Class IsoCardService
- java.lang.Object
-
- opencard.core.service.CardService
-
- de.cardcontact.opencard.service.isocard.IsoCardService
-
- All Implemented Interfaces:
CHVCardServiceWithControl
,FileSystemSendAPDU
,IsoFileSystemCardService
,FileAccessCardService
,FileSystemCardService
,CHVCardService
,SecureService
,CardServiceInterface
public class IsoCardService extends CardService implements FileAccessCardService, IsoFileSystemCardService, CHVCardServiceWithControl, FileSystemSendAPDU, SecureService
File access card service for ISO7816-4,-8 and -9 cards. First implemented and tested with ORGA Micardo 2.x operating systems- Author:
- Andreas Schwier
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface de.cardcontact.opencard.service.isocard.CHVCardServiceWithControl
CHVCardServiceWithControl.PasswordStatus
-
-
Field Summary
Fields Modifier and Type Field Description protected int
maxRDataSM
-
Fields inherited from interface opencard.opt.iso.fs.FileAccessCardService
READ_SEVERAL
-
-
Constructor Summary
Constructors Constructor Description IsoCardService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
appendRecord(CardFilePath file, byte[] data)
Append record to linear filevoid
closeApplication(SecurityDomain domain)
Resets the achieved card holder verifications on the smartcard.void
create(CardFilePath parent, byte[] data)
Create file in parent usind file information supplied as byte array This is the original signature defined by OCFvoid
create(CardFilePath parent, byte fileDescriptorByte, byte shortFileIdentifier, byte[] data)
Create file in parent usind file information supplied as byte array This is the signature defined by OpenSCPDvoid
delete(CardFilePath file)
Delete the file referenced This is the original signature defined by OCFvoid
delete(CardFilePath file, CardFilePathComponent child, boolean childIsDF)
Delete the referenced file This is the signature defined by OpenSCDPboolean
exists(CardFilePath file)
Determine if file existsCardFileInfo
getFileInfo(CardFilePath file)
Obtain file information as returned in the SELECT commandint
getPasswordLength(SecurityDomain domain, int number)
Determines the padded length of a password.CHVCardServiceWithControl.PasswordStatus
getPasswordStatus(SecurityDomain domain, int number)
Get the smartcard's password status.CardFilePath
getRoot()
Return the root path (:3F00) of this card serviceprotected SecureChannelCredential
getSecureChannelCredential(CardFilePath file, int accessMode)
Obtain a secure channel credential, if any is defined for the given file and access modeprotected void
initialize(CardServiceScheduler scheduler, SmartCard smartcard, boolean blocking)
Create the IsoCardSelector object in the card channel if it does not yet exist.void
invalidate(CardFilePath file)
Invalidate (Deactivate) the file specifiedvoid
provideCredentials(SecurityDomain domain, CredentialBag creds)
Provides credentials to a card service.byte[]
read(CardFilePath file, int offset, int length)
Read binary data from transparent filebyte[]
readRecord(CardFilePath file, int recordNumber)
Read record from linear filebyte[][]
readRecords(CardFilePath file, int number)
Reads consecutive records from a structured file.void
rehabilitate(CardFilePath file)
Rehabilitate (Activate) the file specifiedprotected ResponseAPDU
sendCommandAPDU(CardChannel channel, SecureChannelCredential secureChannelCredential, int uq, CommandAPDU com)
Exchange APDU with card, optionally transforming the APDU with a secure channelprotected ResponseAPDU
sendCommandAPDU(CardChannel channel, SecureChannelCredential secureChannelCredential, CommandAPDU com)
Exchange APDU with card, optionally transforming the APDU with a secure channelResponseAPDU
sendCommandAPDU(CardFilePath path, CommandAPDU com, int usageQualifier)
Send APDU making sure that the object referenced by path is selectedboolean
verifyPassword(SecurityDomain domain, int number, byte[] password)
Checks a password for card holder verification.boolean
verifyPassword(SecurityDomain domain, int number, CHVControl cc, byte[] password)
Checks a password for card holder verification.void
write(CardFilePath file, int offset, byte[] data)
Write binary data to transparent filevoid
write(CardFilePath file, int foffset, byte[] source, int soffset, int length)
Write binary data to transparent filevoid
writeRecord(CardFilePath file, int recordNumber, byte[] data)
Update record in linear file-
Methods inherited from class opencard.core.service.CardService
