public abstract class AbstractMRTDCardService extends FileSystemCardService
Constructor and Description |
---|
AbstractMRTDCardService() |
Modifier and Type | Method and Description |
---|---|
abstract AAResult |
doAA(PublicKey publicKey,
String digestAlgorithm,
String signatureAlgorithm,
byte[] challenge)
Performs the Active Authentication protocol.
|
abstract BACResult |
doBAC(AccessKeySpec bacKey)
Performs the Basic Access Control protocol.
|
abstract BACResult |
doBAC(SecretKey kEnc,
SecretKey kMac)
Performs the Basic Access Control protocol.
|
abstract EACCAResult |
doEACCA(BigInteger keyId,
String oid,
String publicKeyOID,
PublicKey publicKey)
Perform CA (Chip Authentication) part of EAC (version 1).
|
abstract EACTAResult |
doEACTA(CVCPrincipal caReference,
List<CardVerifiableCertificate> terminalCertificates,
PrivateKey terminalKey,
String taAlg,
EACCAResult chipAuthenticationResult,
PACEResult paceResult)
Performs Terminal Authentication (TA) part of EAC (version 1).
|
abstract EACTAResult |
doEACTA(CVCPrincipal caReference,
List<CardVerifiableCertificate> terminalCertificates,
PrivateKey terminalKey,
String taAlg,
EACCAResult chipAuthenticationResult,
String documentNumber)
Performs Terminal Authentication (TA) part of EAC (version 1).
|
PACEResult |
doPACE(AccessKeySpec keySpec,
String oid,
AlgorithmParameterSpec params)
Deprecated.
Use the variant with additional parameter identifier
|
abstract PACEResult |
doPACE(AccessKeySpec keySpec,
String oid,
AlgorithmParameterSpec params,
BigInteger parameterId)
Performs the PACE 2.0 / SAC protocol.
|
abstract SecureMessagingWrapper |
getWrapper()
Returns the secure messaging wrapper currently in use.
|
abstract void |
sendSelectApplet(boolean shouldUseSecureMessaging)
Selects the card side applet.
|
getInputStream, getInputStream
public abstract BACResult doBAC(AccessKeySpec bacKey) throws net.sf.scuba.smartcards.CardServiceException
bacKey
- the key based on the document number,
the card holder's birth date,
and the document's expiration datenet.sf.scuba.smartcards.CardServiceException
- if authentication failedpublic abstract BACResult doBAC(SecretKey kEnc, SecretKey kMac) throws net.sf.scuba.smartcards.CardServiceException, GeneralSecurityException
kEnc
- static 3DES key required for BACkMac
- static 3DES key required for BACnet.sf.scuba.smartcards.CardServiceException
- if authentication failedGeneralSecurityException
- on security primitives related problems@Deprecated public PACEResult doPACE(AccessKeySpec keySpec, String oid, AlgorithmParameterSpec params) throws net.sf.scuba.smartcards.CardServiceException
keySpec
- the MRZoid
- as specified in the PACEInfo, indicates GM or IM or CAM, DH or ECDH, cipher, digest, lengthparams
- explicit static domain parameters the domain params for DH or ECDHnet.sf.scuba.smartcards.CardServiceException
- if authentication failed or on errorpublic abstract PACEResult doPACE(AccessKeySpec keySpec, String oid, AlgorithmParameterSpec params, BigInteger parameterId) throws net.sf.scuba.smartcards.CardServiceException
keySpec
- the MRZoid
- as specified in the PACEInfo, indicates GM or IM or CAM, DH or ECDH, cipher, digest, lengthparams
- explicit static domain parameters the domain params for DH or ECDHparameterId
- parameter identifier or null
net.sf.scuba.smartcards.CardServiceException
- if authentication failed or on errorpublic abstract void sendSelectApplet(boolean shouldUseSecureMessaging) throws net.sf.scuba.smartcards.CardServiceException
shouldUseSecureMessaging
- indicates whether a secure messaging channel has already been established
(which is the case if PACE has been executed)net.sf.scuba.smartcards.CardServiceException
- on errorpublic abstract AAResult doAA(PublicKey publicKey, String digestAlgorithm, String signatureAlgorithm, byte[] challenge) throws net.sf.scuba.smartcards.CardServiceException
publicKey
- the public key to use (usually read from the card)digestAlgorithm
- the digest algorithm to use, or nullsignatureAlgorithm
- signature algorithmchallenge
- challengenet.sf.scuba.smartcards.CardServiceException
- on errorpublic abstract EACCAResult doEACCA(BigInteger keyId, String oid, String publicKeyOID, PublicKey publicKey) throws net.sf.scuba.smartcards.CardServiceException
keyId
- the chip's public key id (stored in DG14), null
if noneoid
- the object identifier indicating the Chip Authentication protocolpublicKeyOID
- the object identifier indicating the public key algorithm usedpublicKey
- passport's public key (stored in DG14)net.sf.scuba.smartcards.CardServiceException
- if CA failed or some error occurredpublic abstract EACTAResult doEACTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, String documentNumber) throws net.sf.scuba.smartcards.CardServiceException
caReference
- reference issuerterminalCertificates
- terminal certificate chainterminalKey
- terminal private keytaAlg
- algorithmchipAuthenticationResult
- the chip authentication resultdocumentNumber
- the document numbernet.sf.scuba.smartcards.CardServiceException
- on errorpublic abstract EACTAResult doEACTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, PACEResult paceResult) throws net.sf.scuba.smartcards.CardServiceException
caReference
- reference issuerterminalCertificates
- terminal certificate chainterminalKey
- terminal private keytaAlg
- algorithmchipAuthenticationResult
- the chip authentication resultpaceResult
- the PACE resultnet.sf.scuba.smartcards.CardServiceException
- on errorpublic abstract SecureMessagingWrapper getWrapper()
Copyright © 2020. All rights reserved.