void BELPICToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
{
Allocator &alloc = Allocator::standard();
if (unsigned pin = pinFromAclTag(tag, "?")) {
static AutoAclEntryInfoList acl;
acl.clear();
acl.allocator(alloc);
uint32_t status = this->pinStatus(pin);
if (status == SCARD_SUCCESS)
acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED);
else
acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN);
count = acl.size();
acls = acl.entries();
return;
}
// get pin list, then for each pin
if (!mAclEntries)
{
mAclEntries.allocator(alloc);
// Anyone can read the attributes and data of any record on this token
// (it's further limited by the object itself).
mAclEntries.add(CssmClient::AclFactory::AnySubject(
mAclEntries.allocator()),
AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
// We support PIN1 with either a passed in password
// subject or a prompted password subject.
mAclEntries.addPin(AclFactory::PWSubject(alloc), 1);
mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 1);
}
count = mAclEntries.size();
acls = mAclEntries.entries();
}
void GemaltoToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
{
log("\nGemaltoToken::getAcl <BEGIN>\n");
log("tag <%s> - count <%lu>\n", tag, count);
Allocator &alloc = Allocator::standard();
if (uint32 pin = _pinFromAclTag(tag, "?"))
{
static AutoAclEntryInfoList acl;
_aclClear(acl);
acl.allocator(alloc);
uint32_t status = this->pinStatus(pin);
if (status == SCARD_SUCCESS)
{
_addPinState(acl, pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED);
}
else if (SCARD_AUTHENTICATION_BLOCKED == status)
{
_addPinState(acl, pin, CSSM_ACL_PREAUTH_TRACKING_BLOCKED);
}
else
{
_addPinState(acl, pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN);
}
count = acl.size();
acls = acl.entries();
log("count <%lu>\n", count);
log("GemaltoToken::getAcl <END>\n");
return;
}
// get pin list, then for each pin
if (!mAclEntries)
{
mAclEntries.allocator(alloc);
// Anyone can read the attributes and data of any record on this token
// (it's further limited by the object itself).
mAclEntries.add(CssmClient::AclFactory::AnySubject( mAclEntries.allocator()), AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
// We support PIN1 with either a passed in password subject or a prompted password subject.
mAclEntries.addPin(AclFactory::PWSubject(mAclEntries.allocator()), 1);
mAclEntries.addPin(AclFactory::PromptPWSubject(mAclEntries.allocator(), CssmData()), 1);
mAclEntries.addPin(AclFactory::PinSubject(mAclEntries.allocator(), CssmData()), 1);
}
count = mAclEntries.size();
acls = mAclEntries.entries();
log("count <%lu>\n", count);
log("GemaltoToken::getAcl <END>\n");
}
