Search in sources :

Example 1 with ACLList

use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.

the class TinySAL method aclList.

/**
 * The ACLList function returns the access control list for the stated target object (card application, data set, DID).
 * See BSI-TR-03112-4, version 1.1.2, section 3.7.1.
 *
 * @param request ACLList
 * @return ACLListResponse
 */
@Publish
@Override
public ACLListResponse aclList(ACLList request) {
    ACLListResponse response = WSHelper.makeResponse(ACLListResponse.class, WSHelper.makeResultOK());
    try {
        ConnectionHandleType connectionHandle = SALUtils.getConnectionHandle(request);
        CardStateEntry cardStateEntry = SALUtils.getCardStateEntry(states, connectionHandle, false);
        TargetNameType targetName = request.getTargetName();
        Assert.assertIncorrectParameter(targetName, "The parameter TargetName is empty.");
        // get the target values, according to the schema only one must exist, we pick the first existing ;-)
        byte[] targetAppId = targetName.getCardApplicationName();
        String targetDataSet = targetName.getDataSetName();
        String targetDid = targetName.getDIDName();
        CardInfoWrapper cardInfoWrapper = cardStateEntry.getInfo();
        byte[] handleAppId = connectionHandle.getCardApplication();
        if (targetDataSet != null) {
            DataSetInfoType dataSetInfo = cardInfoWrapper.getDataSet(targetDataSet, handleAppId);
            Assert.assertNamedEntityNotFound(dataSetInfo, "The given DataSet cannot be found.");
            response.setTargetACL(cardInfoWrapper.getDataSet(targetDataSet, handleAppId).getDataSetACL());
        } else if (targetDid != null) {
            DIDInfoType didInfo = cardInfoWrapper.getDIDInfo(targetDid, handleAppId);
            Assert.assertNamedEntityNotFound(didInfo, "The given DIDInfo cannot be found.");
            // TODO Check security condition ?
            response.setTargetACL(cardInfoWrapper.getDIDInfo(targetDid, handleAppId).getDIDACL());
        } else if (targetAppId != null) {
            CardApplicationWrapper cardApplication = cardInfoWrapper.getCardApplication(targetAppId);
            Assert.assertNamedEntityNotFound(cardApplication, "The given CardApplication cannot be found.");
            Assert.securityConditionApplication(cardStateEntry, targetAppId, AuthorizationServiceActionName.ACL_LIST);
            response.setTargetACL(cardInfoWrapper.getCardApplication(targetAppId).getCardApplicationACL());
        } else {
            throw new IncorrectParameterException("The given TargetName is invalid.");
        }
    } catch (ECardException e) {
        response.setResult(e.getResult());
    } catch (Exception e) {
        LOG.error(e.getMessage(), e);
        throwThreadKillException(e);
        response.setResult(WSHelper.makeResult(e));
    }
    return response;
}
Also used : ConnectionHandleType(iso.std.iso_iec._24727.tech.schema.ConnectionHandleType) TargetNameType(iso.std.iso_iec._24727.tech.schema.TargetNameType) CardStateEntry(org.openecard.common.sal.state.CardStateEntry) CardInfoWrapper(org.openecard.common.sal.state.cif.CardInfoWrapper) ACLListResponse(iso.std.iso_iec._24727.tech.schema.ACLListResponse) PrerequisitesNotSatisfiedException(org.openecard.common.sal.exception.PrerequisitesNotSatisfiedException) NameExistsException(org.openecard.common.sal.exception.NameExistsException) AddonNotFoundException(org.openecard.addon.AddonNotFoundException) ThreadTerminateException(org.openecard.common.ThreadTerminateException) ECardException(org.openecard.common.ECardException) NamedEntityNotFoundException(org.openecard.common.sal.exception.NamedEntityNotFoundException) UnknownProtocolException(org.openecard.common.sal.exception.UnknownProtocolException) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) InappropriateProtocolForActionException(org.openecard.common.sal.exception.InappropriateProtocolForActionException) TLVException(org.openecard.common.tlv.TLVException) SecurityConditionNotSatisfiedException(org.openecard.common.sal.exception.SecurityConditionNotSatisfiedException) UnknownConnectionHandleException(org.openecard.common.sal.exception.UnknownConnectionHandleException) ECardException(org.openecard.common.ECardException) DIDInfoType(iso.std.iso_iec._24727.tech.schema.DIDInfoType) DataSetInfoType(iso.std.iso_iec._24727.tech.schema.DataSetInfoType) CardApplicationWrapper(org.openecard.common.sal.state.cif.CardApplicationWrapper) IncorrectParameterException(org.openecard.common.sal.exception.IncorrectParameterException) Publish(org.openecard.common.interfaces.Publish)

