com.cloudpos.jniinterface

Class HSMInterface

java.lang.Object

com.cloudpos.jniinterface.HSMInterface

public class HSMInterface
extends java.lang.Object

Field Summary

Fields

Modifier and Type	Field and Description
static int	ALGORITHM_RSA
static int	CERT_TYPE_APP_ROOT
static int	CERT_TYPE_COMMUNICATE
static int	CERT_TYPE_OWNER
static int	CERT_TYPE_PUBLIC_KEY
static int	FORMAT_DER
static int	FORMAT_PEM

Constructor Summary

Constructors

Constructor and Description
HSMInterface()

Method Summary

Modifier and Type	Method and Description
static int	close() close the device
static int	deleteCertificate(int certType, java.lang.String alias) Remove the certificate of the given alias.
static int	deleteKeyPair(java.lang.String aliasPrivateKey) Remove the key pair of the given alias.
static int	deleteUnionPayPrivateKey() Delete UnionPay private key.
static int	doRSADecrypt(java.lang.String aliasPrivateKey, byte[] bufCipher, byte[] bufResult, int resMaxLength) