public class PassportService extends AbstractMRTDCardService
Modifier and Type | Field and Description |
---|---|
protected static byte[] |
APPLET_AID
The applet we select when we start a session.
|
static byte |
CAN_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static int |
DEFAULT_MAX_BLOCKSIZE
The default maximal blocksize used for unencrypted APDUs.
|
static short |
EF_CARD_ACCESS
Card Access.
|
static short |
EF_CARD_SECURITY
Card Security.
|
static short |
EF_COM
The data group presence list.
|
static short |
EF_CVCA
Contains EAC CVA references.
|
static short |
EF_DG1
File identifier for data group 1.
|
static short |
EF_DG10
File identifier for data group 10.
|
static short |
EF_DG11
File identifier for data group 11.
|
static short |
EF_DG12
File identifier for data group 12.
|
static short |
EF_DG13
File identifier for data group 13.
|
static short |
EF_DG14
File identifier for data group 14.
|
static short |
EF_DG15
File identifier for data group 15.
|
static short |
EF_DG16
File identifier for data group 16.
|
static short |
EF_DG2
File identifier for data group 2.
|
static short |
EF_DG3
File identifier for data group 3.
|
static short |
EF_DG4
File identifier for data group 4.
|
static short |
EF_DG5
File identifier for data group 5.
|
static short |
EF_DG6
File identifier for data group 6.
|
static short |
EF_DG7
File identifier for data group 7.
|
static short |
EF_DG8
File identifier for data group 8.
|
static short |
EF_DG9
File identifier for data group 9.
|
static short |
EF_SOD
The security document.
|
static int |
EXTENDED_MAX_TRANCEIVE_LENGTH
The extended maximal tranceive length of APDUs.
|
static byte |
MRZ_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static byte |
NO_PACE_KEY_REFERENCE
Shared secret type for non-PACE key.
|
static int |
NORMAL_MAX_TRANCEIVE_LENGTH
The normal maximal tranceive length of APDUs.
|
static byte |
PIN_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static byte |
PUK_PACE_KEY_REFERENCE
Shared secret type for PACE according to BSI TR-03110 v2.03 B.11.1.
|
static byte |
SFI_CARD_ACCESS
Short file identifier for card access file.
|
static byte |
SFI_CARD_SECURITY
Short file identifier for card security file.
|
static byte |
SFI_COM
Short file identifier for file.
|
static byte |
SFI_CVCA
Short file identifier for file.
|
static byte |
SFI_DG1
Short file identifier for file.
|
static byte |
SFI_DG10
Short file identifier for file.
|
static byte |
SFI_DG11
Short file identifier for file.
|
static byte |
SFI_DG12
Short file identifier for file.
|
static byte |
SFI_DG13
Short file identifier for file.
|
static byte |
SFI_DG14
Short file identifier for file.
|
static byte |
SFI_DG15
Short file identifier for file.
|
static byte |
SFI_DG16
Short file identifier for file.
|
static byte |
SFI_DG2
Short file identifier for file.
|
static byte |
SFI_DG3
Short file identifier for file.
|
static byte |
SFI_DG4
Short file identifier for file.
|
static byte |
SFI_DG5
Short file identifier for file.
|
static byte |
SFI_DG6
Short file identifier for file.
|
static byte |
SFI_DG7
Short file identifier for file.
|
static byte |
SFI_DG8
Short file identifier for file.
|
static byte |
SFI_DG9
Short file identifier for file.
|
static byte |
SFI_SOD
Short file identifier for file.
|
Constructor and Description |
---|
PassportService(net.sf.scuba.smartcards.CardService service,
int maxTranceiveLengthForSecureMessaging,
int maxBlockSize,
boolean isSFIEnabled,
boolean shouldCheckMAC)
Creates a new passport service for accessing the passport.
|
PassportService(net.sf.scuba.smartcards.CardService service,
int maxTranceiveLengthForPACEProtocol,
int maxTranceiveLengthForSecureMessaging,
int maxBlockSize,
boolean isSFIEnabled,
boolean shouldCheckMAC)
Creates a new passport service for accessing the passport.
|
Modifier and Type | Method and Description |
---|---|
void |
addAPDUListener(net.sf.scuba.smartcards.APDUListener l) |
void |
close()
Closes this service.
