use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.
the class TinySAL method aclList.
/**
* The ACLList function returns the access control list for the stated target object (card application, data set, DID).
* See BSI-TR-03112-4, version 1.1.2, section 3.7.1.
*
* @param request ACLList
* @return ACLListResponse
*/
@Publish
@Override
public ACLListResponse aclList(ACLList request) {
ACLListResponse response = WSHelper.makeResponse(ACLListResponse.class, WSHelper.makeResultOK());
try {
ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
TargetNameType targetName = request.getTargetName();
Assert.assertIncorrectParameter(targetName, "The parameter TargetName is empty.");
// get the target values, according to the schema only one must exist, we pick the first existing ;-)
byte[] targetAppId = targetName.getCardApplicationName();
String targetDataSet = targetName.getDataSetName();
String targetDid = targetName.getDIDName();
CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
byte[] handleAppId = connectionHandle.getCardApplication();
if (targetDataSet != null) {
DataSetInfoType dataSetInfo = cardInfoWrapper.getDataSet(targetDataSet, handleAppId);
Assert.assertNamedEntityNotFound(dataSetInfo, "The given DataSet cannot be found.");
response.setTargetACL(cardInfoWrapper.getDataSet(targetDataSet, handleAppId).getDataSetACL());
} else if (targetDid != null) {
DIDInfoType didInfo = cardInfoWrapper.getDIDInfo(targetDid, handleAppId);
Assert.assertNamedEntityNotFound(didInfo, "The given DIDInfo cannot be found.");
// TODO Check security condition ?
response.setTargetACL(cardInfoWrapper.getDIDInfo(targetDid, handleAppId).getDIDACL());
} else if (targetAppId != null) {
CardApplicationWrapper cardApplication = cardInfoWrapper.getCardApplication(targetAppId);
Assert.assertNamedEntityNotFound(cardApplication, "The given CardApplication cannot be found.");
Assert.securityConditionApplication(cardStateEntry, targetAppId, AuthorizationServiceActionName.ACL_LIST);
response.setTargetACL(cardInfoWrapper.getCardApplication(targetAppId).getCardApplicationACL());
} else {
throw new IncorrectParameterException("The given TargetName is invalid.");
}
} catch (ECardException e) {
response.setResult(e.getResult());
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throwThreadKillException(e);
response.setResult(WSHelper.makeResult(e));
}
return response;
}
use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.
the class DataSetInfo method getACL.
public AccessControlListType getACL() throws WSHelper.WSException {
ACLList req = new ACLList();
req.setConnectionHandle(didInfos.getHandle(application));
req.setTargetName(datasetNameTarget);
ACLListResponse res = (ACLListResponse) didInfos.getDispatcher().safeDeliver(req);
WSHelper.checkResult(res);
return res.getTargetACL();
}
use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.
the class DidInfo method getACL.
public AccessControlListType getACL() throws WSHelper.WSException {
ACLList req = new ACLList();
req.setConnectionHandle(didInfos.getHandle(application));
req.setTargetName(didTarget);
ACLListResponse res = (ACLListResponse) didInfos.getDispatcher().safeDeliver(req);
WSHelper.checkResult(res);
return res.getTargetACL();
}
use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.
the class TinySALTest method testAclList.
/**
* Test of aclList method, of class TinySAL.
*/
@Test(enabled = TESTS_ENABLED)
public void testAclList() {
System.out.println("aclList");
// get path to esign
CardApplicationPath cardApplicationPath = new CardApplicationPath();
CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
cardApplicationPathType.setCardApplication(appIdentifier_ESIGN);
cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
// connect to esign
CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
cardApplicationConnect.setCardApplicationPath(cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0));
CardApplicationConnectResponse result = instance.cardApplicationConnect(cardApplicationConnect);
assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
ACLList aclList = new ACLList();
aclList.setConnectionHandle(result.getConnectionHandle());
TargetNameType targetName = new TargetNameType();
targetName.setCardApplicationName(appIdentifier_ESIGN);
aclList.setTargetName(targetName);
ACLListResponse aclListResponse = instance.aclList(aclList);
assertEquals(aclListResponse.getResult().getResultMajor(), ECardConstants.Major.OK);
assertTrue(aclListResponse.getTargetACL().getAccessRule().size() > 0);
// test null connectionhandle
aclList = new ACLList();
aclList.setConnectionHandle(null);
targetName = new TargetNameType();
targetName.setCardApplicationName(appIdentifier_ESIGN);
aclList.setTargetName(targetName);
aclListResponse = instance.aclList(aclList);
assertEquals(ECardConstants.Major.ERROR, aclListResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, aclListResponse.getResult().getResultMinor());
// test missing targetname
aclList = new ACLList();
aclList.setConnectionHandle(null);
targetName = new TargetNameType();
aclList.setTargetName(targetName);
aclListResponse = instance.aclList(aclList);
assertEquals(ECardConstants.Major.ERROR, aclListResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, aclListResponse.getResult().getResultMinor());
// test invalid applicationIdentifier
aclList = new ACLList();
aclList.setConnectionHandle(result.getConnectionHandle());
targetName = new TargetNameType();
targetName.setCardApplicationName(new byte[] { 0x0, 0x0, 0x0 });
aclList.setTargetName(targetName);
aclListResponse = instance.aclList(aclList);
assertEquals(ECardConstants.Major.ERROR, aclListResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.SAL.NAMED_ENTITY_NOT_FOUND, aclListResponse.getResult().getResultMinor());
// test invalid connectionhandle
aclList = new ACLList();
aclList.setConnectionHandle(result.getConnectionHandle());
aclList.getConnectionHandle().setIFDName("invalid");
targetName = new TargetNameType();
targetName.setCardApplicationName(appIdentifier_ESIGN);
aclList.setTargetName(targetName);
aclListResponse = instance.aclList(aclList);
assertEquals(ECardConstants.Major.ERROR, aclListResponse.getResult().getResultMajor());
assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, aclListResponse.getResult().getResultMinor());
}
use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.
the class ACLResolver method getUnsatisfiedDIDs.
public List<DIDStructureType> getUnsatisfiedDIDs(TargetNameType target) throws WSException, SecurityConditionUnsatisfiable {
// get the ACL first
ACLList aclReq = new ACLList();
aclReq.setConnectionHandle(handle);
aclReq.setTargetName(target);
ACLListResponse aclRes = (ACLListResponse) dispatcher.safeDeliver(aclReq);
WSHelper.checkResult(aclRes);
List<AccessRuleType> acls = aclRes.getTargetACL().getAccessRule();
List<DIDStructureType> dids = getMissingDids(acls, target);
return dids;
}
Aggregations