com.ibm.opencard.access
Class MFCCardAccessor
java.lang.Object
|
+--com.ibm.opencard.access.MFCCardAccessor
- Direct Known Subclasses:
- MFCSecureAccessor
- public class MFCCardAccessor
- extends java.lang.Object
- implements CardAccessor
The card accessor is responsible for satisfying access conditions.
Command APDUs to be sent to the card will be passed to the accessor first,
along with access conditions. The accessor then uses the mid and low level
communication methods of the channel to satisfy the access conditions and
to execute the command. It relies on a helper class for CHV, while other
access conditions (except ALWays and NEVer) are not supported due to US
export regulations.
- Version:
- $Id: MFCCardAccessor.java,v 1.1 1999/12/02 16:06:00 damke Exp $
| Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
card_channel
protected MFCCardChannel card_channel
- This channel will be used to exchange APDUs with the smartcard.
credential_set
protected MFCCredentialSet credential_set
- The set of credentials available to this accessor.
helper_CHV
protected MFCCHVProvider helper_CHV
- This helper will take care of card holder verification.
MFCCardAccessor
public MFCCardAccessor(MFCCHVProvider chverifier)
- Create a new accessor.
- Parameters:
chverifier - the helper for Card Holder Verification
getCredentials
public MFCCredentialSet getCredentials()
- Gets the set of credentials.
An application provides the credentials to be used in a
CredentialBag, which contains card-specific
CredentialStore objects. The card service extracts the
credential stores for MFC smartcards and copies the credentials
to a MFCCredentialSet, which will be not be used at all,
since this accessor does not support access conditions involving
cryptography.
This method is used to get the credential set for this accessor.
After creation, that set is empty. Changes in the credential set
will take effect immediately, no explicit set has to be performed.
That is the reason why no set method is provided for the set of
credentials.
- Returns:
- the set of credentials available to this accessor
- See Also:
CredentialBag,
CredentialStore,
MFCCredentialSet,
MFCCardService
setChannel
public final void setChannel(MFCCardChannel channel)
- Set the channel to which this accessor is connected.
This method is called by a channel as soon as an accessor is passed
to it. The accessor needs to know the channel to exchange APDUs with
the smartcard via the mid and low level methods provided there. When
the accessor is disconnected, the channel will call this method again,
with argument null. Consequently, an accessor can only be
used with one channel at a time.
The channel could be passed as an argument to executeCommand
instead. This is not done to simplify that method. Besides, there
will usually be passed more than one command APDU for a channel
allocation, so the overhead should be smaller using an explicit
set prior to communication.
- Specified by:
- setChannel in interface CardAccessor
- Parameters:
channel - the card channel to use,
or null- See Also:
MFCCardChannel.setAccessor(com.ibm.opencard.service.CardAccessor)
setCHVDialog
public final void setCHVDialog(CHVDialog dialog)
- Set the CHV dialog to be used if CHV is required.
This dialog is application dependent. Therefore, this
method is needed to supply an application-defined dialog.
The dialog will be passed on to the CHV helper.
The interface CHVDialog does not explicitly require
a screen dialog. A card terminal's IO capabilities could also
be used.
- Parameters:
dialog - the dialog to invoke if CHV is required- See Also:
MFCCHVProvider,
CHVDialog
executeCommand
public ResponseAPDU executeCommand(CommandAPDU command,
AccessConditions access)
throws CardServiceInabilityException,
CardServiceInvalidCredentialException,
CardServiceUnexpectedResponseException,
CardTerminalException
- Generic method to exchange APDUs with the smartcard.
This method checks and downcasts the arguments and then
invokes execCommand below. See there for details.
- Specified by:
- executeCommand in interface CardAccessor
execCommand
public ResponseAPDU execCommand(MFCCommandAPDU command,
MFCAccessConditions access)
throws CardServiceInabilityException,
CardServiceInvalidCredentialException,
CardServiceUnexpectedResponseException,
CardTerminalException
- Exchange APDUs with the smartcard.
This method is invoked by the card channel. The channel ID is already
encoded in the command APDU, so it can be passed to the low-level send
method immediately. This accessor is responsible for satisfying the
access conditions involved with the command. In order to do so, it may
have to perform a card holder verification. Other access conditions
are not supported, due to US export regulations.
The current implementation uses an optimistic approach.
It assumes that CHV has been performed before. If access is denied,
the assumption was wrong and CHV is performed before the command is
retried. This optimistic approach costs one useless command for
each CHV to perform, but saves the trouble of keeping track of
CHVs and their invalidation due to select commands. Worse cases may
occur in conjunction with other access conditions, but these are
not considered here.
- Parameters:
command - the APDU to send to the smartcardaccess - the access conditions for the command in the APDU- Returns:
- the response APDU obtained from the smartcard
- Throws:
- CardServiceInabilityException - The access conditions could not be satisfied.
- CardServiceInvalidCredentialException - The credentials provided were incorrect.
- CardServiceUnexpectedResponseException - A helper failed to interpret the smartcard's response.
- CardTerminalException - The terminal encountered an error.
retryWithCHV
protected ResponseAPDU retryWithCHV(MFCCommandAPDU command,
MFCAccessConditions access)
throws CardServiceInabilityException,
CardServiceInvalidCredentialException,
CardTerminalException
- Retry a command after performing CHV.
This method is invoked if a command failed due to access conditions
not satisfied, and the access conditions require CHV to be performed.
The CHV will be performed, and the command is issued again.
If the access conditions combine authentication and CHV, authentication
is done before this method is invoked. This way, the CHV is queried
from the user only if it is really required.
- Parameters:
command - the command to retryaccess - the access conditions to satisfy- Returns:
- the smartcard's response to the command
- Throws:
- CardServiceInvalidCredentialException - if the password was incorrect or is blocked
- CardServiceInabilityException - if no CHV provider is defined
- CardTerminalException - if the terminal encountered an error
|
