public interface GPRegistryEntry
extends javacard.framework.Shareable
Every GPRegistryEntry
instance corresponds to an Application
registered within the GlobalPlatform Registry.
To retrieve an instance of this interface, an Application shall invoke the
GPSystem.getRegistryEntry(javacard.framework.AID)
method.
Modifier and Type | Field and Description |
---|---|
static byte |
PRIVILEGE_AUTHORIZED_MANAGEMENT
Privilege indicating Authorized Management (0x09).
|
static byte |
PRIVILEGE_CARD_LOCK
Privilege indicating Card Lock (0x03).
|
static byte |
PRIVILEGE_CARD_RESET
Privilege indicating Card Reset (0x05).
|
static byte |
PRIVILEGE_CARD_TERMINATE
Privilege indicating Card Terminate (0x04).
|
static byte |
PRIVILEGE_CIPHERED_LOAD_FILE_DATA_BLOCK
Privilege indicating Ciphered Load File Data Block (0x11).
|
static byte |
PRIVILEGE_CVM_MANAGEMENT
Privilege indicating CVM Management (0x06).
|
static byte |
PRIVILEGE_DAP_VERIFICATION
Privilege indicating DAP verification (0x01).
|
static byte |
PRIVILEGE_DELEGATED_MANAGEMENT
Privilege indicating Delegated Management (0x02).
|
static byte |
PRIVILEGE_FINAL_APPLICATION
Privilege indicating Final Application (0x0E).
|
static byte |
PRIVILEGE_GLOBAL_DELETE
Privilege indicating Global Delete (0x0B).
|
static byte |
PRIVILEGE_GLOBAL_LOCK
Privilege indicating Global Lock (0x0C).
|
static byte |
PRIVILEGE_GLOBAL_REGISTRY
Privilege indicating Global Registry (0x0D).
|
static byte |
PRIVILEGE_GLOBAL_SERVICE
Privilege indicating Global Service (0x0F).
|
static byte |
PRIVILEGE_MANDATED_DAP
Privilege indicating Mandated DAP verification privilege (0x07).
|
static byte |
PRIVILEGE_RECEIPT_GENERATION
Privilege indicating Receipt Generation (0x10).
|
static byte |
PRIVILEGE_SECURITY_DOMAIN
Privilege indicating application is a Security Domain (0x00).
|
static byte |
PRIVILEGE_TOKEN_VERIFICATION
Privilege indicating Token Verification (0x0A).
|
static byte |
PRIVILEGE_TRUSTED_PATH
Privilege indicating Trusted Path (0x08).
|
Modifier and Type | Method and Description |
---|---|
void |
deregisterService(short sServiceName)
Deregisters a service name.
|
javacard.framework.AID |
getAID()
Gets the AID of the Application corresponding to
this entry. |
short |
getPrivileges(byte[] baBuffer,
short sOffset)
Gets the Privilege Bytes of the Application corresponding to
this entry. |
byte |
getState()
Gets the Life Cycle State of the Application corresponding to
this entry. |
boolean |
isAssociated(javacard.framework.AID sdAID)
Checks whether the Application corresponding to
this entry is
associated with the specified Security Domain. |
boolean |
isPrivileged(byte bPrivilege)
Checks whether the Application corresponding to
this entry has
the specified privilege. |
void |
registerService(short sServiceName)
Registers a service name identifying a service provided by the Application
corresponding to
this entry. |
boolean |
setState(byte bState)
Sets the Life Cycle state of the Application corresponding to
this entry. |
static final byte PRIVILEGE_AUTHORIZED_MANAGEMENT
static final byte PRIVILEGE_CARD_LOCK
static final byte PRIVILEGE_CARD_RESET
static final byte PRIVILEGE_CARD_TERMINATE
static final byte PRIVILEGE_CVM_MANAGEMENT
static final byte PRIVILEGE_DAP_VERIFICATION
static final byte PRIVILEGE_DELEGATED_MANAGEMENT
static final byte PRIVILEGE_FINAL_APPLICATION
static final byte PRIVILEGE_GLOBAL_DELETE
static final byte PRIVILEGE_GLOBAL_LOCK
static final byte PRIVILEGE_GLOBAL_REGISTRY
static final byte PRIVILEGE_GLOBAL_SERVICE
static final byte PRIVILEGE_MANDATED_DAP
static final byte PRIVILEGE_RECEIPT_GENERATION
static final byte PRIVILEGE_SECURITY_DOMAIN
static final byte PRIVILEGE_TOKEN_VERIFICATION
static final byte PRIVILEGE_TRUSTED_PATH
static final byte PRIVILEGE_CIPHERED_LOAD_FILE_DATA_BLOCK
void deregisterService(short sServiceName) throws javacard.framework.ISOException
The OPEN shall check that the Application invoking this method corresponds
to this
entry, that it has the Global Service Privilege, and
that the specified service name was previously uniquely registered by that
same Application. If not, this method shall throw an exception (see
below).
