version 0.6.0

CHANGELOG.txt

@@ -1,5 +1,28 @@
 changelog
 
+v0.6.0
+Improvements:
+More refactoring work
+prepareTransactionProcessing (Offline Data Authentication, Processing restrictions, Terminal Risk Management, etc) [experimental]
+Added ability to specify a custom PIN callback handler
+Parse ICCPinEnciphermentPublicKeyCertificate
+Added MC and VISA proprietary tags
+Added support for registering AtrHandlers and AidHandlers
+Read data from Global Platform Security Domains
+Read JCOP Identify Applet
+Read (synchronous) storage cards (via PC/SC compliant readers)
+Re-add CA test public keys
+Use byte arrays instead of Strings when sending commands
+Store application discretionary data
+Differentiate between unprocessed records (known tag) and unknown records (unknown tag)
+Experimental support for identifying context specific TLV tags based on IIN/RID
+Automatically add Le if missing
+Added support for Internal Auth response containing RESPONSE_MESSAGE_TEMPLATE_2 (based on a patch by bgillis)
+Get PC/SC error code description, if available
+Bugfixes:
+Fixed bug in TerminalVerificationResults returing wrong array length, causing GPO to fail
+Fixed bug in the handling of verifyPIN response (based on a patch by bgillis)
+
 v0.5.2
 Temporarily disabled loading of CA test keys
 

NOTES.txt

@@ -0,0 +1,71 @@
+Notes about codesigning & timestamping:
+
+Sign and timestamp JAR: 
+It is a good practice to timestamp anything that you sign. Popular timestamping authority URLs include:
+
+http://timestamp.verisign.com
+http://tsa.starfieldtech.com
+https://timestamp.geotrust.com/tsa
+
+http://www.oracle.com/technetwork/java/javase/overview/ria-checklist-2055184.html
+https://blogs.oracle.com/thejavatutorials/entry/signing_a_jnlp_file
+
+When your signed file provides a timestamp, Java is able to use that information within the PKIXParameters and determine:
+
+1. Do I trust this timestamp authority to act as a notary?
+2. Is the signature date before the certificate's time of expiration?
+3. Based on Certificate Revocation Lists, was this certificate valid on or before the signature date?
+
+If the answer to all questions is yes, then the signature is deemed valid even if the certificate has expired.
+
+
+Good rundown on EMV:
+http://www.emv411.com/2012/07/17/what-are-chip-applications-and-how-are-they-used
+
+Linux SmartcardIO:
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500762
+
+SmartcardIO OSX Support: 
+-http://forums.sun.com/thread.jspa?threadID=5424569
+-http://smartcardservices.macosforge.org/trac/ticket/6
+
+EMV Security:
+http://www.chipandspin.co.uk/
+
+EMV Tutorial
+http://www.openscdp.org/scripts/tutorial/emv/index.html
+
+
+
+
+Example card file/directory structure:
+
+ROOT(MF)
+-ADF
+--AEF
+--AEF
+-DDF
+--ADF
+---AEF
+
+Directories on card (optional):
+DDF (FCI with SFI of directory)
+--Directory
+
+
+PSE = If present, contains DDF 1.PAY.SYS.DDF01
+ADF = Application Definition File (response to SELECT APP AID)
+DDF = 1PAY.SYS.DDF01 Describes (some or all) DFs within the card, may or may not be the MF
+SFI = File Index used for the selection of AEFs
+AEF = file that can contain one or more records
+
+Any ADF or DDF in the card is referenced by its DF name
+ADF corresponds to the AID or contains the AID as the beginning of the DF name. Each DF name shall be unique within a given card.
+
+SFIs are used for the selection of AEFs. Any AEF within a given application is referenced by a SFI coded on 5 bits in the range 1 to 30. A SFI shall be unique within an application.
+
+After a successful SELECT command, the file system path is set to the selected PSE/DDF/ADF.
+Subsequent commands apply to AEFs associated with the selected PSE, DDF, or ADF using SFIs.
+
+The directory is not required to have entries for all DDFs and ADFs in the card, and following the chain of DDFs may not reveal all applications supported by the card. However, if the PSE exists, only applications that are revealed by following the chain of DDFs beginning with the initial directory can be assured of international interoperability.
+

TODO.txt

@@ -1,42 +1,8 @@
-Good rundown on EMV:
-http://www.emv411.com/2012/07/17/what-are-chip-applications-and-how-are-they-used
-
-
 TODO:
 
