Class SecurityDomainCardService
- java.lang.Object
-
- opencard.core.service.CardService
-
- de.cardcontact.opencard.service.globalplatform.SecurityDomainCardService
-
- All Implemented Interfaces:
SecureService
public class SecurityDomainCardService extends CardService implements SecureService
Class implementing a Global Platform Security Domain card service- Author:
- Andreas Schwier (info@cardcontact.de), Frank Thater (info@cardcontact.de)
-
-
Constructor Summary
Constructors Constructor Description SecurityDomainCardService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ResponseAPDU
deleteAID(byte[] aid)
Issue DELETE command to remove package with given AID from cardint
determineSCP()
Determine if either SCP02 or SCP03 is indicated by the card.ResponseAPDU
externalAuthenticate(byte level, byte[] data)
Perform EXTERNAL AUTHENTICATE APDUprotected void
initialize(CardServiceScheduler scheduler, SmartCard smartcard, boolean blocking)
Create the IsoCardState object in the card channel if it does not yet exist.ResponseAPDU
initializeUpdate(byte keyVersionNumber, byte keyIndex, byte[] hostChallenge)
Perform INITIALIZE UPDATE APDUResponseAPDU
installForInstall(byte[] loadFileAID, byte[] execModAID, byte[] appInsAID, byte[] privileges, byte[] installParam, byte[] installToken, boolean makeSelectable)
Issue INSTALL command with INSTALL FOR INSTALL option to security domainResponseAPDU
installForInstallAndSelectable(byte[] loadFileAID, byte[] execModAID, byte[] appInsAID, byte[] privileges, byte[] installParam, byte[] installToken)
Issue INSTALL command with INSTALL FOR INSTALL and SELECTABLE option to security domainResponseAPDU
installForLoad(byte[] loadFileAID, byte[] secDomAID, byte[] loadDBHash, byte[] loadParam, byte[] loadToken)
Issue INSTALL command with INSTALL FOR LOAD option to security domainResponseAPDU
load(CapFile capFile)
Load load file into card using a sequence of LOAD apdusvoid
provideCredentials(SecurityDomain domain, CredentialBag creds)
Provides credentials to a card service.ResponseAPDU
select(AppletID id, boolean next)
Select applet using SELECT command and application identifier passed in id If the argument id is set to null, then the issuer security domain is selectedprotected ResponseAPDU
sendCommandAPDU(CardChannel channel, CommandAPDU com)
Exchange APDU with card, optionally transforming the APDU with a secure channel-
Methods inherited from class opencard.core.service.CardService
allocateCardChannel, getCard, getCardChannel, getCHVDialog, releaseCardChannel, setCardChannel, setCHVDialog
-
-
-
-
Field Detail
-
ISD_AID
public static final AppletID ISD_AID
-
-
Method Detail
-
initialize
protected void initialize(CardServiceScheduler scheduler, SmartCard smartcard, boolean blocking) throws CardServiceException
Create the IsoCardState object in the card channel if it does not yet exist. Overwrites #opencard.core.service.CardService#initialize- Overrides:
initialize
in classCardService
- Parameters:
scheduler
- where this service is going to allocate channelssmartcard
- which smartcard has to be supported by this serviceblocking
- whether channel allocation is going to be blocking- Throws:
CardServiceException
- if the service could not be initialized. The object created via the default constructor may not be used if this happens.- See Also:
CardServiceFactory
-
select
public ResponseAPDU select(AppletID id, boolean next) throws CardTerminalException
Select applet using SELECT command and application identifier passed in id If the argument id is set to null, then the issuer security domain is selected- Parameters:
id
- Applet Id (AID) or nullnext
- True to select next matching AID- Returns:
- Response for SELECT APDU
- Throws:
CardTerminalException
-
installForInstall
public ResponseAPDU installForInstall(byte[] loadFileAID, byte[] execModAID, byte[] appInsAID, byte[] privileges, byte[] installParam, byte[] installToken, boolean makeSelectable) throws CardTerminalException
Issue INSTALL command with INSTALL FOR INSTALL option to security domain- Parameters:
loadFileAID
- AID for load file in cardexecModAID
- AID for module contained in load fileappInsAID
- AID for application instanceprivileges
- Privileges for applicationinstallParam
- Install parameter for applicationinstallToken
- Install tokensmakeSelectable
- make instance selectable- Returns:
- ResponseAPDU from card
- Throws:
CardTerminalException
-
installForInstallAndSelectable
public ResponseAPDU installForInstallAndSelectable(byte[] loadFileAID, byte[] execModAID, byte[] appInsAID, byte[] privileges, byte[] installParam, byte[] installToken) throws CardTerminalException
Issue INSTALL command with INSTALL FOR INSTALL and SELECTABLE option to security domain- Parameters:
loadFileAID
- AID for load file in cardexecModAID
- AID for module contained in load fileappInsAID
- AID for application instanceprivileges
- Privileges for applicationinstallParam
- Install parameter for applicationinstallToken
- Install tokens- Returns:
- ResponseAPDU from card
- Throws:
CardTerminalException
-
installForLoad
public ResponseAPDU installForLoad(byte[] loadFileAID, byte[] secDomAID, byte[] loadDBHash, byte[] loadParam, byte[] loadToken) throws CardTerminalException
Issue INSTALL command with INSTALL FOR LOAD option to security domain- Parameters:
loadFileAID
-secDomAID
-loadDBHash
-loadParam
-loadToken
-- Returns:
- ResponseAPDU from card
- Throws:
CardTerminalException
-
load
public ResponseAPDU load(CapFile capFile) throws CardTerminalException
Load load file into card using a sequence of LOAD apdus- Parameters:
capFile
- Load file with cap components- Returns:
- Response from last LOAD commands
- Throws:
CardTerminalException
-
deleteAID
public ResponseAPDU deleteAID(byte[] aid) throws CardTerminalException
Issue DELETE command to remove package with given AID from card- Parameters:
aid
-- Returns:
- ResponseAPDU from card
- Throws:
CardTerminalException
-
sendCommandAPDU
protected ResponseAPDU sendCommandAPDU(CardChannel channel, CommandAPDU com) throws InvalidCardChannelException, CardTerminalException
Exchange APDU with card, optionally transforming the APDU with a secure channel- Parameters:
channel
-com
-- Returns:
- the response APDU
- Throws:
InvalidCardChannelException
CardTerminalException
-
determineSCP
public int determineSCP() throws InvalidCardChannelException, CardTerminalException, CardServiceException
Determine if either SCP02 or SCP03 is indicated by the card.
-
initializeUpdate
public ResponseAPDU initializeUpdate(byte keyVersionNumber, byte keyIndex, byte[] hostChallenge) throws InvalidCardChannelException, CardTerminalException, CardServiceException
Perform INITIALIZE UPDATE APDU- Parameters:
keyVersionNumber
-keyIndex
-- Returns:
- The response APDU
- Throws:
CardTerminalException
InvalidCardChannelException
CardServiceException
-
externalAuthenticate
public ResponseAPDU externalAuthenticate(byte level, byte[] data) throws InvalidCardChannelException, CardTerminalException, CardServiceException
Perform EXTERNAL AUTHENTICATE APDU- Parameters:
level
-data
- Data block containing host cryptogram and MAC (must be 16 bytes)- Throws:
CardTerminalException
InvalidCardChannelException
CardServiceException
-
provideCredentials
public void provideCredentials(SecurityDomain domain, CredentialBag creds) throws CardServiceException
Description copied from interface:SecureService
Provides credentials to a card service. The security domain should be specified as the path to the directory in which the application's card resident parts are located. The bag of credentials should hold a credential store suitable for the respective card and card service implementation. Only credentials in that store will (and can) be used by the service.- Specified by:
provideCredentials
in interfaceSecureService
- Parameters:
domain
- the security domain for which to provide credentialscreds
- the credentials for that domain- Throws:
CardServiceException
- If the card service could not process the credentials, if the SecurityDomain is invalid.- See Also:
CardService
-
-