org.globalplatform
Interface GPRegistryEntry

All Superinterfaces:
javacard.framework.Shareable

public interface GPRegistryEntry
extends javacard.framework.Shareable

This interface allows querying and potentially modifying the registry data of an Application registered within the GlobalPlatform Registry.

Every GPRegistryEntry instance to an Application registered within the GlobalPlatform Registry.

To retrieve an instance of this interface, an Application shall invoke the GPSystem.getRegistryEntry(javacard.framework.AID) method.

Since:

Field Summary
static byte PRIVILEGE_AUTHORIZED_MANAGEMENT
          Privilege indicating Authorized Management (0x09).
static byte PRIVILEGE_CARD_LOCK
          Privilege indicating Card Lock (0x03).
static byte PRIVILEGE_CARD_RESET
          Privilege indicating Card Reset (0x05).
static byte PRIVILEGE_CARD_TERMINATE
          Privilege indicating Card Terminate (0x04).
static byte PRIVILEGE_CIPHERED_LOAD_FILE_DATA_BLOCK
          Privilege indicating Ciphered Load File Data Block (0x11).
static byte PRIVILEGE_CVM_MANAGEMENT
          Privilege indicating CVM Management (0x06).
static byte PRIVILEGE_DAP_VERIFICATION
          Privilege indicating DAP verification (0x01).
static byte PRIVILEGE_DELEGATED_MANAGEMENT
          Privilege indicating Delegated Management (0x02).
static byte PRIVILEGE_FINAL_APPLICATION
          Privilege indicating Final Application (0x0E).
static byte PRIVILEGE_GLOBAL_DELETE
          Privilege indicating Global Delete (0x0B).
static byte PRIVILEGE_GLOBAL_LOCK
          Privilege indicating Global Lock (0x0C).
static byte PRIVILEGE_GLOBAL_REGISTRY
          Privilege indicating Global Registry (0x0D).
static byte PRIVILEGE_GLOBAL_SERVICE
          Privilege indicating Global Service (0x0F).
static byte PRIVILEGE_MANDATED_DAP
          Privilege indicating Mandated DAP verification privilege (0x07).
static byte PRIVILEGE_RECEIPT_GENERATION
          Privilege indicating Receipt Generation (0x10).
static byte PRIVILEGE_SECURITY_DOMAIN
          Privilege indicating application is a Security Domain (0x00).
static byte PRIVILEGE_TOKEN_VERIFICATION
          Privilege indicating Token Verification (0x0A).
static byte PRIVILEGE_TRUSTED_PATH
          Privilege indicating Trusted Path (0x08).
 
Method Summary
 void deregisterService(short sServiceName)
          Deregisters a service name.
 javacard.framework.AID getAID()
          Gets the AID of the Application corresponding to this entry.
 short getPrivileges(byte[] baBuffer, short sOffset)
          Gets the Privilege Bytes of the Application corresponding to this entry.
 byte getState()
          Gets the Life Cycle State of the Application corresponding to this entry.
 boolean isAssociated(javacard.framework.AID sdAID)
          Checks whether the Application corresponding to this entry is associated with the specified Security Domain.
 boolean isPrivileged(byte bPrivilege)
          Checks whether the Application corresponding to this entry has the specified privilege.
 void registerService(short sServiceName)
          Registers a service name identifying a service provided by the Application corresponding to this entry.
 boolean setState(byte bState)
          Sets the Life Cycle state of the Application corresponding to this entry.
 

Field Detail

PRIVILEGE_AUTHORIZED_MANAGEMENT

static final byte PRIVILEGE_AUTHORIZED_MANAGEMENT
Privilege indicating Authorized Management (0x09).

See Also:
Constant Field Values

PRIVILEGE_CARD_LOCK

static final byte PRIVILEGE_CARD_LOCK
Privilege indicating Card Lock (0x03).

See Also:
Constant Field Values

PRIVILEGE_CARD_RESET

static final byte PRIVILEGE_CARD_RESET
Privilege indicating Card Reset (0x05).

See Also:
Constant Field Values

PRIVILEGE_CARD_TERMINATE

static final byte PRIVILEGE_CARD_TERMINATE
Privilege indicating Card Terminate (0x04).

See Also:
Constant Field Values

PRIVILEGE_CVM_MANAGEMENT

static final byte PRIVILEGE_CVM_MANAGEMENT
Privilege indicating CVM Management (0x06).

See Also:
Constant Field Values

PRIVILEGE_DAP_VERIFICATION

static final byte PRIVILEGE_DAP_VERIFICATION
Privilege indicating DAP verification (0x01).

