Project

General

Profile

Add-on System » History » Version 12

Hans-Martin Haase, 10/06/2015 12:37 PM

1 4 Hans-Martin Haase
{{toc}}
2
3 1 Dirk Petrautzki
h1. Add-on System
4 4 Hans-Martin Haase
5 11 Hans-Martin Haase
This section describes the add-on system from the perspective of a developer. The implementation of the add-on system is located in the maven module with the group Id *org.openecard* and the artifact Id *addon*. All classes are in a sub namespace of *org.openecard.addon*. The module is divided into the following five packages:
6
7
* *org.openecard.addon*
8
In this package are the main classes of the add-on system, for example the AddonManager or the different AddonRegistries.
9
* *org.openecard.addon.bind*
10
This package includes all classes representing the interface between an addon and a specific binding. That is to say, here are the classes needed to convert a specific request, for example a HTTP request that arrives via the localhost binding, into a generic request, which is independent from binding and vice versa for the response.
11
* *org.openecard.addon.ifd*
12
In here are the classes that specify the interface for an IFD protocol and the factory to instantiate such a protocol.
13
* *org.openecard.addon.manifest*
14
This package accumulates all classes needed to convert (automatically) between the XML represantation of the add-on description and it's java object pendants.
15
* *org.openecard.addon.sal*
16
In here are the classes that specify the interface for an SAL protocol and the factory to instantiate such a protocol.
17
18
19 4 Hans-Martin Haase
On this wiki page you'll find detailed information about the add-on development like the different kinds of add-ons and how they are enabled to communicate with core application.
20
21
h2. Definition of Add-on in the Open eCard context
22
23
_Add-on_ is the generic term for a component that enhances the functionality of the Open eCard App.
24
25
_Extensions_ are independent from the context. Moreover, they are included directly into the user interface and can be executed by the user. For instance, an add-on that provides a PIN change functionality for smart cards is classified as an _extension_.
26
27
_Plug-ins_ depend on the context in which the user uses the application. Performing an authentication to a service using a particular smart card, for instance, requires a _plug-in_ which is capable of providing such functionality. Subsequently, _plug-ins_ require a communication with bindings to interact with external applications and services. Furthermore, we distinguish between IFD, SAL, and application plug-ins.
28
29
h2. Add-on Types
30
31
h3. IFD Plug-ins
32 1 Dirk Petrautzki
33 11 Hans-Martin Haase
An IFD Plug-in represents a protocol which is used to extend the IFD. The protocol implementation may enable the IFD to perform a special user authentication method or establish a secure channel between a card and card reader to protect the communication from being eavesdropped. Each protocol must have a unique identifier in form of a URI. In addition, each protocol plug-in must implement the IFD Protocol Interface and must define protocol-specific _AuthenticationProtocolData_ used in the _EstablishChannel_ call and corresponding response message. An example for an IFD Plugin is the Password Authenticated Connection Establishment (PACE) protocol which is executed by the IFD. It is included as integrated add-on in the Open eCard App.
34 5 Hans-Martin Haase
35 4 Hans-Martin Haase
h3. SAL Plug-ins
36
37 5 Hans-Martin Haase
The SAL provides generic interfaces to common smart card services like Crypto services or differential identity services. The SAL can be extended by plug-ins, which provide implementations of protocols for the Crypto Services and the Differential Identity Services as required for the use of specific signature cards and electronic identity cards for example. The plugin concept is quite similar to the one used for the IFD. There is also an unique identifier necessary in the protocol implementation but an SAL protocol may have multiple steps and allows the definition more sophisticated user interfaces including a sequence of interaction steps to represent information dialogues and general user consents. For example the already included Extended Access Control (EAC) protocol is one of this kind. The protocol is used while authentication process with German eID card.