sServiceName
- the service name that shall be deregistered.A service name is encoded on 2 bytes, the 1st byte identifying a family of services and the 2nd byte identifying a service within that family.
The GPSystem
class defines a set of constants
FAMILY_XXX
(of the byte
type) that may be used to
build a service name (of the short
type) suitable to invoke
this method as shown in the following examples:
(short)((GPSystem.FAMILY_CVM
<<8)|0x11)
(short)((GPSystem.FAMILY_HTTP_ADMINISTRATION
<<8)|0x00)
javacard.framework.ISOException
- if this method is not supported or if the service
name was not found or if the conditions allowing to deregister the service
name are not satisfied.registerService(short)
,
GPSystem.FAMILY_CVM
,
GPSystem.FAMILY_SECURE_CHANNEL
,
GPSystem.FAMILY_USSM
,
GPSystem.FAMILY_AUTHORITY
,
GPSystem.FAMILY_HTTP_ADMINISTRATION
,
GPSystem.FAMILY_HTTP_REPORT
javacard.framework.AID getAID()
this
entry.AID
instance identifying the Application corresponding to
this
entry.short getPrivileges(byte[] baBuffer, short sOffset) throws java.lang.ArrayIndexOutOfBoundsException
this
entry.baBuffer
- byte array where Privileges Bytes shall be written.sOffset
- offset within baBuffer
where Privileges Bytes
shall be written.sOffset
+ number of Privilege Bytes written to
baBuffer
.java.lang.SecurityException
- if baBuffer
is not accessible in
the caller's context e.g. baBuffer
is not a global
array nor an array belonging to the caller context.java.lang.NullPointerException
- if baBuffer
is null
.java.lang.ArrayIndexOutOfBoundsException
- if writing Privileges Bytes would
cause access of data outside array bounds.byte getState()
this
entry.this
entry.boolean isAssociated(javacard.framework.AID sdAID)
this
entry is
associated with the specified Security Domain.
The OPEN shall check that the specified sdAID
indeed
identifies a Security Domain present on the card, and check that the
Application corresponding to this
entry is associated with
this Security Domain. If not, this method shall return
false
.
sdAID
- AID of a Security Domain.true
if the Application corresponding to
this
entry is associated with the specified Security Domain,
false
otherwise.boolean isPrivileged(byte bPrivilege)
this
entry has
the specified privilege.
If the specified privilege is unknown, this method shall return
false
.
bPrivilege
- the privilege number to check, i.e. one of the
PRIVILEGE_XXX
constants.true
if the Application corresponding to
this
entry has the specified privilege, false
otherwise.void registerService(short sServiceName) throws javacard.framework.ISOException
this
entry.
The specified service name (sServiceName
) shall be unique
among all the service names previously registered in the GlobalPlatform
Registry using this method. Following successful invocation of this method,
this service name is known to be uniquely registered: no other Application
on the card will be able to register the same service name (until this
service name is deregistered (see deregisterService(short)
)). If the
service name identifies a family of service, no other Application on the
card will be able to register a service of that family.
The OPEN shall first check that the Application invoking this method
corresponds to this
entry and that it has the Global Service
Privilege.
