src/com/android/se/security/arf/SecureElement.java - platform/packages/apps/SecureElement - Git at Google

 /*
  * Copyright (C) 2017 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 /*
  * Copyright (c) 2015-2017, The Linux Foundation.
  */

 /*
  * Copyright (C) 2011 Deutsche Telekom, A.G.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 /*
  * Contributed by: Giesecke & Devrient GmbH.
  */

 package com.android.se.security.arf;

 import android.util.Log;

 import com.android.se.Channel;
 import com.android.se.Terminal;
 import com.android.se.security.ChannelAccess;
 import com.android.se.security.arf.pkcs15.EF;
 import com.android.se.security.gpac.AID_REF_DO;
 import com.android.se.security.gpac.Hash_REF_DO;
 import com.android.se.security.gpac.REF_DO;

 import java.io.IOException;
 import java.util.MissingResourceException;
 import java.util.NoSuchElementException;

 /**
  * Provides high-level functions for SE communication
  */
 public class SecureElement {
     public final String mTag = "SecureElement-ARF";
     // Logical channel used for SE communication (optional)
     private Channel mArfChannel = null;
     // Handle to a built-in "Secure Element"
     private Terminal mTerminalHandle = null;
     // Arf Controller within the SCAPI handler
     private ArfController mArfHandler = null;

     /**
      * Constructor
      *
      * @param arfHandler - handle to the owning arf controller object
      * @param handle     - handle to the SE terminal to be accessed.
      */
     public SecureElement(ArfController arfHandler, Terminal handle) {
         mTerminalHandle = handle;
         mArfHandler = arfHandler;
     }

     /**
      * Transmits ADPU commands
      *
      * @param cmd APDU command
      * @return Data returned by the APDU command
      */
     public byte[] exchangeAPDU(EF ef, byte[] cmd) throws IOException, SecureElementException {
         try {
             return mArfChannel.transmit(cmd);
         } catch (IOException e) {
             // Communication error happened while the terminal sending a command.
             throw e;
         } catch (Exception e) {
             throw new SecureElementException(
                     "Secure Element access error " + e.getLocalizedMessage());
         }
     }

     /**
      * Opens a logical channel to ARF Applet or ADF
      *
      * @param aid Applet identifier
      * @return Handle to "Logical Channel" allocated by the SE; <code>0</code> if error occurred
      */
     public Channel openLogicalArfChannel(byte[] aid) throws IOException, MissingResourceException,
             NoSuchElementException {
         try {
             mArfChannel = mTerminalHandle.openLogicalChannelWithoutChannelAccess(aid);
             if (mArfChannel == null) {
                 throw new MissingResourceException("No channel was available", "", "");
             }
             setUpChannelAccess(mArfChannel);
             return mArfChannel;
         } catch (IOException | MissingResourceException | NoSuchElementException e) {
             throw e;
         } catch (Exception e) {
             Log.e(mTag, "Error opening logical channel " + e.getLocalizedMessage());
             mArfChannel = null;
             return null;
         }
     }

     /**
      * Closes a logical channel previously allocated by the SE
      */
     public void closeArfChannel() {
         try {
             if (mArfChannel != null) {
                 mArfChannel.close();
                 mArfChannel = null;
             }

         } catch (Exception e) {
             Log.e(mTag, "Error closing channel " + e.getLocalizedMessage());
         }
     }

     /**
      * Set up channel access to allow, so that PKCS15 files can be read.
      */
     private void setUpChannelAccess(Channel channel) {
         // set access conditions to access ARF.
         ChannelAccess arfChannelAccess = new ChannelAccess();
         arfChannelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, "");
         arfChannelAccess.setApduAccess(ChannelAccess.ACCESS.ALLOWED);
         channel.setChannelAccess(arfChannelAccess);
     }

     /** Fetches the Refresh Tag */
     public byte[] getRefreshTag() {
         if (mArfHandler != null) {
             return mArfHandler.getAccessRuleCache().getRefreshTag();
         }
         return null;
     }

     /** Sets the given Refresh Tag */
     public void setRefreshTag(byte[] refreshTag) {
         if (mArfHandler != null) {
             mArfHandler.getAccessRuleCache().setRefreshTag(refreshTag);
         }
     }

     /** Addsthe Access Rule to the Cache */
     public void putAccessRule(
             AID_REF_DO aidRefDo, Hash_REF_DO hashRefDo, ChannelAccess channelAccess) {

         REF_DO ref_do = new REF_DO(aidRefDo, hashRefDo);
         mArfHandler.getAccessRuleCache().putWithMerge(ref_do, channelAccess);
     }

     /** Resets the Access Rule Cache */
     public void resetAccessRules() {
         this.mArfHandler.getAccessRuleCache().reset();
     }