38
39
40 4 Hans-Martin Haase
h3. Application Plug-ins
41
42 5 Hans-Martin Haase
Application plug-ins provide a mechanism to add additional functionality to the eID application with which external applications can communicate. Depending on the type of the underlying binding, this could be a browser, a PKCS#11 module or even a remote application. Protocol bindings realize the connection to the external world. While a broad variety of transport protocols could be supported, the most obvious choices are HTTP and SOAP,
43 6 Hans-Martin Haase
as they are stipulated by for example. Given the properties of the activation mechanism, HTTP and SOAP, as well as similar transport protocols, the abstract requirements for a protocol binding are given as follows: A protocol binding must support 
44 5 Hans-Martin Haase
45
# a request-response semantic,
46
# a mapping mechanism to identify the appropriate plug-in for a request,
47
# messages comprising a body, named parameters and attachments,
48
# an error delivery mechanism, and
49
# a redirect semantic.
50
51 4 Hans-Martin Haase
h3. Application Extensions
52
53 5 Hans-Martin Haase
Extensions enhance – similar to plug-ins – the basic eID platform and provide additional functionality, but they do not depend on the context in which the eID application is used. Further, extensions are included into the user interface and can be started directly by the user. Similar to application plug-ins, the _AppExtensionAction_ interface contains an execute function. However, this function does not have any parameters nor does it have a result. Therefore, it cannot be used with a binding and only be triggered manually.
54
55
56 4 Hans-Martin Haase
h2. Architecture of an Add-on package
57
58
h3. General architecture
59
60 7 Hans-Martin Haase
An Add-on package is an Java archive (JAR) file which bundles all requires resources like libraries etc. The recognition in the base application is done with via an add-on manifest file located in the _META-INF_ directory. The manifest file has to have the name _addon.xml_ else the archive is not recognized as add-on. This file describes the data model of the add-on you'll find it below. The data model is an XML structure containing general information such as the name, the textual description and configuration entries for changeable settings of the add-on. Furthermore actions are contained which represent the different add-on types from above. The settings are stored in an add-on specific directory and are loaded as Java Properties by the ad-on framework.
61 1 Dirk Petrautzki
62 11 Hans-Martin Haase
 
63
64 7 Hans-Martin Haase
p=. !{width:70%; height:70%}description.png(Add-on manifest data model in UML)!
65 1 Dirk Petrautzki
66 11 Hans-Martin Haase
 
67
68 4 Hans-Martin Haase
h3. The Add-on Manifest
69 7 Hans-Martin Haase
70
This section shows all possible entries for an add-on manifest file and explain there meaning. The manifest is more or less divided into two parts the first one states the general information about the add-on and the second one contains the description of the add-on classes and configuration. So lets start with the general information section.
71
72
<pre>
73
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
74
<AddonSpecification>
75
    <ID>123</ID>
76
    <Version>1.0-SNAPSHOT</Version>
77
    <License>WTFPL</License>
78
    <LicenseText xml:lang="EN">
79
        <![CDATA[<center><b>DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE</b>
80
        <br><br>
81
        Version 2, December 2004
82
        <br><br>
83
        Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
84
        </center>
85
        <br><br>
86
        Everyone is permitted to copy and distribute verbatim or modified
87
        copies of this license document, and changing it is allowed as long
88
        as the name is changed.
