public class PassportApduService
extends net.sf.scuba.smartcards.CardService
GET CHALLENGE
EXTERNAL AUTHENTICATE
INTERNAL AUTHENTICATE
(using secure messaging)SELECT FILE
(using secure messaging)READ BINARY
(using secure messaging)Modifier and Type | Field and Description |
---|---|
static byte |
CAN_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static byte |
MRZ_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static byte |
PIN_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static byte |
PUK_PACE_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
Constructor and Description |
---|
PassportApduService(net.sf.scuba.smartcards.CardService service)
Creates a new passport APDU sending service.
|
Modifier and Type | Method and Description |
---|---|
void |
addAPDUListener(net.sf.scuba.smartcards.APDUListener l) |
void |
addPlainTextAPDUListener(net.sf.scuba.smartcards.APDUListener l) |
void |
close() |
byte[] |
getATR() |
boolean |
isOpen()
Whether this service is open.
|
protected void |
notifyExchangedPlainTextAPDU(int count,
net.sf.scuba.smartcards.CommandAPDU capdu,
net.sf.scuba.smartcards.ResponseAPDU rapdu)
Notifies listeners about APDU event.
|
void |
open()
Opens a session by connecting to the card.
|
void |
removeAPDUListener(net.sf.scuba.smartcards.APDUListener l) |
void |
removePlainTextAPDUListener(net.sf.scuba.smartcards.APDUListener l) |
byte[] |
sendGeneralAuthenticate(SecureMessagingWrapper wrapper,
byte[] data,
boolean isLast)
Sends a General Authenticate command.
|
byte[] |
sendGetChallenge()
Sends a
GET CHALLENGE command to the passport. |
byte[] |
sendGetChallenge(SecureMessagingWrapper wrapper)
Sends a
GET CHALLENGE command to the passport. |
byte[] |
sendInternalAuthenticate(SecureMessagingWrapper wrapper,
byte[] rndIFD)
Sends an
INTERNAL AUTHENTICATE command to the passport. |
void |
sendMSEKAT(SecureMessagingWrapper wrapper,
byte[] keyData,
byte[] idData)
The MSE KAT APDU, see EAC 1.11 spec, Section B.1
|
void |
sendMSESetATExtAuth(SecureMessagingWrapper wrapper,
byte[] data)
The MSE AT APDU for TA, see EAC 1.11 spec, Section B.2.
|
void |
sendMSESetATMutualAuth(SecureMessagingWrapper wrapper,
java.lang.String oid,
int refPublicKeyOrSecretKey,
byte[] refPrivateKeyOrForComputingSessionKey)
The MSE AT APDU for PACE, see ICAO TR-SAC-1.01, Section 3.2.1, BSI TR 03110 v2.03 B11.1.
|
void |
sendMSESetDST(SecureMessagingWrapper wrapper,
byte[] data)
The MSE DST APDU, see EAC 1.11 spec, Section B.2
|
byte[] |
sendMutualAuth(byte[] rndIFD,
byte[] rndICC,
byte[] kIFD,
javax.crypto.SecretKey kEnc,
javax.crypto.SecretKey kMac)
Sends an
EXTERNAL AUTHENTICATE command to the passport. |
void |
sendMutualAuthenticate(SecureMessagingWrapper wrapper,
byte[] signature)
Sends the EXTERNAL AUTHENTICATE command.
|
void |
sendPSOChainMode(SecureMessagingWrapper wrapper,
byte[] certBodyData,
byte[] certSignatureData) |
void |
sendPSOExtendedLengthMode(SecureMessagingWrapper wrapper,
byte[] certBodyData,
byte[] certSignatureData) |
byte[] |
sendReadBinary(SecureMessagingWrapper wrapper,
int offset,
int le,
boolean isExtendedLength)
Sends a
READ BINARY command to the passport. |
byte[] |
sendReadBinary(short offset,
int le,
boolean longRead)
Sends a
READ BINARY command to the passport. |
void |
sendSelectApplet() |
short |
sendSelectApplet(byte[] aid)
Sends a
SELECT APPLET command to the card. |
void |
sendSelectFile(SecureMessagingWrapper wrapper,
short fid)
Sends a
SELECT FILE command to the passport. |
void |
sendSelectFile(short fid) |
void |
setService(net.sf.scuba.smartcards.CardService service) |
net.sf.scuba.smartcards.ResponseAPDU |
transmit(net.sf.scuba.smartcards.CommandAPDU capdu)
TO CLARIFY: If the card responds with a status word other than 0x9000,
ie.
