public class PassportApduService
extends net.sf.scuba.smartcards.CardService
GET CHALLENGE
EXTERNAL AUTHENTICATE
INTERNAL AUTHENTICATE
(using secure messaging)SELECT FILE
(using secure messaging)READ BINARY
(using secure messaging)Modifier and Type | Field and Description |
---|---|
protected static byte[] |
APPLET_AID
The applet we select when we start a session.
|
static byte |
CAN_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static byte |
MRZ_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static byte |
PIN_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static byte |
PUK_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
Constructor and Description |
---|
PassportApduService(net.sf.scuba.smartcards.CardService service)
Creates a new passport APDU sending service.
|
Modifier and Type | Method and Description |
---|---|
void |
addAPDUListener(net.sf.scuba.smartcards.APDUListener l)
Adds a listener.
|
void |
addPlainTextAPDUListener(net.sf.scuba.smartcards.APDUListener l)
Adds a plain text listener.
|
void |
close()
Closes the service.
|
byte[] |
getATR()
Gets the answer to reset bytes.
|
boolean |
isOpen()
Whether this service is open.
|
protected void |
notifyExchangedPlainTextAPDU(int count,
net.sf.scuba.smartcards.CommandAPDU capdu,
net.sf.scuba.smartcards.ResponseAPDU rapdu)
Notifies listeners about APDU event.
|
void |
open()
Opens a session by connecting to the card.
|
void |
removeAPDUListener(net.sf.scuba.smartcards.APDUListener l)
Removes a listener.
|
void |
removePlainTextAPDUListener(net.sf.scuba.smartcards.APDUListener l)
Removes a plain text listener.
|
byte[] |
sendGeneralAuthenticate(net.sf.scuba.smartcards.APDUWrapper wrapper,
byte[] data,
boolean isLast)
Sends a General Authenticate command.
|
byte[] |
sendGetChallenge()
Sends a
GET CHALLENGE command to the passport. |
byte[] |
sendGetChallenge(net.sf.scuba.smartcards.APDUWrapper wrapper)
Sends a
GET CHALLENGE command to the passport. |
byte[] |
sendInternalAuthenticate(net.sf.scuba.smartcards.APDUWrapper wrapper,
byte[] rndIFD)
Sends an
INTERNAL AUTHENTICATE command to the passport. |
void |
sendMSEKAT(net.sf.scuba.smartcards.APDUWrapper wrapper,
byte[] keyData,
byte[] idData)
The MSE KAT APDU, see EAC 1.11 spec, Section B.1
|
void |
sendMSESetATExtAuth(net.sf.scuba.smartcards.APDUWrapper wrapper,
byte[] data)
The MSE Set AT APDU for TA, see EAC 1.11 spec, Section B.2.
|
void |
sendMSESetATMutualAuth(net.sf.scuba.smartcards.APDUWrapper wrapper,
String oid,
int refPublicKeyOrSecretKey,
byte[] refPrivateKeyOrForComputingSessionKey)
The MSE AT APDU for PACE, see ICAO TR-SAC-1.01, Section 3.2.1, BSI TR 03110 v2.03 B11.1.
|
void |
sendMSESetDST(net.sf.scuba.smartcards.APDUWrapper wrapper,
byte[] data)
The MSE DST APDU, see EAC 1.11 spec, Section B.2
|
byte[] |
sendMutualAuth(byte[] rndIFD,
byte[] rndICC,
byte[] kIFD,
SecretKey kEnc,
SecretKey kMac)
Sends an
EXTERNAL AUTHENTICATE command to the passport. |
void |
sendMutualAuthenticate(net.sf.scuba.smartcards.APDUWrapper wrapper,
byte[] signature)
Sends the EXTERNAL AUTHENTICATE command.
|
void |
sendPSOChainMode(net.sf.scuba.smartcards.APDUWrapper wrapper,
byte[] certBodyData,
byte[] certSignatureData)
Sends a perform security operation command in chain mode.
|
void |
sendPSOExtendedLengthMode(net.sf.scuba.smartcards.APDUWrapper wrapper,
byte[] certBodyData,
byte[] certSignatureData)
Sends a perform security operation command in extended length mode.
