Security Service Example
The following example demonstrates how to implement a security service.
package com.sun.javacard.samples.SecureRMIDemo;
import javacard.framework.*;
import javacard.framework.service.*;
public class MySecurityService extends BasicService implements SecurityService {
// list IDs of known parties...
private static final byte[] PRINCIPAL_APP_PROVIDER_ID = {0x12, 0x34};
private static final byte[] PRINCIPAL_CARDHOLDER_ID = {0x43, 0x21};
private OwnerPIN provider_pin, cardholder_pin = null;
// and the security-related session flags
...
public MySecurityService() {
// initialize the PINs
...
}
public boolean processDataIn(APDU apdu) {
if(selectingApplet()) {
// reset all flags
...
}
else {
return preprocessCommandAPDU(apdu);
}
}
public boolean isCommandSecure(byte properties) throws ServiceException {
// return the value of appropriate flag
....
}
public boolean isAuthenticated(short principal) throws ServiceException {
// return the value of appropriate flag
....
}
private byte authenticated;
private boolean preprocessCommandAPDU(APDU apdu) {
receiveInData(apdu);
if(checkAndRemoveChecksum(apdu)) {
// set DATA_INTEGRITY flag
}
else {
// reset DATA_INTEGRITY flag
}
return false; // other services may also preprocess the data
}
private boolean checkAndRemoveChecksum(APDU apdu) {
// remove the checksum
// return true if checksum OK, false otherwise
}
public boolean processCommand(APDU apdu) {
if(isAuthenticate(apdu)) {
receiveInData(apdu);
// check PIN
// set AUTHENTICATED flags
return true; // processing of the command is finished
}
else {
return false; // this command was addressed to another
// service - no processing is done
}
}
public boolean processDataOut(APDU apdu) {
// add checksum to outgoing data
return false; // other services may also postprocess outgoing data
}
private boolean isAuthenticate(APDU command) {
// check values of CLA and INS bytes
}
}