|
public static final byte MRZ_PACE_KEY_REFERENCE
public static final byte CAN_PACE_KEY_REFERENCE
public static final byte PIN_PACE_KEY_REFERENCE
public static final byte PUK_PACE_REFERENCE
public PassportApduService(net.sf.scuba.smartcards.CardService service) throws net.sf.scuba.smartcards.CardServiceException
service
- another service which will deal with sending the APDUs to the
cardnet.sf.scuba.smartcards.CardServiceException
- when the available JCE providers cannot provide the necessary
cryptographic primitives:
public void open() throws net.sf.scuba.smartcards.CardServiceException
PassportService
) is responsible to do this now.open
in class net.sf.scuba.smartcards.CardService
net.sf.scuba.smartcards.CardServiceException
- on failure to open the servicepublic boolean isOpen()
isOpen
in class net.sf.scuba.smartcards.CardService
public net.sf.scuba.smartcards.ResponseAPDU transmit(net.sf.scuba.smartcards.CommandAPDU capdu) throws net.sf.scuba.smartcards.CardServiceException
transmit
in class net.sf.scuba.smartcards.CardService
net.sf.scuba.smartcards.CardServiceException
public byte[] getATR()
getATR
in class net.sf.scuba.smartcards.CardService
public void close()
close
in class net.sf.scuba.smartcards.CardService
public void setService(net.sf.scuba.smartcards.CardService service)
public void addAPDUListener(net.sf.scuba.smartcards.APDUListener l)
addAPDUListener
in class net.sf.scuba.smartcards.CardService
public void removeAPDUListener(net.sf.scuba.smartcards.APDUListener l)
removeAPDUListener
in class net.sf.scuba.smartcards.CardService
public void sendSelectApplet() throws net.sf.scuba.smartcards.CardServiceException
net.sf.scuba.smartcards.CardServiceException
public short sendSelectApplet(byte[] aid) throws net.sf.scuba.smartcards.CardServiceException
SELECT APPLET
command to the card.aid
- the applet to selectnet.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic void sendSelectFile(short fid) throws net.sf.scuba.smartcards.CardServiceException
net.sf.scuba.smartcards.CardServiceException
public void sendSelectFile(SecureMessagingWrapper wrapper, short fid) throws net.sf.scuba.smartcards.CardServiceException
SELECT FILE
command to the passport. Secure
messaging will be applied to the command and response apdu.wrapper
- the secure messaging wrapper to usefid
- the file to selectnet.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic byte[] sendReadBinary(short offset, int le, boolean longRead) throws net.sf.scuba.smartcards.CardServiceException
READ BINARY
command to the passport.offset
- offset into the filele
- the expected length of the file to readlongRead
- whether to use extended length APDUsle
with (the specified part of) the contents of the currently selected filenet.sf.scuba.smartcards.CardServiceException
- if the command was not successfulpublic byte[] sendReadBinary(SecureMessagingWrapper wrapper, int offset, int le, boolean isExtendedLength) throws net.sf.scuba.smartcards.CardServiceException
READ BINARY
command to the passport. Secure
messaging will be applied to the command and response apdu.wrapper
- the secure messaging wrapper to useoffset
- offset into the filele
- the expected length of the file to readisExtendedLength
- whether it should be a long (INS=B1) readle
with (the specified part of) the contents of the currently selected filenet.sf.scuba.smartcards.CardServiceException
- if the command was not successfulpublic byte[] sendGetChallenge() throws net.sf.scuba.smartcards.CardServiceException
GET CHALLENGE
command to the passport.net.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic byte[] sendGetChallenge(SecureMessagingWrapper wrapper) throws net.sf.scuba.smartcards.CardServiceException
GET CHALLENGE
command to the passport.wrapper
- secure messaging wrappernet.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic byte[] sendInternalAuthenticate(SecureMessagingWrapper wrapper, byte[] rndIFD) throws net.sf.scuba.smartcards.CardServiceException
INTERNAL AUTHENTICATE
command to the passport.
