Smart Card Shell

Card - Reference Documentation

Class to allow access to ICC

Index of Methods

Constants

Type Name Description
Number T0 T=0 protocol
Number T1 T=1 protocol
Number T14 T=14 protocol
Number OTHER Other protocol
Number PICCA
Number PICCB
Number RESET_COLD Perform cold reset
Number RESET_WARM Perform warm reset if supported by reader, otherwise cold reset
Number CPRO Usage qualifier for MAC protected command-APDU in sendSecMsgApdu()
Number CENC Usage qualifier for encrypted command-APDU in sendSecMsgApdu()
Number RPRO Usage qualifier for MAC protected response-APDU in sendSecMsgApdu()
Number RENC Usage qualifier for encrypted response-APDU in sendSecMsgApdu()
Number ALL All access modes or all usage qualifier in sendSecMsgApdu()

Properties

Type Name Description
ByteString response Last response APDU received from ICC
Number SW Last status word SW1/SW2 received from ICC
Number SW1 Last status byte SW1 received from ICC
Number SW2 Last status byte SW2 received from ICC
String SWMSG Message for SW1/SW2 (Extension to GP)
opencard.core.terminal.CardTerminal nativeCardTerminal OCF Card Terminal
String readerName Card terminal name
String maxReaderCAPDU Command APDU limit by the card terminal (Optional)
String maxReaderRAPDU Command APDU limit by the card terminal (Optional)
String remoteMessage Message received from server during remote update
Number remoteMessageId Message id received from server during remote update

Constructor

Prototype

Card()

Card(String reader)

Card(String reader, String cardProfileName)

Description

Create an object representing an ICC in a reader.

The name of the card terminal can be passed as argument reader. If the card reader supports multiple slots, then the slot number can be specified by appending a hash '#' and the slot number. Slot numbers start at 1, 0 means any slot and is the default value (e.g. "MCT#2" selects the card reader "MCT" and the card in slot 2).

Arguments

Type Name Description
String reader Card terminal name
String cardProfileName Name of file containing Global Platform card profile

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call
GPError GPError.CARD_CONNECT_FAILED Establishing a connection to the card fails as the card is not present or mute
GPError GPError.CARD_COMM_ERROR A communication error with the ICC occured

Example


card = new Card();
assert(card instanceof Card);

card = new Card("");
assert(card instanceof Card);

card = new Card(_scsh3.reader);
assert(card instanceof Card);

card = new Card("", "profiles/cp_jcop41.xml");
assert(card instanceof Card);

dumpxml(card.profile, "");

reset()

Prototype

Atr reset(Number resetMode)

Description

Perform a cold or warm reset with the ICC.

Arguments

Type Name Description
Number resetMode Reset mode, either Card.RESET_COLD or Card.RESET_WARM.

Return

Atr ATR returned by ICC

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Argument must be of type Number and either Card.RESET_COLD or Card.RESET_WARM
GPError GPError.CARD_COMM_ERROR A communication error with the ICC occured

Example


card = new Card();
atr = card.reset(Card.RESET_COLD);
print("Format Byte     : " + atr.formatByte.toString(16));
print("Interface Bytes : " + atr.interfaceBytes);
print("Historical Bytes: " + atr.historicalBytes);
print("Check Bytes     : " + atr.tckByte.toString(16));
print(atr);

getATR()

Prototype

Atr getATR()

Description

Return ATR of last reset

Return

Atr ATR returned by ICC

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


card = new Card();
card.reset(Card.RESET_COLD);
atr = card.getATR();
print("Format Byte     : " + atr.formatByte.toString(16));
print("Interface Bytes : " + atr.interfaceBytes);
print("Historical Bytes: " + atr.historicalBytes);
print("Check Bytes     : " + atr.tckByte.toString(16));
print(atr);

sendApdu()

Prototype

ByteString sendApdu (Number cla, Number ins, Number p1, Number p2)

ByteString sendApdu (Number cla, Number ins, Number p1, Number p2, Number[] sw)

ByteString sendApdu (Number cla, Number ins, Number p1, Number p2, ByteString data)

ByteString sendApdu (Number cla, Number ins, Number p1, Number p2, ByteString data, Number[] sw)

ByteString sendApdu (Number cla, Number ins, Number p1, Number p2, Number le)

ByteString sendApdu (Number cla, Number ins, Number p1, Number p2, Number le, Number[] sw)

ByteString sendApdu (Number cla, Number ins, Number p1, Number p2, ByteString data, Number le)

ByteString sendApdu (Number cla, Number ins, Number p1, Number p2, ByteString data, Number le, Number[] sw)

Description

Transmit a Command-APDU to the ICC and receive the Response-APDU.

