public class BaseSMAdapter<T> extends java.lang.Object implements SMAdapter<T>, Configurable, LogSource
Provides base functionality for the actual Security Module Adapter.
You adapter needs to override the methods that end with "Impl"
| Modifier and Type | Field and Description |
|---|---|
protected Configuration |
cfg |
protected Logger |
logger |
protected java.lang.String |
realm |
FORMAT00, FORMAT01, FORMAT02, FORMAT03, FORMAT04, FORMAT05, FORMAT34, FORMAT35, FORMAT41, FORMAT42, LENGTH_DES, LENGTH_DES3_2KEY, LENGTH_DES3_3KEY, TYPE_BDK, TYPE_CVK, TYPE_DEK, TYPE_HMAC, TYPE_MK_AC, TYPE_MK_CVC3, TYPE_MK_DAC, TYPE_MK_DN, TYPE_MK_SMC, TYPE_MK_SMI, TYPE_PVK, TYPE_RSA_PK, TYPE_RSA_SK, TYPE_TAK, TYPE_TMK, TYPE_TPK, TYPE_ZAK, TYPE_ZEK, TYPE_ZMK, TYPE_ZPK| Constructor and Description |
|---|
BaseSMAdapter() |
BaseSMAdapter(Configuration cfg,
Logger logger,
java.lang.String realm) |
| Modifier and Type | Method and Description |
|---|---|
java.lang.String |
calculateCAVV(java.lang.String accountNo,
T cvk,
java.lang.String upn,
java.lang.String authrc,
java.lang.String sfarc)
Calaculate a 3-D Secure CAVV/AAV.
|
protected java.lang.String |
calculateCAVVImpl(java.lang.String accountNo,
T cvk,
java.lang.String upn,
java.lang.String authrc,
java.lang.String sfarc)
Your SMAdapter should override this method if it has this functionality
|
java.lang.String |
calculateCVD(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String expDate,
java.lang.String serviceCode)
Calaculate a Card Verification Digit (Code/Value).
|
protected java.lang.String |
calculateCVDImpl(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String expDate,
java.lang.String serviceCode)
Your SMAdapter should override this method if it has this functionality
|
java.lang.String |
calculateCVV(java.lang.String accountNo,
T cvkA,
T cvkB,
java.util.Date expDate,
java.lang.String serviceCode)
Calaculate a Card Verification Code/Value.
|
protected java.lang.String |
calculateCVVImpl(java.lang.String accountNo,
T cvkA,
T cvkB,
java.util.Date expDate,
java.lang.String serviceCode)
Your SMAdapter should override this method if it has this functionality
|
java.lang.String |
calculateIBMPINOffset(EncryptedPIN pinUnderLmk,
T pvk,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen)
Calculate an PIN Offset using the IBM 3624 method
|
java.lang.String |
calculateIBMPINOffset(EncryptedPIN pinUnderLmk,
T pvk,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen,
java.util.List<java.lang.String> excludes)
Calculate an PIN Offset using the IBM 3624 method
|
java.lang.String |
calculateIBMPINOffset(EncryptedPIN pinUnderKd1,
T kd1,
T pvk,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen)
Calculate an PIN Offset using the IBM 3624 method of customer selected PIN
|
java.lang.String |
calculateIBMPINOffset(EncryptedPIN pinUnderKd1,
T kd1,
T pvk,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen,
java.util.List<java.lang.String> excludes)
Calculate an PIN Offset using the IBM 3624 method of customer selected PIN
|
protected java.lang.String |
calculateIBMPINOffsetImpl(EncryptedPIN pinUnderLmk,
T pvk,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen,
java.util.List<java.lang.String> excludes)
Your SMAdapter should override this method if it has this functionality
|
protected java.lang.String |
calculateIBMPINOffsetImpl(EncryptedPIN pinUnderKd1,
T kd1,
T pvk,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen,
java.util.List<java.lang.String> excludes)
Your SMAdapter should override this method if it has this functionality
|
java.lang.String |
calculatePVV(EncryptedPIN pinUnderLMK,
T pvkA,
T pvkB,
int pvkIdx)
Calculate PVV (VISA PIN Verification Value of PIN under LMK)
with exclude list
|
java.lang.String |
calculatePVV(EncryptedPIN pinUnderLMK,
T pvkA,
T pvkB,
int pvkIdx,
java.util.List<java.lang.String> excludes)
Calculate PVV (VISA PIN Verification Value of PIN under LMK)
|
java.lang.String |
calculatePVV(EncryptedPIN pinUnderKd1,
T kd1,
T pvkA,
T pvkB,
int pvkIdx)
Calculate PVV (VISA PIN Verification Value of customer selected PIN)
|
java.lang.String |
calculatePVV(EncryptedPIN pinUnderKd1,
T kd1,
T pvkA,
T pvkB,
int pvkIdx,
java.util.List<java.lang.String> excludes)
Calculate PVV (VISA PIN Verification Value of customer selected PIN)
|
protected java.lang.String |
calculatePVVImpl(EncryptedPIN pinUnderLMK,
T pvkA,
T pvkB,
int pvkIdx,
java.util.List<java.lang.String> excludes)
Your SMAdapter should override this method if it has this functionality
|
protected java.lang.String |
calculatePVVImpl(EncryptedPIN pinUnderKd1,
T kd1,
T pvkA,
T pvkB,
int pvkIdx,
java.util.List<java.lang.String> excludes)
Your SMAdapter should override this method if it has this functionality
|
byte[] |
calculateSignature(java.security.MessageDigest hash,
SecureKey privateKey,
byte[] data)
Calculate signature of Data Block.
|
protected byte[] |
calculateSignatureImpl(java.security.MessageDigest hash,
SecureKey privateKey,
byte[] data)
Your SMAdapter should override this method if it has this functionality
|
byte[] |
dataDecrypt(T bdk,
byte[] clearText)
Decrypt Data
|
byte[] |
dataEncrypt(T bdk,
byte[] clearText)
Encrypt Data
|
byte[] |
decryptData(CipherMode cipherMode,
SecureDESKey kd,
byte[] data,
byte[] iv)
Decrypt Data Block.
|
byte[] |
decryptData(SecureKey privKey,
byte[] data,
java.security.spec.AlgorithmParameterSpec algspec,
byte[] iv)
Decrypts encrypted Data Block with specified cipher.
|
protected byte[] |
decryptDataImpl(CipherMode cipherMode,
SecureDESKey kd,
byte[] data,
byte[] iv)
Your SMAdapter should override this method if it has this functionality
|
protected byte[] |
decryptDataImpl(SecureKey decKey,
byte[] data,
java.security.spec.AlgorithmParameterSpec algspec,
byte[] iv)
Decrypts Data Block encrypted with assymetric cipher.
|
java.lang.String |
decryptPIN(EncryptedPIN pinUnderLmk)
Decrypts an Encrypted PIN (under LMK).
|
protected java.lang.String |
decryptPINImpl(EncryptedPIN pinUnderLmk)
Your SMAdapter should override this method if it has this functionality
|
EncryptedPIN |
deriveIBMPIN(java.lang.String accountNo,
T pvk,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen,
java.lang.String offset)
Derive a PIN Using the IBM 3624 method
|
protected EncryptedPIN |
deriveIBMPINImpl(java.lang.String accountNo,
T pvk,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen,
java.lang.String offset)
Your SMAdapter should override this method if it has this functionality
|
byte[] |
encryptData(CipherMode cipherMode,
SecureDESKey kd,
byte[] data,
byte[] iv)
Encrypt Data Block.
|
byte[] |
encryptData(SecureKey encKey,
byte[] data,
java.security.spec.AlgorithmParameterSpec algspec,
byte[] iv)
Encrypts clear Data Block with specified cipher.
|
protected byte[] |
encryptDataImpl(CipherMode cipherMode,
SecureDESKey kd,
byte[] data,
byte[] iv)
Your SMAdapter should override this method if it has this functionality
|
protected byte[] |
encryptDataImpl(SecureKey encKey,
byte[] data,
java.security.spec.AlgorithmParameterSpec algspec,
byte[] iv)
Encrypts clear Data Block with specified cipher.
|
EncryptedPIN |
encryptPIN(java.lang.String pin,
java.lang.String accountNumber)
Encrypts a clear pin under LMK.
|
EncryptedPIN |
encryptPIN(java.lang.String pin,
java.lang.String accountNumber,
boolean extract)
Encrypts a clear pin under LMK.
|
EncryptedPIN |
encryptPIN(java.lang.String pin,
java.lang.String accountNumber,
T pek)
Encrypts a clear PIN under PEK.
|
protected EncryptedPIN |
encryptPINImpl(java.lang.String pin,
java.lang.String accountNumber)
Your SMAdapter should override this method if it has this functionality
|
protected EncryptedPIN |
encryptPINImpl(java.lang.String pin,
java.lang.String accountNumber,
T pek)
Your SMAdapter should override this method if it has this functionality.
|
void |
eraseOldLMK()
Erase the key change storage area of memory
It is recommended that this command is used after keys stored
by the Host have been translated from old to new LMKs.
|
protected void |
eraseOldLMKImpl()
Erase the key change storage area of memory
It is recommended that this command is used after keys stored
by the Host have been translated from old to new LMKs.
|
byte[] |
exportKey(SecureDESKey key,
SecureDESKey kek)
Exports secure key to encryption under a KEK (Key-Encrypting Key).
|
SecureKey |
exportKey(SecureKey kek,
SecureKey key,
SecureKeySpec keySpec)
Exports secure key to encryption under a KEK (Key-Encrypting Key).
|
protected byte[] |
exportKeyImpl(SecureDESKey key,
SecureDESKey kek)
Your SMAdapter should override this method if it has this functionality
|
protected SecureKey |
exportKeyImpl(SecureKey kek,
SecureKey key,
SecureKeySpec keySpec)
Your SMAdapter should override this method if it has this functionality.
|
EncryptedPIN |
exportPIN(EncryptedPIN pinUnderLmk,
T kd2,
byte destinationPINBlockFormat)
Exports a PIN from encryption under LMK to encryption under a KD
(Data Key).