89
        <br><br>
90
        DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
91
        TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
92
        <br><br>
93
        0. You just DO WHAT THE FUCK YOU WANT TO.]]>
94
    </LicenseText>
95
    <LocalizedName xml:lang="DE">DummyAddon</LocalizedName>
96
    <LocalizedName xml:lang="EN">DummyAddon</LocalizedName>
97
    <LocalizedDescription xml:lang="EN">Dummy addon which prints some text to standard output and log file.</LocalizedDescription>
98
    <LocalizedDescription xml:lang="DE">Dummy Addon, das nur etwas Text auf der Standardausgabe ausgibt und in die Logdatei schreibt.</LocalizedDescription>
99
    <About xml:lang="EN">
100
        <![CDATA[About:
101
102
        This plugin is just for testing purpose of the Open eCard Addons about dialog. It follows some dummy text to check formatting and wrapping. Lorem ipsum dolor 
103
        sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et
104 10 Hans-Martin Haase
        accusam et justo duo dolores et ea rebum.]]>
105 7 Hans-Martin Haase
    </About>
106
    <Logo>DummyLogo.gif</Logo>
107
    <ConfigDescription>
108
        <Entries>
109
            <EnumListEntry>
110
                <Key>Animal_key</Key>
111
                <Value>Dog</Value>
112
                <Value>Cat</Value>
113
                <Value>Mouse</Value>
114
                <Value>Elephant</Value>
115
                <Value>Donkey</Value>
116
                <LocalizedName xml:lang="DE">Tier-ConfigurationEntry</LocalizedName>
117
                <LocalizedName xml:lang="EN">Animal configuration entry</LocalizedName>
118
                <LocalizedDescription xml:lang="DE">Beschreibung des Tier-ConfigurationEntry</LocalizedDescription>
119
                <LocalizedDescription xml:lang="EN">Description of the animal configuration entry</LocalizedDescription>
120
            </EnumListEntry>
121
            <EnumEntry>
122
                <Key>Kitchen_key</Key>
123
                <Value>Spoon</Value>
124
                <Value>Fork</Value>
125
                <Value>Knife</Value>
126
                <Value>Cup</Value>
127
                <Value>Mug</Value>
128
                <LocalizedName xml:lang="DE">Küchen-ConfigurationEntry</LocalizedName>
129
                <LocalizedName xml:lang="EN">Kitchen configuration entry</LocalizedName>
130
                <LocalizedDescription xml:lang="DE">Beschreibung des Küchen-ConfigurationEntry</LocalizedDescription>
131
                <LocalizedDescription xml:lang="EN">Description of the Kitchen configuation entry</LocalizedDescription>
132
            </EnumEntry>
133
        </Entries>
134
    </ConfigDescription>
135
    [...]
136
</AddonSpecification>
137
</pre>
138
139
As you can see the manifest starts with the @<AddonSpecification>@ tag which covers the complete description. Every add-on requires at least the elements @<ID>@, @<Version>@, @<License>@, @<Logo>@ and a @<ConfigDescription>@ which are explained below. 
140 1 Dirk Petrautzki
141 11 Hans-Martin Haase
&nbsp;
142 9 Hans-Martin Haase
|@<ID>@                |A unique identifier for the add-on package.                                                                                                                         |
143 1 Dirk Petrautzki
|@<Version>@           |The version number of the add-on. This number is used to select an add-on in case there are several versions available.                                             |
144 9 Hans-Martin Haase
|@<License>@           |This element is expected to contain the name of the license of the add-on. For instance _LGPL Version 3_ or _Proprietary_ are such names but in case of a custom or proprietary license you should state the text of the license in the optional element @<LicenseText>@ field.                                                                                 |
145 11 Hans-Martin Haase
|@<Logo>@              |This element states a name of a logo file contained in the add-on package. This logo is displayed in the GUI in case there are configuration options for your add-on.                                                                                                                                                |
146 1 Dirk Petrautzki
|@<ConfigDescription>@ |The element is used to state configuration entries which are used by all parts of the addon. For complete description of the @<ConfigDescription>@ see the next section. If there are no such configuration entries the element may be set to empty witht the element tag @<ConfigDescription/>@. A detailed description of this element is available [[Add-on System#Types available in the configuration|here]].                                                                                                                                |
147 9 Hans-Martin Haase
148 11 Hans-Martin Haase
&nbsp;
149 7 Hans-Martin Haase
The optional elements of this first section are @<LicenseText>@, @<LocalizedName>@, @<LocalizedDescription>@ and @<About>@.