allocateCardChannel, getCard, getCardChannel, getCHVDialog, releaseCardChannel, setCardChannel, setCHVDialog
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface opencard.opt.service.CardServiceInterface
getCard, setCHVDialog
-
-
-
-
Method Detail
-
initialize
protected void initialize(CardServiceScheduler scheduler, SmartCard smartcard, boolean blocking) throws CardServiceException
Create the IsoCardSelector object in the card channel if it does not yet exist. Overwrites #opencard.core.service.CardService#initialize- Overrides:
initialize
in classCardService
- Parameters:
scheduler
- where this service is going to allocate channelssmartcard
- which smartcard has to be supported by this serviceblocking
- whether channel allocation is going to be blocking- Throws:
CardServiceException
- if the service could not be initialized. The object created via the default constructor may not be used if this happens.- See Also:
CardServiceFactory
-
exists
public boolean exists(CardFilePath file) throws CardServiceException, CardTerminalException
Determine if file exists- Specified by:
exists
in interfaceFileAccessCardService
- Parameters:
file
- the path to the file to query- Returns:
- true if the file exists, false otherwise
- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.exists(opencard.opt.iso.fs.CardFilePath)
-
getFileInfo
public CardFileInfo getFileInfo(CardFilePath file) throws CardServiceException, CardTerminalException
Obtain file information as returned in the SELECT command- Specified by:
getFileInfo
in interfaceFileAccessCardService
- Parameters:
file
- the path to the file to query- Returns:
- information about the file, or null if it doesn't exist
- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.getFileInfo(opencard.opt.iso.fs.CardFilePath)
-
getRoot
public CardFilePath getRoot()
Return the root path (:3F00) of this card service- Specified by:
getRoot
in interfaceFileAccessCardService
- Returns:
- the path to the master file
- See Also:
FileAccessCardService.getRoot()
-
getSecureChannelCredential
protected SecureChannelCredential getSecureChannelCredential(CardFilePath file, int accessMode)
Obtain a secure channel credential, if any is defined for the given file and access mode- Parameters:
file
- File for which a secure channel credential should be obtainedaccessMode
- Desired mode of access (READ, UPDATE or APPEND)- Returns:
- null or SecureChannelCredential object
-
sendCommandAPDU
protected ResponseAPDU sendCommandAPDU(CardChannel channel, SecureChannelCredential secureChannelCredential, int uq, CommandAPDU com) throws InvalidCardChannelException, CardTerminalException
Exchange APDU with card, optionally transforming the APDU with a secure channel- Parameters:
channel
-secureChannelCredential
-uq
- usage Qualifiercom
-- Returns:
- the response APDU
- Throws:
InvalidCardChannelException
CardTerminalException
-
sendCommandAPDU
protected ResponseAPDU sendCommandAPDU(CardChannel channel, SecureChannelCredential secureChannelCredential, CommandAPDU com) throws InvalidCardChannelException, CardTerminalException
Exchange APDU with card, optionally transforming the APDU with a secure channel- Parameters:
channel
-secureChannelCredential
-com
-- Returns:
- the response APDU
- Throws:
InvalidCardChannelException
CardTerminalException
-
read
public byte[] read(CardFilePath file, int offset, int length) throws CardServiceException, CardTerminalException
Read binary data from transparent file- Specified by:
read
in interfaceFileAccessCardService
- Parameters:
file
- the path to the file to read fromoffset
- the index of the first byte to read (0 for first)length
- the number of bytes to read, or READ_SEVERAL. If 0 is passed, the behavior is implementation dependent.- Returns:
- an array holding the data read from the file, or null if a read with length READ_SEVERAL has been performed at the end of the file
- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.read(opencard.opt.iso.fs.CardFilePath, int, int)
-
readRecord
public byte[] readRecord(CardFilePath file, int recordNumber) throws CardServiceException, CardTerminalException
Read record from linear file- Specified by:
readRecord
in interfaceFileAccessCardService
- Parameters:
file
- the path to the file to read fromrecordNumber
- the index of the record to read (0 for first)- Returns:
- an array holding the record read. If the record has length 0, which may happen with linear variable files, an array of length 0 is returned.
- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.readRecord(opencard.opt.iso.fs.CardFilePath, int)
-
readRecords
public byte[][] readRecords(CardFilePath file, int number) throws CardServiceException, CardTerminalException
Description copied from interface:FileAccessCardService
Reads consecutive records from a structured file. For a discussion of structured file types, see readRecord. The first record read will always be the first in the structured file. For linear files with fixed or variable record size, first is interpreted as an absolute record number. For cyclic files, first refers to the record most recently written. Starting with that first record, the specified number of consecutive records will be read. In the case of a cyclic file, the second record will be the second most recently written record, and so on.
Typically, smartcards will implement absolute addressing for cyclic files, where the first record is the least recently written, and the following are sorted by decreasing time of writing. In this case, this method can be implemented by repeated invocations of readRecord.
The magic number READ_SEVERAL may be passed as the number of records to read. In this case, all records in the file are read. This is especially useful with linear variable files, where the number of records in the file cannot be determined via file attributes.- Specified by:
readRecords
in interfaceFileAccessCardService
- Parameters:
file
- the path to the file to read fromnumber
- the number of records to read, or READ_SEVERAL. If 0 is passed, the behavior is implementation dependent.- Returns:
- an array holding the records read, where the records are arrays themselves
- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.readRecord(opencard.opt.iso.fs.CardFilePath, int)
,FileAccessCardService.READ_SEVERAL
-
write
public void write(CardFilePath file, int foffset, byte[] source, int soffset, int length) throws CardServiceException, CardTerminalException
Write binary data to transparent file- Specified by:
write
in interfaceFileAccessCardService
- Parameters:
file
- the path to the file to write tofoffset
- the file index of the first byte to overwrite (0 for first byte in file)source
- an array holding the data to writesoffset
- the array index of the first byte to writelength
- the number of bytes to write- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.write(opencard.opt.iso.fs.CardFilePath, int, byte[], int, int)
-
write
public void write(CardFilePath file, int offset, byte[] data) throws CardServiceException, CardTerminalException
Write binary data to transparent file- Specified by:
write
in interfaceFileAccessCardService
- Parameters:
file
- the path to the file to write tooffset
- the file index of the first byte to overwrite (0 for first byte in file)data
- the data to write to the file- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.write(opencard.opt.iso.fs.CardFilePath, int, byte[])
-
writeRecord
public void writeRecord(CardFilePath file, int recordNumber, byte[] data) throws CardServiceException, CardTerminalException
Update record in linear file- Specified by:
writeRecord
in interfaceFileAccessCardService
- Parameters:
file
- the path to the file to write torecordNumber
- the index of the record to overwrite (0 for first)data
- the data to write to the file- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.writeRecord(opencard.opt.iso.fs.CardFilePath, int, byte[])
-
appendRecord
public void appendRecord(CardFilePath file, byte[] data) throws CardServiceException, CardTerminalException
Append record to linear file- Specified by:
appendRecord
in interfaceFileAccessCardService
- Parameters:
file
- the path to the file to append todata
- the data to write to the new record- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.appendRecord(opencard.opt.iso.fs.CardFilePath, byte[])
-
sendCommandAPDU
public ResponseAPDU sendCommandAPDU(CardFilePath path, CommandAPDU com, int usageQualifier) throws CardServiceException, CardTerminalException
Send APDU making sure that the object referenced by path is selected- Specified by:
sendCommandAPDU
in interfaceFileSystemSendAPDU
- Parameters:
path
- the DF which should be the active DF for this APDUcom
- the command APDUusageQualifier
- a combination of SecureChannel.CPRO / CENC / RPRO / RENC to control the transformation of the APDU for secure messaging. Use 0 for plain transmission.- Returns:
- Response APDU the response from the card
- Throws:
CardServiceException
CardTerminalException
-
provideCredentials
public void provideCredentials(SecurityDomain domain, CredentialBag creds) throws CardServiceException
Description copied from interface:SecureService
Provides credentials to a card service. The security domain should be specified as the path to the directory in which the application's card resident parts are located. The bag of credentials should hold a credential store suitable for the respective card and card service implementation. Only credentials in that store will (and can) be used by the service.- Specified by:
provideCredentials
in interfaceSecureService
- Parameters:
domain
- the security domain for which to provide credentialscreds
- the credentials for that domain- Throws:
CardServiceException
- If the card service could not process the credentials, if the SecurityDomain is invalid.- See Also:
CardService
-
getPasswordLength
public int getPasswordLength(SecurityDomain domain, int number) throws CardServiceException, CardTerminalException
Description copied from interface:CHVCardService
Determines the padded length of a password. The returned value is required to pad passwords for verification.- Specified by:
getPasswordLength
in interfaceCHVCardService
- Parameters:
domain
- The security domain in which the password resides. null can be passed to refer to the root domain on the smartcard.