This is part of AA.wrapper
- secure messaging wrapperrndIFD
- the challenge to sendnet.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic byte[] sendMutualAuth(byte[] rndIFD, byte[] rndICC, byte[] kIFD, javax.crypto.SecretKey kEnc, javax.crypto.SecretKey kMac) throws net.sf.scuba.smartcards.CardServiceException
EXTERNAL AUTHENTICATE
command to the passport.
This is part of BAC.
The resulting byte array has length 32 and contains rndICC
(first 8 bytes), rndIFD
(next 8 bytes), their key material "
kICC
" (last 16 bytes).rndIFD
- our challengerndICC
- their challengekIFD
- our key materialkEnc
- the static encryption keykMac
- the static mac keykEnc
) and verified
(using kMac
)net.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic void sendMutualAuthenticate(SecureMessagingWrapper wrapper, byte[] signature) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrappersignature
- terminal signaturenet.sf.scuba.smartcards.CardServiceException
- if the resulting status word different from 9000public void sendMSEKAT(SecureMessagingWrapper wrapper, byte[] keyData, byte[] idData) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperkeyData
- key data object (tag 0x91)idData
- key id data object (tag 0x84), can be nullnet.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendMSESetDST(SecureMessagingWrapper wrapper, byte[] data) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperdata
- public key reference data object (tag 0x83)net.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendMSESetATExtAuth(SecureMessagingWrapper wrapper, byte[] data) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperdata
- public key reference data object (should already be prefixed with tag 0x83)net.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendMSESetATMutualAuth(SecureMessagingWrapper wrapper, java.lang.String oid, int refPublicKeyOrSecretKey, byte[] refPrivateKeyOrForComputingSessionKey) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperoid
- OID of the protocol to select (this method will prefix 0x80
)refPublicKeyOrSecretKey
- value specifying whether to use MRZ (0x01
) or CAN (0x02
) (this method will prefix 0x83
)refPrivateKeyOrForComputingSessionKey
- indicates a private key or reference for computing a session key (this method will prefix 0x84
)net.sf.scuba.smartcards.CardServiceException
- on errorpublic byte[] sendGeneralAuthenticate(SecureMessagingWrapper wrapper, byte[] data, boolean isLast) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperdata
- data to be sent, without the 0x7C
prefix (this method will add it)isLast
- indicates whether this is the last command in the chain0x7C
prefix (this method will remove it)net.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendPSOExtendedLengthMode(SecureMessagingWrapper wrapper, byte[] certBodyData, byte[] certSignatureData) throws net.sf.scuba.smartcards.CardServiceException
net.sf.scuba.smartcards.CardServiceException
public void sendPSOChainMode(SecureMessagingWrapper wrapper, byte[] certBodyData, byte[] certSignatureData) throws net.sf.scuba.smartcards.CardServiceException
net.sf.scuba.smartcards.CardServiceException
public void addPlainTextAPDUListener(net.sf.scuba.smartcards.APDUListener l)
public void removePlainTextAPDUListener(net.sf.scuba.smartcards.APDUListener l)
protected void notifyExchangedPlainTextAPDU(int count, net.sf.scuba.smartcards.CommandAPDU capdu, net.sf.scuba.smartcards.ResponseAPDU rapdu)
count
- countcapdu
- command APDUrapdu
- response APDU