com.ibm.opencard.access
Class MFCSecurityHelper
java.lang.Object
|
+--com.ibm.opencard.access.MFCSecurityHelper
- Direct Known Subclasses:
- MFC35Authenticator, MFCSecureMessenger
- public abstract class MFCSecurityHelper
- extends java.lang.Object
Base class for helpers that need to deal with credentials.
MFCCardAccessor uses several helpers, including some
that perform authentication, protection, and encryption. These
helpers need to perform operations like looking up a credential,
or sending a random number to the smartcard. This class implements
those common operations, to simplify implementing the helpers.
Since this class provides only methods that are of no use
for themselfes, and all those methods are protected,
it is declared abstract.
- Version:
- $Id: MFCSecurityHelper.java,v 1.1 1999/12/02 16:06:01 damke Exp $
- See Also:
MFCCardAccessor,
MFCCredential
| Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
MFCSecurityHelper
protected MFCSecurityHelper(MFCCodes codes)
- Instantiates a security helper for MFC smartcards.
Since this class implements methods to exchange APDUs with the
smartcard, it is parameterized by the command codes, so it can
be used with various versions of the MFC smartcards. The codes
can be accessed in derived classes using getMFCCodes().
- Parameters:
codes - the command codes for the MFC card to support- See Also:
getMFCCodes()
getMFCCodes
protected final MFCCodes getMFCCodes()
- Returns the command codes for the smartcard.
- Returns:
- the card-specific command codes passed to the constructor
setCredentials
public final void setCredentials(MFCCredentialSet credentials)
- Sets the accessor's set of credentials.
MFC security operations involve keys for DES or tribple DES. These
keys are provided by the application in form of credentials, that is
implementations of the interface MFCCredential. A credential
can be thought of as a cryptographic algorithm, here DES, that is
already parametrized by a key.
MFCCardAccessor maintain a set of credentials, from which
particular ones can be retrieved. This method is used to provide
this set to the helper. It has to be invoked only once, since the
lookup operations are performed by the set itself, so they always
access the current set of credentials.
For a class that implements several helpers, this method will be
invoked several times. Since the accessor maintains only a single
set of credentials, the invocations will have the same argument.
Therefore, the multi helper will not have to take precautions of
the multiple invocations.
- Parameters:
credentials - the set of available credentials- See Also:
MFCCredential,
MFCCardAccessor,
MFCCardAccessor.getCredentials()
lookupSignCredential
protected final SignCredential lookupSignCredential(MFCCardChannel channel,
int number)
throws CardServiceMissingCredentialsException
- Retrieves a SignCredential from the set of available credentials.
- Parameters:
channel - the channel to the smartcard,
implicitly specifying the key domainnumber - the identifier of the key in it's domain- Returns:
- the credential for the requested key
- Throws:
- CardServiceMissingCredentialsException - The requested credential is not available.
lookupSecureCredential
protected final SecureCredential lookupSecureCredential(MFCCardChannel channel,
int number)
throws CardServiceMissingCredentialsException
- Retrieves a SecureCredential from the set of available credentials.
- Parameters:
channel - the channel to the smartcard,
implicitly specifying the key domainnumber - the identifier of the key in it's domain- Returns:
- the credential for the requested key
- Throws:
- CardServiceMissingCredentialsException - The requested credential is not available.
requestRandom
protected byte[] requestRandom(MFCCardChannel channel)
throws CardServiceUnexpectedResponseException,
CardTerminalException
- Requests a random number from the smartcard.
The command that gets sent to the smartcard is composed in
ask_random_apdu on the first invocation. It will
be re-used in subsequent invocations.
- Parameters:
channel - the contact to the smartcard- Returns:
- an 8 byte random number obtained from the smartcard
- Throws:
- CardServiceUnexpectedResponseException - The smartcard returned an error status. It was probably
initialized or personalized with an illegal DES key.
- CardTerminalException - The terminal encountered an error.
provideRandom
protected final void provideRandom(MFCCardChannel channel,
byte[] random)
throws CardServiceUnexpectedResponseException,
CardTerminalException
- Puts a random number to the smartcard.
The command that is sent to the smartcard will be composed in the
attribute put_random_apdu on the first invocation. It is
re-used on subsequent invocations.
- Parameters:
channel - the contact to the smartcardrandom - the random number to provide to the smartcard- Throws:
- CardServiceUnexpectedResponseException - The smartcard returned an error status. It was probably
initialized or personalized with an illegal DES key.
- CardTerminalException - The terminal encountered an error.
|