150 1 Dirk Petrautzki
151 9 Hans-Martin Haase
|@<About>@                |Localized string containing the typical information state in an about dialog. The elements may appear several times for different languages. |
152
|@<LicenseText>@          |Localized string containing the license text of the add-on. The element may appear several times for different languages.                    |
153
|@<LocalizedDescription>@ |Localized string containing a description of the add-on. The element may appear several times for different languages.                       |
154
|@<LocalizedName>@        |Localized string containing the name of the add-on. The element may appear several times for different languages.                            |
155 1 Dirk Petrautzki
156
*Note:* The elements @<About>@ and @<LicenseText>@ may contain a @CDATA@ block containing basic HTML code to format the text. This feature heavily depends on the UI implementation. For example the richclient which uses the Swing Framework supports just HTML in version 3.2. Other gui implementations may support higher versions and so more tags.
157 7 Hans-Martin Haase
&nbsp;
158 8 Hans-Martin Haase
&nbsp;
159 9 Hans-Martin Haase
Now we have the general part of the add-on so let's go on with the second part. The second part contains the descriptions of the available actions which have to appear in the following order @<BindingActions>@, @<ApplicationActions>@, @<IFDActions>@ and @<SALActions>@.
160
161
* *BindingActions* contain the descriptions of Application Plugin
162
* *ApplicationActions* contain the descriptions of Application Extensions
163
* *IFDActions* contain the descriptions of IFD Plugins
164
* *SALActions* contain the descriptions of SAL Plugins
165
166
Every *Actions element may contain zero or more elements which describe the actions. An example of the second part is below but note there don't have to be all actions available it's just an example non relevant actions do not have to appear or may be stated as empty.
167
168 1 Dirk Petrautzki
<pre>
169
    <AddonSpecification>
170
        [...]
171 9 Hans-Martin Haase
        <BindingActions>
172
            <AppPluginSpecification>
173
                <ClassName>package.path.to.my.class</ClassName>
174
                <LoadOnStartup>true</LoadOnStartup>
175
                <LocalizedName xml:lang="EN">Test class</LocalizedName>
176
                <LocalizedDescription xml:lang="EN">Test descriptions</LocalizedDescription>
177
                <ResourceName>/test</ResourceName>
178
                <ConfigDescription/>
179
                <Parameters>
180
                    <Name>Foo</Name>
181
                    <Value>Bar</Value>
182
                </Parameters>
183
                <Body>
184
                    <MimeType>text/html</MimeType>
185
                    <Node><![CDATA[<html><head></head><body>test</body></html>]]></Node>
186
                </Body>
187
                <Attachments>
188
                    <MimeType>application/octet-stream</MimeType>
189
                    <Name>signature.asc</Name>
190
                </Attachments>
191
            </AppPluginSpecification>
192
        </BindingActions>
193 1 Dirk Petrautzki
        <ApplicationActions>
194
            <AppExtensionSpecification>
195
                <ID>123</ID>
196
                <ClassName>org.openecard.addon.openecarddummyaddon.DummyAddonStep</ClassName>
197 7 Hans-Martin Haase
                <LoadOnStartup>true</LoadOnStartup>
198
                <LocalizedName xml:lang="DE">Test-ExtensionAction</LocalizedName>
199
                <LocalizedName xml:lang="EN">Test extension action</LocalizedName>
200
                <LocalizedDescription xml:lang="DE">Testbeschreibung</LocalizedDescription>
201
                <LocalizedDescription xml:lang="EN">test description</LocalizedDescription>
202
                <ConfigDescription>
203
                    <Entries>
204
                        <EnumEntry>
205
                            <Key>Foo</Key>
206
                            <Value>bar</Value>
207
                            <LocalizedName xml:lang="DE">Test-ConfigurationEntry</LocalizedName>
208
                            <LocalizedName xml:lang="EN">Test configuration entry</LocalizedName>
209
                            <LocalizedDescription xml:lang="DE">Testbeschreibung</LocalizedDescription>
210 9 Hans-Martin Haase
