void GemaltoToken::_addPinState(AutoAclEntryInfoList& acl, uint32 slot, uint32 status)
{
char tag[20];
snprintf(tag, sizeof(tag), "PIN%d?", (int) slot);
TypedList subj(acl.allocator(), CSSM_WORDID_PIN, new(acl.allocator()) ListElement(slot), new(acl.allocator()) ListElement(status));
acl.add(subj, CSSM_WORDID_PIN, tag);
}
void BELPICToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
{
Allocator &alloc = Allocator::standard();
if (unsigned pin = pinFromAclTag(tag, "?")) {
static AutoAclEntryInfoList acl;
acl.clear();
acl.allocator(alloc);
uint32_t status = this->pinStatus(pin);
if (status == SCARD_SUCCESS)
acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED);
else
acl.addPinState(pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN);
count = acl.size();
acls = acl.entries();
return;
}
// get pin list, then for each pin
if (!mAclEntries)
{
mAclEntries.allocator(alloc);
// Anyone can read the attributes and data of any record on this token
// (it's further limited by the object itself).
mAclEntries.add(CssmClient::AclFactory::AnySubject(
mAclEntries.allocator()),
AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
// We support PIN1 with either a passed in password
// subject or a prompted password subject.
mAclEntries.addPin(AclFactory::PWSubject(alloc), 1);
mAclEntries.addPin(AclFactory::PromptPWSubject(alloc, CssmData()), 1);
}
count = mAclEntries.size();
acls = mAclEntries.entries();
}
void GemaltoToken::_aclClear(AutoAclEntryInfoList& acl)
{
if (acl == true)
{
DataWalkers::ChunkFreeWalker w(acl.allocator());
for (uint32 ix = 0; ix < acl.size(); ix++)
walk(w, acl.at(ix));
acl.size(0);
}
}
void GemaltoToken::getAcl(const char *tag, uint32 &count, AclEntryInfo *&acls)
{
log("\nGemaltoToken::getAcl <BEGIN>\n");
log("tag <%s> - count <%lu>\n", tag, count);
Allocator &alloc = Allocator::standard();
if (uint32 pin = _pinFromAclTag(tag, "?"))
{
static AutoAclEntryInfoList acl;
_aclClear(acl);
acl.allocator(alloc);
uint32_t status = this->pinStatus(pin);
if (status == SCARD_SUCCESS)
{
_addPinState(acl, pin, CSSM_ACL_PREAUTH_TRACKING_AUTHORIZED);
}
else if (SCARD_AUTHENTICATION_BLOCKED == status)
{
_addPinState(acl, pin, CSSM_ACL_PREAUTH_TRACKING_BLOCKED);
}
else
{
_addPinState(acl, pin, CSSM_ACL_PREAUTH_TRACKING_UNKNOWN);
}
count = acl.size();
acls = acl.entries();
log("count <%lu>\n", count);
log("GemaltoToken::getAcl <END>\n");
return;
}
// get pin list, then for each pin
if (!mAclEntries)
{
mAclEntries.allocator(alloc);
// Anyone can read the attributes and data of any record on this token
// (it's further limited by the object itself).
mAclEntries.add(CssmClient::AclFactory::AnySubject( mAclEntries.allocator()), AclAuthorizationSet(CSSM_ACL_AUTHORIZATION_DB_READ, 0));
// We support PIN1 with either a passed in password subject or a prompted password subject.
mAclEntries.addPin(AclFactory::PWSubject(mAclEntries.allocator()), 1);
mAclEntries.addPin(AclFactory::PromptPWSubject(mAclEntries.allocator(), CssmData()), 1);
mAclEntries.addPin(AclFactory::PinSubject(mAclEntries.allocator(), CssmData()), 1);
}
count = mAclEntries.size();
acls = mAclEntries.entries();
log("count <%lu>\n", count);
log("GemaltoToken::getAcl <END>\n");
}
void
KeyImpl::getAcl(AutoAclEntryInfoList &aclInfos, const char *selectionTag) const
{
aclInfos.allocator(allocator());
check(CSSM_GetKeyAcl(csp()->handle(), this, reinterpret_cast<const CSSM_STRING *>(selectionTag), aclInfos, aclInfos));
}
