Pin¶
- public class Pin¶
Class represents a PIN that protects smart card contents.
Methods¶
change¶
- public void change(String oldValue, String newValue)¶
Changes the PIN. The operation can only be made against the user PIN.
- Parameters:
oldValue – The current PIN value. May be
null
if a protected authentication path existsToken.hasProtectedAuthPath()
.newValue – The new PIN value. May be
null
if a protected authentication path exists.
getConstraints¶
- public PinConstraint[] getConstraints()¶
Gets the format constraints of the PIN as an array of
PinConstraint
object.- Returns:
the
PinConstraint
array.
getCredentialProperties¶
- public JSONObject getCredentialProperties()¶
Returns a
JSONObject
which contains the PIN properties, to be used inrequestCredential(JSONObject,CredentialState)
function.This object can be created without this function; in that case it has to be created manually and must have the following fields:
pinLabel
as aString
, representing the PIN label.methods
as aJSONObject
representing the supported mechanisms by the slot. The following field must be defined:facialBio
as aboolean
. Equalstrue
if the PIN supports facial biometry process
- Returns:
a
JSONObject
which contains the PIN properties of a specific slot.
getLabel¶
getMaxTries¶
- public int getMaxTries()¶
Returns the maximum number of tries for the PIN verification. Can be undefined if the information is unavailable.
- Returns:
the maximum number of tries for the PIN verification.
getRemainingTries¶
- public int getRemainingTries()¶
Returns the number of remaining tries for the PIN verification. Can be undefined if the information is unavailable.
- Returns:
the number of remaining tries for the PIN verification.
getToken¶
initCredentialState¶
- public CredentialState initCredentialState()¶
Returns a
CredentialState
object which can be used during arequestCredential(JSONObject,CredentialState)
/login(CredentialValue,CredentialState)
process in order to update the information (remaining tries, a potential error…) in the PIN dialog.- Returns:
a
CredentialState
object.
initPin¶
- public void initPin(String newValue)¶
Re-initializes the PIN value (eventually unblocking it, if required). The operation can only be made against the user PIN, and requires the security officer PIN to be verified
Pin.loginSO(String)
)}.- Parameters:
newValue – The new PIN value. May be
null
if a protected authentication path exists.
isBlocked¶
- public boolean isBlocked()¶
Returns
true
if the PIN is blocked.- Returns:
true
if the PIN is blocked;false
otherwise.
isInitialized¶
- public boolean isInitialized()¶
Returns
true
if the PIN has been initialized.- Returns:
true
if the PIN has been initialized;false
otherwise.
isToBeChanged¶
- public boolean isToBeChanged()¶
Returns
true
if the PIN need to be changed before use.- Returns:
true
if the PIN need to be changed before use;false
otherwise.
isTryCountLow¶
- public boolean isTryCountLow()¶
Returns
true
if the PIN try counter is lower than the maximum (an unsuccessful verification attempt has been made).- Returns:
true
if the PIN try counter is lower than the maximum;false
otherwise.
isValidated¶
- public boolean isValidated()¶
Returns
true
if the PIN has been successfully verified (access to the private objects is granted).- Returns:
true
if the PIN has been successfully verified;false
otherwise.
lastTry¶
- public boolean lastTry()¶
Returns
true
if the PIN try counter shows only one attempt remaining.- Returns:
true
if the PIN try counter shows only one attempt remaining;false
otherwise.
login¶
- public void login(String value)¶
Verifies the PIN.
- Parameters:
value – the PIN value. May be
null
if a protected authentication path exists(Token.hasProtectedAuthPath()
).
login¶
- public void login(CredentialValue value, CredentialState state)¶
Verifies the PIN after getting
CredentialValue
object by usingrequestCredential(JSONObject,CredentialState)
function.- Parameters:
value – The credential value.
state – The credential state. This object will be updated by this function call. A further call to
requestCredential(JSONObject,CredentialState)
with thisstate
object will display a PIN dialog with updated information.
loginSO¶
- public void loginSO(String value)¶
Verifies the Security Officer (administrator or unblocking) PIN
- Parameters:
value – the PIN value. May be
null
if a protected authentication path exists(Token.hasProtectedAuthPath()
).
logout¶
- public void logout()¶
Resets the verified status of the PIN (cancels a call to
Pin.login(String)
).
requestCredential¶
- public static CredentialValue requestCredential(JSONObject properties, CredentialState state)¶
Displays a standalone PIN dialog that allows the user to set the PIN or use biometry process, in order to get the necessary credential for a
login(CredentialValue,CredentialState)
process.As this function waits for a credential through an user interface, this can NOT be called from UI thread.
Examples
void loginLoop(JSONObject properties, CredentialState state) throws SCMException { boolean retry = false; do { try { // request credential ... CredentialValue credential = Pin.requestCredential(properties, state); // ... and try to login. Assuming a pin object is correctly defined and initialized pin.login(credential, state); Log.d("login_example", "login is successful"); return; } catch (SCMException exception) { // on no fatal errors, retry requesting credential/login process long errorCode = exception.getErrorCode(); retry = (errorCode == SCMException.CKR_PIN_INCORRECT || errorCode == SCMException.CKR_PIN_INVALID || errorCode == SCMException.CKR_PIN_LEN_RANGE); Log.d("login_example", "failed to login", exception); if (!retry) { Log.d("login_example", "exiting from loginLoop"); throw exception; } } } while(retry); }
Use case 1: A token has been read
// assuming pin object is defined JSONObject credentialProperties = pin.getCredentialProperties(); CredentialState credentialState = pin.initCredentialState(); loginLoop(credentialProperties, credentialState);
Use case 2: No token has been read
JSONObject credentialProperties = new JSONObject("{pinLabel: "My PIN label", methods: {facialBio: false}}"); CredentialState credentialState = new CredentialState(); loginLoop(credentialProperties, credentialState);
- Parameters:
properties – the credential properties. If a token has been previously read, value of
getCredentialProperties()
can be used. Otherwise, this parameter can be build respecting the format detailed ingetCredentialProperties()
.state – an object which is used to display the current credential state (remaining tries, a potential error…) in the PIN dialog. At the beginning of a
requestCredential
/login
sequence,state
can be created throughinitCredentialState()
orCredentialState.CredentialState()
if no token was read before.
- Returns:
The
CredentialValue
to use inlogin(CredentialValue,CredentialState)
operation.