--Generic test framework for Smartcards (including intelligent SC emulator and terminal emulator)
--Implement the full EMV MasterCard(M/chip/Paypass) and VISA test specifications.
-
-
-
-ROOT(MF)
--ADF
---AEF
---AEF
--DDF
---ADF
----AEF
-
-Directories on card (optional):
-DDF (FCI with SFI of directory)
---Directory
-
-
-PSE = If present, contains DDF 1.PAY.SYS.DDF01
-ADF = Application Definition File (response to SELECT APP AID)
-DDF = 1PAY.SYS.DDF01 (Beskrivelse av innhold) which is mapped onto a DF within the card, may or may not be the MF
-SFI = File Index used for the selection of AEFs
-AEF = file that can contain one or more records
-
-Any ADF or DDF in the card is referenced by its DF name
-ADF corresponds to the AID or contains the AID as the beginning of the DF name. Each DF name shall be unique within a given card.
-
-SFIs are used for the selection of AEFs. Any AEF within a given application is referenced by a SFI coded on 5 bits in the range 1 to 30. A SFI shall be unique within an application.
-
-After a successful SELECT command, the file system path is set to the selected PSE/DDF/ADF.
-Subsequent commands apply to AEFs associated with the selected PSE, DDF, or ADF using SFIs.
-
-The directory is not required to have entries for all DDFs and ADFs in the card, and following the chain of DDFs may not reveal all applications supported by the card. However, if the PSE exists, only applications that are revealed by following the chain of DDFs beginning with the initial directory can be assured of international interoperability.
+-Generic test framework for Smartcards (including SC simulator and terminal emulator) jcardsim+applet (init,personalize,transact) EMVPersonalizer.setXXX
+-Implement the (full) EMV MasterCard(M/chip/Paypass) and VISA test specifications?
+-Remote terminal (for debugging)
 
 
 TODO:
@@ -45,23 +11,30 @@ TODO:
 TODO EMV: (1st priority)
 ----------------------------
 
-Check correct ordering of commands (GET PO/INTERNAL AUTH etc) according to EMV spec.
+EMVTerminal.getCurrentTransaction().getTransactionStatusInformation();
+EMVTerminal.getCurrentTransaction().getTerminalVerificationResults();
 
-OSX Support?: 
--http://forums.sun.com/thread.jspa?threadID=5424569
--http://smartcardservices.macosforge.org/trac/ticket/6
+EMVTerminal.getCapabilities()?
 
-Identifying an EMV card (how to do this? presence or absence of 1PAY.SYS.DDF01 is not enough)[check EMV spec]
-(The PSE could be missing. A terminal can select an APP directly)
+EMVTerminal.startNewTransaction();
 
-PSE alternatives (book 1 page 161)
+EMVTerminal.reset();
 
-1 Supports PSE? N:goto 3
-2 SupportedAID found using the Payment System Directory selection method? Y:Goto 4, N:goto 3
-3 Use "List of AIDs"-method
-4 Final selection (book 1 page 165)
+app.setTransaction(t);
 
-PSE example (when PSE present)
+use RID object instead of passing bytes
+
+BERTLV.create?
+
+Handle RID/Issuer proprietary tags (EMV 4.2 Book 3, note 9, page 96):
+Payment system-specific tags are interpreted within the context of the application RID. 
+Issuer-specific tags are interpreted within the context of the Issuer Identification Number (as defined in ISO/IEC 7812-1). 
+Additionally, to satisfy business requirements such as proprietary domestic processing, 
+multiple issuers may agree on the definition of a private class tag. 
+Such tags may be interpreted in the context of other data such as Issuer Country Code.
+
+
+Application selection: PSE example (when PSE present)
 -SELECT DDF 1PAY.SYS.DDF01 of PSE to find Payment APPs (returns SFI of Directory Elementary File/PSD) [This establishes the PSE and makes the initial Payment System Directory accessible]
 --if returns SW != 9000 -> use "list of AIDs"-method (book 1, side 162), else continue
 -for recnums 1-X (until SW==6A83): READ RECORD in Directory Elementary File/Payment system directory (returns record) 
@@ -72,7 +45,7 @@ PSE example (when PSE present)
 --returns available Files (SFI records)
 --Iterate ALL files
 --Collect data from files
---Use collected data to perform wanted operation (transaction)
+--Use collected data to perform desired operation (transaction)
 
