Exemple :Creating a Java Card Applet
Off-the-shelf Java technology development tools can be used to create and compile the source code for Java Card applets. Once the Java software source code is compiled into a class file, a post-processed version of the applet, suitable for loading on Java technology smart cards, is created using the Java Card Converter tool, as discussed in the Overviewchapter and pictured in
FIGURE 3-1.
Java Card technology differs from Java technology as a result of the resource constraints of the smart card environment, as discussed in the Java Card Technologychapter. Smart cards communicate using a packet mechanism called APDUs, as discussed in the Overviewchapter and in the Working with APDUssection of this chapter.
You now have enough background to begin the process of creating the source code for a Java Card applet. The source code for the applet begins with the same package designations found in the Java language (the java.lang package need not be expressly imported into your applet).
The following code listing shows a basic example of a Java Card applet that can be post-processed by the Java Card Converter and installed onto a Java technology smart card:
import javacard.framework.*;
import javacardx.framework.*;
public class Wallet extends Applet {
/* constants declaration */
An applet is an instance of a class which
extends from:
javacard.framework.Applet.
// code of CLA byte in the command APDU header
final static byte Wallet_CLA =(byte)0xB0;
CLA identifies the application
// codes of INS byte in the command APDU header
final static byte Deposit = (byte) 0x10;
final static byte Debit = (byte) 0x20;
final static byte Balance = (byte) 0x30;
final static byte Validate = (byte) 0x40;
INS specifies the application instructions.
// maximum number of incorrect tries before the
// PIN is blocked
final static byte PinTryLimit =(byte)0x03;
// maximum size PIN
final static byte MaxPinSize =(byte)0x04;
PIN object parameters.
// status word (SW1-SW2) to signal that the
// balance becomes negative;
final static short SW_NEGATIVE_BALANCE = (short)0x6910;
Applet-specific static word.
/* instance variables declaration */
OwnerPIN pin;
byte balance;
byte buffer[]; // APDU buffer
private Wallet() {
// It is good programming practice to allocate
// all the memory that an applet needs during
// its lifetime inside the constructor
pin = new OwnerPIN(PinTryLimit, MaxPinSize);
balance = 0;
register();
} // end of the constructor
private constructor—an instance of class Wallet is instantiated by its install method.
The applet registers itself with the JCRE by calling registermethod, which is defined in class Applet.
public static void install(APDU apdu){
// create a Wallet applet instance
new Wallet();
} // end of install method
Method installis invoked by the JCRE as the last step in the applet installation process.
public boolean select() {
// reset validation flag in the PIN object to
// false
pin.reset();
// returns true to JCRE to indicate that the
// applet is ready to accept incoming APDUs.
return true;
}// end of select method
This method is called by the JCRE to indicate that this applet has been selected. It performs necessary initialization which is required to process the subsequent APDU messages
public void process(APDU apdu) {
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between card and CAD
buffer = apdu.getBuffer();
After the applet is successfully selected, the JCRE dispatches incoming APDUs to this method. APDU object is owned and maintained by the JCRE. It encapsulates details of the underlying transmission protocol (T0 or T1 as specified in ISO 7816-3) by providing a common interface.
// verify that if the applet can accept this
// APDU message
if (buffer[ISO.OFFSET_CLA] !== Wallet_CLA) ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED);
When an error occurs, the applet may decide to terminate the process and throw an exception containing the status word (SW1 SW2) to indicate the processing state of the card. An exception that is not caught by an applet is caught by the JCRE.
switch (buffer[ISO.OFFSET_INS]) {
case Balance: getBalance(apdu); return;
case Debit: debit(apdu); return;
case Deposit: deposit(apdu);return;
case Validate: validate(apdu);return
default: ISOException.throwIt(ISO.SW_INS_NOT_SUPPORTED);
}
} // end of process method
The main function of the process method is to perform an action as specified in the APDU and to return an appropriate response to the terminal. INS byte specifies the type of action needed to be performed.
private void deposit(APDU apdu) {
// access authentication
if ( ! pin.isValidated() )
ISOException.throwIt (ISO.SW_PIN_REQUIRED);
// Lc byte denotes the number of bytes in the
// data field of the comamnd APDU
byte numBytes = (byte) (buffer[ISO.OFFSET_LC]);
// indicate that this APDU has incoming data and
// receive data starting from the offset
// ISO.OFFSET_CDATA
byte byteRead =
(byte)(apdu.setIncomingAndReceive());
// it is an error if the number of data bytes
// read does not match the number in Lc byte
if (byteRead != 1)
ISOException.throwIt(ISO.SW_WRONG_LENGTh);
// increase the balance by the amount specified
// in the data field of the command APDU.
balance = (byte)
(balance + buffer[ISO.OFFSET_CDATA]);
// return successfully
return;
} // end of deposit method
The parameter APDU object contains a data field, which specifies the amount to be added onto the balance. Upon receiving the APDU object from the JCRE, the first 5 bytes (CLA, INS, P1, P2, Lc/Le) are available in the APDU buffer. Their offsets in the APDU buffer are specified in the class
ISO. Because the data field is optional, the applet needs to explicitly inform the JCRE to retrieve additional data bytes.