|
protected EncryptedPIN |
exportPINImpl(EncryptedPIN pinUnderLmk,
T kd2,
byte destinationPINBlockFormat)
Your SMAdapter should override this method if it has this functionality
|
SecureDESKey |
formKEYfromClearComponents(short keyLength,
java.lang.String keyType,
java.lang.String... clearComponents)
Forms a key from 3 clear components and returns it encrypted under its corresponding LMK
The corresponding LMK is determined from the keyType
|
byte[] |
generateARPC(MKDMethod mkdm,
SKDMethod skdm,
T imkac,
java.lang.String accoutNo,
java.lang.String acctSeqNo,
byte[] arqc,
byte[] atc,
byte[] upn,
ARPCMethod arpcMethod,
byte[] arc,
byte[] propAuthData)
Genarate Authorisation Response Cryptogram (ARPC)
|
protected byte[] |
generateARPCImpl(MKDMethod mkdm,
SKDMethod skdm,
T imkac,
java.lang.String accountNo,
java.lang.String acctSeqNo,
byte[] arqc,
byte[] atc,
byte[] upn,
ARPCMethod arpcMethod,
byte[] arc,
byte[] propAuthData)
Your SMAdapter should override this method if it has this functionality
|
byte[] |
generateCBC_MAC(byte[] data,
T kd)
Generates CBC-MAC (Cipher Block Chaining Message Authentication Code)
for some data.
|
protected byte[] |
generateCBC_MACImpl(byte[] data,
T kd)
Your SMAdapter should override this method if it has this functionality
|
byte[] |
generateEDE_MAC(byte[] data,
T kd)
Generates EDE-MAC (Encrypt Decrypt Encrypt Message Message Authentication Code)
for some data.
|
protected byte[] |
generateEDE_MACImpl(byte[] data,
T kd)
Your SMAdapter should override this method if it has this functionality
|
SecureKey |
generateKey(SecureKeySpec keySpec)
Generates a random Key.
|
SecureDESKey |
generateKey(short keyLength,
java.lang.String keyType)
Generates a random DES Key.
|
byte[] |
generateKeyCheckValue(T kd)
Generates key check value.
|
protected byte[] |
generateKeyCheckValueImpl(T kd)
Your SMAdapter should override this method if it has this functionality
|
protected SecureKey |
generateKeyImpl(SecureKeySpec keySpec)
Your SMAdapter should override this method if it has this functionality.
|
protected SecureDESKey |
generateKeyImpl(short keyLength,
java.lang.String keyType)
Your SMAdapter should override this method if it has this functionality
|
org.javatuples.Pair<java.security.PublicKey,SecurePrivateKey> |
generateKeyPair(java.security.spec.AlgorithmParameterSpec spec)
Generate a public/private key pair.
|
org.javatuples.Pair<java.security.PublicKey,SecureKey> |
generateKeyPair(SecureKeySpec keySpec)
Generate a public/private key pair.
|
protected org.javatuples.Pair<java.security.PublicKey,SecurePrivateKey> |
generateKeyPairImpl(java.security.spec.AlgorithmParameterSpec spec)
Your SMAdapter should override this method if it has this functionality
|
protected org.javatuples.Pair<java.security.PublicKey,SecureKey> |
generateKeyPairImpl(SecureKeySpec keySpec)
Your SMAdapter should override this method if it has this functionality.
|
EncryptedPIN |
generatePIN(java.lang.String accountNumber,
int pinLen)
Generate random pin under LMK
|
EncryptedPIN |
generatePIN(java.lang.String accountNumber,
int pinLen,
java.util.List<java.lang.String> excludes)
Generate random pin under LMK with exclude list
|
protected EncryptedPIN |
generatePINImpl(java.lang.String accountNumber,
int pinLen,
java.util.List<java.lang.String> excludes)
Your SMAdapter should override this method if it has this functionality
|
byte[] |
generateSM_MAC(MKDMethod mkdm,
SKDMethod skdm,
T imksmi,
java.lang.String accountNo,
java.lang.String acctSeqNo,
byte[] atc,
byte[] arqc,
byte[] data)
Generate Secure Message MAC over suppiled message data
|
protected byte[] |
generateSM_MACImpl(MKDMethod mkdm,
SKDMethod skdm,
T imksmi,
java.lang.String accountNo,
java.lang.String acctSeqNo,
byte[] atc,
byte[] arqc,
byte[] data)
Your SMAdapter should override this method if it has this functionality
|
Logger |
getLogger() |
java.lang.String |
getName() |
java.lang.String |
getRealm() |
static SMAdapter |
getSMAdapter(java.lang.String name) |
SecureKey |
importKey(SecureKey kek,
SecureKey key,
SecureKeySpec keySpec,
boolean checkParity)
Imports a key from encryption under a KEK (Key-Encrypting Key)
to protection under the security module.
|
SecureDESKey |
importKey(short keyLength,
java.lang.String keyType,
byte[] encryptedKey,
SecureDESKey kek,
boolean checkParity)
Imports a key from encryption under a KEK (Key-Encrypting Key)
to protection under the security module.
|
protected SecureKey |
importKeyImpl(SecureKey kek,
SecureKey key,
SecureKeySpec keySpec,
boolean checkParity)
Your SMAdapter should override this method if it has this functionality.
|
protected SecureDESKey |
importKeyImpl(short keyLength,
java.lang.String keyType,
byte[] encryptedKey,
SecureDESKey kek,
boolean checkParity)
Your SMAdapter should override this method if it has this functionality
|
EncryptedPIN |
importPIN(EncryptedPIN pinUnderDuk,
KeySerialNumber ksn,
T bdk)
Imports a PIN from encryption under a transaction key to encryption
under LMK.
|
EncryptedPIN |
importPIN(EncryptedPIN pinUnderDuk,
KeySerialNumber ksn,
T bdk,
boolean tdes)
Imports a PIN from encryption under a transaction key to encryption
under LMK.
|
EncryptedPIN |
importPIN(EncryptedPIN pinUnderKd1,
T kd1)
Imports a PIN from encryption under KD (Data Key)
to encryption under LMK.
|
protected EncryptedPIN |
importPINImpl(EncryptedPIN pinUnderDuk,
KeySerialNumber ksn,
T bdk)
Deprecated.
|
protected EncryptedPIN |
importPINImpl(EncryptedPIN pinUnderDuk,
KeySerialNumber ksn,
T bdk,
boolean tdes)
Your SMAdapter should override this method if it has this functionality
|
protected EncryptedPIN |
importPINImpl(EncryptedPIN pinUnderKd1,
T kd1)
Your SMAdapter should override this method if it has this functionality
|
void |
printPIN(java.lang.String accountNo,
EncryptedPIN pinUnderKd1,
T kd1,
java.lang.String template,
java.util.Map<java.lang.String,java.lang.String> fields)
Print PIN or PIN and solicitation data to the HSM configured printer.
|
protected void |
printPINImpl(java.lang.String accountNo,
EncryptedPIN pinUnderKd1,
T kd1,
java.lang.String template,
java.util.Map<java.lang.String,java.lang.String> fields)
Your SMAdapter should override this method if it has this functionality
|
void |
setConfiguration(Configuration cfg) |
void |
setLogger(Logger logger,
java.lang.String realm) |
void |
setName(java.lang.String name)
associates this SMAdapter with a name using NameRegistrar
|
SecureDESKey |
translateKeyFromOldLMK(SecureDESKey kd)
Translate key from encryption under the LMK held in key change storage
to encryption under a new LMK.
|
SecureKey |
translateKeyFromOldLMK(SecureKey key,
SecureKeySpec keySpec)
Translate key from encryption under the LMK held in key change storage
to encryption under a new LMK.
|
protected SecureDESKey |
translateKeyFromOldLMKImpl(SecureDESKey kd)
Translate key from encryption under the LMK held in key change storage
to encryption under a new LMK.
|
protected SecureKey |
translateKeyFromOldLMKImpl(SecureKey key,
SecureKeySpec keySpec)
Your SMAdapter should override this method if it has this functionality.
|
SecureDESKey |
translateKeyScheme(SecureDESKey key,
KeyScheme destKeyScheme)
Translate Key Scheme to more secure encription.
|
protected SecureDESKey |
translateKeySchemeImpl(SecureDESKey key,
KeyScheme destKeyScheme)
Your SMAdapter should override this method if it has this functionality
|
EncryptedPIN |
translatePIN(EncryptedPIN pinUnderDuk,
KeySerialNumber ksn,
T bdk,
T kd2,
byte destinationPINBlockFormat)
Translates a PIN from encryption under a transaction key to
encryption under a KD (Data Key).
|
EncryptedPIN |
translatePIN(EncryptedPIN pinUnderDuk,
KeySerialNumber ksn,
T bdk,
T kd2,
byte destinationPINBlockFormat,
boolean tdes)
Translates a PIN from encryption under a transaction key to
encryption under a KD (Data Key).
|
EncryptedPIN |
translatePIN(EncryptedPIN pinUnderKd1,
T kd1,
T kd2,
byte destinationPINBlockFormat)
Translates a PIN from encrytion under KD1 to encryption under KD2.
|
org.javatuples.Pair<EncryptedPIN,byte[]> |
translatePINGenerateSM_MAC(MKDMethod mkdm,
SKDMethod skdm,
PaddingMethod padm,
T imksmi,
java.lang.String accountNo,
java.lang.String acctSeqNo,
byte[] atc,
byte[] arqc,
byte[] data,
EncryptedPIN currentPIN,
EncryptedPIN newPIN,
T kd1,
T imksmc,
T imkac,
byte destinationPINBlockFormat)
Translate PIN and generate MAC over suppiled message data
|
protected org.javatuples.Pair<EncryptedPIN,byte[]> |
translatePINGenerateSM_MACImpl(MKDMethod mkdm,
SKDMethod skdm,
PaddingMethod padm,
T imksmi,
java.lang.String accountNo,
java.lang.String acctSeqNo,
byte[] atc,
byte[] arqc,
byte[] data,
EncryptedPIN currentPIN,
EncryptedPIN newPIN,
T kd1,
T imksmc,
T imkac,
byte destinationPINBlockFormat)
Your SMAdapter should override this method if it has this functionality
|
protected EncryptedPIN |
translatePINImpl(EncryptedPIN pinUnderDuk,
KeySerialNumber ksn,
T bdk,
T kd2,
byte destinationPINBlockFormat)
Deprecated.