Then the OPEN shall check that the specified service name:
this
entry (i.e. specified as part of System Install
Parameters in the INSTALL command).
sServiceName
- the service name that shall be uniquely registered.
A service name is encoded on 2 bytes, the 1st byte identifying a family of
services and the 2nd byte identifying a service within that family. If the
2nd byte is set to 0x00
, the caller of this method is
registering an entire family of service.
The GPSystem
class defines a set of constants
FAMILY_XXX
(of the byte
type) that may be used to
build a service name (of the short
type) suitable to invoke
this method as shown in the following examples:
(short)((GPSystem.FAMILY_CVM
<<8)|0x11)
(short)((GPSystem.FAMILY_HTTP_ADMINISTRATION
<<8)|0x00)
javacard.framework.ISOException
- if this method is not supported or if the
conditions allowing to register the service name are not satisfied.deregisterService(short)
,
GPSystem.getService(javacard.framework.AID, short)
,
GPSystem.FAMILY_CVM
,
GPSystem.FAMILY_SECURE_CHANNEL
,
GPSystem.FAMILY_USSM
,
GPSystem.FAMILY_AUTHORITY
,
GPSystem.FAMILY_HTTP_ADMINISTRATION
,
GPSystem.FAMILY_HTTP_REPORT
boolean setState(byte bState)
this
entry.This method enforces the Life Cycle State transition rules described in Card Specification v2.2.1 section 5.
If this
entry corresponds to the Issuer Security Domain (ISD),
then the OPEN shall check that the requested transition complies with Card
Life Cycle State transition rules. If needed, the OPEN shall check that the
Application invoking this method has the Card Lock Privilege or the Card
Terminate Privilege.
Otherwise, the following rules shall apply:
this
entry corresponds to a Security Domain, then the
OPEN shall check that the requested transition complies with Security
Domains' Life Cycle State transition rules.
this
entry does not correspond to a Security Domain,
then the OPEN shall check the requested transition complies with
Applications' Life Cycle State transition rules.
bState
is set to 1, then the
call to this method shall be interpreted as an attempt to lock an
Application (or Security Domain), and other bits of bState
shall be ignored (b7-b1).
this
entry corresponds to an Application (or Security
Domain) that is currenly locked, then only the high order bit (b8) of
bState
shall be taken into account and, if it is set to 0 then
the call to this method shall be interpreted as an attempt to unlock the
Application (or Security Domain). Other bits of bState
shall
be ignored (b7-b1).
this
entry or has the Global Lock
Privilege.
bState
- the new Life Cycle State. See Card Specification v2.2.1
section 11.1.1 for details on Life Cycle State Coding. A value of GPSystem.APPLICATION_LOCKED
(resp. 0x00) may be used to request locking
(resp. unlocking) an Application or a Security Domain (other than the ISD).true
if the transition was successful,
false
otherwise.Copyright © 2003-2018 GlobalPlatform, Inc. All rights reserved. The technology provided or described in this specification is subject to updates, revisions, and extensions by GlobalPlatform. Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights or other intellectual property rights of which they may be aware which might be necessarily infringed by the implementation of the specification or other work product set forth in this document, and to provide supporting documentation.
THIS SPECIFICATION OR OTHER WORK PRODUCT IS BEING OFFERED WITHOUT ANY WARRANTY WHATSOEVER, AND IN PARTICULAR, ANY WARRANTY OF NON-INFRINGEMENT IS EXPRESSLY DISCLAIMED. ANY IMPLEMENTATION OF THIS SPECIFICATION OR OTHER WORK PRODUCT SHALL BE MADE ENTIRELY AT THE IMPLEMENTER'S OWN RISK, AND NEITHER THE COMPANY, NOR ANY OF ITS MEMBERS OR SUBMITTERS, SHALL HAVE ANY LIABILITY WHATSOEVER TO ANY IMPLEMENTER OR THIRD PARTY FOR ANY DAMAGES OF ANY NATURE WHATSOEVER DIRECTLY OR INDIRECTLY ARISING FROM THE IMPLEMENTATION OF THIS SPECIFICATION OR OTHER WORK PRODUCT.