The method updates the fields SW, SW1, SW2 and response with the values received from the ICC.

An array of valid return codes can be passed as argument sw. If the SW1/SW2 from the ICC does not match with one of the entries in the array, then an GPError.CARD_COMM_ERROR exception is raised.

The method supports ISO7816-4 extended format. This is automatically used, if the length of the data argument exceeds 255 or if the argument le exceeds 256.

Arguments

Type Name Description
Number cla The CLA byte for the Command-APDU
Number ins The INS byte for the Command-APDU
Number p1 The P1 byte for the Command-APDU
Number p2 The P2 byte for the Command-APDU
ByteString data The data bytes to be send in the Command-APDU for case 3 or case 4 commands
Number le The number of bytes expected in the response. 65536 is encoded as '0000' in extended format.
Number[] sw Array of acceptable SW1/SW2 return codes

Return

ByteString Response APDU received from ICC

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call or SW array contain a type other than Number
GPError GPError.CARD_COMM_ERROR A communication error with the ICC occured
GPError GPError.CARD_INVALID_SW The status word return by the ICC does not match one of the expected result
GPError GPError.DATA_TOO_LARGE The data for the command APDU exceeds 65536
GPError GPError.INVALID_LENGTH The value given for Le is out of range

Example


// Case 1: 0022F3A4 - MANAGE SE

resp = card.sendApdu(0x00, 0x22, 0xF3, 0xA4);
print(card.SW.toString(16) + " - " + resp);

// Must return ByteString, null or undefined ?
assert(card.SW == 0x9000);
assert(card.SW1 == 0x90);
assert(card.SW2 == 0x00);

resp = card.sendApdu(0x00, 0x22, 0xF3, 0xA4, [0x9000]);
// Must return ByteString, null or undefined ?


// Case 2: 00B201F400 - READ RECORD from EF_DIR

resp = card.sendApdu(0x00, 0xB2, 0x01, 0xF4, 0);
print(card.SW.toString(16) + " - " + resp);

assert(resp.length > 0);
assert(card.SW == 0x9000);
assert(card.response.equals(resp));

resp = card.sendApdu(0x00, 0xB2, 0x01, 0xF4, 0, [0x9000]);
assert(resp.length > 0);


// Case 3: 002A90A008 - HASH

resp = card.sendApdu(0x00, 0x2A, 0x90, 0xA0, new ByteString("9000800431323334", HEX));
print(card.SW.toString(16) + " - " + resp);

assert(card.SW == 0x9000);

resp = card.sendApdu(0x00, 0x2A, 0x90, 0xA0,
                            new ByteString("9000800431323334", HEX),[0x9000]);


// Case 4: 00A40204022F0000 - SELECT EF_DIR

resp = card.sendApdu(0x00, 0xA4, 0x02, 0x04, new ByteString("2F00", HEX), 0);
print(card.SW.toString(16) + " - " + resp);

assert(card.SW == 0x9000);
assert(resp.length > 0);

resp = card.sendApdu(0x00, 0xA4, 0x02, 0x04, new ByteString("2F00", HEX), 0, [0x9000]);
assert(resp.length > 0);

plainApdu()

Prototype

ByteString sendApdu (ByteString apdu)

ByteString sendApdu (ByteString apdu, Number[] sw)

ByteString sendApdu (ByteString apdu, Number[] sw, Number usageQualifier)

Description

Transmit a Command-APDU to the ICC and receive the Response-APDU.

The method updates the fields SW, SW1, SW2 and response with the values received from the ICC.

An array of valid return codes can be passed as argument sw. If the SW1/SW2 from the ICC does not match with one of the entries in the array, then an GPError.CARD_COMM_ERROR exception is raised.

This method is an extension to the Global Platform Scripting specification.

Arguments

Type Name Description
ByteString apdu Command-APDU in plain format consisting of CLA|INS|P1|P2|Lc|Data|Le
Number[] sw Array of acceptable SW1/SW2 return codes
Number usageQualifier Usage qualifier to be passed to secure messaging transformation

Return

ByteString Response APDU received from ICC

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call or SW array contain a type other than Number
GPError GPError.CARD_COMM_ERROR A communication error with the ICC occured
GPError GPError.INVALID_SW The status word return by the ICC does not match one of the expected result

Example


// Case 1: 0022F3A4 - MANAGE SE

resp = card.plainApdu(new ByteString("0022F3A4", HEX));
print(card.SW.toString(16) + " - " + resp);

// Must return ByteString, null or undefined ?
assert(card.SW == 0x9000);
assert(card.SW1 == 0x90);
assert(card.SW2 == 0x00);

resp = card.plainApdu(new ByteString("0022F3A4", HEX), [0x9000]);
// Must return ByteString, null or undefined ?