                            <LocalizedDescription xml:lang="EN">test description</LocalizedDescription>
211
                        </EnumEntry>
212
                    </Entries>
213
                </ConfigDescription>
214
            </AppExtensionSpecification>
215
        </ApplicationActions>
216
        <IFDActions>
217
            <ProtocolPluginSpecification>
218 7 Hans-Martin Haase
                <URI>urn:uri:1.2.3</URI>
219
                <ClassName>package.path.to.protocol.class</ClassName>
220
                <LoadOnStartup>false</LoadOnStartup>
221 9 Hans-Martin Haase
                <LocalizedName xml:lang="EN">Test Protocol</LocalizedName>
222 7 Hans-Martin Haase
                <LocalizedDescription xml:lang="EN">Description of test protocol</LocalizedDescription>
223 9 Hans-Martin Haase
                <ConfigDescription/>
224
            </ProtocolPluginSpecification>
225 1 Dirk Petrautzki
        </IFDActions>
226
        <SALActions/>
227
    </AddonSpecification>
228
</pre>
229
230 11 Hans-Martin Haase
An entry for the SALActions is omitted in the example because the definition is the same as for the IFDActions both contain _ProtocolPluginSpecifications_. As you may have noticed there are entries in every specification which are the same. They are discussed following and after that the elements which are unique for a specification are clarified.
231
&nbsp;
232 1 Dirk Petrautzki
233 11 Hans-Martin Haase
|@<ClassName>@           |States the name of the class which implements the the interface specific for the action. The field is required in an valid description.                           |
234
|@<LoadOnStartup>@       |States whether the add-on shall be initialized on start of the core application. The element is not required and defaults to *false* if it is not given.          |
235
|@<LocalizedName>@       |States the name of the action. The elements is optional and may appear several times for different languages.                                                     |
236
|@<LocalizedDescription>@|Here you may provide an optional description of what the action does. The number of this element is not limited so several languages can be supported.            |
237
|@<ConfigDescription>@   |Description of the configuration options which are changeable by the user. The element is required but it may be empty. A detail discussion about this element is in an extra section [[Add-on System#Types available in the configuration|here]].                                                                                                            |
238 10 Hans-Martin Haase
239 11 Hans-Martin Haase
&nbsp;
240 1 Dirk Petrautzki
*Application Plugin specific elements*
241 12 Hans-Martin Haase
|@<Parameter>@   |This element is just specified and not implemented yet.|
242
|@<ResourceName>@|Name of the resource where the action shall be available. The default address of the HTTP Binding is http://localhost:24727/ the resource name needs to be relative to this address. E.g. the integrated status add-on is available under http://localhost:24727/getStatus.|
243
|@<Body>@        |This element is just specified and not implemented yet.|
244
|@<Attachment>@  |This element is just specified and not implemented yet.|
245 1 Dirk Petrautzki
246 11 Hans-Martin Haase
&nbsp;
247 1 Dirk Petrautzki
*Application Extension specific elements*
248
|@<ID>@|A unique ID for the action which is used to query the add-on in the registry. The element is required.|
249
250 11 Hans-Martin Haase
&nbsp;
251 2 Dirk Petrautzki
*Protocol plugin specific elements*
252
Both, SAL and IFD plugin, are represented by an protocol plugin.
253 1 Dirk Petrautzki
|@<URI>@|An unique uri which represents the plugin. The selection of the protocol is performed by the evaluation of this element. The element is required.|
254 2 Dirk Petrautzki
255
256 1 Dirk Petrautzki
h3. Types available in the configuration
257
258
The _ConfigDescription_ element used in the actions and in the general description of the add-on represent always configuration options which are changeable by the user. Configuration entries which are not connected with a user decision should be placed into a separate configuration. This means every entry in the _ConfigDescription_ has an representation as an UI element so the support of an entry type depends on the UI implementation. The Swing implementation implements all options the other GUI implementations are currently not complete.
