org.eclipse.keyple.card.calypso.SymmetricCryptoSecuritySettingAdapter Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of keyple-card-calypso-java-lib Show documentation
Show all versions of keyple-card-calypso-java-lib Show documentation
Keyple add-on to manage Calypso cards
/* **************************************************************************************
* Copyright (c) 2022 Calypso Networks Association https://calypsonet.org/
*
* See the NOTICE file(s) distributed with this work for additional information
* regarding copyright ownership.
*
* This program and the accompanying materials are made available under the terms of the
* Eclipse Public License 2.0 which is available at http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
************************************************************************************** */
package org.eclipse.keyple.card.calypso;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.eclipse.keyple.core.util.Assert;
import org.eclipse.keypop.calypso.card.WriteAccessLevel;
import org.eclipse.keypop.calypso.card.transaction.CryptoException;
import org.eclipse.keypop.calypso.card.transaction.CryptoIOException;
import org.eclipse.keypop.calypso.card.transaction.SymmetricCryptoSecuritySetting;
import org.eclipse.keypop.calypso.crypto.symmetric.SymmetricCryptoException;
import org.eclipse.keypop.calypso.crypto.symmetric.SymmetricCryptoIOException;
import org.eclipse.keypop.calypso.crypto.symmetric.spi.SymmetricCryptoCardTransactionManagerFactorySpi;
/**
* Adapter of {@link SymmetricCryptoSecuritySetting}.
*
* @since 2.3.1
*/
class SymmetricCryptoSecuritySettingAdapter implements SymmetricCryptoSecuritySetting {
private static final String WRITE_ACCESS_LEVEL = "writeAccessLevel";
private final SymmetricCryptoCardTransactionManagerFactorySpi
cryptoCardTransactionManagerFactorySpi;
private boolean isMultipleSessionEnabled;
private boolean isRatificationMechanismEnabled;
private boolean isPinPlainTransmissionEnabled;
private boolean isSvLoadAndDebitLogEnabled;
private boolean isSvNegativeBalanceAuthorized;
private boolean isReadOnSessionOpeningDisabled;
private final Map> kifMap =
new EnumMap>(WriteAccessLevel.class);
private final Map defaultKifMap =
new EnumMap(WriteAccessLevel.class);
private final Map defaultKvcMap =
new EnumMap(WriteAccessLevel.class);
private final Set authorizedSessionKeys = new HashSet();
private final Set authorizedSvKeys = new HashSet();
private Byte pinVerificationCipheringKif;
private Byte pinVerificationCipheringKvc;
private Byte pinModificationCipheringKif;
private Byte pinModificationCipheringKvc;
SymmetricCryptoSecuritySettingAdapter(
SymmetricCryptoCardTransactionManagerFactorySpi cryptoCardTransactionManagerFactorySpi) {
this.cryptoCardTransactionManagerFactorySpi = cryptoCardTransactionManagerFactorySpi;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting enableMultipleSession() {
isMultipleSessionEnabled = true;
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting enableRatificationMechanism() {
isRatificationMechanismEnabled = true;
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting enablePinPlainTransmission() {
isPinPlainTransmissionEnabled = true;
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting enableSvLoadAndDebitLog() {
isSvLoadAndDebitLogEnabled = true;
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting authorizeSvNegativeBalance() {
isSvNegativeBalanceAuthorized = true;
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.2
*/
@Override
public SymmetricCryptoSecuritySetting disableReadOnSessionOpening() {
isReadOnSessionOpeningDisabled = true;
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting assignKif(
WriteAccessLevel writeAccessLevel, byte kvc, byte kif) {
Assert.getInstance().notNull(writeAccessLevel, WRITE_ACCESS_LEVEL);
Map map = kifMap.get(writeAccessLevel);
if (map == null) {
map = new HashMap();
kifMap.put(writeAccessLevel, map);
}
map.put(kvc, kif);
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting assignDefaultKif(
WriteAccessLevel writeAccessLevel, byte kif) {
Assert.getInstance().notNull(writeAccessLevel, WRITE_ACCESS_LEVEL);
defaultKifMap.put(writeAccessLevel, kif);
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting assignDefaultKvc(
WriteAccessLevel writeAccessLevel, byte kvc) {
Assert.getInstance().notNull(writeAccessLevel, WRITE_ACCESS_LEVEL);
defaultKvcMap.put(writeAccessLevel, kvc);
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting addAuthorizedSessionKey(byte kif, byte kvc) {
authorizedSessionKeys.add(((kif << 8) & 0xff00) | (kvc & 0x00ff));
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting addAuthorizedSvKey(byte kif, byte kvc) {
authorizedSvKeys.add(((kif << 8) & 0xff00) | (kvc & 0x00ff));
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting setPinVerificationCipheringKey(byte kif, byte kvc) {
this.pinVerificationCipheringKif = kif;
this.pinVerificationCipheringKvc = kvc;
return this;
}
/**
* {@inheritDoc}
*
* @since 2.3.1
*/
@Override
public SymmetricCryptoSecuritySetting setPinModificationCipheringKey(byte kif, byte kvc) {
this.pinModificationCipheringKif = kif;
this.pinModificationCipheringKvc = kvc;
return this;
}
/**
* {@inheritDoc}
*
* @since 3.0.0
*/
@Override
public void initCryptoContextForNextTransaction() {
try {
cryptoCardTransactionManagerFactorySpi.preInitTerminalSessionContext();
} catch (SymmetricCryptoException e) {
throw new CryptoException(e.getMessage(), e);
} catch (SymmetricCryptoIOException e) {
throw new CryptoIOException(e.getMessage(), e);
}
}
/**
* Indicates if the multiple session mode is enabled.
