diff options
Diffstat (limited to 'base/tps/src/include/processor/RA_Processor.h')
-rw-r--r-- | base/tps/src/include/processor/RA_Processor.h | 214 |
1 files changed, 214 insertions, 0 deletions
diff --git a/base/tps/src/include/processor/RA_Processor.h b/base/tps/src/include/processor/RA_Processor.h new file mode 100644 index 000000000..74e869a52 --- /dev/null +++ b/base/tps/src/include/processor/RA_Processor.h @@ -0,0 +1,214 @@ +/* --- BEGIN COPYRIGHT BLOCK --- + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA + * + * Copyright (C) 2007 Red Hat, Inc. + * All rights reserved. + * --- END COPYRIGHT BLOCK --- + */ + +#ifndef RA_PROCESSOR_H +#define RA_PROCESSOR_H + +#ifdef HAVE_CONFIG_H +#ifndef AUTOTOOLS_CONFIG_H +#define AUTOTOOLS_CONFIG_H + +/* Eliminate warnings when using Autotools */ +#undef PACKAGE_BUGREPORT +#undef PACKAGE_NAME +#undef PACKAGE_STRING +#undef PACKAGE_TARNAME +#undef PACKAGE_VERSION + +#include <config.h> +#endif /* AUTOTOOLS_CONFIG_H */ +#endif /* HAVE_CONFIG_H */ + +#include "main/Login.h" +#include "main/SecureId.h" +#include "main/RA_Session.h" +#include "authentication/AuthParams.h" +#include "apdu/APDU.h" +#include "apdu/APDU_Response.h" +#include "channel/Secure_Channel.h" + +enum RA_Status { + STATUS_NO_ERROR=0, + STATUS_ERROR_SNAC=1, + STATUS_ERROR_SEC_INIT_UPDATE=2, + STATUS_ERROR_CREATE_CARDMGR=3, + STATUS_ERROR_MAC_RESET_PIN_PDU=4, + STATUS_ERROR_MAC_CERT_PDU=5, + STATUS_ERROR_MAC_LIFESTYLE_PDU=6, + STATUS_ERROR_MAC_ENROLL_PDU=7, + STATUS_ERROR_READ_OBJECT_PDU=8, + STATUS_ERROR_BAD_STATUS=9, + STATUS_ERROR_CA_RESPONSE=10, + STATUS_ERROR_READ_BUFFER_OVERFLOW=11, + STATUS_ERROR_TOKEN_RESET_PIN_FAILED=12, + STATUS_ERROR_CONNECTION=13, + STATUS_ERROR_LOGIN=14, + STATUS_ERROR_DB=15, + STATUS_ERROR_TOKEN_DISABLED=16, + STATUS_ERROR_SECURE_CHANNEL=17, + STATUS_ERROR_MISCONFIGURATION=18, + STATUS_ERROR_UPGRADE_APPLET=19, + STATUS_ERROR_KEY_CHANGE_OVER=20, + STATUS_ERROR_EXTERNAL_AUTH=21, + STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND=22, + STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND=23, + STATUS_ERROR_PUBLISH=24, + STATUS_ERROR_LDAP_CONN=25, + STATUS_ERROR_DISABLED_TOKEN=26, + STATUS_ERROR_NOT_PIN_RESETABLE=27, + STATUS_ERROR_CONN_LOST=28, + STATUS_ERROR_CREATE_TUS_TOKEN_ENTRY=29, + STATUS_ERROR_NO_SUCH_TOKEN_STATE=30, + STATUS_ERROR_NO_SUCH_LOST_REASON=31, + STATUS_ERROR_UNUSABLE_TOKEN_KEYCOMPROMISE=32, + STATUS_ERROR_INACTIVE_TOKEN_NOT_FOUND=33, + STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN=34, + STATUS_ERROR_CONTACT_ADMIN=35, + STATUS_ERROR_RECOVERY_IS_PROCESSED=36, + STATUS_ERROR_RECOVERY_FAILED=37, + STATUS_ERROR_NO_OPERATION_ON_LOST_TOKEN=38, + STATUS_ERROR_KEY_ARCHIVE_OFF=39, + STATUS_ERROR_NO_TKS_CONNID=40, + STATUS_ERROR_UPDATE_TOKENDB_FAILED=41, + STATUS_ERROR_REVOKE_CERTIFICATES_FAILED=42, + STATUS_ERROR_NOT_TOKEN_OWNER=43, + STATUS_ERROR_RENEWAL_IS_PROCESSED=44, + STATUS_ERROR_RENEWAL_FAILED=45 +}; + +class RA_Processor +{ + public: + RA_Processor(); + virtual ~RA_Processor(); + virtual RA_Status Process(RA_Session *session, NameValueSet *extensions); + char *MapPattern(NameValueSet *nv, char *pattern); + + int InitializeUpdate(RA_Session *session, + BYTE key_version, BYTE key_index, + Buffer &key_diversification_data, + Buffer &key_info_data, + Buffer &card_challenge, + Buffer &card_cryptogram, + Buffer &host_challenge, const char *connId); + + int