [%d]", rv, result.getLength());
-
- return channel;
- }
-
- /* select aid */
- command = APDUHelper::generateAPDU(APDUHelper::COMMAND_SELECT_BY_DF_NAME, channelID, aid);
- rv = terminal->transmitSync(command, result);
-
- if (rv == 0 && result.getLength() >= 2)
- {
- ResponseHelper resp(result);
-
- if (resp.getStatus() == 0)
- {
- channel = new ServerChannel(this, caller, channelID, terminal);
- if (channel == NULL)
- {
- SCARD_DEBUG_ERR("alloc failed");
-
- return NULL;
- }
-
- channel->selectResponse = result;
-
- channels.push_back(channel);
- }
- else
- {
- SCARD_DEBUG_ERR("status word [%d][ %02X %02X ]", resp.getStatus(), resp.getSW1(), resp.getSW2());
- }
- }
- else
- {
- SCARD_DEBUG_ERR("select apdu is failed, rv [%d], length [%d]", rv, result.getLength());
- }
-#endif
return channel;
}
/* standard library header */
#include <map>
#include <vector>
-#if 1
#include <glib.h>
-#endif
/* SLP library header */
public:
static ServerSEService &getInstance();
-#if 0
- bool isValidReaderHandle(void *handle);
-#endif
-
void shutdown() {}
void shutdownSync() {}
friend void terminalCallback(char *name, int event, int error, void *user_param);