For file system based smartcards, the security domain is specified as a CardFilePath. The root domain then corresponds to the master file.number
- The number of the password. This parameter is used to distinguish between different passwords in the same security domain.- Returns:
- the number of data bytes for the specified password
- Throws:
CardServiceException
- if this service encountered an error. This may occur if the service needs to contact the smartcard in order to determine the password length. An exception may also be thrown if the service is unable to locate the security domain.CardTerminalException
- if the underlying card terminal encountered an error when communicating with the smartcard
-
verifyPassword
public boolean verifyPassword(SecurityDomain domain, int number, CHVControl cc, byte[] password) throws CardServiceException, CardTerminalException
Description copied from interface:CHVCardServiceWithControl
Checks a password for card holder verification. Note that repeated verification of a wrong password will typically block that password on the smartcard.- Specified by:
verifyPassword
in interfaceCHVCardServiceWithControl
- Parameters:
domain
- The security domain in which to verify the password. null can be passed to refer to the root domain on the smartcard.
For file system based smartcards, the security domain is specified as a CardFilePath. The root domain then corresponds to the master file.number
- The number of the password to verify. This parameter is used to distinguish between different passwords in the same security domain.cc
- Control parameter defined by the applicationpassword
- The password data that has to be verified. If the data is supplied, it has to be padded to the length returned by getPasswordLength for that password.
null may be passed to indicate that this service should use a protected PIN path facility, if available. Alternatively, this service may query the password by some other, implementation-dependend means. In any case, the service implementation will require knowledge about the encoding of the password data on the smartcard.- Throws:
CardServiceException
- if this service encountered an error. In this context, it is not considered an error if the password to be verified is wrong. However, if the password is blocked on the smartcard, an exception will be thrown.CardTerminalException
- if the underlying card terminal encountered an error when communicating with the smartcard
-
getPasswordStatus
public CHVCardServiceWithControl.PasswordStatus getPasswordStatus(SecurityDomain domain, int number) throws CardServiceException, CardTerminalException
Description copied from interface:CHVCardServiceWithControl
Get the smartcard's password status.- Specified by:
getPasswordStatus
in interfaceCHVCardServiceWithControl
- Parameters:
domain
- The security domain in which to verify the password. null can be passed to refer to the root domain on the smartcard.
For file system based smartcards, the security domain is specified as a CardFilePath. The root domain then corresponds to the master file.number
- The number of the password to verify. This parameter is used to distinguish between different passwords in the same security domain.- Returns:
- The password status
- Throws:
CardServiceException
- if this service encountered an error.CardTerminalException
- if the underlying card terminal encountered an error when communicating with the smartcard
-
verifyPassword
public boolean verifyPassword(SecurityDomain domain, int number, byte[] password) throws CardServiceException, CardTerminalException
Description copied from interface:CHVCardService
Checks a password for card holder verification. Note that repeated verification of a wrong password will typically block that password on the smartcard.- Specified by:
verifyPassword
in interfaceCHVCardService
- Parameters:
domain
- The security domain in which to verify the password. null can be passed to refer to the root domain on the smartcard.
