The SecurePurseClient
application uses a subclass of CardAccessor
called CustomCardAccessor
to perform user authentication functions and to sign every message sent thereafter for integrity purposes:
package examples.securepurseclient; public class CustomCardAccessor extends ApduIOCardAccessor { /** Creates new CustomCardAccessor */ public CustomCardAccessor() { } public byte[] exchangeAPDU(byte[] sendData) throws java.io.IOException { byte[] macSignature = null; byte[] dataWithMAC = new byte[sendData.length + 4]; // sign the sendData data using session key // sign the data in commandBuffer using the user's session key // add generated MAC signature to data in buffer before sending return super.exchangeAPDU(dataWithMAC); } boolean authenticateUser(short userKey) { byte[] externalAuthCommand = null; // build and send the appropriate commands to the // applet to authenticate the user using the user Key // and additional info provided try { byte[] response = super.exchangeAPDU(externalAuthCommand); // ... } catch (Exception e) { // analyze return false; } // Then compute the session key for later use return true; // successful authentication } }
The CustomCardAccessor
class introduces the authenticateUser
method to send APDU
commands to the SecurePurseApplet
on the card to authenticate the user described by the userKey
parameter and other parameters and to compute a transport key. It invokes super.sendCommandAPDU
method to send the command without modification.
This CustomCardAccessor
class also reimplements the exchangeAPDU
method declared in a superclass CardAccessor
to sign each message before it is sent out by super.exchangeAPDU
.