// Case 2: 00B201F400 - READ RECORD from EF_DIR

resp = card.plainApdu(new ByteString("00B201F400", HEX));
print(card.SW.toString(16) + " - " + resp);

assert(resp.length > 0);
assert(card.SW == 0x9000);
assert(card.response.equals(resp));

resp = card.plainApdu(new ByteString("00B201F400", HEX), [0x9000]);
assert(resp.length > 0);


// Case 3: 002A90A008 - HASH

resp = card.plainApdu(new ByteString("002A90A0089000800431323334", HEX));
print(card.SW.toString(16) + " - " + resp);

assert(card.SW == 0x9000);

resp = card.plainApdu(new ByteString("002A90A0089000800431323334", HEX), [0x9000]);


// Case 4: 00A40204022F0000 - SELECT EF_DIR

resp = card.plainApdu(new ByteString("00A40204022F0000", HEX));
print(card.SW.toString(16) + " - " + resp);

assert(card.SW == 0x9000);
assert(resp.length > 0);

resp = card.plainApdu(new ByteString("00A40204022F0000", HEX), [0x9000]);
assert(resp.length > 0);

getCardService()

Prototype

Object getCardService(String className)

Description

Obtain OCF card service for API given in className

Arguments

Type Name Description
String className OCF Card Service class or interface name

Return

Object The native Java class providing the service

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call
GPError GPError.INVALID_DATA Card service not found

Example


// var cs = card.getCardService("de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMCardService");

setCredential()

Prototype

setCredential(Object credential)

Description

Provide an object that contains the credential required to transform the APDU when using sendSecMsgApdu().

Currently only a secure channel credential can be supplied. A secure channel credential is a JavaScript object that supplies a wrap() and optionally an unwrap() method. The wrap() method is called to transform the command-APDU, the unwrap() method is called to transform the response-APDU.

The usage qualifier in the sendSecMsgApdu() determins, which part of the command and response APDU are to be protected and how. Any of the following four options can be combined: MAC protected command APDU (CPRO), encrypted command APDU (CENC), MAC protected response APDU (RPRO) and encrypted response APDU (RENC).

The usage qualifier controls the transformation of command and reponse APDU. It is passed to the wrap() and unwrap() method as the second parameter.

The usage qualifier can be defined by or'ing the constants Card.CPRO, Card.CENC, Card.RPRO or Card.RENC. Use Card.ALL as a combination of the above.

Subsequent calls to this method will overwrite the previous credential.

This method is an extension to the Global Platform Scripting specification.

Arguments

Type Name Description
Object credential Object to be used as credential.

Return

Method does not return a value

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call
GPError GPError.CARD_COMM_ERROR An error occured while talking to the ICC

Example



//
// Define SecureChannelCredential class constructor
//
function SecureChannelCredential() {
}

//
// Wrap command-APDU with secure messaging
//
SecureChannelCredential.prototype.wrap = function(apduToWrap, usageQualifier) {
	print("APDU to wrap with usageQualifier " + usageQualifier + " :");
	print(apduToWrap);

	// Put secure messaging transformation here

	return(apduToWrap);
}


//
// Unwrap response-APDU with secure messaging
//
SecureChannelCredential.prototype.unwrap = function(apduToUnwrap, usageQualifier) {
	print("APDU to unwrap with usageQualifier " + usageQualifier + " :");
	print(apduToUnwrap);

	// Put secure messaging transformation here

	return(apduToUnwrap);
}

card.reset(Card.RESET_COLD);

// Allocate a secure channel credential
var sc = new SecureChannelCredential();

card.setCredential(sc);

// Allocate a cardfile object

var response = card.sendSecMsgApdu(Card.ALL, 0x00, 0xA4, 0x02, 0x04,
                            new ByteString("2F00", HEX), 0, [0x9000]);
print(response);


clearCredential()

Prototype

clearCredential()

Description

Clear credential for card service

Return

Method does not return a value

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


sendSecMsgApdu()