|
protected EncryptedPIN |
translatePINImpl(EncryptedPIN pinUnderDuk,
KeySerialNumber ksn,
T bdk,
T kd2,
byte destinationPINBlockFormat,
boolean tdes)
Your SMAdapter should override this method if it has this functionality
|
protected EncryptedPIN |
translatePINImpl(EncryptedPIN pinUnderKd1,
T kd1,
T kd2,
byte destinationPINBlockFormat)
Your SMAdapter should override this method if it has this functionality
|
boolean |
verifyARQC(MKDMethod mkdm,
SKDMethod skdm,
T imkac,
java.lang.String accoutNo,
java.lang.String acctSeqNo,
byte[] arqc,
byte[] atc,
byte[] upn,
byte[] txnData)
Verify Application Cryptogram (ARQC or TC/AAC)
Authorization Request Cryptogram (ARQC) - Online authorization
Transaction certificate (TC) - Offline approval
Application Authentication Cryptogram (AAC) - Offline decline
|
byte[] |
verifyARQCGenerateARPC(MKDMethod mkdm,
SKDMethod skdm,
T imkac,
java.lang.String accoutNo,
java.lang.String acctSeqNo,
byte[] arqc,
byte[] atc,
byte[] upn,
byte[] txnData,
ARPCMethod arpcMethod,
byte[] arc,
byte[] propAuthData)
Verify Application Cryptogram (ARQC or TC/AAC) and Genarate
Authorisation Response Cryptogram (ARPC)
Authorization Request Cryptogram (ARQC) - Online authorization
Transaction certificate (TC) - Offline approval
Application Authentication Cryptogram (AAC) - Offline decline
|
protected byte[] |
verifyARQCGenerateARPCImpl(MKDMethod mkdm,
SKDMethod skdm,
T imkac,
java.lang.String accountNo,
java.lang.String acctSeqNo,
byte[] arqc,
byte[] atc,
byte[] upn,
byte[] transData,
ARPCMethod arpcMethod,
byte[] arc,
byte[] propAuthData)
Your SMAdapter should override this method if it has this functionality
|
protected boolean |
verifyARQCImpl(MKDMethod mkdm,
SKDMethod skdm,
T imkac,
java.lang.String accountNo,
java.lang.String acctSeqNo,
byte[] arqc,
byte[] atc,
byte[] upn,
byte[] txnData)
Your SMAdapter should override this method if it has this functionality
|
boolean |
verifyCAVV(java.lang.String accountNo,
T cvk,
java.lang.String cavv,
java.lang.String upn,
java.lang.String authrc,
java.lang.String sfarc)
Verify a 3-D Secure CAVV/AAV.
|
protected boolean |
verifyCAVVImpl(java.lang.String accountNo,
T cvk,
java.lang.String cavv,
java.lang.String upn,
java.lang.String authrc,
java.lang.String sfarc)
Your SMAdapter should override this method if it has this functionality
|
boolean |
verifyCVC3(T imkcvc3,
java.lang.String accountNo,
java.lang.String acctSeqNo,
byte[] atc,
byte[] upn,
byte[] data,
MKDMethod mkdm,
java.lang.String cvc3)
Verify a Dynamic Card Verification Code 3 (CVC3)
|
protected boolean |
verifyCVC3Impl(T imkcvc3,
java.lang.String accountNo,
java.lang.String acctSeqNo,
byte[] atc,
byte[] upn,
byte[] data,
MKDMethod mkdm,
java.lang.String cvc3)
Your SMAdapter should override this method if it has this functionality
|
boolean |
verifyCVD(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String cvv,
java.lang.String expDate,
java.lang.String serviceCode)
Verify a Card Verification Digit (Code/Value).
|
boolean |
verifyCVV(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String cvv,
java.util.Date expDate,
java.lang.String serviceCode)
Verify a Card Verification Code/Value.
|
protected boolean |
verifyCVVImpl(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String cvv,
java.util.Date expDate,
java.lang.String serviceCode)
Your SMAdapter should override this method if it has this functionality
|
protected boolean |
verifyCVVImpl(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String cvv,
java.lang.String expDate,
java.lang.String serviceCode)
Your SMAdapter should override this method if it has this functionality
|
boolean |
verifydCVV(java.lang.String accountNo,
T imkac,
java.lang.String dcvv,
java.util.Date expDate,
java.lang.String serviceCode,
byte[] atc,
MKDMethod mkdm)
Verify a Dynamic Card Verification Value (dCVV).
|
boolean |
verifydCVV(java.lang.String accountNo,
T imkac,
java.lang.String dcvv,
java.lang.String expDate,
java.lang.String serviceCode,
byte[] atc,
MKDMethod mkdm)
Verify a Dynamic Card Verification Value (dCVV).
|
protected boolean |
verifydCVVImpl(java.lang.String accountNo,
T imkac,
java.lang.String dcvv,
java.util.Date expDate,
java.lang.String serviceCode,
byte[] atc,
MKDMethod mkdm)
Your SMAdapter should override this method if it has this functionality
|
protected boolean |
verifydCVVImpl(java.lang.String accountNo,
T imkac,
java.lang.String dcvv,
java.lang.String expDate,
java.lang.String serviceCode,
byte[] atc,
MKDMethod mkdm)
Your SMAdapter should override this method if it has this functionality
|
boolean |
verifyIBMPINOffset(EncryptedPIN pinUnderKd1,
T kd1,
T pvk,
java.lang.String offset,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen)
Verify an PIN Offset using the IBM 3624 method
|
protected boolean |
verifyIBMPINOffsetImpl(EncryptedPIN pinUnderKd,
T kd,
T pvk,
java.lang.String offset,
java.lang.String decTab,
java.lang.String pinValData,
int minPinLen)
Your SMAdapter should override this method if it has this functionality
|
boolean |
verifyPVV(EncryptedPIN pinUnderKd1,
T kd1,
T pvkA,
T pvkB,
int pvki,
java.lang.String pvv)
Verify PVV (VISA PIN Verification Value of an LMK encrypted PIN)
|
protected boolean |
verifyPVVImpl(EncryptedPIN pinUnderKd,
T kd,
T pvkA,
T pvkB,
int pvki,
java.lang.String pvv)
Your SMAdapter should override this method if it has this functionality
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgenerateClearKeyComponentprotected Logger logger
protected java.lang.String realm
protected Configuration cfg
public BaseSMAdapter()
public BaseSMAdapter(Configuration cfg, Logger logger, java.lang.String realm) throws ConfigurationException
ConfigurationExceptionpublic void setConfiguration(Configuration cfg) throws ConfigurationException
setConfiguration in interface Configurablecfg - Configuration objectConfigurationExceptionpublic void setLogger(Logger logger, java.lang.String realm)
public void setName(java.lang.String name)
name - name to registerNameRegistrarpublic java.lang.String getName()
public static SMAdapter getSMAdapter(java.lang.String name) throws NameRegistrar.NotFoundException
name - NameRegistrar.NotFoundExceptionNameRegistrarpublic SecureDESKey generateKey(short keyLength, java.lang.String keyType) throws SMException
SMAdaptergenerateKey in interface SMAdapter<T>keyLength - bit length of the key to be generated (LENGTH_DES, LENGTH_DES3_2KEY...)keyType - type of the key to be generated (TYPE_ZMK, TYPE_TMK...etc)SMExceptionpublic SecureKey generateKey(SecureKeySpec keySpec) throws SMException
SMAdaptergenerateKey in interface SMAdapter<T>keySpec - the specification of the key to be generated
(length, type, usage, algorithm, etc)SMExceptionSecureKeySpecpublic byte[] generateKeyCheckValue(T kd) throws SMException
SMAdaptergenerateKeyCheckValue in interface SMAdapter<T>kd - the key with untrusted or fake Key Check ValueSMExceptionpublic SecureDESKey translateKeyScheme(SecureDESKey key, KeyScheme destKeyScheme) throws SMException
SMAdapterConverts an DES key encrypted using X9.17 methods to a more secure key using the variant method.
translateKeyScheme in interface SMAdapter<T>key - key to be translated to destKeyScheme schemedestKeyScheme - destination key schemedestKeyScheme schemeSMExceptionpublic SecureDESKey importKey(short keyLength, java.lang.String keyType, byte[] encryptedKey, SecureDESKey kek, boolean checkParity) throws SMException
SMAdapterimportKey in interface SMAdapter<T>keyLength - bit length of the key to be imported (LENGTH_DES, LENGTH_DES3_2KEY...etc)keyType - type of the key to be imported (TYPE_ZMK, TYPE_TMK...etc)encryptedKey - key to be imported encrypted under KEKkek - the key-encrypting keycheckParity - if true, the key is not imported unless it has adjusted paritySMException - if the parity of the imported key is not adjusted AND checkParity = truepublic SecureKey importKey(SecureKey kek, SecureKey key, SecureKeySpec keySpec, boolean checkParity) throws SMException
SMAdapterimportKey in interface SMAdapter<T>kek - the key-encrypting keykey - key to be imported and encrypted under KEKkeySpec - the specification of the key to be imported. It allows
passing or change key block attributes.checkParity - if true, the key is not imported unless it has
adjusted paritySMException - e.g: if the parity of the imported key is not adjusted
and checkParity is truepublic byte[] exportKey(SecureDESKey key, SecureDESKey kek) throws SMException
SMAdapterexportKey in interface SMAdapter<T>key - the secure key to be exportedkek - the key-encrypting keySMExceptionpublic SecureKey exportKey(SecureKey kek, SecureKey key, SecureKeySpec keySpec) throws SMException
SMAdapterexportKey in interface SMAdapter<T>kek - the key-encrypting keykey - the secure key to be exportedkeySpec - the specification of the key to be exported. It allows
passing or change key block attributes.SMExceptionpublic EncryptedPIN encryptPIN(java.lang.String pin, java.lang.String accountNumber, boolean extract) throws SMException
SMAdapterCAUTION: The use of clear pin presents a significant security risk
encryptPIN in interface SMAdapter<T>pin - clear pin as entered by cardholderaccountNumber - if extract is false then account number, including BIN and the check digit
or if parameter extract is true then 12 right-most digits of the account number, excluding the check digitextract - true to extract 12 right-most digits off the account numberSMExceptionpublic EncryptedPIN encryptPIN(java.lang.String pin, java.lang.String accountNumber) throws SMException
SMAdapterCAUTION: The use of clear pin presents a significant security risk
encryptPIN in interface SMAdapter<T>pin - clear pin as entered by card holderaccountNumber - account number, including BIN and the check digitSMExceptionpublic EncryptedPIN encryptPIN(java.lang.String pin, java.lang.String accountNumber, T pek) throws SMException
SMAdapterCAUTION: The use of clear PIN presents a significant security risk.
