Package org.jmrtd.protocol
Class EACTAProtocol
- java.lang.Object
-
- org.jmrtd.protocol.EACTAProtocol
-
public class EACTAProtocol extends Object
The EAC Terminal Authentication protocol.- Since:
- 0.5.6
- Version:
- $Revision: 1799 $
- Author:
- The JMRTD team ([email protected])
-
-
Constructor Summary
Constructors Constructor Description EACTAProtocol(APDULevelEACTACapable service, SecureMessagingWrapper wrapper)
Creates a protocol instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description EACTAResult
doEACTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, String documentNumber)
Perform the EAC-TA (Terminal Authentication) part of EAC (version 1).EACTAResult
doTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, byte[] idPICC)
Executes the Terminal Authentication protocol.EACTAResult
doTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, PACEResult paceResult)
Perform TA (Terminal Authentication) part of EAC (version 1).
-
-
-
Constructor Detail
-
EACTAProtocol
public EACTAProtocol(APDULevelEACTACapable service, SecureMessagingWrapper wrapper)
Creates a protocol instance.- Parameters:
service
- the card service for APDU communicationwrapper
- the secure messaging wrapper
-
-
Method Detail
-
doEACTA
public EACTAResult doEACTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, String documentNumber) throws net.sf.scuba.smartcards.CardServiceException
Perform the EAC-TA (Terminal Authentication) part of EAC (version 1). For details see TR-03110 ver. 1.11. In short, we feed the sequence of terminal certificates to the card for verification, get a challenge from the card, sign it with terminal private key, and send back to the card for verification.- Parameters:
caReference
- a reference to the issuerterminalCertificates
- the terminal certificate chainterminalKey
- the terminal private keytaAlg
- the algorithmchipAuthenticationResult
- the chip authentication resultdocumentNumber
- the document number from which the chip key hash will be derived- Returns:
- the Terminal Authentication result
- Throws:
net.sf.scuba.smartcards.CardServiceException
- on error
-
doTA
public EACTAResult doTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, PACEResult paceResult) throws net.sf.scuba.smartcards.CardServiceException
Perform TA (Terminal Authentication) part of EAC (version 1). For details see TR-03110 ver. 1.11. In short, we feed the sequence of terminal certificates to the card for verification, get a challenge from the card, sign it with terminal private key, and send back to the card for verification.- Parameters:
caReference
- reference issuerterminalCertificates
- terminal certificate chainterminalKey
- terminal private keytaAlg
- the algorithmchipAuthenticationResult
- the chip authentication resultpaceResult
- the PACE result from which the chip key hash will be derived- Returns:
- the Terminal Authentication result
- Throws:
net.sf.scuba.smartcards.CardServiceException
- on error
-
doTA
public EACTAResult doTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, byte[] idPICC) throws net.sf.scuba.smartcards.CardServiceException
Executes the Terminal Authentication protocol.- Parameters:
caReference
- the certificate authorityterminalCertificates
- the chain of certificates to sendterminalKey
- the inspection system's private keytaAlg
- the algorithmchipAuthenticationResult
- the result of the Chip Authentication protocol executionidPICC
- the chip identifier- Returns:
- the result of Terminal Authentication
- Throws:
net.sf.scuba.smartcards.CardServiceException
- on error
-
-