259
_ConfigDescription_ elements may contain the following entry types: EnumEntry, EnumListEntry, FileEntry, FileListEntry, ScalarEntry and ScalarListEntry. They are mapped to the following UI elements:
260
261 11 Hans-Martin Haase
|EnumEntry      |The localized name is displayed as label (fallback key name) and the values are represented as checkboxes.                                                                 |
262
|EnumListEntry  |A list with fixed size containing the values. The UI element is an drop down box.                                                                                          |
263
|FileEntry      |A entry which allows the user to select a file. A file selection dialog represents the entry.                                                                              |
264
|FileListEntry  |Dynamic list of _FileEntry_'s which are displayed as multiple file selection dialogs.                                                                                      |
265
|ScalarEntry    |The representation depends on the type of the scalar. Available types are BOOLEAN, BIGDECIMAL, BIGINTEGER and STRING. The BOOLEAN type is represented by a single checkbox, the BIGDECIMAL and BIGINTEGER are represented by text field with a spin button and the STRING type is displayed as single text field.                                                       |
266
|ScalarListEntry|The element represents a dynamic list of _ScalarEntry_'s restricted to the types BIGDECIMAL, BIGINTEGER and STRING.                                                        |
267 1 Dirk Petrautzki
268
*NOTE*: Descriptions of the GUI representation is taken from the Swing GUI other GUI implementations may use other objects.
269
270 11 Hans-Martin Haase
&nbsp;
271 1 Dirk Petrautzki
272
h2. Add-on Implementation
273
274 11 Hans-Martin Haase
The implementation of an add-on depends always on the type of the add-on but there are also similarities between them. The specific interfaces of the add-ons are explained in the following sections in this section we provide information about the similarities. Every add-on specific interface extends the LifecycleTrait interface which which provides the functions @init(Context ctx)@ and @destroy()@ which mark the beginning and the end of an add-on in their life cycle.. The @init(Context ctx)@ method is call on the initialization and provides access to core components via the @Context@ object. The accessible core components are: AddonManager, AddonProperties, Dispatcher, EventManager, EventHandler, UserConsent, CardRecognition and some other elements for informational use.
275 2 Dirk Petrautzki
276 11 Hans-Martin Haase
|AddonManager   |Provides access to the add-on registries and other add-ons.                                                                                             |
277
|AddonProperies |Provides access to the changeable configuration of the add-on.                                                                                          |
278
|Dispatcher     |Provides access to credentials via SAL and IFD commands.                                                                                                |
279
|EventManager   |Allows to register _EventCallbacks_ this enables an add-on e.g. to react to the insertion of a card.                                                    |
280
|EventHandler   |Allows to issue own signals which may be interpreted by other components or add-ons. For instance an add-on which is able to identify a card which is not know by the core and sends a card recognized signal.                                                                                                                 |
281
|CardRecognition|Provides access to CardInfo objects and card images.                                                                                                    |
282
|UserConsent    |Provides access to the UI. With the UserConsent you are able to just display simple information dialogs or also complex step oriented user interfaces.  |
283 2 Dirk Petrautzki
284
h3. Application extension implementation details
285
286 11 Hans-Martin Haase
p=. !AppExtension.png!
287
288
The figure shows the _AppExtensionAction_ interface which have to be implements by in case of an application extension. The implementing party has to implement the @init(Context ctx)@, @destroy()@ methods which are inherited from the LifecycleTrait and @execute()@ method which comes directly from the _AppExtensionAction_. The extension is included directly into the user interface so the user is able to start it directly from there because the extension does not have any context and is independent it needs to be triggered manually. The execution in the GUI triggers the @execute()@ method which does not have parameters or a return value which means it cannot be used with a binding.
289
290 2 Dirk Petrautzki
h3. Application plugin implementation details
291
292 11 Hans-Martin Haase
p=. !AppPlugin.png!