|
AAResult |
doAA(PublicKey publicKey,
String digestAlgorithm,
String signatureAlgorithm,
byte[] challenge)
Performs the Active Authentication protocol.
|
BACResult |
doBAC(AccessKeySpec bacKey)
Performs the Basic Access Control protocol.
|
BACResult |
doBAC(SecretKey kEnc,
SecretKey kMac)
Performs the Basic Access Control protocol.
|
EACCAResult |
doEACCA(BigInteger keyId,
String oid,
String publicKeyOID,
PublicKey publicKey)
Perform CA (Chip Authentication) part of EAC (version 1).
|
EACTAResult |
doEACTA(CVCPrincipal caReference,
List<CardVerifiableCertificate> terminalCertificates,
PrivateKey terminalKey,
String taAlg,
EACCAResult chipAuthenticationResult,
PACEResult paceResult)
Performs Terminal Authentication (TA) part of EAC (version 1).
|
EACTAResult |
doEACTA(CVCPrincipal caReference,
List<CardVerifiableCertificate> terminalCertificates,
PrivateKey terminalKey,
String taAlg,
EACCAResult chipAuthenticationResult,
String documentNumber)
Performs Terminal Authentication (TA) part of EAC (version 1).
|
PACEResult |
doPACE(AccessKeySpec keySpec,
String oid,
AlgorithmParameterSpec params,
BigInteger parameterId)
Performs the PACE 2.0 / SAC protocol.
|
Collection<net.sf.scuba.smartcards.APDUListener> |
getAPDUListeners() |
byte[] |
getATR()
Returns the answer to reset.
|
net.sf.scuba.smartcards.CardFileInputStream |
getInputStream(short fid)
Deprecated.
Use the other method with explicit max block size
|
net.sf.scuba.smartcards.CardFileInputStream |
getInputStream(short fid,
int maxBlockSize)
Returns the file indicated by the file identifier as an input stream.
|
int |
getMaxTranceiveLength()
Returns the maximum tranceive length of (protected) APDUs.
|
SecureMessagingWrapper |
getWrapper()
Returns the secure messaging wrapper currently in use.
|
boolean |
isConnectionLost(Exception e)
Determines whether an exception indicates a tag is lost event.
|
boolean |
isOpen()
Returns a boolean that indicates whether this service is open.
|
protected void |
notifyExchangedAPDU(net.sf.scuba.smartcards.APDUEvent event) |
void |
open()
Opens a session to the card.
|
void |
removeAPDUListener(net.sf.scuba.smartcards.APDUListener l) |
void |
sendSelectApplet(boolean hasPACESucceeded)
Selects the card side applet.
|
boolean |
shouldCheckMAC()
Whether secure channels should check the MAC on response APDUs sent by the ICC.
|
net.sf.scuba.smartcards.ResponseAPDU |
transmit(net.sf.scuba.smartcards.CommandAPDU commandAPDU) |
doPACE
public static final byte NO_PACE_KEY_REFERENCE
public static final byte MRZ_PACE_KEY_REFERENCE
public static final byte CAN_PACE_KEY_REFERENCE
public static final byte PIN_PACE_KEY_REFERENCE
public static final byte PUK_PACE_KEY_REFERENCE
public static final short EF_CARD_ACCESS
public static final short EF_CARD_SECURITY
public static final short EF_DG1
public static final short EF_DG2
public static final short EF_DG3
public static final short EF_DG4
public static final short EF_DG5
public static final short EF_DG6
public static final short EF_DG7
public static final short EF_DG8
public static final short EF_DG9
public static final short EF_DG10
public static final short EF_DG11
public static final short EF_DG12
public static final short EF_DG13
public static final short EF_DG14
public static final short EF_DG15
public static final short EF_DG16
public static final short EF_SOD
public static final short EF_COM
public static final short EF_CVCA
public static final byte SFI_CARD_ACCESS
public static final byte SFI_CARD_SECURITY
public static final byte SFI_DG1
public static final byte SFI_DG2
public static final byte SFI_DG3
public static final byte SFI_DG4
public static final byte SFI_DG5
public static final byte SFI_DG6
public static final byte SFI_DG7
public static final byte SFI_DG8
public static final byte SFI_DG9
public static final byte SFI_DG10
public static final byte SFI_DG11