Example 2 with ACLList

use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.

the class DataSetInfo method getACL.

public AccessControlListType getACL() throws WSHelper.WSException {
    ACLList req = new ACLList();
    req.setConnectionHandle(didInfos.getHandle(application));
    req.setTargetName(datasetNameTarget);
    ACLListResponse res = (ACLListResponse) didInfos.getDispatcher().safeDeliver(req);
    WSHelper.checkResult(res);
    return res.getTargetACL();
}
Also used : ACLList(iso.std.iso_iec._24727.tech.schema.ACLList) ACLListResponse(iso.std.iso_iec._24727.tech.schema.ACLListResponse)

Example 3 with ACLList

use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.

the class DidInfo method getACL.

public AccessControlListType getACL() throws WSHelper.WSException {
    ACLList req = new ACLList();
    req.setConnectionHandle(didInfos.getHandle(application));
    req.setTargetName(didTarget);
    ACLListResponse res = (ACLListResponse) didInfos.getDispatcher().safeDeliver(req);
    WSHelper.checkResult(res);
    return res.getTargetACL();
}
Also used : ACLList(iso.std.iso_iec._24727.tech.schema.ACLList) ACLListResponse(iso.std.iso_iec._24727.tech.schema.ACLListResponse)

Example 4 with ACLList

use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.

the class TinySALTest method testAclList.

/**
 * Test of aclList method, of class TinySAL.
 */
@Test(enabled = TESTS_ENABLED)
public void testAclList() {
    System.out.println("aclList");
    // get path to esign
    CardApplicationPath cardApplicationPath = new CardApplicationPath();
    CardApplicationPathType cardApplicationPathType = new CardApplicationPathType();
    cardApplicationPathType.setCardApplication(appIdentifier_ESIGN);
    cardApplicationPath.setCardAppPathRequest(cardApplicationPathType);
    CardApplicationPathResponse cardApplicationPathResponse = instance.cardApplicationPath(cardApplicationPath);
    // connect to esign
    CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
    cardApplicationConnect.setCardApplicationPath(cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0));
    CardApplicationConnectResponse result = instance.cardApplicationConnect(cardApplicationConnect);
    assertEquals(ECardConstants.Major.OK, result.getResult().getResultMajor());
    ACLList aclList = new ACLList();
    aclList.setConnectionHandle(result.getConnectionHandle());
    TargetNameType targetName = new TargetNameType();
    targetName.setCardApplicationName(appIdentifier_ESIGN);
    aclList.setTargetName(targetName);
    ACLListResponse aclListResponse = instance.aclList(aclList);
    assertEquals(aclListResponse.getResult().getResultMajor(), ECardConstants.Major.OK);
    assertTrue(aclListResponse.getTargetACL().getAccessRule().size() > 0);
    // test null connectionhandle
    aclList = new ACLList();
    aclList.setConnectionHandle(null);
    targetName = new TargetNameType();
    targetName.setCardApplicationName(appIdentifier_ESIGN);
    aclList.setTargetName(targetName);
    aclListResponse = instance.aclList(aclList);
    assertEquals(ECardConstants.Major.ERROR, aclListResponse.getResult().getResultMajor());
    assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, aclListResponse.getResult().getResultMinor());
    // test missing targetname
    aclList = new ACLList();
    aclList.setConnectionHandle(null);
    targetName = new TargetNameType();
    aclList.setTargetName(targetName);
    aclListResponse = instance.aclList(aclList);
    assertEquals(ECardConstants.Major.ERROR, aclListResponse.getResult().getResultMajor());
    assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, aclListResponse.getResult().getResultMinor());
    // test invalid applicationIdentifier
    aclList = new ACLList();
    aclList.setConnectionHandle(result.getConnectionHandle());
    targetName = new TargetNameType();
    targetName.setCardApplicationName(new byte[] { 0x0, 0x0, 0x0 });
    aclList.setTargetName(targetName);
    aclListResponse = instance.aclList(aclList);
    assertEquals(ECardConstants.Major.ERROR, aclListResponse.getResult().getResultMajor());
    assertEquals(ECardConstants.Minor.SAL.NAMED_ENTITY_NOT_FOUND, aclListResponse.getResult().getResultMinor());
    // test invalid connectionhandle
    aclList = new ACLList();
    aclList.setConnectionHandle(result.getConnectionHandle());
    aclList.getConnectionHandle().setIFDName("invalid");
    targetName = new TargetNameType();
    targetName.setCardApplicationName(appIdentifier_ESIGN);
    aclList.setTargetName(targetName);
    aclListResponse = instance.aclList(aclList);
    assertEquals(ECardConstants.Major.ERROR, aclListResponse.getResult().getResultMajor());
    assertEquals(ECardConstants.Minor.App.INCORRECT_PARM, aclListResponse.getResult().getResultMinor());
}
Also used : CardApplicationPathType(iso.std.iso_iec._24727.tech.schema.CardApplicationPathType) TargetNameType(iso.std.iso_iec._24727.tech.schema.TargetNameType) CardApplicationPath(iso.std.iso_iec._24727.tech.schema.CardApplicationPath) CardApplicationPathResponse(iso.std.iso_iec._24727.tech.schema.CardApplicationPathResponse) ACLList(iso.std.iso_iec._24727.tech.schema.ACLList) CardApplicationConnect(iso.std.iso_iec._24727.tech.schema.CardApplicationConnect) ACLListResponse(iso.std.iso_iec._24727.tech.schema.ACLListResponse) CardApplicationConnectResponse(iso.std.iso_iec._24727.tech.schema.CardApplicationConnectResponse) Test(org.testng.annotations.Test)