293 3 Dirk Petrautzki
294 11 Hans-Martin Haase
As you can see in the figure the _AppPluginAction_ interfaces _execute_ method takes now three parameters a _Body_ which is represented by a Node which has the advantage that it might be instead of a XML or HTML document also just a string or a number. Furthermore _Parameters_ are given which contain the query parameters of the request sent to the add-on. The last parameter _Attachment_ may contain a binary file or something like that which shall be processed by the add-on. In return to that input the _execute_ method has to issue a _BindingResult_which is able to cover the same object so they are contained in the response which is issued by the corresponding binding but there is more in this object which needs to be specified. The following picture indicates what the others are.
295 3 Dirk Petrautzki
296 11 Hans-Martin Haase
p=. !{width: 20%;height: 10%}BindingResult.png!
297 3 Dirk Petrautzki
298 11 Hans-Martin Haase
The previously stated elements _Attachment_, _Body_ and _Parameters_ are optional but the _BindingResultCode_ is required and dependent on the code also the _AuxResultData_ so if the result code is _REDIRECT_ the _AuxResultData_ has to contain the location with the redirect destination. The _ResultMessage_ is also optional but shall be used in case the response is an error response which is directly displayed in the browser. So the user may get an impression what's wrong and correct the input or get in touch with some kind of support.
299
 
300
h3. IFD protocol implementation details
301 3 Dirk Petrautzki
302 11 Hans-Martin Haase
The _IFDProtocol_ interface defines functions for IFD protocols. The _establish()_ method executes the protocol and is triggered by a @EstablishChannel@ IFD API call which is guided to the responsible protocol implementation which takes the request containing a @SlotHandle@ to address a specific card and @AuthenticationProtocolData@ which may be required for the channel establishment. Furthermore the methods _applySM(byte[] commandAPDU)_ and _removeSM(byte[] responseAPDU)_ have to be implemented. They are used to add and remove Secure Messaging to the communication between the card and the terminal.
303 1 Dirk Petrautzki
304 11 Hans-Martin Haase
p=. !IFDInterface.png!
305 1 Dirk Petrautzki
306 11 Hans-Martin Haase
h3. SAL protocol implementation details
307 1 Dirk Petrautzki
308 11 Hans-Martin Haase
As depicted in the picture below the _SALProtocol_ interface is probably the most complex available one in the add-on context. The interface covers also the LifecyleTreat methods and also the @applySM(byte[] commandAPDU)@ and @removeSM(byte[] responseAPDU)@ which are known from the _IFDProtocol_ interface. In addition the cryptographic and differential identity functions have to be implemented the functions are:
309
&nbsp;
310 1 Dirk Petrautzki
311 11 Hans-Martin Haase
|cardApplicationStartSession|Starts a session with a specific card.                                     |
312
|cardApplicationEndSession  |Ends a session with a specific card.                                       |
313
|encipher                   |Enciphers the data contained in the parameter.                             |
314
|decipher                   |Deciphers the data contained in the parameter.                             |
315
|getRandom                  |Generates a random number according to the specifications in the parameter.|
316
|hash                       |Creates a hash from the given data.                                        |
317
|sign                       |Signs the given data.                                                      |
318
|verifySignature            |Verifies the given signature.                                              |
319
|verifyCertificate          |Verifies the given certificate.                                            |
320
|didCreate                  |Creates a new differential identity.                                       |
321
|didUpdate                  |Updates an existing differential identity.                                 |
322
|didDelete                  |Deletes an existing differential identity.                                 |
323
|didAuthenticate            |Authenticates a differential identity.                                     |
324 1 Dirk Petrautzki
325 11 Hans-Martin Haase
For detailed information about the functions see TR-03112 especially part four and seven.
326 1 Dirk Petrautzki
327 11 Hans-Martin Haase
&nbsp;
328
Now there just the methods _getInternalData_, _isFinished_, _hasNextStep_ and_needsSM_ left. They are probably self explaining if not take a look into the class @SALProtocolBaseImpl@ which is an abstract class providing base functionality and provides an easy way to implement step based protocols. The @ProtocolStep@ interface is used for this purpose.
329
330
p=. !SALInterface.png!