CustomCardAccessor Class for Authentication and Signing

The SecurePurseClient application uses a subclass of CardAccessor called CustomCardAccessor to perform user authentication functions and to sign every message sent thereafter for integrity purposes:

package examples.securepurseclient;

public class CustomCardAccessor extends ApduIOCardAccessor {
    /** Creates new CustomCardAccessor */
    public CustomCardAccessor() {
    }

    public byte[] exchangeAPDU(byte[] sendData) throws java.io.IOException {

        byte[] macSignature = null;
        byte[] dataWithMAC = new byte[sendData.length + 4];

        // sign the sendData data using session key
        // sign the data in commandBuffer using the user's session key
        // add generated MAC signature to data in buffer before sending

        return super.exchangeAPDU(dataWithMAC);
    }

    boolean authenticateUser(short userKey) {
        byte[] externalAuthCommand = null;

        // build and send the appropriate commands to the
        // applet to authenticate the user using the user Key
        // and additional info provided
        try {
            byte[] response = super.exchangeAPDU(externalAuthCommand);
            // ...
        } catch (Exception e) {
            // analyze
            return false;
        }
        // Then compute the session key for later use
        return true; // successful authentication
    }
}

The CustomCardAccessor class introduces the authenticateUser method to send APDU commands to the SecurePurseApplet on the card to authenticate the user described by the userKey parameter and other parameters and to compute a transport key. It invokes super.sendCommandAPDU method to send the command without modification.

This CustomCardAccessor class also reimplements the exchangeAPDU method declared in a superclass CardAccessor to sign each message before it is sent out by super.exchangeAPDU.