*
* @return True if the multiple session mode is enabled.
* @since 2.0.0
*/
boolean isMultipleSessionEnabled() {
return isMultipleSessionEnabled;
}
/**
* Indicates if the ratification mechanism is enabled.
*
* @return True if the ratification mechanism is enabled.
* @since 2.0.0
*/
boolean isRatificationMechanismEnabled() {
return isRatificationMechanismEnabled;
}
/**
* Indicates if the transmission of the PIN in plain text is enabled.
*
* @return True if the transmission of the PIN in plain text is enabled.
* @since 2.0.0
*/
boolean isPinPlainTransmissionEnabled() {
return isPinPlainTransmissionEnabled;
}
/**
* Indicates if the retrieval of both load and debit log is enabled.
*
* @return True if the retrieval of both load and debit log is enabled.
* @since 2.0.0
*/
boolean isSvLoadAndDebitLogEnabled() {
return isSvLoadAndDebitLogEnabled;
}
/**
* Indicates if the SV balance is allowed to become negative.
*
* @return True if the retrieval of both load and debit log is enabled.
* @since 2.0.0
*/
boolean isSvNegativeBalanceAuthorized() {
return isSvNegativeBalanceAuthorized;
}
/**
* @return True if the auto-read optimization feature in the "Open Secure Session" command is
* disabled.
* @since 2.3.2
*/
boolean isReadOnSessionOpeningDisabled() {
return isReadOnSessionOpeningDisabled;
}
/**
* Gets the KIF value to use for the provided write access level and KVC value.
*
* @param writeAccessLevel The write access level.
* @param kvc The KVC value.
* @return Null if no KIF is available.
* @throws IllegalArgumentException If the provided writeAccessLevel is null.
* @since 2.0.0
*/
Byte getKif(WriteAccessLevel writeAccessLevel, byte kvc) {
Assert.getInstance().notNull(writeAccessLevel, WRITE_ACCESS_LEVEL);
Map map = kifMap.get(writeAccessLevel);
if (map != null) {
return map.get(kvc);
} else {
return null;
}
}
/**
* Gets the default KIF value for the provided write access level.
*
* @param writeAccessLevel The write access level.
* @return Null if no KIF is available.
* @throws IllegalArgumentException If the provided argument is null.
* @since 2.0.0
*/
Byte getDefaultKif(WriteAccessLevel writeAccessLevel) {
return defaultKifMap.get(writeAccessLevel);
}
/**
* Gets the default KVC value for the provided write access level.
*
* @param writeAccessLevel The write access level.
* @return Null if no KVC is available.
* @throws IllegalArgumentException If the provided argument is null.
* @since 2.0.0
*/
Byte getDefaultKvc(WriteAccessLevel writeAccessLevel) {
return defaultKvcMap.get(writeAccessLevel);
}
/**
* Indicates if the KIF/KVC pair is authorized for a session.
*
* @param kif The KIF value.
* @param kvc The KVC value.
* @return False if KIF or KVC is null or unauthorized.
* @since 2.0.0
*/
boolean isSessionKeyAuthorized(Byte kif, Byte kvc) {
if (kif == null || kvc == null) {
return false;
}
if (authorizedSessionKeys.isEmpty()) {
return true;
}
return authorizedSessionKeys.contains(((kif << 8) & 0xff00) | (kvc & 0x00ff));
}
/**
* Indicates if the KIF/KVC pair is authorized for a SV operation.
*
* @param kif The KIF value.
* @param kvc The KVC value.
* @return False if KIF or KVC is null or unauthorized.
* @since 2.0.0
*/
boolean isSvKeyAuthorized(Byte kif, Byte kvc) {
if (kif == null || kvc == null) {
return false;
}
if (authorizedSvKeys.isEmpty()) {
return true;
}
return authorizedSvKeys.contains(((kif << 8) & 0xff00) | (kvc & 0x00ff));
}
/**
* Gets the KIF value of the PIN verification ciphering key.
*
* @return Null if no KIF is available.
* @since 2.0.0
*/
Byte getPinVerificationCipheringKif() {
return pinVerificationCipheringKif;
}
/**
* Gets the KVC value of the PIN verification ciphering key.
*
* @return Null if no KVC is available.
* @since 2.0.0
*/
Byte getPinVerificationCipheringKvc() {
return pinVerificationCipheringKvc;
}
/**
* Gets the KIF value of the PIN modification ciphering key.
*
* @return Null if no KIF is available.
* @since 2.0.0
*/
Byte getPinModificationCipheringKif() {
return pinModificationCipheringKif;
}
/**
* Gets the KVC value of the PIN modification ciphering key.
*
* @return Null if no KVC is available.
* @since 2.0.0
*/
Byte getPinModificationCipheringKvc() {
return pinModificationCipheringKvc;
}
SymmetricCryptoCardTransactionManagerFactorySpi getCryptoCardTransactionManagerFactorySpi() {
return cryptoCardTransactionManagerFactorySpi;
}
Map> getKifMap() {
return kifMap;
}
Map getDefaultKifMap() {
return defaultKifMap;
}
Map getDefaultKvcMap() {
return defaultKvcMap;
}
Set getAuthorizedSessionKeys() {
return authorizedSessionKeys;
}
Set getAuthorizedSvKeys() {
return authorizedSvKeys;
}
}