CreatePin(RA_Session *session, BYTE pin_number, BYTE max_retries, char *pin); + + int IsPinPresent(RA_Session *session,BYTE pin_number); + + AuthParams *RequestLogin(RA_Session *session, int invalid_pw, int blocked); + AuthParams *RequestExtendedLogin(RA_Session *session, int invalid_pw, int blocked, char **parameters, int len, char *title, char *description); + + void StatusUpdate(RA_Session *session, NameValueSet *extensions, int status, const char *info); + void StatusUpdate(RA_Session *session, int status, const char *info); + + Buffer *GetAppletVersion(RA_Session *session); + + Secure_Channel *SetupSecureChannel(RA_Session *session, BYTE key_version, BYTE key_index, const char *connId); + Secure_Channel *SetupSecureChannel(RA_Session *session, + BYTE key_version, BYTE key_index, SecurityLevel security_level, const char *connId); + + SecureId *RequestSecureId(RA_Session *session); + + char *RequestNewPin(RA_Session *session, unsigned int min_len, unsigned int max_len); + + char *RequestASQ(RA_Session *session, char *question); + + int EncryptData(Buffer &cuid, Buffer &versionID, Buffer &in, Buffer &out, const char *connid); + + int ComputeRandomData(Buffer &data_out, int dataSize, const char *connid); + + int CreateKeySetData( + Buffer &cuid, + Buffer &versionID, + Buffer &NewMasterVer, + Buffer &out, + const char *connid); + + bool GetTokenType( + const char *prefix, + int major_version, int minor_version, + const char *cuid, const char *msn, + NameValueSet *extensions, + RA_Status &o_status, + const char *&o_tokenType); + + Buffer *ListObjects(RA_Session *session, BYTE seq); + + Buffer *GetStatus(RA_Session *session, BYTE p1, BYTE p2); + + Buffer *GetData(RA_Session *session); + + int SelectApplet(RA_Session *session, BYTE p1, BYTE p2, Buffer *aid); + + int UpgradeApplet( + RA_Session *session, + char *prefix, + char *tokenType, + BYTE major_version, BYTE minor_version, + const char *new_version, + const char *applet_dir, + SecurityLevel security_level, + const char *connid, + NameValueSet *extensions, + int start_progress, int end_progress, + char **key_version); + + int UpgradeKey(RA_Session *session, BYTE major_version, BYTE minor_version, int new_version); + + int SelectCardManager(RA_Session *session, char *prefix, char *tokenType); + + int FormatMuscleApplet( + RA_Session *session, + unsigned short memSize, + Buffer &PIN0, BYTE pin0Tries, + Buffer &unblockPIN0, BYTE unblock0Tries, + Buffer &PIN1, BYTE pin1Tries, + Buffer &unblockPIN1, BYTE unblock1Tries, + unsigned short objCreationPermissions, + unsigned short keyCreationPermissions, + unsigned short pinCreationPermissions); + + Secure_Channel *GenerateSecureChannel( + RA_Session *session, const char *connid, + Buffer &card_diversification_data, + Buffer &card_key_data, + Buffer &card_challenge, + Buffer &card_cryptogram, + Buffer &host_challenge); + AuthenticationEntry *GetAuthenticationEntry( + const char * a_prefix, + const char * a_configname, + const char * a_tokenType); + + protected: + RA_Status Format(RA_Session *session, NameValueSet *extensions, bool skipAuth); + bool RevokeCertificates(RA_Session *session, char *cuid, char *audit_msg, + char *final_applet_version, + char *keyVersion, + char *tokenType, char *userid, RA_Status &status ); + int IsTokenDisabledByTus(Secure_Channel *channel); + + int totalAvailableMemory; + int totalFreeMemory; +}; + +#endif /* RA_PROCESSOR_H */ |