encryptPIN in interface SMAdapter<T>pin - Clear PIN as entered by cardholder.accountNumber - account number, including BIN and the check digit.pek - PIN encryption key.SMExceptionpublic java.lang.String decryptPIN(EncryptedPIN pinUnderLmk) throws SMException
SMAdapterCAUTION: The use of clear pin presents a significant security risk
decryptPIN in interface SMAdapter<T>SMExceptionpublic EncryptedPIN importPIN(EncryptedPIN pinUnderKd1, T kd1) throws SMException
SMAdapterimportPIN in interface SMAdapter<T>pinUnderKd1 - the encrypted PINkd1 - Data Key under which the pin is encryptedSMExceptionpublic EncryptedPIN translatePIN(EncryptedPIN pinUnderKd1, T kd1, T kd2, byte destinationPINBlockFormat) throws SMException
SMAdaptertranslatePIN in interface SMAdapter<T>pinUnderKd1 - pin encrypted under KD1kd1 - Data Key (also called session key) under which the pin is encryptedkd2 - the destination Data Key 2 under which the pin will be encrypteddestinationPINBlockFormat - the PIN Block Format of the exported encrypted PINSMExceptionpublic EncryptedPIN importPIN(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, T bdk) throws SMException
SMAdapterThe transaction key is derived from the Key Serial Number and the Base Derivation Key using DUKPT (Derived Unique Key per Transaction). See ANSI X9.24 for more information.
importPIN in interface SMAdapter<T>pinUnderDuk - pin encrypted under a transaction keyksn - Key Serial Number (also called Key Name, in ANSI X9.24) needed to derive the transaction keybdk - Base Derivation Key, used to derive the transaction key underwhich the pin is encryptedSMExceptionpublic EncryptedPIN importPIN(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, T bdk, boolean tdes) throws SMException
SMAdapterThe transaction key is derived from the Key Serial Number and the Base Derivation Key using DUKPT (Derived Unique Key per Transaction). See ANSI X9.24 for more information.
importPIN in interface SMAdapter<T>pinUnderDuk - pin encrypted under a transaction keyksn - Key Serial Number (also called Key Name, in ANSI X9.24) needed to derive the transaction keybdk - Base Derivation Key, used to derive the transaction key underwhich the pin is encryptedtdes - Use Triple DES to calculate derived transaction key.SMExceptionpublic EncryptedPIN translatePIN(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, T bdk, T kd2, byte destinationPINBlockFormat) throws SMException
SMAdapterThe transaction key is derived from the Key Serial Number and the Base Derivation Key using DUKPT (Derived Unique Key per Transaction). See ANSI X9.24 for more information.
translatePIN in interface SMAdapter<T>pinUnderDuk - pin encrypted under a DUKPT transaction keyksn - Key Serial Number (also called Key Name, in ANSI X9.24) needed to derive the transaction keybdk - Base Derivation Key, used to derive the transaction key underwhich the pin is encryptedkd2 - the destination Data Key (also called session key) under which the pin will be encrypteddestinationPINBlockFormat - the PIN Block Format of the translated encrypted PINSMExceptionpublic EncryptedPIN translatePIN(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, T bdk, T kd2, byte destinationPINBlockFormat, boolean tdes) throws SMException
SMAdapterThe transaction key is derived from the Key Serial Number and the Base Derivation Key using DUKPT (Derived Unique Key per Transaction). See ANSI X9.24 for more information.
translatePIN in interface SMAdapter<T>pinUnderDuk - pin encrypted under a DUKPT transaction keyksn - Key Serial Number (also called Key Name, in ANSI X9.24) needed to derive the transaction keybdk - Base Derivation Key, used to derive the transaction key underwhich the pin is encryptedkd2 - the destination Data Key (also called session key) under which the pin will be encrypteddestinationPINBlockFormat - the PIN Block Format of the translated encrypted PINtdes - Use Triple DES to calculate derived transaction key.SMExceptionpublic EncryptedPIN exportPIN(EncryptedPIN pinUnderLmk, T kd2, byte destinationPINBlockFormat) throws SMException
SMAdapterexportPIN in interface SMAdapter<T>pinUnderLmk - pin encrypted under LMKkd2 - the destination data key (also called session key) under which the pin will be encrypteddestinationPINBlockFormat - the PIN Block Format of the exported encrypted PINSMExceptionpublic EncryptedPIN generatePIN(java.lang.String accountNumber, int pinLen) throws SMException
SMAdaptergeneratePIN in interface SMAdapter<T>accountNumber - The 12 right-most digits of the account number excluding the check digitpinLen - length of the pin, usually in range 4-12.
Value 0 means that default length is assumed by HSM (usually 4)SMExceptionpublic EncryptedPIN generatePIN(java.lang.String accountNumber, int pinLen, java.util.List<java.lang.String> excludes) throws SMException
SMAdaptergeneratePIN in interface SMAdapter<T>accountNumber - The 12 right-most digits of the account number excluding the check digitpinLen - length of the pin, usually in range 4-12.
Value 0 means that default length is assumed by HSM (usually 4)excludes - list of pins which won't be generated.
Each pin has to be pinLen lengthSMExceptionpublic void printPIN(java.lang.String accountNo,
EncryptedPIN pinUnderKd1,
T kd1,
java.lang.String template,
java.util.Map<java.lang.String,java.lang.String> fields)
throws SMException
SMAdapterIf kd1 includes an encrypted PIN block then is first imported,
Also template is updated if needed in HSM storage. Then the PIN and
solicitation data are included into the template and result are
printed to the HSM attached printer.
printPIN in interface SMAdapter<T>accountNo - The 12 right-most digits of the account number excluding the check digit.pinUnderKd1 - pin block under Key Data 1kd1 - Data Key 1 ZPK, TPK may be null if pinUnderKd1 contains PIN under LMKtemplate - template text (PCL, PostScript or other) for PIN Mailer printer.
Its format depends on used HSM. This template should
includes placeholders tags (e.g. in format ${tag})
indicationg place where coresponding value or PIN should
be inserted. Tags values are passed in fields
map argument except PIN which is passed in argument pinUnderKd1.fields - map of tags values representing solicitation data to include
in template. null if no solicitation data are passedSMExceptionpublic java.lang.String calculatePVV(EncryptedPIN pinUnderLMK, T pvkA, T pvkB, int pvkIdx) throws SMException
SMAdapterNOTE: pvkA and pvkB should be single length keys
but at least one of them may be double length key
calculatePVV in interface SMAdapter<T>pinUnderLMK - PIN under LMKpvkA - first key PVK in PVK pairpvkB - second key PVK in PVK pairpvkIdx - index of the PVK, in range 0-6, if not present 0 is assumedSMException - if PIN is on exclude list WeakPINException is thrownpublic java.lang.String calculatePVV(EncryptedPIN pinUnderLMK, T pvkA, T pvkB, int pvkIdx, java.util.List<java.lang.String> excludes) throws SMException
SMAdapterNOTE: pvkA and pvkB should be single length keys
but at least one of them may be double length key
calculatePVV in interface SMAdapter<T>pinUnderLMK - PIN under LMKpvkA - first key PVK in PVK pairpvkB - second key PVK in PVK pairpvkIdx - index of the PVK, in range 0-6, if not present 0 is assumedexcludes - list of pins which won't be generated.
Each pin has to be pinLen lengthSMExceptionpublic java.lang.String calculatePVV(EncryptedPIN pinUnderKd1, T kd1, T pvkA, T pvkB, int pvkIdx) throws SMException
SMAdapterNOTE: pvkA and pvkB should be single length keys
but at least one of them may be double length key
calculatePVV in interface SMAdapter<T>pinUnderKd1 - the encrypted PINkd1 - Data Key under which the pin is encryptedpvkA - first key PVK in PVK pairpvkB - second key PVK in PVK pairpvkIdx - index of the PVK, in range 0-6, if not present 0 is assumedSMExceptionpublic java.lang.String calculatePVV(EncryptedPIN pinUnderKd1, T kd1, T pvkA, T pvkB, int pvkIdx, java.util.List<java.lang.String> excludes) throws SMException
SMAdapterNOTE: pvkA and pvkB should be single length keys
but at least one of them may be double length key
calculatePVV in interface SMAdapter<T>pinUnderKd1 - the encrypted PINkd1 - Data Key under which the pin is encryptedpvkA - first key PVK in PVK pairpvkB - second key PVK in PVK pairpvkIdx - index of the PVK, in range 0-6, if not present 0 is assumedexcludes - list of pins which won't be generated.