See Also:
Constant Field Values

PRIVILEGE_DELEGATED_MANAGEMENT

static final byte PRIVILEGE_DELEGATED_MANAGEMENT
Privilege indicating Delegated Management (0x02).

See Also:
Constant Field Values

PRIVILEGE_FINAL_APPLICATION

static final byte PRIVILEGE_FINAL_APPLICATION
Privilege indicating Final Application (0x0E).

See Also:
Constant Field Values

PRIVILEGE_GLOBAL_DELETE

static final byte PRIVILEGE_GLOBAL_DELETE
Privilege indicating Global Delete (0x0B).

See Also:
Constant Field Values

PRIVILEGE_GLOBAL_LOCK

static final byte PRIVILEGE_GLOBAL_LOCK
Privilege indicating Global Lock (0x0C).

See Also:
Constant Field Values

PRIVILEGE_GLOBAL_REGISTRY

static final byte PRIVILEGE_GLOBAL_REGISTRY
Privilege indicating Global Registry (0x0D).

See Also:
Constant Field Values

PRIVILEGE_GLOBAL_SERVICE

static final byte PRIVILEGE_GLOBAL_SERVICE
Privilege indicating Global Service (0x0F).

See Also:
Constant Field Values

PRIVILEGE_MANDATED_DAP

static final byte PRIVILEGE_MANDATED_DAP
Privilege indicating Mandated DAP verification privilege (0x07).

See Also:
Constant Field Values

PRIVILEGE_RECEIPT_GENERATION

static final byte PRIVILEGE_RECEIPT_GENERATION
Privilege indicating Receipt Generation (0x10).

See Also:
Constant Field Values

PRIVILEGE_SECURITY_DOMAIN

static final byte PRIVILEGE_SECURITY_DOMAIN
Privilege indicating application is a Security Domain (0x00).

See Also:
Constant Field Values

PRIVILEGE_TOKEN_VERIFICATION

static final byte PRIVILEGE_TOKEN_VERIFICATION
Privilege indicating Token Verification (0x0A).

See Also:
Constant Field Values

PRIVILEGE_TRUSTED_PATH

static final byte PRIVILEGE_TRUSTED_PATH
Privilege indicating Trusted Path (0x08).

See Also:
Constant Field Values

PRIVILEGE_CIPHERED_LOAD_FILE_DATA_BLOCK

static final byte PRIVILEGE_CIPHERED_LOAD_FILE_DATA_BLOCK
Privilege indicating Ciphered Load File Data Block (0x11).

See Also:
Constant Field Values
Method Detail

deregisterService

void deregisterService(short sServiceName)
                       throws javacard.framework.ISOException
Deregisters a service name.

The OPEN shall check that the Application invoking this method corresponds to this entry, that it has the Global Service Privilege, and that the specified service name was previously uniquely registered by that same Application. If not, this method shall throw an exception (see below).

Parameters:
sServiceName - the service name that shall be deregistered.

A service name is encoded on 2 bytes, the 1st byte identifying a family of services and the 2nd byte identifying a service within that family.

The GPSystem class defines a set of constants FAMILY_XXX (of the byte type) that may be used to build a service name (of the short type) suitable to invoke this method as shown in the following examples:

Throws:
javacard.framework.ISOException - if this method is not supported or if the service name was not found or if the conditions allowing to deregister the service name are not satisfied.
See Also:
registerService(short), GPSystem.FAMILY_CVM, GPSystem.FAMILY_SECURE_CHANNEL, GPSystem.FAMILY_USSM, GPSystem.FAMILY_AUTHORITY, GPSystem.FAMILY_HTTP_ADMINISTRATION, GPSystem.FAMILY_HTTP_REPORT

getAID

javacard.framework.AID getAID()
Gets the AID of the Application corresponding to this entry.

Returns:
AID instance identifying the Application corresponding to this entry.

getPrivileges

short getPrivileges(byte[] baBuffer,
                    short sOffset)
                    throws java.lang.ArrayIndexOutOfBoundsException
Gets the Privilege Bytes of the Application corresponding to this entry.

Parameters:
baBuffer - byte array where Privileges Bytes shall be written.
sOffset - offset within baBuffer where Privileges Bytes shall be written.
Returns:
sOffset + number of Privilege Bytes written to baBuffer.
Throws:
java.lang.SecurityException - if baBuffer is not accessible in the caller's context e.g. baBuffer is not a global array nor an array belonging to the caller context.
java.lang.NullPointerException - if baBuffer is null.
java.lang.ArrayIndexOutOfBoundsException - if writing Privileges Bytes would cause access of data outside array bounds.

getState

byte getState()
Gets the Life Cycle State of the Application corresponding to this entry.

