Package de.cardcontact.opencard.service.eac20

Class EAC20

java.lang.Object

de.cardcontact.opencard.service.eac20.EAC20

public class EAC20
extends java.lang.Object

Class implementing an EAC2.0 service. At this time only the SmartCardHSMCardService is supported.

Author:

lew

Constructor Summary

Constructors

Constructor	Description
EAC20(SmartCardHSMCardService hsms, java.security.interfaces.ECPublicKey devAuthPK)

Method Summary

Modifier and Type	Method	Description
byte[]	encodePublicKey()	Encode public key to EAC 2.0 format
SecureChannelCredential	getCredential()
static java.security.spec.ECParameterSpec	getECParameterSpecforBrainpoolP256r1()
SecureChannelCredential	performChipAuthentication()	Perform chip authentication and establish a secure channel
protected static byte[]	unsignedBigIntegerToByteArray(java.math.BigInteger bi, int size)	Convert unsigned big integer into byte array, stripping of a leading 00 byte This conversion is required, because the Java BigInteger is a signed value, whereas the byte arrays containing key components are unsigned by default
boolean	verifyAuthenticationToken(byte[] authToken)	Calculate and verify the authentication token over the public key received from the other side

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EAC20

public EAC20(SmartCardHSMCardService hsms,
             java.security.interfaces.ECPublicKey devAuthPK)

Parameters:

hsms - SmartCardHSMCardService

devAuthPK - device authentication public key

Method Detail

getECParameterSpecforBrainpoolP256r1

public static java.security.spec.ECParameterSpec getECParameterSpecforBrainpoolP256r1()

performChipAuthentication

public SecureChannelCredential performChipAuthentication()
                                                  throws CardServiceException,
                                                         CardTerminalException

Perform chip authentication and establish a secure channel

Returns:

IsoSecureChannelCredential

Throws:

CardTerminalException

CardServiceException

getCredential

public SecureChannelCredential getCredential()

verifyAuthenticationToken

public boolean verifyAuthenticationToken(byte[] authToken)

Calculate and verify the authentication token over the public key received from the other side

Parameters:

authToken - the MAC over the authentication data

Returns:

true if the MAC is valid

encodePublicKey

public byte[] encodePublicKey()

Encode public key to EAC 2.0 format

Returns:

the encoded public key

Throws:

TLVEncodingException

unsignedBigIntegerToByteArray

protected static byte[] unsignedBigIntegerToByteArray(java.math.BigInteger bi,
                                                      int size)

Convert unsigned big integer into byte array, stripping of a leading 00 byte This conversion is required, because the Java BigInteger is a signed value, whereas the byte arrays containing key components are unsigned by default

Parameters:

bi - BigInteger value to be converted

size - Number of bits

Returns:

Byte array containing unsigned integer value