The communication between card and CAD is exchanged between the command APDU and response APDU pair. In the deposit case, the response APDU contains no data field. The JCRE would take the status word 0x9000 (normal processing) to form the correct response APDU. Applet developers do
not need to be concerned with the details of constructing the proper
response APDU. When the JCRE catches an Exception, which signals an error during processing the command, the JCRE would use the status word contained in the Exception to construct the response APDU.
FIGURE 3-1.
You now have enough background to begin the process of creating the source code for a Java Card applet. The source code for the applet begins with the same package designations found in the Java language (the java.lang package need not be expressly imported into your applet).
The following code listing shows a basic example of a Java Card applet that can be post-processed by the Java Card Converter and installed onto a Java technology smart card:
import javacard.framework.*;
import javacardx.framework.*;
public class Wallet extends Applet {
/* constants declaration */
An applet is an instance of a class which
extends from:
javacard.framework.Applet.
// code of CLA byte in the command APDU header
final static byte Wallet_CLA =(byte)0xB0;
CLA identifies the application
// codes of INS byte in the command APDU header
final static byte Deposit = (byte) 0x10;
final static byte Debit = (byte) 0x20;
final static byte Balance = (byte) 0x30;
final static byte Validate = (byte) 0x40;
INS specifies the application instructions.
// maximum number of incorrect tries before the
// PIN is blocked
final static byte PinTryLimit =(byte)0x03;
// maximum size PIN
final static byte MaxPinSize =(byte)0x04;
PIN object parameters.
// status word (SW1-SW2) to signal that the
// balance becomes negative;
final static short SW_NEGATIVE_BALANCE = (short)0x6910;
Applet-specific static word.
/* instance variables declaration */
OwnerPIN pin;
byte balance;
byte buffer[]; // APDU buffer
private Wallet() {
// It is good programming practice to allocate
// all the memory that an applet needs during
// its lifetime inside the constructor
pin = new OwnerPIN(PinTryLimit, MaxPinSize);
balance = 0;
register();
} // end of the constructor
private constructor—an instance of class Wallet is instantiated by its install method.
The applet registers itself with the JCRE by calling registermethod, which is defined in class Applet.
public static void install(APDU apdu){
// create a Wallet applet instance
new Wallet();
} // end of install method
Method installis invoked by the JCRE as the last step in the applet installation process.
public boolean select() {
// reset validation flag in the PIN object to
// false
pin.reset();
// returns true to JCRE to indicate that the
// applet is ready to accept incoming APDUs.
return true;
}// end of select method
This method is called by the JCRE to indicate that this applet has been selected. It performs necessary initialization which is required to process the subsequent APDU messages
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between card and CAD
buffer = apdu.getBuffer();
After the applet is successfully selected, the JCRE dispatches incoming APDUs to this method. APDU object is owned and maintained by the JCRE. It encapsulates details of the underlying transmission protocol (T0 or T1 as specified in ISO 7816-3) by providing a common interface.
// verify that if the applet can accept this
// APDU message
if (buffer[ISO.OFFSET_CLA] !== Wallet_CLA) ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED);
When an error occurs, the applet may decide to terminate the process and throw an exception containing the status word (SW1 SW2) to indicate the processing state of the card. An exception that is not caught by an applet is caught by the JCRE.
switch (buffer[ISO.OFFSET_INS]) {
case Balance: getBalance(apdu); return;
case Debit: debit(apdu); return;
case Deposit: deposit(apdu);return;
case Validate: validate(apdu);return
default: ISOException.throwIt(ISO.SW_INS_NOT_SUPPORTED);
}
} // end of process method
The main function of the process method is to perform an action as specified in the APDU and to return an appropriate response to the terminal. INS byte specifies the type of action needed to be performed.
private void deposit(APDU apdu) {
// access authentication
if ( ! pin.isValidated() )
ISOException.throwIt (ISO.SW_PIN_REQUIRED);
// Lc byte denotes the number of bytes in the
// data field of the comamnd APDU
byte numBytes = (byte) (buffer[ISO.OFFSET_LC]);
// indicate that this APDU has incoming data and
// receive data starting from the offset
// ISO.OFFSET_CDATA
byte byteRead =
(byte)(apdu.setIncomingAndReceive());
// it is an error if the number of data bytes
// read does not match the number in Lc byte
if (byteRead != 1)
ISOException.throwIt(ISO.SW_WRONG_LENGTh);
// increase the balance by the amount specified
// in the data field of the command APDU.
balance = (byte)
(balance + buffer[ISO.OFFSET_CDATA]);
// return successfully
return;
} // end of deposit method
The parameter APDU object contains a data field, which specifies the amount to be added onto the balance. Upon receiving the APDU object from the JCRE, the first 5 bytes (CLA, INS, P1, P2, Lc/Le) are available in the APDU buffer. Their offsets in the APDU buffer are specified in the class
ISO. Because the data field is optional, the applet needs to explicitly inform the JCRE to retrieve additional data bytes.
The communication between card and CAD is exchanged between the command APDU and response APDU pair. In the deposit case, the response APDU contains no data field. The JCRE would take the status word 0x9000 (normal processing) to form the correct response APDU. Applet developers do
not need to be concerned with the details of constructing the proper
response APDU. When the JCRE catches an Exception, which signals an error during processing the command, the JCRE would use the status word contained in the Exception to construct the response APDU.
0 commentaires: