gettingstarted with java card
TRANSCRIPT
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 1/39
Java Card™ 3 Platform
Peter Allenbach
Sun Microsystems, Inc.
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 2/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 2
Agenda
From plastic to Java Card™ 3.0
Things to know about Java Card 3.0
Introducing Java Card 3.0
Java Card 3.0 vs. Java SE™
Java Card 3.0 vs. Java ME™
Java Card 3.0 vs. Java EE™
More About Web Applications
Reference Implementation (RI)Say Hello using Java Card 3.0 RI
Q & A
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 3/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 3
Plastic cards• Introduced in the 50's
• Cardholder identification and authentication
• Signature, then magstripe and PIN codes
Smart cards• Introduced in the 80's
• Local authentication server, stored value
• On-card PIN verification
• Storage of sensitive information• Later, cryptography
Original photo by Mitekhttp://www.flickr.com/photos/mikek/40737702/
From Plastic to Java Card 3.0The Beginning
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 4/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 4
A single chip in every card
Very limited resources• In particular, RAM
From Plastic to Java Card 3.0The Smart in the Card
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 5/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 5
Introduces applications to smart cards• Interoperability of platforms, portability of applications
• Multiple applications, with security guarantees
• Dynamic application management
Runs on low-end smart cards• Less memory (4-8K of RAM and 32-64K of EEPROM)
• 8 Bit Processors (Slow)
Widely used technology for a decade• It is the dominant smart card technology today
Very limited subset of Java™• Partial support of basic types (8/16-bit values, no float, no String)
• Very small subset of the APIs
• Specific and pre-processed binary file format (CAP file)
• Single threaded, no garbage collection
From Plastic to Java Card 3.0Java Card 2
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 6/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 6
Major evolution of Java Card 2• Same principles: interoperability, security, multiple applications
• Exploitation of new hardware features
• More memory, more processing power, enhanced communication
New capabilities for new use cases• A true personal Web server for enhanced user interaction
• Possibility to initiate an action for more flexibility
• Enhanced application model for more collaboration
Two editions
• Classic Edition• Supports only Classic Applets
• Basically, Java Card 3.0 Classic is an evolution of Java Card 2
• Connected Edition
• New and improved model, and t h e t o p i c o f t h i s t a l k
From Plastic to Java Card 3.0Java Card 3.0
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 7/39Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 7
Most Important Thing About Java Card
Security is Paramount
“Web Server in the Street”
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 8/39Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 8
Things to know about Java Card
Java Card is a Server
VM never exits
Two heaps
Persistent Objects
Firewall between applications
Inter Application Communication
Atomicity and Transactions
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 9/39Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 9
Things to know about Java Card
Java Card is a server• Process incoming requests, and send response back to client
Communication Protocols
• APDUs (serial) is the traditional card-specific protocol• HTTP(S) for Java Card 3.0 Connected Edition using high speed
interfaces like USB
Two major communication interfaces• Contactless
• Just put the card close to the reader
• Contacted
• Inserted into card reader
• USB
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 10/39Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 10
Things to know about Java CardVM Never Exits
“Card Initialization” happens only once• This is when the VM initialization happens
• All required static data structures are created at this time
• Card starts listening for Incoming requests
“Card Reset” happens every time the card loses power• If card is taken out (card tear) – everything stops
• When card is inserted again into card reader
• RAM heap is lost
• System ensures that data is consistent across tears
• Card starts listening for incoming requests
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 11/39Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 11
Things to know about Java CardTwo Heaps
Non-Volatile Heap Volatile Heap
Persistent Objects
Session Objects
Unlike standard Java, Java Card has two heaps• All Session Objects created in Volatile Memory
• Objects that are reachable from root of persistence will be in Non-Volatile Memory
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 12/39Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 12
Things to know about Java CardPersistent Objects
public class PersistenceExample {
void aMethod() {
Vector<String> v = new Vector<String>();v.addElement(new String(“1111”)); // String s1
v.addElement(new String(“2222”)); // String s2
someRootObject.addObject(v); // v is promoted }
}
Non-Volatile Heap Volatile Heap
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 13/39Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 13
Things to know about Java CardPersistent Objects
public class PersistenceExample {
void aMethod() {
Vector<String> v = new Vector<String>();v.addElement(new String(“1111”)); // String s1
v.addElement(new String(“2222”)); // String s2
someRootObject.addObject(v); // v is promoted }
}
v
Non-Volatile Heap Volatile Heap
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 14/39Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 14
Things to know about Java CardPersistent Objects
public class PersistenceExample {
void aMethod() {
Vector<String> v = new Vector<String>();v.addElement(new String(“1111”)); // String s1
v.addElement(new String(“2222”)); // String s2
someRootObject.addObject(v); // v is promoted }
}
v s1
Non-Volatile Heap Volatile Heap
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 15/39Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 15
Things to know about Java CardPersistent Objects
public class PersistenceExample {
void aMethod() {
Vector<String> v = new Vector<String>();v.addElement(new String(“1111”)); // String s1
v.addElement(new String(“2222”)); // String s2
someRootObject.addObject(v); // v is promoted }
}
v s1
s2
Non-Volatile Heap Volatile Heap
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 16/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 16
Things to know about Java CardPersistent Objects
public class PersistenceExample {
void aMethod() {
Vector<String> v = new Vector<String>();v.addElement(new String(“1111”)); // String s1
v.addElement(new String(“2222”)); // String s2
someRootObject.addObject(v); // v is promoted }
}
v G G
G
s2
s1
G Garbage
Non-Volatile Heap Volatile Heap
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 17/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 17
Things to know about Java CardFirewall between applications
All applications run in the same VM, and exist in the sameheap• Objects created by one application cannot be accessed by another
application
•Every object access is checked by the firewall
• SecurityException is thrown if access is not permitted
App2 ObjectsApp1 Objects
Firewall Check
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 18/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 18
Things to know about Java CardInter Application Communication
Applications can communicate with each other using SharedInterface Objects (SIO)• App1 defines and implements a Shareable Interface
• App1 allows App2 to access this SIO
• Firewall allows App2 to access the SIO object
SIO of App1
App2 ObjectsApp1 Objects
Firewall Check
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 19/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 19
Things to know about Java CardAtomicity and Transactions
Card Tear may happen at any time• Card can be pulled out of the card reader at any time
• Java Card must guarantee the integrity of user data
Individual persistent writes are atomic• Every write into Non-Volatile memory is atomic
Transaction Facility• Transactions may be used to group persistent writes
• The application specifies the start and end of transactions• Unfinished or aborted updates will be rolled back
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 20/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 20
Runs on recent (high-end) smart cards• More Memory (Approx 24K of Volatile and 128K of Non-Volatile)
• 32 bit Processor (Fast)
Full Java Language Support• All data types except float and double
• Multiple Threads
• Extensive API support (java.lang, java.util, GCF, ...)
• Handles class files directly, with all loading and linking on card
• All new Java language syntax constructs, like enums, generics,enhanced for loops, auto boxing/unboxing, etc.
• Automatic Garbage Collection
The technology for the coming years
Introducing Java Card 3.0What's New
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 21/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 21
Introducing Java Card 3.0Connectivity Layers and Protocol Stack
New In Java Card 3.0Connected Edition
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 22/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 22
Introducing Java Card 3.0High Level Architecture
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 23/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 23
Classic Applets• Communication using APDU protocol
• For backward compatibility
• Java Card 2 limitations apply for these applications
Extended Applets• Communication using APDU protocol
• Similar to Classic Applets, but can use all the new API, like Threads,Strings, GCF, etc.
Servlet Applications• Based on Servlet 2.4 API
• Communication using standard HTTP/ HTTPS protocol
Introducing Java Card 3.0Application Models
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 24/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 24
Application start is not main() method• Java Card applications do not have main() method
• “life cycle” model
• Applet Container and Servlet Container
• Application components are either Java Card Applets or Servlets
Network programming using GCF API• Connector.open(“http://.....”);
• Connector.open(“socket://host:1234”);
Not Entire API is supported
Java Card 3.0 vs. Java SE
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 25/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 25
Java Card 3.0 is very close to Connected Limited DeviceConfiguration (CLDC)
Class files compiled with JDK 6
• Class file major version is 50
Class File Verification is same as in CLDC• But no preverifier, because JDK6 generates StackMapTables
• JDK 6 Stackmaps are a little different than preverifier generated
Stackmaps, but the purpose is same
Not MIDlets, but Java Card Applets and Servlets
JAD file of MIDlet suite can be compared to Java Card Runtime
Descriptor
Java Card 3.0 vs. Java ME
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 26/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 26
Servlet Container with full Servlet lifecycle support
WAR file format is supported with Java Card 3.0 specificinformation, like Java Card Runtime Descriptor
No JSP support• Just servlets (and static HTMLs) with listeners, filters
Transactions using Annotations
• @TransactionSupport(TransactionSuportType.REQUIRED)
Per Application SSL is new in Java Card 3.0
Java Card 3.0 vs Java EE
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 27/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 27
Same as Standard Web Application format
No lib folder
Some additional Java Card Specific Information
More about Web ApplicationsFormat of the deployment unit
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 28/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 28
More about Web ApplicationsJava Card 3.0 specific information
Java Card Runtime Descriptor Manifest-Version: 1.0Runtime-Descriptor-Version: 3.0 Application-Type: web Web-Context-Path: /hello
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 29/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 29
More about Web ApplicationsJava Card 3.0 specific information
Java Card Application Descriptor <javacard-app version="3.0">
<security-role> <role-name category="USER">
remote</role-name>
</security-role> </javacard-app>
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 30/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 30
Reference Implementation (RI)
2Q 09
Contents of RI• Card Emulator
• Tools to build and deploy
• Off-card installer• Packager
• Converter
• Normalizer
• Introductory How-TO samples
• Documentation
NetBeans™ Plugin
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 31/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 31
Off-Card Installer
Reference Implementation (RI)
Sourcefiles
compile/build/IDE
Class files andOther resources
(or)WAR file
Packager
Ready todeployModule
LoadCard
create
delete
unload
Browser/Client
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 32/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 32
import javax.servlet.*;import javax.servlet.http.*;import java.io.*;
public class HelloServlet extends HttpServlet { public void doGet(HttpServletRequest request,
HttpServletResponse response) {PrintWriter out = request.getPrintWriter();out.println(“<html><body>”);out.println(“<h1>Hello! JavaOne 2008</h1>”);out.println(“</body></html>”);
}}
Say Hello using Java Card 3.0 RIHelloServlet.java
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 33/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 33
<web-app version="2.4">
<servlet> <servlet-name>helloservlet</servlet-name> <servlet-class>
HelloServlet</servlet-class>
</servlet>
<servlet-mapping> <servlet-name>helloservlet</servlet-name> <url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
Say Hello using Java Card 3.0 RIweb.xml
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 34/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 34
Manifest-Version: 1.0Runtime-Descriptor-Version: 3.0 Application-Type: web Web-Context-Path: /hello
Say Hello using Java Card 3.0 RIMANIFEST.MF (Java Card Runtime Descriptor)
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 35/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 35
Use the NetBeans Module; easy way to build everything
Use javac to compile the source code.• Sources must be compiled using Java Card API
• Set bootclasspath to Java Card 3.0 API• javac -bootclasspath jcapi.jar *.java
• Use provided annotation processor to detect float and double usages.
• javac -processorpath jcapt.jar -processorcom.sun.javacard.apt.JCAnnotationProcessor -Amode=connected *.java
• Or -
• Simply use the java card compiler script
• jcc_connected.bat *.java
Say Hello using Java Card 3.0 RICompiling Java Sources
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 36/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 36
Compiled class files and other resources need to be bundledtogether into WAR file format
Using NetBeans makes it a click away
Packager tool• can be used to create the final module file from raw WAR file or folder
• can be used to validate pre-shipped application modules/WAR files
Say Hello using Java Card 3.0 RIBuilding Web Application Module
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 37/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 37
Deployment is a 2 step process• Load – loads the module onto the card
• Create – creates a persistent instance of loaded module
Use off-card installer to load the Application Module
Use off-card installer to create the instance
Browse to the page
• Ex: http://localhost:8019/hello/
Say Hello using Java Card 3.0 RILoad & Create the Application Module
8/3/2019 Gettingstarted With Java Card
http://slidepdf.com/reader/full/gettingstarted-with-java-card 38/39
Copyright 2009 Sun Microsystems, Inc. All Rights Reserved. 38
If the application is no longer needed on the card, it can beremoved completely
2 step process
• Delete – deletes given persistent instance of the application• Unload – completely removes all class files and related resource files
from the card
Use off-card installer to delete the application instance
Use off-card installer to unload the application
Say Hello using Java Card 3.0 RIDelete & Unload the Application Module