Example 5 with ACLList

use of iso.std.iso_iec._24727.tech.schema.ACLList in project open-ecard by ecsec.

the class ACLResolver method getUnsatisfiedDIDs.

public List<DIDStructureType> getUnsatisfiedDIDs(TargetNameType target) throws WSException, SecurityConditionUnsatisfiable {
    // get the ACL first
    ACLList aclReq = new ACLList();
    aclReq.setConnectionHandle(handle);
    aclReq.setTargetName(target);
    ACLListResponse aclRes = (ACLListResponse) dispatcher.safeDeliver(aclReq);
    WSHelper.checkResult(aclRes);
    List<AccessRuleType> acls = aclRes.getTargetACL().getAccessRule();
    List<DIDStructureType> dids = getMissingDids(acls, target);
    return dids;
}
Also used : ACLList(iso.std.iso_iec._24727.tech.schema.ACLList) ACLListResponse(iso.std.iso_iec._24727.tech.schema.ACLListResponse) AccessRuleType(iso.std.iso_iec._24727.tech.schema.AccessRuleType) DIDStructureType(iso.std.iso_iec._24727.tech.schema.DIDStructureType)

Aggregations

ACLListResponse (iso.std.iso_iec._24727.tech.schema.ACLListResponse)5 ACLList (iso.std.iso_iec._24727.tech.schema.ACLList)4 TargetNameType (iso.std.iso_iec._24727.tech.schema.TargetNameType)2 AccessRuleType (iso.std.iso_iec._24727.tech.schema.AccessRuleType)1 CardApplicationConnect (iso.std.iso_iec._24727.tech.schema.CardApplicationConnect)1 CardApplicationConnectResponse (iso.std.iso_iec._24727.tech.schema.CardApplicationConnectResponse)1 CardApplicationPath (iso.std.iso_iec._24727.tech.schema.CardApplicationPath)1 CardApplicationPathResponse (iso.std.iso_iec._24727.tech.schema.CardApplicationPathResponse)1 CardApplicationPathType (iso.std.iso_iec._24727.tech.schema.CardApplicationPathType)1 ConnectionHandleType (iso.std.iso_iec._24727.tech.schema.ConnectionHandleType)1 DIDInfoType (iso.std.iso_iec._24727.tech.schema.DIDInfoType)1 DIDStructureType (iso.std.iso_iec._24727.tech.schema.DIDStructureType)1 DataSetInfoType (iso.std.iso_iec._24727.tech.schema.DataSetInfoType)1 AddonNotFoundException (org.openecard.addon.AddonNotFoundException)1 ECardException (org.openecard.common.ECardException)1 ThreadTerminateException (org.openecard.common.ThreadTerminateException)1 Publish (org.openecard.common.interfaces.Publish)1 InappropriateProtocolForActionException (org.openecard.common.sal.exception.InappropriateProtocolForActionException)1 IncorrectParameterException (org.openecard.common.sal.exception.IncorrectParameterException)1 NameExistsException (org.openecard.common.sal.exception.NameExistsException)1