Each pin has to be pinLen lengthWeakPINException - if passed PIN is on excludes listSMExceptionpublic boolean verifyPVV(EncryptedPIN pinUnderKd1, T kd1, T pvkA, T pvkB, int pvki, java.lang.String pvv) throws SMException
SMAdapterNOTE: pvkA and pvkB should be single
length keys but at least one of them may be double length key
verifyPVV in interface SMAdapter<T>pinUnderKd1 - pin block under kd1kd1 - Data Key (also called session key) under which the pin is encrypted (ZPK or TPK)pvkA - first PVK in PVK pairpvkB - second PVK in PVK pairpvki - index of the PVK, in range 0-6, if not present 0 is assumedpvv - (VISA PIN Verification Value)SMExceptionpublic java.lang.String calculateIBMPINOffset(EncryptedPIN pinUnderLmk, T pvk, java.lang.String decTab, java.lang.String pinValData, int minPinLen) throws SMException
SMAdapterUsing that method is not recomendated. PVV method is prefrred, but it may be need in some legacy systms
calculateIBMPINOffset in interface SMAdapter<T>pinUnderLmk - PIN under LMKpvk - accepts single, double, triple size key length.
Single key length is recomendateddecTab - decimalisation table. Accepts plain text and encrypted
decimalisation table depending to HSM configurationpinValData - pin validation data. User-defined data consisting of hexadecimal
characters and the character N, which indicates to the HSM where
to insert the last 5 digits of the account number. Usualy it consists
the first digits of the card numberminPinLen - pin minimal lengthSMExceptionpublic java.lang.String calculateIBMPINOffset(EncryptedPIN pinUnderLmk, T pvk, java.lang.String decTab, java.lang.String pinValData, int minPinLen, java.util.List<java.lang.String> excludes) throws SMException
SMAdapterUsing that method is not recomendated. PVV method is prefrred, but it may be need in some legacy systms
calculateIBMPINOffset in interface SMAdapter<T>pinUnderLmk - PIN under LMKpvk - accepts single, double, triple size key length.
Single key length is recomendateddecTab - decimalisation table. Accepts plain text and encrypted
decimalisation table depending to HSM configurationpinValData - pin validation data. User-defined data consisting of hexadecimal
characters and the character N, which indicates to the HSM where
to insert the last 5 digits of the account number. Usualy it consists
the first digits of the card numberminPinLen - pin minimal lengthexcludes - list of pins which won't be generated.
Each pin has to be pinLen lengthWeakPINException - if passed PIN is on excludes listSMExceptionpublic java.lang.String calculateIBMPINOffset(EncryptedPIN pinUnderKd1, T kd1, T pvk, java.lang.String decTab, java.lang.String pinValData, int minPinLen) throws SMException
SMAdapterUsing that method is not recomendated. PVV method is prefrred, but it may be need in some legacy systms
calculateIBMPINOffset in interface SMAdapter<T>pinUnderKd1 - the encrypted PINkd1 - Data Key under which the pin is encryptedpvk - accepts single, double, triple size key length.
Single key length is recomendateddecTab - decimalisation table. Accepts plain text and encrypted
decimalisation table depending to HSM configurationpinValData - pin validation data. User-defined data consisting of hexadecimal
characters and the character N, which indicates to the HSM where
to insert the last 5 digits of the account number. Usualy it consists
the first digits of the card numberminPinLen - pin minimal lengthSMExceptionpublic java.lang.String calculateIBMPINOffset(EncryptedPIN pinUnderKd1, T kd1, T pvk, java.lang.String decTab, java.lang.String pinValData, int minPinLen, java.util.List<java.lang.String> excludes) throws SMException
SMAdapterUsing that method is not recomendated. PVV method is prefrred, but it may be need in some legacy systms
calculateIBMPINOffset in interface SMAdapter<T>pinUnderKd1 - the encrypted PINkd1 - Data Key under which the pin is encryptedpvk - accepts single, double, triple size key length.
Single key length is recomendateddecTab - decimalisation table. Accepts plain text and encrypted
decimalisation table depending to HSM configurationpinValData - pin validation data. User-defined data consisting of hexadecimal
characters and the character N, which indicates to the HSM where
to insert the last 5 digits of the account number. Usualy it consists
the first digits of the card numberminPinLen - pin minimal lengthexcludes - list of pins which won't be generated.
Each pin has to be pinLen lengthWeakPINException - if passed PIN is on excludes listSMExceptionpublic boolean verifyIBMPINOffset(EncryptedPIN pinUnderKd1, T kd1, T pvk, java.lang.String offset, java.lang.String decTab, java.lang.String pinValData, int minPinLen) throws SMException
SMAdapterverifyIBMPINOffset in interface SMAdapter<T>pinUnderKd1 - pin block under kd1kd1 - Data Key (also called session key) under which the pin is encrypted (ZPK or TPK)pvk - accepts single, double, triple size key length.
Single key length is recomendatedoffset - IBM PIN OffsetdecTab - decimalisation table. Accepts plain text and encrypted
decimalisation table depending to HSM configurationpinValData - pin validation data. User-defined data consisting of hexadecimal
characters and the character N, which indicates to the HSM where
to insert the last 5 digits of the account number. Usualy it consists
the first digits of the card numberminPinLen - min pin lengthSMExceptionpublic EncryptedPIN deriveIBMPIN(java.lang.String accountNo, T pvk, java.lang.String decTab, java.lang.String pinValData, int minPinLen, java.lang.String offset) throws SMException
SMAdapterThat method derive pin from pin offset (not exacly that same but working). Therefore that metod is not recomendated. It is similar to obtain pin from encrypted pinblock, but require (encrypted) decimalisation table handling is more complicated and returned pin may differ from pin what user has selected It may be uable e.g. in migration from pin offset method to PVV method
deriveIBMPIN in interface SMAdapter<T>accountNo - the 12 right-most digits of the account number excluding the check digitpvk - accepts single, double, triple size key length.
Single key length is recomendateddecTab - decimalisation table. Accepts plain text and encrypted
decimalisation table depending to HSM configurationpinValData - pin validation data. User-defined data consisting of hexadecimal
characters and the character N, which indicates to the HSM where
to insert the last 5 digits of the account number. Usualy it consists
the first digits of the card numberminPinLen - min pin lengthoffset - IBM PIN OffsetSMExceptionpublic java.lang.String calculateCVV(java.lang.String accountNo,
T cvkA,
T cvkB,
java.util.Date expDate,
java.lang.String serviceCode)
throws SMException
SMAdapterNOTE: cvkA and cvkB should be single
length keys but at least one of them may be double length key
calculateCVV in interface SMAdapter<T>accountNo - The account number including BIN and the check digitcvkA - the first CVK in CVK paircvkB - the second CVK in CVK pairexpDate - the card expiration dateserviceCode - the card service code
Service code should be:
SMExceptionpublic java.lang.String calculateCVD(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String expDate,
java.lang.String serviceCode)
throws SMException
SMAdapterNOTE: cvkA and cvkB should be single
length keys but at least one of them may be double length key
calculateCVD in interface SMAdapter<T>accountNo - The account number including BIN and the check digitcvkA - the first CVK in CVK paircvkB - the second CVK in CVK pairexpDate - the card expiration dateserviceCode - the card service code
Service code should be:
SMExceptionpublic java.lang.String calculateCAVV(java.lang.String accountNo,
T cvk,
java.lang.String upn,
java.lang.String authrc,
java.lang.String sfarc)
throws SMException
SMAdapterNOTE: Algorithm used to calculation CAVV/AAV is same as for CVV/CVC
calculation. Only has been changed meaning of parameters
expDate and serviceCode.
calculateCAVV in interface SMAdapter<T>accountNo - the account number including BIN and the check digit.cvk - the key used to CVV/CVC generationupn - the unpredictable number. Calculated value based
on Transaction Identifier (xid) from PAReq.
A 4 decimal digits value must be supplied.authrc - the Authentication Results Code. A value based on
the Transaction Status (status) that will be used in
PARes. A 1 decimal digit value must be supplied.sfarc - the Second Factor Authentication Results Code.
A value based on the result of second factor authentication.
A 2 decimal digits value must be suppiled.SMExceptionpublic boolean verifyCVV(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String cvv,
java.util.Date expDate,
java.lang.String serviceCode)
throws SMException
SMAdapterNOTE: cvkA and cvkB should be single
length keys but at least one of them may be double length key
verifyCVV in interface SMAdapter<T>accountNo - The account number including BIN and the check digitcvkA - the first CVK in CVK paircvkB - the second CVK in CVK paircvv - Card Verification Code/ValueexpDate - the card expiration dateserviceCode - the card service code
Service code should be:
SMExceptionpublic boolean verifyCVD(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String cvv,
java.lang.String expDate,
java.lang.String serviceCode)
throws SMException
SMAdapterNOTE: cvkA and cvkB should be single
length keys but at least one of them may be double length key
verifyCVD in interface SMAdapter<T>accountNo - The account number including BIN and the check digitcvkA - the first CVK in CVK paircvkB - the second CVK in CVK paircvv - Card Verification Code/ValueexpDate - the card expiration dateserviceCode - the card service code
Service code should be:
true if CVV/CVC is valid or false otherwiseSMExceptionpublic boolean verifyCAVV(java.lang.String accountNo,
T cvk,
java.lang.String cavv,
java.lang.String upn,
java.lang.String authrc,
java.lang.String sfarc)
throws SMException
SMAdapterNOTE: Algorithm used to verification CAVV/AAV is same as for CVV/CVC
verification. Only has been changed meaning of parameters
expDate and serviceCode.
verifyCAVV in interface SMAdapter<T>accountNo - the account number including BIN and the check digit.cvk - the key used to CVV/CVC generationcavv - the Cardholder Authentication Verification Value
or Accountholder Authentication Value.upn - the unpredictable number. Calculated value based
on Transaction Identifier (xid) from PAReq.
A 4 decimal digits value must be supplied.authrc - the Authentication Results Code. A value based on
the Transaction Status (status) that will be used in
PARes. A 1 decimal digit value must be supplied.sfarc - the Second Factor Authentication Results Code.
A value based on the result of second factor authentication.