     /** Clears the Access Rule Cache */
     public void clearAccessRuleCache() {
         this.mArfHandler.getAccessRuleCache().clearCache();
     }
 }
	/*
	* Copyright (C) 2017 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	/*
	* Copyright (c) 2015-2017, The Linux Foundation.
	*/

	/*
	* Copyright (C) 2011 Deutsche Telekom, A.G.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	/*
	* Contributed by: Giesecke & Devrient GmbH.
	*/

	package com.android.se.security.arf;

	import android.util.Log;

	import com.android.se.Channel;
	import com.android.se.Terminal;
	import com.android.se.security.ChannelAccess;
	import com.android.se.security.arf.pkcs15.EF;
	import com.android.se.security.gpac.AID_REF_DO;
	import com.android.se.security.gpac.Hash_REF_DO;
	import com.android.se.security.gpac.REF_DO;

	import java.io.IOException;
	import java.util.MissingResourceException;
	import java.util.NoSuchElementException;

	/**
	* Provides high-level functions for SE communication
	*/
	public class SecureElement {
	public final String mTag = "SecureElement-ARF";
	// Logical channel used for SE communication (optional)
	private Channel mArfChannel = null;
	// Handle to a built-in "Secure Element"
	private Terminal mTerminalHandle = null;
	// Arf Controller within the SCAPI handler
	private ArfController mArfHandler = null;

	/**
	* Constructor
	*
	* @param arfHandler - handle to the owning arf controller object
	* @param handle - handle to the SE terminal to be accessed.
	*/
	public SecureElement(ArfController arfHandler, Terminal handle) {
	mTerminalHandle = handle;
	mArfHandler = arfHandler;
	}

	/**
	* Transmits ADPU commands
	*
	* @param cmd APDU command
	* @return Data returned by the APDU command
	*/
	public byte[] exchangeAPDU(EF ef, byte[] cmd) throws IOException, SecureElementException {
	try {
	return mArfChannel.transmit(cmd);
	} catch (IOException e) {
	// Communication error happened while the terminal sending a command.
	throw e;
	} catch (Exception e) {
	throw new SecureElementException(
	"Secure Element access error " + e.getLocalizedMessage());
	}
	}

	/**
	* Opens a logical channel to ARF Applet or ADF
	*
	* @param aid Applet identifier
	* @return Handle to "Logical Channel" allocated by the SE; <code>0</code> if error occurred
	*/
	public Channel openLogicalArfChannel(byte[] aid) throws IOException, MissingResourceException,
	NoSuchElementException {
	try {
	mArfChannel = mTerminalHandle.openLogicalChannelWithoutChannelAccess(aid);
	if (mArfChannel == null) {
	throw new MissingResourceException("No channel was available", "", "");
	}
	setUpChannelAccess(mArfChannel);
	return mArfChannel;
	} catch (IOException \| MissingResourceException \| NoSuchElementException e) {
	throw e;
	} catch (Exception e) {
	Log.e(mTag, "Error opening logical channel " + e.getLocalizedMessage());
	mArfChannel = null;
	return null;
	}
	}

	/**
	* Closes a logical channel previously allocated by the SE
	*/
	public void closeArfChannel() {
	try {
	if (mArfChannel != null) {
	mArfChannel.close();
	mArfChannel = null;
	}

	} catch (Exception e) {
	Log.e(mTag, "Error closing channel " + e.getLocalizedMessage());
	}
	}

	/**
	* Set up channel access to allow, so that PKCS15 files can be read.
	*/
	private void setUpChannelAccess(Channel channel) {
	// set access conditions to access ARF.
	ChannelAccess arfChannelAccess = new ChannelAccess();
	arfChannelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, "");
	arfChannelAccess.setApduAccess(ChannelAccess.ACCESS.ALLOWED);
	channel.setChannelAccess(arfChannelAccess);
	}

	/** Fetches the Refresh Tag */
	public byte[] getRefreshTag() {
	if (mArfHandler != null) {
	return mArfHandler.getAccessRuleCache().getRefreshTag();
	}
	return null;
	}

	/** Sets the given Refresh Tag */
	public void setRefreshTag(byte[] refreshTag) {
	if (mArfHandler != null) {
	mArfHandler.getAccessRuleCache().setRefreshTag(refreshTag);
	}
	}

	/** Addsthe Access Rule to the Cache */
	public void putAccessRule(
	AID_REF_DO aidRefDo, Hash_REF_DO hashRefDo, ChannelAccess channelAccess) {

	REF_DO ref_do = new REF_DO(aidRefDo, hashRefDo);
	mArfHandler.getAccessRuleCache().putWithMerge(ref_do, channelAccess);
	}

	/** Resets the Access Rule Cache */
	public void resetAccessRules() {
	this.mArfHandler.getAccessRuleCache().reset();
	}

	/** Clears the Access Rule Cache */
	public void clearAccessRuleCache() {
	this.mArfHandler.getAccessRuleCache().clearCache();
	}
	}