org.jmrtd

Class Passport

java.lang.Object

org.jmrtd.Passport

public class Passport
extends java.lang.Object

Contains methods for creating instances from scratch, from file, and from card service. Also contains the document verification logic.

Version:

$Revision: 1559 $

Author:

Wojciech Mostowski ([email protected]), Martijn Oostdijk ([email protected])

Constructor Summary

Constructors

Constructor and Description
Passport(LDS lds, java.security.PrivateKey docSigningPrivateKey, MRTDTrustStore trustManager) Creates a document from an LDS data structure and additional information.
Passport(PassportService service, MRTDTrustStore trustManager, BACKeySpec bacKey) Creates a document by reading it from a service.
Passport(PassportService service, MRTDTrustStore trustManager, java.util.List<BACKeySpec> bacStore) Creates a document by reading it from a service.

Method Summary

Modifier and Type	Method and Description
java.security.PrivateKey	getAAPrivateKey() Gets the private key for AA, or null if not present.
CardVerifiableCertificate	getCVCertificate() Gets the CVCA certificate.
java.security.PrivateKey	getDocSigningPrivateKey() Gets the document signing private key, or null if not present.
java.security.PrivateKey	getEACPrivateKey() Gets the private key for EAC, or null if not present.
FeatureStatus	getFeatures() Gets the supported features (such as: BAC, AA, EAC) as discovered during initialization of this document.
LDS	getLDS()
MRTDTrustStore	getTrustManager() Gets the CSCA, CVCA trust store.
VerificationStatus	getVerificationStatus() Gets the verification status thus far.
void	putFile(short fid, byte[] bytes) Inserts a file into this document, and updates EF_COM and EF_SOd accordingly.
void	setAAPrivateKey(java.security.PrivateKey aaPrivateKey) Sets the private key for AA.
void	setAAPublicKey(java.security.PublicKey aaPublicKey) Sets the public key for AA.
void	setCVCertificate(CardVerifiableCertificate cert) Sets the CVCA certificate.
void	setDocSigningCertificate(java.security.cert.X509Certificate docSigningCertificate) Sets the document signing certificate.
void	setDocSigningPrivateKey(java.security.PrivateKey docSigningPrivateKey) Sets the document signing private key.
void	setEACPrivateKey(java.security.PrivateKey eacPrivateKey) Sets the private key for EAC.
void	setEACPublicKey(java.security.PublicKey eacPublicKey) Sets the public key for EAC.
void	updateCOMSODFile(java.security.cert.X509Certificate newCertificate) Updates EF_COM and EF_SOd using a new document signing certificate.
void	verifyAA() Check active authentication.
void	verifyCS() Checks the certificate chain.
void	verifyDS() Checks the security object's signature.
void	verifyHT() Checks hashes in the SOd correspond to hashes we compute.
VerificationStatus	verifySecurity() Verifies the document using the security related mechanisms.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Passport

public Passport(LDS lds,
                java.security.PrivateKey docSigningPrivateKey,
                MRTDTrustStore trustManager)
         throws java.security.GeneralSecurityException

Creates a document from an LDS data structure and additional information.

Parameters:

lds - the logical data structure

docSigningPrivateKey - the document signing private key

trustManager - the trust manager (CSCA, CVCA)

Throws:

java.security.GeneralSecurityException - if error

Passport

public Passport(PassportService service,
                MRTDTrustStore trustManager,
                BACKeySpec bacKey)
         throws net.sf.scuba.smartcards.CardServiceException,
                java.security.GeneralSecurityException

Creates a document by reading it from a service.

Parameters:

service - the service to read from

trustManager - the trust manager (CSCA, CVCA)

bacKey - the BAC key to use

Throws:

net.sf.scuba.smartcards.CardServiceException - on error

java.security.GeneralSecurityException - if certain security primitives are not supported

Passport

public Passport(PassportService service,
                MRTDTrustStore trustManager,
                java.util.List<BACKeySpec> bacStore)
         throws net.sf.scuba.smartcards.CardServiceException,
                java.security.GeneralSecurityException

Creates a document by reading it from a service.

Parameters:

service - the service to read from

trustManager - the trust manager (CSCA, CVCA)

bacStore - the BAC entries

Throws:

net.sf.scuba.smartcards.CardServiceException - on error

java.security.GeneralSecurityException - if certain security primitives are not supported

Method Detail

putFile

public void putFile(short fid,
                    byte[] bytes)

Inserts a file into this document, and updates EF_COM and EF_SOd accordingly.

Parameters:

fid - the FID of the new file

bytes - the contents of the new file

updateCOMSODFile

public void updateCOMSODFile(java.security.cert.X509Certificate newCertificate)

Updates EF_COM and EF_SOd using a new document signing certificate.

Parameters:

newCertificate - a certificate

getLDS

public LDS getLDS()

setDocSigningPrivateKey

public void setDocSigningPrivateKey(java.security.PrivateKey docSigningPrivateKey)

Sets the document signing private key.

Parameters:

docSigningPrivateKey - a private key

getCVCertificate

public CardVerifiableCertificate getCVCertificate()

Gets the CVCA certificate.

Returns:

a CV certificate or null

setCVCertificate

public void setCVCertificate(CardVerifiableCertificate cert)

Sets the CVCA certificate.

Parameters:

cert - the CV certificate

getDocSigningPrivateKey

public java.security.PrivateKey getDocSigningPrivateKey()

Gets the document signing private key, or null if not present.

Returns:

a private key or null

setDocSigningCertificate

public void setDocSigningCertificate(java.security.cert.X509Certificate docSigningCertificate)

Sets the document signing certificate.

Parameters:

docSigningCertificate - a certificate

getTrustManager

public MRTDTrustStore getTrustManager()

Gets the CSCA, CVCA trust store.

Returns:

the trust store in use

getEACPrivateKey

public java.security.PrivateKey getEACPrivateKey()

Gets the private key for EAC, or null if not present.

Returns:

a private key or null

setEACPrivateKey

public void setEACPrivateKey(java.security.PrivateKey eacPrivateKey)

Sets the private key for EAC.

Parameters:

eacPrivateKey - a private key

setEACPublicKey

public void setEACPublicKey(java.security.PublicKey eacPublicKey)

Sets the public key for EAC.

Parameters:

eacPublicKey - a public key

getAAPrivateKey

public java.security.PrivateKey getAAPrivateKey()

Gets the private key for AA, or null if not present.

Returns:

a private key or null

setAAPrivateKey

public void setAAPrivateKey(java.security.PrivateKey aaPrivateKey)

Sets the private key for AA.

Parameters:

aaPrivateKey - a private key

setAAPublicKey

public void setAAPublicKey(java.security.PublicKey aaPublicKey)

Sets the public key for AA.

Parameters:

aaPublicKey - a public key

getFeatures

public FeatureStatus getFeatures()

Gets the supported features (such as: BAC, AA, EAC) as discovered during initialization of this document.

Returns:

the supported features

Since:

0.4.9

getVerificationStatus

public VerificationStatus getVerificationStatus()

Gets the verification status thus far.

Returns:

the verification status

Since:

0.4.9

verifySecurity

public VerificationStatus verifySecurity()

Verifies the document using the security related mechanisms. Convenience method.

Returns:

the security status

verifyAA

public void verifyAA()

Check active authentication.

verifyDS

public void verifyDS()

Checks the security object's signature. TODO: Check the cert stores (notably PKD) to fetch document signer certificate (if not embedded in SOd) and check its validity before checking the signature.

verifyCS

public void verifyCS()

Checks the certificate chain.

verifyHT

public void verifyHT()

Checks hashes in the SOd correspond to hashes we compute.