A 2 decimal digits value must be suppiled.SMExceptionpublic boolean verifydCVV(java.lang.String accountNo,
T imkac,
java.lang.String dcvv,
java.util.Date expDate,
java.lang.String serviceCode,
byte[] atc,
MKDMethod mkdm)
throws SMException
SMAdapterThe EMV "Track 2 Equivalent Data", provided in the authorisation message and originating from the contactless smart card, is the source for the following data elements used in this function:
accountNo
expDate
serviceCode
atc
dCVVverifydCVV in interface SMAdapter<T>accountNo - The account number including BIN and the check digitimkac - the issuer master key for generating and verifying Application Cryptogramsdcvv - dynamic Card Verification ValueexpDate - the card expiration dateserviceCode - the card service codeatc - application transactin counter. This is used for ICC Master
Key derivation. A 2 byte value must be supplied.mkdm - ICC Master Key Derivation Method. If null specified
is assumed.true if dcvv is valid, or false if notSMExceptionpublic boolean verifydCVV(java.lang.String accountNo,
T imkac,
java.lang.String dcvv,
java.lang.String expDate,
java.lang.String serviceCode,
byte[] atc,
MKDMethod mkdm)
throws SMException
SMAdapterThe EMV "Track 2 Equivalent Data", provided in the authorisation message and originating from the contactless smart card, is the source for the following data elements used in this function:
accountNo
expDate
serviceCode
atc
dCVV
verifydCVV in interface SMAdapter<T>accountNo - The account number including BIN and the check digitimkac - the issuer master key for generating and verifying Application Cryptogramsdcvv - dynamic Card Verification ValueexpDate - the card expiration dateserviceCode - the card service codeatc - application transactin counter. This is used for ICC Master
Key derivation. A 2 byte value must be supplied.mkdm - ICC Master Key Derivation Method. If null specified
is assumed.true if dcvv is valid, or false if notSMExceptionpublic boolean verifyCVC3(T imkcvc3, java.lang.String accountNo, java.lang.String acctSeqNo, byte[] atc, byte[] upn, byte[] data, MKDMethod mkdm, java.lang.String cvc3) throws SMException
SMAdapterThe EMV "Track 2 Equivalent Data", provided in the authorisation message and originating from the contactless smart card, is the source for the following data elements used in this function:
accountNo
expDate
serviceCode
atc
unpredictable number
cvc3
verifyCVC3 in interface SMAdapter<T>imkcvc3 - the issuer master key for generating and verifying CVC3accountNo - The account number including BIN and the check digitacctSeqNo - account sequence number, 2 decimal digitsatc - application transactin counter. This is used for ICC Master
Key derivation. A 2 byte value must be supplied.upn - unpredictable number. This is used for Session Key Generation
A 4 byte value must be supplied.data - track datamkdm - ICC Master Key Derivation Method. If null specified
is assumed.cvc3 - dynamic Card Verification Code 3SMExceptionpublic boolean verifyARQC(MKDMethod mkdm, SKDMethod skdm, T imkac, java.lang.String accoutNo, java.lang.String acctSeqNo, byte[] arqc, byte[] atc, byte[] upn, byte[] txnData) throws SMException
SMAdapterverifyARQC in interface SMAdapter<T>mkdm - ICC Master Key Derivation Method. For skdm equals
SKDMethod.VSDC and SKDMethod.MCHIP this parameter
is ignored and MKDMethod.OPTION_A is always used.skdm - Session Key Derivation Methodimkac - the issuer master key for generating and verifying Application CryptogramsaccoutNo - account number including BIN and check digitacctSeqNo - account sequence number, 2 decimal digitsarqc - ARQC/TC/AAC. A 8 byte value must be supplied.atc - application transactin counter. This is used for Session
Key Generation. A 2 byte value must be supplied.
For skdm equals SKDMethod.VSDC is not used.upn - unpredictable number. This is used for Session Key Generation
A 4 byte value must be supplied. For skdm equals
SKDMethod.VSDC is not used.txnData - transaction data. Transaction data elements and them
order is dependend to proper cryptogram version. If the data
supplied is a multiple of 8 bytes, no extra padding is added.
If it is not a multiple of 8 bytes, additional zero padding is added.
If alternative padding methods are required, it have to be
applied before.SMExceptionpublic byte[] generateARPC(MKDMethod mkdm, SKDMethod skdm, T imkac, java.lang.String accoutNo, java.lang.String acctSeqNo, byte[] arqc, byte[] atc, byte[] upn, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) throws SMException
SMAdaptergenerateARPC in interface SMAdapter<T>mkdm - ICC Master Key Derivation Method. For skdm equals
SKDMethod.VSDC and SKDMethod.MCHIP this parameter
is ignored and MKDMethod.OPTION_A is always used.skdm - Session Key Derivation Methodimkac - the issuer master key for generating and verifying Application CryptogramsaccoutNo - account number including BIN and check digitacctSeqNo - account sequence number, 2 decimal digitsarqc - ARQC/TC/AAC. A 8 byte value must be supplied.atc - application transactin counter. This is used for Session
Key Generation. A 2 byte value must be supplied.
For skdm equals SKDMethod.VSDC is not used.upn - unpredictable number. This is used for Session Key Generation
A 4 byte value must be supplied. For skdm equals
SKDMethod.VSDC is not used.arpcMethod - ARPC calculating method. For skdm equals
SKDMethod.VSDC, SKDMethod.MCHIP,
SKDMethod.AEPIS_V40 only ARPCMethod.METHOD_1 is validarc - the Authorisation Response Code. A 2 byte value must be supplied.
For arpcMethod equals ARPCMethod.METHOD_2 it is
csu - Card Status Update. Then a 4 byte value must be supplied.propAuthData - Proprietary Authentication Data. Up to 8 bytes.
Contains optional issuer data for transmission to the card in
the Issuer Authentication Data of an online transaction.
It may by used only for arpcMethod equals
ARPCMethod.METHOD_2 in other case is ignored.arpcMethod equals
ARPCMethod.METHOD_2 4 bytes ARPCSMExceptionpublic byte[] verifyARQCGenerateARPC(MKDMethod mkdm, SKDMethod skdm, T imkac, java.lang.String accoutNo, java.lang.String acctSeqNo, byte[] arqc, byte[] atc, byte[] upn, byte[] txnData, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) throws SMException
SMAdapterverifyARQCGenerateARPC in interface SMAdapter<T>mkdm - ICC Master Key Derivation Method. For skdm equals
SKDMethod.VSDC and SKDMethod.MCHIP this parameter
is ignored and MKDMethod.OPTION_A is always used.skdm - Session Key Derivation Methodimkac - the issuer master key for generating and verifying Application CryptogramsaccoutNo - account number including BIN and check digitacctSeqNo - account sequence number, 2 decimal digitsarqc - ARQC/TC/AAC. A 8 byte value must be supplied.atc - application transactin counter. This is used for Session
Key Generation. A 2 byte value must be supplied.
For skdm equals SKDMethod.VSDC is not used.upn - unpredictable number. This is used for Session Key Generation
A 4 byte value must be supplied. For skdm equals
SKDMethod.VSDC is not used.txnData - transaction data. Transaction data elements and them
order is dependend to proper cryptogram version. If the data
supplied is a multiple of 8 bytes, no extra padding is added.
If it is not a multiple of 8 bytes, additional zero padding is added.
If alternative padding methods are required, it have to be
applied before.arpcMethod - ARPC calculating method. For skdm equals
SKDMethod.VSDC, SKDMethod.MCHIP,
SKDMethod.AEPIS_V40 only ARPCMethod.METHOD_1 is validarc - the Authorisation Response Code. A 2 byte value must be supplied.
For arpcMethod equals ARPCMethod.METHOD_2 it is
csu - Card Status Update. Then a 4 byte value must be supplied.propAuthData - Proprietary Authentication Data. Up to 8 bytes.
Contains optional issuer data for transmission to the card in
the Issuer Authentication Data of an online transaction.
It may by used only for arpcMethod equals
ARPCMethod.METHOD_2 in other case is ignored.arpcMethod equals ARPCMethod.METHOD_2
4 bytes ARPC, null in other caseSMExceptionpublic byte[] generateSM_MAC(MKDMethod mkdm, SKDMethod skdm, T imksmi, java.lang.String accountNo, java.lang.String acctSeqNo, byte[] atc, byte[] arqc, byte[] data) throws SMException
SMAdapterThis method is used by issuer to generate MAC over message data send from the issuer back to the card
generateSM_MAC in interface SMAdapter<T>mkdm - ICC Master Key Derivation Method. For skdm equals
SKDMethod.VSDC and SKDMethod.MCHIP this parameter
is ignored and MKDMethod.OPTION_A is always used.skdm - Session Key Derivation Methodimksmi - the issuer master key for Secure Messaging IntegrityaccountNo - account number including BIN and check digitacctSeqNo - account sequence number, 2 decimal digitsatc - application transactin counter. This is used for Session
Key Generation. A 2 byte value must be supplied.
For skdm equals SKDMethod.VSDC is not used.
Second usage is as part of data which will be mackedarqc - ARQC/TC/AAC. A 8 byte value must be supplied.
For skdm equals SKDMethod.MCHIP RAND should
be suppiled. RAND is ARQC incremeted by 1 (with overflow) after
each script command for that same ATC valuedata - for which MAC will be generated. Should contain
APDU command e.g. PIN Unblock, Application block/unblock
with some additional application dependent dataSMExceptionpublic org.javatuples.Pair<EncryptedPIN,byte[]> translatePINGenerateSM_MAC(MKDMethod mkdm, SKDMethod skdm, PaddingMethod padm, T imksmi, java.lang.String accountNo, java.lang.String acctSeqNo, byte[] atc, byte[] arqc, byte[] data, EncryptedPIN currentPIN, EncryptedPIN newPIN, T kd1, T imksmc, T imkac, byte destinationPINBlockFormat) throws SMException
SMAdapterThis method is used by issuer to:
kd1 to an application specific PIN block
format, encrypted under a confidentiality session key, derived from
imksmc
data and translated
PIN block
translatePINGenerateSM_MAC in interface SMAdapter<T>mkdm - ICC Master Key Derivation Method. For skdm equals
SKDMethod.VSDC and SKDMethod.MCHIP this parameter
is ignored and MKDMethod.OPTION_A is always used.skdm - Session Key Derivation Methodpadm - padding method. If null padm is derived as follow:
Other variations require to explicite pass
skdmvaluederived padmvalueSKDMethod.VSDCPaddingMethod.VSDCSKDMethod.MCHIPPaddingMethod.MCHIPSKDMethod.EMV_CSKDPaddingMethod.CCDpadmvalue
imksmi - the issuer master key for Secure Messaging IntegrityaccountNo - account number including BIN and check digitacctSeqNo - account sequence number, 2 decimal digitsatc - application transactin counter. This is used for Session
Key Generation. A 2 byte value must be supplied.