Prototype

ByteString sendSecMsgApdu(Number usageQualifier, Number cla, Number ins, Number p1, Number p2)

ByteString sendSecMsgApdu(Number usageQualifier, Number cla, Number ins, Number p1, Number p2, Number[] sw)

ByteString sendSecMsgApdu(Number usageQualifier, Number cla, Number ins, Number p1, Number p2, ByteString data)

ByteString sendSecMsgApdu(Number usageQualifier, Number cla, Number ins, Number p1, Number p2, ByteString data, Number[] sw)

ByteString sendSecMsgApdu(Number usageQualifier, Number cla, Number ins, Number p1, Number p2, Number le)

ByteString sendSecMsgApdu(Number usageQualifier, Number cla, Number ins, Number p1, Number p2, Number le, Number[] sw)

ByteString sendSecMsgApdu(Number usageQualifier, Number cla, Number ins, Number p1, Number p2, ByteString data, Number le)

ByteString sendSecMsgApdu(Number usageQualifier, Number cla, Number ins, Number p1, Number p2, ByteString data, Number le, Number[] sw)

Description

Transmit a Command-APDU to the ICC and receive the Response-APDU.

If a secure channel is set with the setCredential() method, then this credential will be used to tranform the command and response APDU accordingly. During this transformation process, the usageQualifier is passed to the wrapping / unwrapping methods.

The method updates the fields SW, SW1, SW2 and response with the values received from the ICC.

An array of valid return codes can be passed as argument sw. If the SW1/SW2 from the ICC does not match with one of the entries in the array, then an GPError.CARD_COMM_ERROR exception is raised.

The method supports ISO7816-4 extended format. This is automatically used, if the length of the data argument exceeds 255 or if the argument le exceeds 255.

This method is an extension to the Global Platform Scripting specification.

Arguments

Type Name Description
Number usageQualifier Usage qualifier for secure messaging transformation. Can be a combination of Card.CPRO, Card.CENC, Card.RPRO, Card.RENC and Card.ALL.
Number cla The CLA byte for the Command-APDU
Number ins The INS byte for the Command-APDU
Number p1 The P1 byte for the Command-APDU
Number p2 The P2 byte for the Command-APDU
ByteString data The data bytes to be send in the Command-APDU for case 3 or case 4 commands
Number le The number of bytes expected in the response. 255 is encoded as '00' in short format. 65536 is encoded as '0000' in extended format.
Number[] sw Array of acceptable SW1/SW2 return codes

Return

ByteString Response APDU received from ICC

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call or SW array contain a type other than Number
GPError GPError.CARD_COMM_ERROR A communication error with the ICC occured
GPError GPError.CARD_INVALID_SW The status word return by the ICC does not match one of the expected result
GPError GPError.DATA_TOO_LARGE The data for the command APDU exceeds 65536
GPError GPError.INVALID_LENGTH The value given for Le is out of range

Example


// See sendApdu() and setCredential() for an example

close()

Prototype

close()

Description

Release card object, closing communication channel with the card

If close() is not explicitly called for a card object, then the smart card communication channel will be closed during garbage collection at latest

The method is usefull to ensure, that other applications can get access to the card.

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


card.close();

setCardEventListener()

Prototype

setCardEventListener(Object handler)

Description

Static method to register a script object that receives cardInserted and cardRemoved events.

The cardInserted and cardRemoved methods provide the reader name as argument.

The handler must implement both methods.

The cardNotification method is optional and called when the properties remoteMessage and remoteMessageId are updated during remote update processing.

Arguments

Type Name Description
Object handler The event handler

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


var handler = {
	cardInserted: function(readerName) {
		print("Card inserted into " + readerName);
	},
	cardRemoved: function(readerName) {
		print("Card removed from " + readerName);
	}
	cardNotification: function(readerName) {
		print("Notification for " + readerName);
	}
}
Card.setCardEventListener(handler);

remoteUpdate()

Prototype

remoteUpdate(String url)

remoteUpdate(String url, String sessionId)

Description

Update the card using the remote update service located at the given URL.

The sessionId can be used to link the card update to a current user session with the server.

Remote notifications are made available in the remoteMessageId and remoteMessage property of the card object.

Arguments

Type Name Description
String url The URL of the remote terminal endpoint on the server
String sessionId The sessionId used in the session cookie

Return

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example



getReaderList()

Prototype

Card.getReaderList()

Description

Return the list of attached card readers

Return

String[] The list of reader names

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


var list = Card.getReaderList();