 TVR page 187 book 3
          132
@@ -91,16 +64,3 @@ SELECT APP by partial AID (partial name selection): see book 1 page 150
 ---brute force AIDs
 ---direct select AID
 ---select group of AIDs by using first n bytes of AID as DDF name
-
-
-
-
-
-Linux SmartcardIO:
-http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500762
-
-EMV Security:
-http://www.chipandspin.co.uk/
-
-EMV Tutorial
-http://www.openscdp.org/scripts/tutorial/emv/index.html

pom.xml

@@ -4,10 +4,10 @@
     <groupId>com.googlecode</groupId>
     <artifactId>javaemvreader</artifactId>
     <packaging>jar</packaging>
-    <version>0.5.2</version>
+    <version>0.6.0-SNAPSHOT</version>
     <name>Java EMV Reader</name>
     <prerequisites>
-        <maven>3.1.1</maven>
+        <maven>3.2.1</maven>
     </prerequisites>
     <licenses>
         <license>
@@ -122,6 +122,7 @@
                             <url>${project.url}</url>
                             <Built-By>sasc</Built-By>
                             <Permissions>all-permissions</Permissions>
+                            <Application-Name>${project.name}</Application-Name>
                             <!-- 
                             Seal JAR
                             (Enforce consistency within a version.)
@@ -136,7 +137,7 @@
                             This setting is only relevant when a SecurityManager is installed
                             -->
                             <Sealed>true</Sealed>
-                            <!--<Codebase></Codebase>-->
+                            <Codebase>http://code.google.com/p/javaemvreader/downloads/</Codebase>
                         </manifestEntries>
                     </archive>
                 </configuration>
@@ -275,7 +276,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jarsigner-plugin</artifactId>
-                <version>1.2</version>
+                <version>1.3.1</version>
                 <executions>
                     <execution>
                         <id>sign</id>
@@ -298,6 +299,9 @@
                         <goals>
                             <goal>verify</goal>
                         </goals>
+                        <configuration>
+                            <archive>${project.build.directory}/${project.artifactId}-${project.version}-full.jar</archive>
+                        </configuration>
                     </execution>
                 </executions>
 
@@ -331,12 +335,19 @@
                             <execution>
                                 <id>sign</id>
                                 <configuration>
+                                    <tsa>https://timestamp.geotrust.com/tsa</tsa>
+                                    <verbose>true</verbose>
                                     <arguments>
-                                        <argument>-tsa</argument>
-                                        <argument>https://timestamp.geotrust.com/tsa</argument>
+                                        <argument>-strict</argument>
                                     </arguments>
                                 </configuration>
                             </execution>
+                            <execution>
+                                <id>verify</id>
+                                <configuration>
+                                    <verbose>true</verbose>
+                                </configuration>
+                            </execution>
                         </executions>
                     </plugin>
                 </plugins>

src/main/java/sasc/CardEmulator.java

@@ -26,7 +26,7 @@
 import sasc.emv.EMVSession;
 import sasc.util.Log;
 import sasc.emv.SW;
-import sasc.common.SessionProcessingEnv;
+import sasc.smartcard.common.SessionProcessingEnv;
 import sasc.terminal.CardResponse;
 import sasc.terminal.Terminal;
 import sasc.terminal.TerminalException;
@@ -36,8 +36,8 @@
 /**
  * An ICC emulator that uses data loaded from XML-file
  *
- * Emulate the external behavior of a Smart Card. 
- * 
+ * Emulate the external behavior of a Smart Card.
+ *
  * @author sasc
  */
 public class CardEmulator implements CardConnection {
@@ -210,16 +210,16 @@ private void parseGetDataElement(XMLElement getDataElement, Application app) {
             }
         }
     }
-    
+
     private static boolean hasLe(byte[] cmd){
         if(cmd.length < 5){
             return false;
         }
-        
+
         if(cmd.length == 5){
             return true;
         }
-        
+
         if(Util.byteToInt(cmd[4]) == cmd.length-5-1){
             return true;
         }
@@ -229,7 +229,7 @@ private static boolean hasLe(byte[] cmd){
     @Override
     public CardResponse transmit(byte[] cmd) throws TerminalException {
         CardResponse response = null;
-        
+
         if(hasLe(cmd)){ //Strip Le
             byte[] tmp = new byte[cmd.length-1];
             System.arraycopy(cmd, 0, tmp, 0, tmp.length);
@@ -275,7 +275,7 @@ public CardResponse transmit(byte[] cmd) throws TerminalException {
                         throw new RuntimeException("INS " + Util.byte2Hex(ins) + " not implemented yet. cmd=" + cmdStr);
                 }
                 break;
-            case (byte) 0xF0: 
+            case (byte) 0xF0:
                 if(cls == (byte) 0xFF){
                     responseBytes = new byte[]{0x67, 0x00};
                     break;