|
byte[] |
sendReadBinary(net.sf.scuba.smartcards.APDUWrapper wrapper,
int offset,
int le,
boolean isExtendedLength)
Sends a
READ BINARY command to the passport. |
byte[] |
sendReadBinary(short offset,
int le,
boolean longRead)
Sends a
READ BINARY command to the passport. |
void |
sendSelectApplet(net.sf.scuba.smartcards.APDUWrapper wrapper,
byte[] aid)
Sends a
SELECT APPLET command to the card. |
void |
sendSelectFile(net.sf.scuba.smartcards.APDUWrapper wrapper,
short fid)
Sends a
SELECT FILE command to the passport. |
void |
sendSelectFile(short fid)
Selects a file.
|
void |
setService(net.sf.scuba.smartcards.CardService service)
Sets the service.
|
net.sf.scuba.smartcards.ResponseAPDU |
transmit(net.sf.scuba.smartcards.CommandAPDU capdu)
Tranceives an APDU.
|
public static final byte MRZ_PACE_KEY_REFERENCE
public static final byte CAN_PACE_KEY_REFERENCE
public static final byte PIN_PACE_KEY_REFERENCE
public static final byte PUK_PACE_KEY_REFERENCE
protected static final byte[] APPLET_AID
public PassportApduService(net.sf.scuba.smartcards.CardService service) throws net.sf.scuba.smartcards.CardServiceException
service
- another service which will deal with sending the APDUs to the cardnet.sf.scuba.smartcards.CardServiceException
- when the available JCE providers cannot provide the necessary
cryptographic primitives:
public void open() throws net.sf.scuba.smartcards.CardServiceException
PassportService
) is responsible to do this now.open
in class net.sf.scuba.smartcards.CardService
net.sf.scuba.smartcards.CardServiceException
- on failure to open the servicepublic boolean isOpen()
isOpen
in class net.sf.scuba.smartcards.CardService
public net.sf.scuba.smartcards.ResponseAPDU transmit(net.sf.scuba.smartcards.CommandAPDU capdu) throws net.sf.scuba.smartcards.CardServiceException
0x9000
this method does
NOT throw a CardServiceException, but it returns this as error code
as result.transmit
in class net.sf.scuba.smartcards.CardService
capdu
- the command APDUnet.sf.scuba.smartcards.CardServiceException
- on errorpublic byte[] getATR()
getATR
in class net.sf.scuba.smartcards.CardService
public void close()
close
in class net.sf.scuba.smartcards.CardService
public void setService(net.sf.scuba.smartcards.CardService service)
service
- the carrier service that is decorated by this serviceservice
- the carrier servicepublic void addAPDUListener(net.sf.scuba.smartcards.APDUListener l)
addAPDUListener
in class net.sf.scuba.smartcards.CardService
l
- a listenerpublic void removeAPDUListener(net.sf.scuba.smartcards.APDUListener l)
removeAPDUListener
in class net.sf.scuba.smartcards.CardService
l
- a listenerpublic void sendSelectApplet(net.sf.scuba.smartcards.APDUWrapper wrapper, byte[] aid) throws net.sf.scuba.smartcards.CardServiceException
SELECT APPLET
command to the card.wrapper
- the secure messaging wrapper to useaid
- the applet to selectnet.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic void sendSelectFile(short fid) throws net.sf.scuba.smartcards.CardServiceException
fid
- the file identifiernet.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendSelectFile(net.sf.scuba.smartcards.APDUWrapper wrapper, short fid) throws net.sf.scuba.smartcards.CardServiceException
SELECT FILE
command to the passport. Secure
messaging will be applied to the command and response apdu.wrapper
- the secure messaging wrapper to usefid
- the file to selectnet.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic byte[] sendReadBinary(short offset, int le, boolean longRead) throws net.sf.scuba.smartcards.CardServiceException
READ BINARY
command to the passport.offset
- offset into the filele
- the expected length of the file to readlongRead
- whether to use extended length APDUsle
with (the specified part of) the contents of the currently selected filenet.sf.scuba.smartcards.CardServiceException
- if the command was not successfulpublic byte[] sendReadBinary(net.sf.scuba.smartcards.APDUWrapper wrapper, int offset, int le, boolean isExtendedLength) throws net.sf.scuba.smartcards.CardServiceException
READ BINARY
command to the passport. Secure
messaging will be applied to the command and response apdu.wrapper
- the secure messaging wrapper to useoffset
- offset into the filele
- the expected length of the file to readisExtendedLength
- whether it should be a long (INS=B1) readle
with (the specified part of) the contents of the currently selected filenet.sf.scuba.smartcards.CardServiceException
- if the command was not successfulpublic byte[] sendGetChallenge() throws net.sf.scuba.smartcards.CardServiceException
GET CHALLENGE
command to the passport.net.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic byte[] sendGetChallenge(net.sf.scuba.smartcards.APDUWrapper wrapper) throws net.sf.scuba.smartcards.CardServiceException
GET CHALLENGE
command to the passport.wrapper
- secure messaging wrappernet.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic byte[] sendInternalAuthenticate(net.sf.scuba.smartcards.APDUWrapper wrapper, byte[] rndIFD) throws net.sf.scuba.smartcards.CardServiceException
INTERNAL AUTHENTICATE
command to the passport.