Returns:
the Life Cycle State of the Application corresponding to this entry.

isAssociated

boolean isAssociated(javacard.framework.AID sdAID)
Checks whether the Application corresponding to this entry is associated with the specified Security Domain.

The OPEN shall check that the specified sdAID indeed identifies a Security Domain present on the card, and check that the Application corresponding to this entry is associated with this Security Domain. If not, this method shall return false.

Parameters:
sdAID - AID of a Security Domain.
Returns:
true if the Application corresponding to this entry is associated with the specified Security Domain, false otherwise.

isPrivileged

boolean isPrivileged(byte bPrivilege)
Checks whether the Application corresponding to this entry has the specified privilege.

If the specified privilege is unknown, this method shall return false.

Parameters:
bPrivilege - the privilege number to check, i.e. one of the PRIVILEGE_XXX constants.
Returns:
true if the Application corresponding to this entry has the specified privilege, false otherwise.

registerService

void registerService(short sServiceName)
                     throws javacard.framework.ISOException
Registers a service name identifying a service provided by the Application corresponding to this entry.

The specified service name (sServiceName) shall be unique among all the service names previously registered in the GlobalPlatform Registry using this method. Following successful invocation of this method, this service name is known to be uniquely registered: no other Application on the card will be able to register the same service name (until this service name is deregistered (see deregisterService(short))). If the service name identifies a family of service, no other Application on the card will be able to register a service of that family.

The OPEN shall first check that the Application invoking this method corresponds to this entry and that it has the Global Service Privilege.

Then the OPEN shall check that the specified service name:

If any of the above conditions is not satisfied, this method shall throw an exception (see below). Otherwise, the specified service name shall be uniquely registered in the GlobalPlatform Registry.

Parameters:
sServiceName - the service name that shall be uniquely registered.

A service name is encoded on 2 bytes, the 1st byte identifying a family of services and the 2nd byte identifying a service within that family. If the 2nd byte is set to 0x00, the caller of this method is registering an entire family of service.

The GPSystem class defines a set of constants FAMILY_XXX (of the byte type) that may be used to build a service name (of the short type) suitable to invoke this method as shown in the following examples:

Throws:
javacard.framework.ISOException - if this method is not supported or if the conditions allowing to register the service name are not satisfied.
See Also:
deregisterService(short), GPSystem.getService(javacard.framework.AID, short), GPSystem.FAMILY_CVM, GPSystem.FAMILY_SECURE_CHANNEL, GPSystem.FAMILY_USSM, GPSystem.FAMILY_AUTHORITY, GPSystem.FAMILY_HTTP_ADMINISTRATION, GPSystem.FAMILY_HTTP_REPORT

setState

boolean setState(byte bState)
Sets the Life Cycle state of the Application corresponding to this entry.

This method enforces the Life Cycle State transition rules described in Card Specification v2.2.1 section 5.

If this entry corresponds to the Issuer Security Domain (ISD), then the OPEN shall check that the requested transition complies with Card Life Cycle State transition rules. If needed, the OPEN shall check that the Application invoking this method has the Card Lock Privilege or the Card Terminate Privilege.

Otherwise, the following rules shall apply:

Parameters:
bState - the new Life Cycle State. See Card Specification v2.2.1 section 11.1.1 for details on Life Cycle State Coding. A value of GPSystem.APPLICATION_LOCKED (resp. 0x00) may be used to request locking (resp. unlocking) an Application or a Security Domain (other than the ISD).
Returns:
true if the transition was successful, false otherwise.


Copyright © 2003-2014 GlobalPlatform, Inc. All rights reserved. The technology provided or described in this specification is subject to updates, revisions, and extensions by GlobalPlatform. Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights or other intellectual property rights of which they may be aware which might be necessarily infringed by the implementation of the specification or other work product set forth in this document, and to provide supporting documentation.
THIS SPECIFICATION OR OTHER WORK PRODUCT IS BEING OFFERED WITHOUT ANY WARRANTY WHATSOEVER, AND IN PARTICULAR, ANY WARRANTY OF NON-INFRINGEMENT IS EXPRESSLY DISCLAIMED. ANY IMPLEMENTATION OF THIS SPECIFICATION OR OTHER WORK PRODUCT SHALL BE MADE ENTIRELY AT THE IMPLEMENTER'S OWN RISK, AND NEITHER THE COMPANY, NOR ANY OF ITS MEMBERS OR SUBMITTERS, SHALL HAVE ANY LIABILITY WHATSOEVER TO ANY IMPLEMENTER OR THIRD PARTY FOR ANY DAMAGES OF ANY NATURE WHATSOEVER DIRECTLY OR INDIRECTLY ARISING FROM THE IMPLEMENTATION OF THIS SPECIFICATION OR OTHER WORK PRODUCT.