For skdm equals SKDMethod.VSDC is not used.
Second usage is as part of data which will be mackedarqc - ARQC/TC/AAC. A 8 byte value must be supplied.
For skdm equals SKDMethod.MCHIP RAND should
be suppiled. RAND is ARQC incremeted by 1 (with overflow) after
each script command for that same ATC valuedata - for which MAC will be generated. Should contain APDU
command PIN Change with some additional application dependent datacurrentPIN - encrypted under kd1 current PIN. Used when
destinationPINBlockFormat equals SMAdapter.FORMAT42newPIN - encrypted under kd1 new PIN.kd1 - Data Key (also called transport key) under which the source pin is encryptedimksmc - the issuer master key for Secure Messaging Confidentialityimkac - the issuer master key for generating and verifying
Application Cryptograms. Used when destinationPINBlockFormat equals
SMAdapter.FORMAT41 or SMAdapter.FORMAT42 in other cases is ignoreddestinationPINBlockFormat - the PIN Block Format of the translated encrypted PIN
SMAdapter.FORMAT34 Standard EMV PIN Block
SMAdapter.FORMAT35 Europay/Mastercard
SMAdapter.FORMAT41 Visa/Amex format without using Current PIN
SMAdapter.FORMAT42 Visa/Amex format using Current PIN
SMExceptionpublic byte[] encryptData(CipherMode cipherMode, SecureDESKey kd, byte[] data, byte[] iv) throws SMException
encryptData in interface SMAdapter<T>cipherMode - block cipher modekd - DEK or ZEK key used to encrypt datadata - data to be encryptediv - initial vectorSMExceptionpublic byte[] decryptData(CipherMode cipherMode, SecureDESKey kd, byte[] data, byte[] iv) throws SMException
decryptData in interface SMAdapter<T>cipherMode - block cipher modekd - DEK or ZEK key used to decrypt datadata - data to be decryptediv - initial vectorSMExceptionpublic byte[] generateCBC_MAC(byte[] data,
T kd)
throws SMException
SMAdaptergenerateCBC_MAC in interface SMAdapter<T>data - the data to be MACedkd - the key used for MACingSMExceptionpublic byte[] generateEDE_MAC(byte[] data,
T kd)
throws SMException
SMAdaptergenerateEDE_MAC in interface SMAdapter<T>data - the data to be MACedkd - the key used for MACingSMExceptionpublic SecureDESKey translateKeyFromOldLMK(SecureDESKey kd) throws SMException
SMAdaptertranslateKeyFromOldLMK in interface SMAdapter<T>kd - the key encrypted under old LMKSMExceptionpublic SecureKey translateKeyFromOldLMK(SecureKey key, SecureKeySpec keySpec) throws SMException
SMAdaptertranslateKeyFromOldLMK in interface SMAdapter<T>key - the key encrypted under old LMKkeySpec - the specification of the key to be translated. It allows
passing new key block attributes.SMExceptionpublic org.javatuples.Pair<java.security.PublicKey,SecurePrivateKey> generateKeyPair(java.security.spec.AlgorithmParameterSpec spec) throws SMException
SMAdaptergenerateKeyPair in interface SMAdapter<T>spec - algorithm specific parameters, e.g. algorithm, key size,
public key exponent.SMExceptionpublic org.javatuples.Pair<java.security.PublicKey,SecureKey> generateKeyPair(SecureKeySpec keySpec) throws SMException
SMAdaptergenerateKeyPair in interface SMAdapter<T>keySpec - the specification of the key to be generated. It allows
passing key algorithm type, size and key block attributes.
NOTE: For pass an extra key usage of the RSA key, possible is use
e.g. keySpec.setVariant() or keySpec.setReserved()SMExceptionpublic byte[] calculateSignature(java.security.MessageDigest hash,
SecureKey privateKey,
byte[] data)
throws SMException
SMAdaptercalculateSignature in interface SMAdapter<T>hash - identifier of the hash algorithm used to hash passed data.privateKey - private key used to compute data signature.data - data to be signed.SMExceptionpublic byte[] encryptData(SecureKey encKey, byte[] data, java.security.spec.AlgorithmParameterSpec algspec, byte[] iv) throws SMException
SMAdapter
NOTE: This is a more general version of the
SMAdapter.encryptData(CipherMode, SecureDESKey, byte[], byte[])
encryptData in interface SMAdapter<T>encKey - the data encryption key e.g:
SecurePrivateKey
SecureDESKey
data - clear data block to encryptalgspec - algorithm specification or null if not required.
Used to pass additional algorithm parameters e.g:
OAEPParameterSpec or custom extension of
AlgorithmParameterSpec to pass symetric cipher mode ECB, CBCiv - the inital vector or null if not used (e.g: RSA
cipher or ECB mode). If used, after operation will contain new
iv value.SMExceptionpublic byte[] decryptData(SecureKey privKey, byte[] data, java.security.spec.AlgorithmParameterSpec algspec, byte[] iv) throws SMException
SMAdapter
NOTE: This is a more general version of the
SMAdapter.decryptData(CipherMode, SecureDESKey, byte[], byte[])
decryptData in interface SMAdapter<T>privKey - the data decryption key e.g:
SecurePrivateKey
SecureDESKey
data - encrypted data block to decryptalgspec - algorithm specification or null if not required.
Used to pass additional algorithm parameters e.g:
OAEPParameterSpec or custom extension of
AlgorithmParameterSpec to pass symetric cipher mode ECB, CBCiv - the inital vector or null if not used (e.g: RSA
cipher or ECB mode). If used, after operation will contain new
iv value.SMExceptionpublic void eraseOldLMK()
throws SMException
SMAdaptereraseOldLMK in interface SMAdapter<T>SMExceptionprotected SecureDESKey generateKeyImpl(short keyLength, java.lang.String keyType) throws SMException
keyLength - keyType - SMExceptionprotected SecureKey generateKeyImpl(SecureKeySpec keySpec) throws SMException
keySpec - SMExceptionprotected byte[] generateKeyCheckValueImpl(T kd) throws SMException
kd - SMExceptionprotected SecureDESKey translateKeySchemeImpl(SecureDESKey key, KeyScheme destKeyScheme) throws SMException
key - destKeyScheme - destKeyScheme schemeSMExceptionprotected SecureDESKey importKeyImpl(short keyLength, java.lang.String keyType, byte[] encryptedKey, SecureDESKey kek, boolean checkParity) throws SMException
keyLength - keyType - encryptedKey - kek - checkParity - SMExceptionprotected SecureKey importKeyImpl(SecureKey kek, SecureKey key, SecureKeySpec keySpec, boolean checkParity) throws SMException
kek - key - keySpec - checkParity - SMExceptionprotected byte[] exportKeyImpl(SecureDESKey key, SecureDESKey kek) throws SMException
key - kek - SMExceptionprotected SecureKey exportKeyImpl(SecureKey kek, SecureKey key, SecureKeySpec keySpec) throws SMException
kek - key - keySpec - SMExceptionprotected EncryptedPIN encryptPINImpl(java.lang.String pin, java.lang.String accountNumber) throws SMException
pin - accountNumber - SMExceptionprotected EncryptedPIN encryptPINImpl(java.lang.String pin, java.lang.String accountNumber, T pek) throws SMException
pin - accountNumber - pek - SMExceptionprotected java.lang.String decryptPINImpl(EncryptedPIN pinUnderLmk) throws SMException
pinUnderLmk - SMExceptionprotected EncryptedPIN importPINImpl(EncryptedPIN pinUnderKd1, T kd1) throws SMException
pinUnderKd1 - kd1 - SMExceptionprotected EncryptedPIN translatePINImpl(EncryptedPIN pinUnderKd1, T kd1, T kd2, byte destinationPINBlockFormat) throws SMException
pinUnderKd1 - kd1 - kd2 - destinationPINBlockFormat - SMExceptionprotected EncryptedPIN importPINImpl(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, T bdk) throws SMException
pinUnderDuk - ksn - bdk - SMExceptionprotected EncryptedPIN importPINImpl(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, T bdk, boolean tdes) throws SMException
pinUnderDuk - ksn - bdk - tdes - SMExceptionprotected EncryptedPIN translatePINImpl(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, T bdk, T kd2, byte destinationPINBlockFormat) throws SMException
pinUnderDuk - ksn - bdk - kd2 - destinationPINBlockFormat - SMExceptionprotected EncryptedPIN translatePINImpl(EncryptedPIN pinUnderDuk, KeySerialNumber ksn, T bdk, T kd2, byte destinationPINBlockFormat, boolean tdes) throws SMException
pinUnderDuk - ksn - bdk - kd2 - tdes - destinationPINBlockFormat - SMExceptionprotected EncryptedPIN exportPINImpl(EncryptedPIN pinUnderLmk, T kd2, byte destinationPINBlockFormat) throws SMException
pinUnderLmk - kd2 - destinationPINBlockFormat - SMExceptionprotected EncryptedPIN generatePINImpl(java.lang.String accountNumber, int pinLen, java.util.List<java.lang.String> excludes) throws SMException
accountNumber - pinLen - excludes - SMExceptionprotected void printPINImpl(java.lang.String accountNo,
EncryptedPIN pinUnderKd1,
T kd1,
java.lang.String template,
java.util.Map<java.lang.String,java.lang.String> fields)
throws SMException
accountNo - pinUnderKd1 - kd1 - template - fields - SMExceptionprotected java.lang.String calculatePVVImpl(EncryptedPIN pinUnderLMK, T pvkA, T pvkB, int pvkIdx, java.util.List<java.lang.String> excludes) throws SMException
