| Fields Summary |
|---|
| private static com.sun.midp.security.SecurityToken | classSecurityTokenThis class has a different security domain than the MIDlet suite |
| private byte[] | ACIFOIDValue of OID from the spceification (A.4.2.1 Location of Access
Control Files) |
| short[] | ODFPath to ODF. |
| public static final short[] | PrKDFPath to PrKDF. |
| public static final short[] | PuKDFPath to PuKDF. |
| public static final short[] | TPuKDFPath to Trusted PuKDF. |
| public static final short[] | SeKDFPath to SeKDF. |
| public static final short[] | CDFPath to PuKDF. |
| public static final short[] | TrCDFPath to CDF for trusted certificates. |
| public static final short[] | UsCDFPath to CDF for useful certificates. |
| public static final short[] | DODFPath to DODF. |
| public static final short[] | AODFPath to AODF. |
| public static final short[] | ACIFILEPath to ACIF |
| public static final short[] | ACFILEpath to the first ACF |
| static byte[] | selectPKCSAppCommand for the PKCS15 application select |
| static byte[] | selectMFCommand for the MF select |
| static byte[] | selectDIRCommand for the DIR file select |
| static short | FILE_NOT_FOUNDFile not found return code |
| private Vector | ACListsThe list of ACL objects. |
| private Vector | PINAttrsThe list of PIN data objects. |
| private AclFileSystem | filesFile system object. |
| private static Connection | apduConnection object. |
| private boolean | allGrantedIndicates if all permissions granted |
| private boolean | allRevokedIndicates if all permissions revoked |
| Methods Summary |
|---|
| ACLPermissions | getACLPermissions(boolean isAPDU, byte[] selectAPDU, java.lang.String root)Returns object that should be used for access control verification.
Vector permissions = new Vector();
Vector pins = new Vector();
boolean found = false;
boolean allow = false;
ACLPermissions perm;
if (isAPDU) {
perm = new APDUPermissions(this);
} else {
perm = new JCRMIPermissions(this);
}
if (allGranted) {
/* Previously was decided to grant all permissions */
perm.setType(ACLPermissions.ALLOW);
return perm;
}
if (allRevoked) {
/* Previously was decided to revoke all permissions */
perm.setType(ACLPermissions.DISALLOW);
return perm;
}
for (int i = 0; i < ACLists.size(); i++) {
ACList acl = (ACList) ACLists.elementAt(i);
if (!acl.match(selectAPDU)) {
continue;
}
found = true;
ACEntry ace = acl.getACEntries();
if (ace == null) {
/*
* Case when there is the aid identifies the application in the
* ACIF file, but an ACF related to the application is absent
* in this case the application does not have access to the card
*/
continue;
}
acl.getPINs(isAPDU, pins);
if (!ace.verifyPrincipal(root)) {
continue;
}
if (!ace.hasPermissions()) {
allow = true;
continue;
}
ace.getPermissions(isAPDU, permissions);
}
if (pins.size() != 0) {
PINData[] data = new PINData[pins.size()];
pins.copyInto(data);
perm.setPINData(data);
}
if (!found || allow) {
perm.setType(ACLPermissions.ALLOW);
} else {
if (permissions.size() == 0) {
throw new SecurityException("Access denied.");
} else {
perm.setPermissions(permissions);
perm.setType(ACLPermissions.CHECK);
}
}
return perm;
|
| PINAttributes | getPINAttributes(int id)Return PIN attributes.
for (int j = 0; j < PINAttrs.size(); j++) {
PINAttributes p = (PINAttributes) PINAttrs.elementAt(j);
if (p.id == id) {
return p;
}
}
return null;
|
| private void | init(boolean dirIsUsed)Initializes ACSlot object.
if (dirIsUsed) {
int res = files.DIR.setPKCSRoot();
if (res < 0) {
throw new IOException("Wrong DIR file");
}
allGranted = (res == files.DIR.AID_NOT_FOUND);
allRevoked = (res == files.DIR.ROOT_NOT_SELECTED);
}
ODF odf = new ODF(files);
odf.load();
Vector ACIFs = odf.getDOFs(ACIFOID);
for (int i = 0; i < ACIFs.size(); i++) {
ACIF acif = new ACIF(files.pathToLocation((TLV) ACIFs.elementAt(i)),
files);
acif.load();
for (int j = 0; j < acif.getACFCount(); j++) {
ACLists.addElement(new ACList(acif.getAID(j),
acif.getACFPath(j), files));
}
}
/* loadPINs(); */
for (int i = 0; i < odf.getAODFCount(); i++) {
AODF aodf = new AODF(odf.getAODFPath(i), files);
aodf.load();
for (int j = 0; j < aodf.getEntryCount(); j++) {
PINAttrs.addElement(new PINAttributes(aodf.getEntry(j)));
}
}
|
| public static com.sun.satsa.acl.ACSlot | load(int slotNumber)Load access control information.
Handle h;
boolean isDIR = false;
try {
/* attempt to select the MF file */
h = APDUManager.openACLConnection(selectMF, slotNumber,
classSecurityToken);
byte[] res = APDUManager.exchangeAPDU(h, selectDIR);
if (Utils.getShort(res, 0) == FILE_NOT_FOUND) {
throw new ConnectionNotFoundException("DIR is not found");
}
isDIR = true;
} catch (ConnectionNotFoundException ce) {
/* DIR is not found */
try {
/* attempt to select the PKCS15 application */
h = APDUManager.openACLConnection(selectPKCSApp,
slotNumber, classSecurityToken);
isDIR = false;
} catch (ConnectionNotFoundException ce1) {
/* PKCS15Application is not found */
return null; /* DIR & PKCS15App are not found => */
/* all permissions granted */
} catch (Exception ie) {
/* Something wrong during ACL treatment => */
/* all permissions revoked */
ACSlot s = new ACSlot(false);
return s;
}
} catch (Exception e) { /* Something wrong during ACL treatment => */
/* all permissions revoked */
ACSlot s = new ACSlot(false);
return s;
}
try {
Connection con = new Connection(h);
ACSlot s = new ACSlot(con);
s.init(isDIR);
con.done();
return s;
} catch (Exception e) { /* Something wrong during ACL treatment => */
/* all permissions revoked */
ACSlot s = new ACSlot(false);
return s;
}
|