public static final byte SFI_DG12
public static final byte SFI_DG13
public static final byte SFI_DG14
public static final byte SFI_DG15
public static final byte SFI_DG16
public static final byte SFI_COM
public static final byte SFI_SOD
public static final byte SFI_CVCA
public static final int DEFAULT_MAX_BLOCKSIZE
public static final int NORMAL_MAX_TRANCEIVE_LENGTH
public static final int EXTENDED_MAX_TRANCEIVE_LENGTH
protected static final byte[] APPLET_AID
public PassportService(net.sf.scuba.smartcards.CardService service, int maxTranceiveLengthForSecureMessaging, int maxBlockSize, boolean isSFIEnabled, boolean shouldCheckMAC)
service
- another service which will deal with sending the APDUs to the cardmaxTranceiveLengthForSecureMessaging
- maximum length to use in secure messaging APDUs, 256
or 65536
maxBlockSize
- maximum buffer size for plain text APDUsisSFIEnabled
- whether short file identifiers should be used for read binaries when possibleshouldCheckMAC
- whether the secure messaging channels, resulting from BAC, PACE, EAC-CA, should
check MACs on response APDUspublic PassportService(net.sf.scuba.smartcards.CardService service, int maxTranceiveLengthForPACEProtocol, int maxTranceiveLengthForSecureMessaging, int maxBlockSize, boolean isSFIEnabled, boolean shouldCheckMAC)
service
- another service which will deal with sending the APDUs to the cardmaxTranceiveLengthForPACEProtocol
- maximum length to use in PACE protocol steps, 256
or 65536
maxTranceiveLengthForSecureMessaging
- maximum length to use in secure messaging APDUs, 256
or 65536
maxBlockSize
- maximum buffer size for plain text APDUsisSFIEnabled
- whether short file identifiers should be used for read binaries when possibleshouldCheckMAC
- whether the secure messaging channels, resulting from BAC, PACE, EAC-CA, should
check MACs on response APDUspublic void open() throws net.sf.scuba.smartcards.CardServiceException
open
in class net.sf.scuba.smartcards.CardService
net.sf.scuba.smartcards.CardServiceException
- on errorpublic void sendSelectApplet(boolean hasPACESucceeded) throws net.sf.scuba.smartcards.CardServiceException
sendSelectApplet
in class AbstractMRTDCardService
hasPACESucceeded
- indicates whether PACE has been executed successfully (in which case a secure messaging channel has been established)net.sf.scuba.smartcards.CardServiceException
- on errorpublic boolean isOpen()
isOpen
in class net.sf.scuba.smartcards.CardService
public BACResult doBAC(AccessKeySpec bacKey) throws net.sf.scuba.smartcards.CardServiceException
doBAC
in class AbstractMRTDCardService
bacKey
- the key based on the document number,
the card holder's birth date,
and the document's expiration datenet.sf.scuba.smartcards.CardServiceException
- if authentication failedpublic BACResult doBAC(SecretKey kEnc, SecretKey kMac) throws net.sf.scuba.smartcards.CardServiceException, GeneralSecurityException
doBAC
in class AbstractMRTDCardService
kEnc
- static 3DES key required for BACkMac
- static 3DES key required for BACnet.sf.scuba.smartcards.CardServiceException
- if authentication failedGeneralSecurityException
- on security primitives related problemspublic PACEResult doPACE(AccessKeySpec keySpec, String oid, AlgorithmParameterSpec params, BigInteger parameterId) throws net.sf.scuba.smartcards.CardServiceException
doPACE
in class AbstractMRTDCardService
keySpec
- the MRZoid
- as specified in the PACEInfo, indicates GM or IM or CAM, DH or ECDH, cipher, digest, lengthparams
- explicit static domain parameters the domain params for DH or ECDHparameterId
- parameter identifier or null
net.sf.scuba.smartcards.CardServiceException
- on errorpublic EACCAResult doEACCA(BigInteger keyId, String oid, String publicKeyOID, PublicKey publicKey) throws net.sf.scuba.smartcards.CardServiceException
doEACCA
in class AbstractMRTDCardService
keyId
