jason.client
Class SecureCardAccessor

java.lang.Object
  |
  +--jason.client.SecureCardAccessor
All Implemented Interfaces:
com.sun.javacard.javax.smartcard.rmiclient.CardAccessor, Constants

public class SecureCardAccessor
extends java.lang.Object
implements com.sun.javacard.javax.smartcard.rmiclient.CardAccessor, Constants


Field Summary
private  MyCipher cipher
           
private  short id
           
private  byte[] jdf
           
private  KeyStore keyStore
           
private static byte[] loginData
           
private  RemoteCardAccessor remoteCardAccessor
           
private  byte role
           
static byte ROLE_CARD
           
private  java.security.SecureRandom secureRandom
           
private  XORKey sessionKey
           
private  MySignature signature
           
 
Fields inherited from interface jason.Constants
ANYBODY, APPLICATION_DATA_TAG, FCI_TAG, JC_RMI_DATA_TAG, JDF_TAG, NORMAL_TAG, SECURITY_AUTHENTIC, SECURITY_CONFIDENTIAL, SECURITY_CONFIDENTIAL_AUTHENTIC, SECURITY_PLAIN, TYPE_ARRAY, TYPE_BOOLEAN, TYPE_BOOLEAN_ARRAY, TYPE_BYTE, TYPE_BYTE_ARRAY, TYPE_INT, TYPE_INT_ARRAY, TYPE_OBJECT, TYPE_OBJECT_ARRAY, TYPE_SHORT, TYPE_SHORT_ARRAY, TYPE_VOID
 
Constructor Summary
SecureCardAccessor()
          Initialises all values to the default values.
 
Method Summary
private static java.lang.String arrayToString(byte[] data)
          Translates a byte array to a string
private static java.lang.String arrayToString(byte[] data, int offset, int length)
          Translates part of a byte array to a string
private  void checkFreshnessCounter(byte freshnessCounter)
          Checks if the freshnessCounter is the successor of an earlier freshness counter.
 byte[] exchangeAPDU(byte[] sendData)
          Calls selectAPDU(byte[]) of invokeAPDU(byte[]) according to the command.
 short getSessionIdentifier()
          Returns the session identifier.
private  byte[] invokeAPDU(byte[] sendData)
          Encrypts and signs the parameters when necessary and decrypt / verifies the response from the card
 boolean login(byte role, KeyStore keyStore)
          Logs in with the specified role byte given the keystore.
 boolean putKey(byte role, byte keyType, java.security.Key key, byte sessionAlgorithm)
          Uploads a key to the key store object on the smart card.
private  byte[] selectAPDU(byte[] sendData)
          Select the card applet by its AID.
 void setRemote(java.lang.String host, int port)
          Connects to a CardAccessor run on another host.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ROLE_CARD

public static final byte ROLE_CARD
See Also:
Constant Field Values

remoteCardAccessor

private RemoteCardAccessor remoteCardAccessor

id

private short id

jdf

private byte[] jdf

role

private byte role

cipher

private MyCipher cipher

secureRandom

private java.security.SecureRandom secureRandom

signature

private MySignature signature

keyStore

private KeyStore keyStore

sessionKey

private XORKey sessionKey

loginData

private static byte[] loginData
Constructor Detail

SecureCardAccessor

public SecureCardAccessor()
Initialises all values to the default values.

Method Detail

exchangeAPDU

public byte[] exchangeAPDU(byte[] sendData)
                    throws java.io.IOException
Calls selectAPDU(byte[]) of invokeAPDU(byte[]) according to the command.

Specified by:
exchangeAPDU in interface com.sun.javacard.javax.smartcard.rmiclient.CardAccessor
Parameters:
sendData - Eiter a select APDU command or an invoke APDU command
Returns:
The response APDU
Throws:
java.io.IOException - when an exception is thrown by selectAPDU(byte[]) or invokeAPDU(byte[])

getSessionIdentifier

public short getSessionIdentifier()
Returns the session identifier. The session identifier equals the object id of the remote object.

Specified by:
getSessionIdentifier in interface com.sun.javacard.javax.smartcard.rmiclient.CardAccessor
Returns:
Session identifier

setRemote

public void setRemote(java.lang.String host,
                      int port)
               throws java.rmi.RemoteException
Connects to a CardAccessor run on another host.

Parameters:
host - The foreign host
port - The foreign port number
Throws:
java.rmi.RemoteException - when the connection cannot be set up

login

public boolean login(byte role,
                     KeyStore keyStore)
              throws java.io.IOException
Logs in with the specified role byte given the keystore.

Parameters:
role - role byte
keyStore - key store containing a key for the role
Returns:
true if allowed to log in, false otherwise
Throws:
java.io.IOException - when something went wrong

putKey

public boolean putKey(byte role,
                      byte keyType,
                      java.security.Key key,
                      byte sessionAlgorithm)
               throws java.io.IOException
Uploads a key to the key store object on the smart card. Keys can only be uploaded once. Subsequent uploads will result in a failure

Parameters:
role - role byte
keyType - value from KeyBuilder.TYPE_...
key - the key itself
sessionAlgorithm - value from Cipher.ALG_...
Returns:
true if the key could be uploaded, false otherwise
Throws:
java.io.IOException - when something else went wrong

selectAPDU

private byte[] selectAPDU(byte[] sendData)
                   throws java.io.IOException
Select the card applet by its AID. The card response is parsed and the name of the applet is substracted and used to find the stub object. The stub is used to get the JDF array containing the security requirements.

Parameters:
sendData - Select APDU command
Returns:
response APDU
Throws:
java.io.IOException - when something went wrong

invokeAPDU

private byte[] invokeAPDU(byte[] sendData)
                   throws java.io.IOException
Encrypts and signs the parameters when necessary and decrypt / verifies the response from the card

Parameters:
sendData - The marshalled parameters in plain text
Returns:
The marshalled result in plain text
Throws:
JasonSecurityException - when the card returns an ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED
InvalidSignatureException - when the card signature does not match the locally calculated signature
InvalidFreshnessCounterException - when the authentic response does not carry the correct freshness counter
java.io.IOException

checkFreshnessCounter

private void checkFreshnessCounter(byte freshnessCounter)
                            throws InvalidFreshnessCounterException
Checks if the freshnessCounter is the successor of an earlier freshness counter. If this is true the freshness counter is increased.

Parameters:
freshnessCounter - The freshnessCounter found in the card response
Throws:
InvalidFreshnessCounterException - when the counter is not a successor of the last counter

arrayToString

private static java.lang.String arrayToString(byte[] data)
Translates a byte array to a string

Parameters:
data -
Returns:
translation

arrayToString

private static java.lang.String arrayToString(byte[] data,
                                              int offset,
                                              int length)
Translates part of a byte array to a string

Parameters:
data -
offset -
length -
Returns:
translation