pinUnderLMK - pvkA - pvkB - pvkIdx - excludes - SMExceptionprotected java.lang.String calculatePVVImpl(EncryptedPIN pinUnderKd1, T kd1, T pvkA, T pvkB, int pvkIdx, java.util.List<java.lang.String> excludes) throws SMException
pinUnderKd1 - kd1 - pvkA - pvkB - pvkIdx - excludes - SMExceptionprotected boolean verifyPVVImpl(EncryptedPIN pinUnderKd, T kd, T pvkA, T pvkB, int pvki, java.lang.String pvv) throws SMException
pinUnderKd - kd - pvkA - pvkB - pvki - pvv - SMExceptionprotected java.lang.String calculateIBMPINOffsetImpl(EncryptedPIN pinUnderLmk, T pvk, java.lang.String decTab, java.lang.String pinValData, int minPinLen, java.util.List<java.lang.String> excludes) throws SMException
pinUnderLmk - pvk - decTab - pinValData - minPinLen - excludes - SMExceptionprotected java.lang.String calculateIBMPINOffsetImpl(EncryptedPIN pinUnderKd1, T kd1, T pvk, java.lang.String decTab, java.lang.String pinValData, int minPinLen, java.util.List<java.lang.String> excludes) throws SMException
pinUnderKd1 - kd1 - pvk - decTab - pinValData - minPinLen - excludes - SMExceptionprotected boolean verifyIBMPINOffsetImpl(EncryptedPIN pinUnderKd, T kd, T pvk, java.lang.String offset, java.lang.String decTab, java.lang.String pinValData, int minPinLen) throws SMException
pinUnderKd - kd - pvk - offset - decTab - pinValData - minPinLen - SMExceptionprotected EncryptedPIN deriveIBMPINImpl(java.lang.String accountNo, T pvk, java.lang.String decTab, java.lang.String pinValData, int minPinLen, java.lang.String offset) throws SMException
accountNo - pvk - decTab - pinValData - minPinLen - offset - SMExceptionprotected java.lang.String calculateCVVImpl(java.lang.String accountNo,
T cvkA,
T cvkB,
java.util.Date expDate,
java.lang.String serviceCode)
throws SMException
accountNo - cvkA - cvkB - expDate - serviceCode - SMExceptionprotected java.lang.String calculateCVDImpl(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String expDate,
java.lang.String serviceCode)
throws SMException
accountNo - cvkA - cvkB - expDate - serviceCode - SMExceptionprotected java.lang.String calculateCAVVImpl(java.lang.String accountNo,
T cvk,
java.lang.String upn,
java.lang.String authrc,
java.lang.String sfarc)
throws SMException
accountNo - cvk - upn - authrc - sfarc - SMExceptionprotected boolean verifyCVVImpl(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String cvv,
java.util.Date expDate,
java.lang.String serviceCode)
throws SMException
accountNo - cvkA - cvkB - cvv - expDate - serviceCode - SMExceptionprotected boolean verifyCVVImpl(java.lang.String accountNo,
T cvkA,
T cvkB,
java.lang.String cvv,
java.lang.String expDate,
java.lang.String serviceCode)
throws SMException
accountNo - cvkA - cvkB - cvv - expDate - serviceCode - true if CVV/CVC is valid or false otherwiseSMExceptionprotected boolean verifyCAVVImpl(java.lang.String accountNo,
T cvk,
java.lang.String cavv,
java.lang.String upn,
java.lang.String authrc,
java.lang.String sfarc)
throws SMException
accountNo - cvk - cavv - upn - authrc - sfarc - SMExceptionprotected boolean verifydCVVImpl(java.lang.String accountNo,
T imkac,
java.lang.String dcvv,
java.util.Date expDate,
java.lang.String serviceCode,
byte[] atc,
MKDMethod mkdm)
throws SMException
accountNo - imkac - dcvv - expDate - serviceCode - atc - mkdm - SMExceptionprotected boolean verifydCVVImpl(java.lang.String accountNo,
T imkac,
java.lang.String dcvv,
java.lang.String expDate,
java.lang.String serviceCode,
byte[] atc,
MKDMethod mkdm)
throws SMException
accountNo - imkac - dcvv - expDate - serviceCode - atc - mkdm - SMExceptionprotected boolean verifyCVC3Impl(T imkcvc3, java.lang.String accountNo, java.lang.String acctSeqNo, byte[] atc, byte[] upn, byte[] data, MKDMethod mkdm, java.lang.String cvc3) throws SMException
imkcvc3 - accountNo - acctSeqNo - atc - upn - data - mkdm - cvc3 - SMExceptionprotected boolean verifyARQCImpl(MKDMethod mkdm, SKDMethod skdm, T imkac, java.lang.String accountNo, java.lang.String acctSeqNo, byte[] arqc, byte[] atc, byte[] upn, byte[] txnData) throws SMException
mkdm - skdm - imkac - accountNo - acctSeqNo - arqc - atc - upn - txnData - SMExceptionprotected byte[] generateARPCImpl(MKDMethod mkdm, SKDMethod skdm, T imkac, java.lang.String accountNo, java.lang.String acctSeqNo, byte[] arqc, byte[] atc, byte[] upn, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) throws SMException
mkdm - skdm - imkac - accountNo - acctSeqNo - arqc - atc - upn - arpcMethod - arc - propAuthData - SMExceptionprotected byte[] verifyARQCGenerateARPCImpl(MKDMethod mkdm, SKDMethod skdm, T imkac, java.lang.String accountNo, java.lang.String acctSeqNo, byte[] arqc, byte[] atc, byte[] upn, byte[] transData, ARPCMethod arpcMethod, byte[] arc, byte[] propAuthData) throws SMException
mkdm - skdm - imkac - accountNo - acctSeqNo - arqc - atc - upn - transData - arpcMethod - arc - propAuthData - SMExceptionprotected byte[] generateSM_MACImpl(MKDMethod mkdm, SKDMethod skdm, T imksmi, java.lang.String accountNo, java.lang.String acctSeqNo, byte[] atc, byte[] arqc, byte[] data) throws SMException
mkdm - skdm - imksmi - accountNo - acctSeqNo - atc - arqc - data - SMExceptionprotected org.javatuples.Pair<EncryptedPIN,byte[]> translatePINGenerateSM_MACImpl(MKDMethod mkdm, SKDMethod skdm, PaddingMethod padm, T imksmi, java.lang.String accountNo, java.lang.String acctSeqNo, byte[] atc, byte[] arqc, byte[] data, EncryptedPIN currentPIN, EncryptedPIN newPIN, T kd1, T imksmc, T imkac, byte destinationPINBlockFormat) throws SMException
mkdm - skdm - padm - imksmi - accountNo - acctSeqNo - atc - arqc - data - currentPIN - newPIN - kd1 - imksmc - imkac - destinationPINBlockFormat - SMExceptionprotected byte[] encryptDataImpl(CipherMode cipherMode, SecureDESKey kd, byte[] data, byte[] iv) throws SMException
cipherMode - kd - data - iv - SMExceptionprotected byte[] decryptDataImpl(CipherMode cipherMode, SecureDESKey kd, byte[] data, byte[] iv) throws SMException
cipherMode - kd - data - iv - SMExceptionprotected byte[] generateCBC_MACImpl(byte[] data,
T kd)
throws SMException
data - kd - SMExceptionprotected byte[] generateEDE_MACImpl(byte[] data,
T kd)
throws SMException
data - kd - SMExceptionprotected SecureDESKey translateKeyFromOldLMKImpl(SecureDESKey kd) throws SMException
kd - the key encrypted under old LMKSMException - if the parity of the imported key is not adjusted AND checkParity = trueprotected SecureKey translateKeyFromOldLMKImpl(SecureKey key, SecureKeySpec keySpec) throws SMException
key - keySpec - SMException - if the parity of the imported key is not adjusted AND checkParity = trueprotected org.javatuples.Pair<java.security.PublicKey,SecurePrivateKey> generateKeyPairImpl(java.security.spec.AlgorithmParameterSpec spec) throws SMException
spec - algorithm specific parameters (contains e.g. key size)SMExceptionprotected org.javatuples.Pair<java.security.PublicKey,SecureKey> generateKeyPairImpl(SecureKeySpec keySpec) throws SMException
keySpec - SMExceptionprotected byte[] calculateSignatureImpl(java.security.MessageDigest hash,
SecureKey privateKey,
byte[] data)
throws SMException
hash - identifier of the hash algorithm used to hash passed data.privateKey - private key used to compute data signature.data - data to be sifned.SMExceptionprotected byte[] encryptDataImpl(SecureKey encKey, byte[] data, java.security.spec.AlgorithmParameterSpec algspec, byte[] iv) throws SMException
encKey - the data encryption keydata - data block to encryptalgspec - algorithm specificationiv - the inital vectorSMExceptionprotected byte[] decryptDataImpl(SecureKey decKey, byte[] data, java.security.spec.AlgorithmParameterSpec algspec, byte[] iv) throws SMException
decKey - the data decryption keydata - data block to decryptalgspec - algorithm specificationiv - the inital vectorSMExceptionprotected void eraseOldLMKImpl()
throws SMException
SMExceptionpublic byte[] dataEncrypt(T bdk, byte[] clearText) throws SMException
SMAdapterdataEncrypt in interface SMAdapter<T>bdk - base derivation keyclearText - clear TextSMExceptionpublic byte[] dataDecrypt(T bdk, byte[] clearText) throws SMException
SMAdapterdataDecrypt in interface SMAdapter<T>bdk - base derivation keyclearText - clear TextSMExceptionpublic SecureDESKey formKEYfromClearComponents(short keyLength, java.lang.String keyType, java.lang.String... clearComponents) throws SMException
SMAdapterformKEYfromClearComponents in interface SMAdapter<T>keyLength - e.g. LENGTH_DES, LENGTH_DES3_2, LENGTH_DES3_3, ..keyType - possible values are those defined in the SecurityModule inteface. e.g., ZMK, TMK,...clearComponents - up to three HexStrings containing key componentsSMException