This is part of AA.wrapper
- secure messaging wrapperrndIFD
- the challenge to sendnet.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic byte[] sendMutualAuth(byte[] rndIFD, byte[] rndICC, byte[] kIFD, SecretKey kEnc, SecretKey kMac) throws net.sf.scuba.smartcards.CardServiceException
EXTERNAL AUTHENTICATE
command to the passport.
This is part of BAC.
The resulting byte array has length 32 and contains rndICC
(first 8 bytes), rndIFD
(next 8 bytes), their key material "
kICC
" (last 16 bytes).rndIFD
- our challengerndICC
- their challengekIFD
- our key materialkEnc
- the static encryption keykMac
- the static mac keykEnc
) and verified
(using kMac
)net.sf.scuba.smartcards.CardServiceException
- on tranceive errorpublic void sendMutualAuthenticate(net.sf.scuba.smartcards.APDUWrapper wrapper, byte[] signature) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrappersignature
- terminal signaturenet.sf.scuba.smartcards.CardServiceException
- if the resulting status word different from 9000public void sendMSEKAT(net.sf.scuba.smartcards.APDUWrapper wrapper, byte[] keyData, byte[] idData) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperkeyData
- key data object (tag 0x91)idData
- key id data object (tag 0x84), can be nullnet.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendMSESetDST(net.sf.scuba.smartcards.APDUWrapper wrapper, byte[] data) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperdata
- public key reference data object (tag 0x83)net.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendMSESetATExtAuth(net.sf.scuba.smartcards.APDUWrapper wrapper, byte[] data) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperdata
- public key reference data object (should already be prefixed with tag 0x83)net.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendMSESetATMutualAuth(net.sf.scuba.smartcards.APDUWrapper wrapper, String oid, int refPublicKeyOrSecretKey, byte[] refPrivateKeyOrForComputingSessionKey) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperoid
- OID of the protocol to select (this method will prefix 0x80
)refPublicKeyOrSecretKey
- value specifying whether to use MRZ (0x01
) or CAN (0x02
) (this method will prefix 0x83
)refPrivateKeyOrForComputingSessionKey
- indicates a private key or reference for computing a session key (this method will prefix 0x84
)net.sf.scuba.smartcards.CardServiceException
- on errorpublic byte[] sendGeneralAuthenticate(net.sf.scuba.smartcards.APDUWrapper wrapper, byte[] data, boolean isLast) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrapperdata
- data to be sent, without the 0x7C
prefix (this method will add it)isLast
- indicates whether this is the last command in the chain0x7C
prefix (this method will remove it)net.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendPSOExtendedLengthMode(net.sf.scuba.smartcards.APDUWrapper wrapper, byte[] certBodyData, byte[] certSignatureData) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrappercertBodyData
- the certificate bodycertSignatureData
- signature datanet.sf.scuba.smartcards.CardServiceException
- on error communicating over the servicepublic void sendPSOChainMode(net.sf.scuba.smartcards.APDUWrapper wrapper, byte[] certBodyData, byte[] certSignatureData) throws net.sf.scuba.smartcards.CardServiceException
wrapper
- secure messaging wrappercertBodyData
- the certificate bodycertSignatureData
- signature datanet.sf.scuba.smartcards.CardServiceException
- on error communicating over the servicepublic void addPlainTextAPDUListener(net.sf.scuba.smartcards.APDUListener l)
l
- a listenerpublic void removePlainTextAPDUListener(net.sf.scuba.smartcards.APDUListener l)
l
- a listenerprotected void notifyExchangedPlainTextAPDU(int count, net.sf.scuba.smartcards.CommandAPDU capdu, net.sf.scuba.smartcards.ResponseAPDU rapdu)
count
- countcapdu
- command APDUrapdu
- response APDUCopyright © 2016. All rights reserved.