opencard.opt.security
Interface SecureService
- All Known Subinterfaces:
- AppletManagerCardService, FileAccessCardService, FileSystemCardService, IsoFileSystemCardService, KeyGenerationCardService, KeyImportCardService, SignatureCardService
- All Known Implementing Classes:
- ACOSCardService, GemXCosCardService, IsoCardService, ISSSSignatureService, TransparentCardService
public interface SecureService
An interface for card services with cryptographic security mechanisms.
It defines a standard way to pass credentials to a card service. It does
not define any methods that could be used to access the smartcard.
Therefore, it does not make sense for an application to request a card
service that implements this interface.
Applications have to provide credentials to card services in order to
satisfy access conditions involving cryptography. The credentials are
collected in card-specific credential stores, which are collected in
credential bags. The bag is what has to be provided to the card service.
One example for a card service that extends this interface is the service
that provides access to ISO file systems, FileAccessCardService.
Other services that require credentials should extend it, too. An
application can then check by the instanceof operator whether
a service may need credentials or not. Card service implementors can
either support the credentials provided in opencard.opt.security or
support credentials in a base class common to all services that need them.
Smartcards that support cryptographic security typically support different
key domains. For example, file system based smartcards use elementary
files to store keys, and in each directory, different keys may be defined.
The card resident parts of each application supported by a smartcard will
be stored in an application directory, so each application can use it's
private credentials. Therefore, along with the credential bag to use, a
security domain has to be given. The security domain can for example bed
specified by a path to the directory in which the application resides.
SecurityDomain is simply a tag interfaces for classes which can be used
to identify a security domain. Different card services may support
different types of SecurityDomain. For file system based smartcards
class opencard.opt.iso.fs.CardFilePath implements the SecurityDomain interface.
- Version:
- $Id: SecureService.java,v 1.1.1.1 1999/10/05 15:08:48 damke Exp $
- Author:
- Roland Weber (rolweber@de.ibm.com), Peter Bendel (peter_bendel@de.ibm.com)
- See Also:
CardService
,
Credential
,
CredentialStore
,
CredentialBag
,
CardFilePath
,
FileAccessCardService
provideCredentials
void provideCredentials(SecurityDomain domain,
CredentialBag creds)
throws CardServiceException
- Provides credentials to a card service.
The security domain should be specified as the path to the directory
in which the application's card resident parts are located. The bag
of credentials should hold a credential store suitable for the respective
card and card service implementation. Only credentials in that store will
(and can) be used by the service.
- Parameters:
domain
- the security domain for which to provide credentialscreds
- the credentials for that domain
- Throws:
CardServiceException
- If the card service could not process the credentials,
if the SecurityDomain is invalid.- See Also:
CardService