For file system based smartcards, the security domain is specified as a CardFilePath. The root domain then corresponds to the master file.number
- The number of the password to verify. This parameter is used to distinguish between different passwords in the same security domain.password
- The password data that has to be verified. If the data is supplied, it has to be padded to the length returned by getPasswordLength for that password.
null may be passed to indicate that this service should use a protected PIN path facility, if available. Alternatively, this service may query the password by some other, implementation-dependend means. In any case, the service implementation will require knowledge about the encoding of the password data on the smartcard.- Throws:
CardServiceException
- if this service encountered an error. In this context, it is not considered an error if the password to be verified is wrong. However, if the password is blocked on the smartcard, an exception will be thrown.CardTerminalException
- if the underlying card terminal encountered an error when communicating with the smartcard
-
closeApplication
public void closeApplication(SecurityDomain domain) throws CardServiceException, CardTerminalException
Description copied from interface:CHVCardService
Resets the achieved card holder verifications on the smartcard. Typically, other permanent access conditions that have been satisfied will also be reset. If the card does not allow to reset access conditions for a specific application, it is expected that all access conditions for all on-card applications are reset.The name of this method implies that an application on the smartcard is first selected and then opened by performing card holder verification, giving access to the application data. By resetting the card holder verification, the on-card application therefore gets closed.
- Specified by:
closeApplication
in interfaceCHVCardService
- Parameters:
domain
- the security domain for which to reset card holder verifications- Throws:
CardServiceException
- if this service, or the underlying implementation, encountered an errorCardTerminalException
- if the underlying terminal encountered an error while communicating with the smartcard
-
create
public void create(CardFilePath parent, byte[] data) throws CardServiceException, CardTerminalException
Create file in parent usind file information supplied as byte array This is the original signature defined by OCF- Specified by:
create
in interfaceFileSystemCardService
- Parameters:
parent
- the path to the directory in which to create a new filedata
- the parameters specifying the file to create. This argument is card-specific. Refer to the documentation of the card-specific service for details.- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileAccessCardService.getFileInfo(opencard.opt.iso.fs.CardFilePath)
,CardFileInfo.getHeader()
,CardID
,SmartCard.getCardID()
-
create
public void create(CardFilePath parent, byte fileDescriptorByte, byte shortFileIdentifier, byte[] data) throws CardServiceException, CardTerminalException
Create file in parent usind file information supplied as byte array This is the signature defined by OpenSCPD- Specified by:
create
in interfaceIsoFileSystemCardService
- Parameters:
parent
- the path to the directory in which to create a new filefileDescriptorByte
- File descriptor byte according to ISO 7816-4shortFileIdentifier
- Short file identifer coded on bit b8 - b4data
- the parameters specifying the file to create. This argument is card-specific. Refer to the documentation of the card-specific service for details.- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error- See Also:
FileSystemCardService
,FileAccessCardService.getFileInfo(opencard.opt.iso.fs.CardFilePath)
,CardFileInfo.getHeader()
,CardID
,SmartCard.getCardID()
-
delete
public void delete(CardFilePath file) throws CardServiceException, CardTerminalException
Delete the file referenced This is the original signature defined by OCF- Specified by:
delete
in interfaceFileSystemCardService
- Parameters:
file
- the path to the file to delete- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error
-
delete
public void delete(CardFilePath file, CardFilePathComponent child, boolean childIsDF) throws CardServiceException, CardTerminalException
Delete the referenced file This is the signature defined by OpenSCDP- Specified by:
delete
in interfaceIsoFileSystemCardService
- Parameters:
file
- the path to the file to deletechild
- File identifier of child object (either EF, DF or application)childIsDF
- True, if the child is a dedicated file- Throws:
CardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error
-
invalidate
public void invalidate(CardFilePath file) throws CardServiceInabilityException, CardServiceException, CardTerminalException
Invalidate (Deactivate) the file specified- Specified by:
invalidate
in interfaceFileSystemCardService
- Parameters:
file
- the path to the file to invalidate- Throws:
CardServiceInabilityException
- if the service does not support this operationCardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error
-
rehabilitate
public void rehabilitate(CardFilePath file) throws CardServiceInabilityException, CardServiceException, CardTerminalException
Rehabilitate (Activate) the file specified- Specified by:
rehabilitate
in interfaceFileSystemCardService
- Parameters:
file
- the path to the file to rehabilitate- Throws:
CardServiceInabilityException
- if the service does not support this operationCardServiceException
- if the service encountered an errorCardTerminalException
- if the terminal encountered an error
-
-