- passport's public key id (stored in DG14), null
if noneoid
- the object identifier indicating the Chip Authentication protocolpublicKeyOID
- the object identifier indicating the public key algorithm usedpublicKey
- passport's public key (stored in DG14)net.sf.scuba.smartcards.CardServiceException
- if CA failed or some error occurredpublic EACTAResult doEACTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, String documentNumber) throws net.sf.scuba.smartcards.CardServiceException
doEACTA
in class AbstractMRTDCardService
caReference
- reference issuerterminalCertificates
- terminal certificate chainterminalKey
- terminal private keytaAlg
- algorithmchipAuthenticationResult
- the chip authentication resultdocumentNumber
- the document numbernet.sf.scuba.smartcards.CardServiceException
- on errorpublic EACTAResult doEACTA(CVCPrincipal caReference, List<CardVerifiableCertificate> terminalCertificates, PrivateKey terminalKey, String taAlg, EACCAResult chipAuthenticationResult, PACEResult paceResult) throws net.sf.scuba.smartcards.CardServiceException
doEACTA
in class AbstractMRTDCardService
caReference
- reference issuerterminalCertificates
- terminal certificate chainterminalKey
- terminal private keytaAlg
- algorithmchipAuthenticationResult
- the chip authentication resultpaceResult
- the PACE resultnet.sf.scuba.smartcards.CardServiceException
- on errorpublic AAResult doAA(PublicKey publicKey, String digestAlgorithm, String signatureAlgorithm, byte[] challenge) throws net.sf.scuba.smartcards.CardServiceException
doAA
in class AbstractMRTDCardService
publicKey
- the public key to use (usually read from the card)digestAlgorithm
- the digest algorithm to use, or nullsignatureAlgorithm
- signature algorithmchallenge
- challengenet.sf.scuba.smartcards.CardServiceException
- on errorpublic void close()
close
in class net.sf.scuba.smartcards.CardService
public int getMaxTranceiveLength()
public SecureMessagingWrapper getWrapper()
null
until access control has been performed.getWrapper
in class AbstractMRTDCardService
public net.sf.scuba.smartcards.ResponseAPDU transmit(net.sf.scuba.smartcards.CommandAPDU commandAPDU) throws net.sf.scuba.smartcards.CardServiceException
transmit
in class net.sf.scuba.smartcards.CardService
net.sf.scuba.smartcards.CardServiceException
public byte[] getATR() throws net.sf.scuba.smartcards.CardServiceException
getATR
in class net.sf.scuba.smartcards.CardService
net.sf.scuba.smartcards.CardServiceException
- on errorpublic boolean isConnectionLost(Exception e)
isConnectionLost
in class net.sf.scuba.smartcards.CardService
e
- an exceptionpublic boolean shouldCheckMAC()
@Deprecated public net.sf.scuba.smartcards.CardFileInputStream getInputStream(short fid) throws net.sf.scuba.smartcards.CardServiceException
getInputStream
in class FileSystemCardService
fid
- the file identifiernet.sf.scuba.smartcards.CardServiceException
- if the file cannot be readpublic net.sf.scuba.smartcards.CardFileInputStream getInputStream(short fid, int maxBlockSize) throws net.sf.scuba.smartcards.CardServiceException
getInputStream
in class FileSystemCardService
fid
- the file identifiermaxBlockSize
- the blocksize to request in plain READ BINARY commandsnet.sf.scuba.smartcards.CardServiceException
- if the file cannot be readpublic void addAPDUListener(net.sf.scuba.smartcards.APDUListener l)
addAPDUListener
in class net.sf.scuba.smartcards.CardService
public void removeAPDUListener(net.sf.scuba.smartcards.APDUListener l)
removeAPDUListener
in class net.sf.scuba.smartcards.CardService
public Collection<net.sf.scuba.smartcards.APDUListener> getAPDUListeners()
getAPDUListeners
in class net.sf.scuba.smartcards.CardService
protected void notifyExchangedAPDU(net.sf.scuba.smartcards.APDUEvent event)
notifyExchangedAPDU
in class net.sf.scuba.smartcards.CardService
Copyright © 2020. All rights reserved.