Security Service Example

The following example demonstrates how to implement a security service.

package com.sun.javacard.samples.SecureRMIDemo;

import javacard.framework.*;
import javacard.framework.service.*;

public class MySecurityService extends BasicService implements SecurityService {
    // list IDs of known parties...
    private static final byte[] PRINCIPAL_APP_PROVIDER_ID = {0x12, 0x34};
    private static final byte[] PRINCIPAL_CARDHOLDER_ID = {0x43, 0x21};
    private OwnerPIN provider_pin, cardholder_pin = null;
    // and the security-related session flags
    ... 
    public MySecurityService() {
        // initialize the PINs
        ...
    }
    public boolean processDataIn(APDU apdu) {
        if(selectingApplet()) {
            // reset all flags
            ...
        }
        else {
            return preprocessCommandAPDU(apdu);
        }
    }
    public boolean isCommandSecure(byte properties) throws ServiceException {
        // return the value of appropriate flag
        ....
    }
    public boolean isAuthenticated(short principal) throws ServiceException {
        // return the value of appropriate flag
        ....
    }
    private byte authenticated;
    private boolean preprocessCommandAPDU(APDU apdu) {
        receiveInData(apdu);
        if(checkAndRemoveChecksum(apdu)) {


            // set DATA_INTEGRITY flag
        }
        else {
            // reset DATA_INTEGRITY flag
        }
        return false;   // other services may also preprocess the data
     }
     private boolean checkAndRemoveChecksum(APDU apdu) {
         // remove the checksum
         // return true if checksum OK, false otherwise
     }
     public boolean processCommand(APDU apdu) {
         if(isAuthenticate(apdu)) {
             receiveInData(apdu);
             // check PIN
             // set AUTHENTICATED flags
             return true;     //  processing of the command is finished
         }
         else {
             return false;  // this command was addressed to another
             // service - no processing is done
         }
     }
     public boolean processDataOut(APDU apdu) {
         // add checksum to outgoing data
         return false;  // other services may also postprocess outgoing data
     }
     private boolean isAuthenticate(APDU command) {
         // check values of CLA and INS bytes 
     } 
}