1 /*

     2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description:

    15  *

    16 */

    17 

    18 

    19 #ifndef CSTSACCESSCONTROL_H

    20 #define CSTSACCESSCONTROL_H

    21 

    22 //  INCLUDES

    23 #include <e32base.h>

    24 #include "stsapduconstants.h"   //for TPinApduType

    25 

    26 namespace java

    27 {

    28 namespace satsa

    29 {

    30 

    31 class CSTSPKCS15Reader;

    32 class CSTSAce;

    33 class CSTSAuthType;

    34 class CSTSMidletInfo;

    35 

    36 // CLASS DECLARATION

    37 

    38 /**

    39  *  Handels the security and access logic of SATSA-APDU.

    40  *  Uses ACF information and PIN related information found in the card's

    41  *  PKCS#15 structure and checks security and access related information

    42  *  when asked.

    43  */

    44 NONSHARABLE_CLASS(CSTSAccessControl): public CBase

    45 {

    46 

    47 public: // Constructors and destructor

    48 

    49 

    50     static CSTSAccessControl* NewL(CSTSMidletInfo* aMidletInfo);

    51 

    52     virtual ~CSTSAccessControl();

    53 

    54 public:

    55 

    56     // Reads Access Control related files from the smart card.

    57     void ReadFilesL();

    58 

    59     /**

    60      * Checks is current J2ME application domain allowed to use

    61      * selected application in the card.

    62      * @return ETrue if domain is allowed to use application, else EFalse

    63      */

    64     TBool IsAllowedDomain();

    65 

    66     /**

    67      * Checks is the gived apdu allowed to be sent to card application.

    68      * @param aMidletApduHeader APDU header part, which will be checked

    69      * @return ETrue if apdu is allowed, EFalse if not

    70      */

    71     TBool IsAllowedApduL(const TDesC8& aMidletApduHeader);

    72 

    73     /**

    74      * Chekcs is the gived PIN method supported in the card application.

    75      * @return ETrue if method is allowed to use, EFalse if not

    76      */

    77     TBool IsAllowedPinMethod();

    78 

    79     /**

    80      * Gets recommended PIN header for the gived PIN method if there is any

    81      * @param aPinID Id of the PIN

    82      * @param aPinApduType Which PIN header is tried to get

    83      * @return Pin header if found or KNullDesC8() if not found

    84      */

    85     const TDesC8& GetPinHeaderL(TInt aPinID, TPinApduType aPinApduType);

    86 

    87     /**

    88      * Gets PIN attributes which can be used for creating proper PIN UI

    89      * @param aPinID Id of the PIN

    90      * @return Reference to CSTSAuthType object, contains PIN information.

    91      */

    92     const CSTSAuthType& GetPinAttributesL(TInt aPinID);

    93 

    94     /**

    95      * Gets token label which can be used for creating proper PIN UI

    96      * @return Reference to descriptor, contains token label.

    97      */

    98     const TDesC& TokenLabelL();

    99 

   100     // Sets card application AID

   101     void SetAIDL(const TDesC8& aAID);

   102 

   103     // Closes connection to PKCS15 application if it is still open

   104     void Close();

   105 

   106     /**

   107      * Checks change disabled, unblock disabled and disable allowed PIN

   108      * flags depending on which PIN apdu type is used and leaves if

   109      * flag informs that operation is disabled or not allowed to do.

   110      * @param aPinApduType Which PIN header is tried to get

   111      */

   112     void CheckPinFlagsL(TPinApduType aPinApduType);

   113 

   114 private:

   115 

   116     CSTSAccessControl(CSTSMidletInfo* aMidletInfo);

   117 

   118     void ConstructL();

   119 

   120     /**

   121      * Finds correct authType of gived PinId. Saves found authType

   122      * to member variable. Leaves, if correct authType will not found.

   123      * @return Reference to descriptor, contains token label.

   124      */

   125     void FindAuthTypeL(TInt aPinID);

   126 

   127     /**

   128      * Checks is gived ace valid for current Domain, RootId or EndEntityId.

   129      * @param aAce Ace entry which will be used in comparison.

   130      * @return True if ace was proper, otherwice false

   131      */

   132     TBool IsProperAce(const CSTSAce* aAce) const;

   133 

   134 private:

   135 

   136     // PKCS15 structure reader, owned

   137     CSTSPKCS15Reader* iPKCS15Reader;

   138     CSTSMidletInfo* iMidletInfo; //not owned

   139 

   140     // information of principals, permissions and userAuthentications

   141     CArrayPtrFlat< CSTSAce>* iAces;

   142 

   143     // contains PIN related information, owned

   144     CSTSAuthType* iAuthType;

   145     CArrayPtrFlat< CSTSAuthType>* iAuthTypes;

   146 

   147     // buffer for pin header, owned

   148     HBufC8* iApduHeader;

   149 

   150 };

   151 

   152 } // namespace satsa

   153 } // namespace java

   154 #endif // CSTSACCESSCONTROL_H

   155 // End of File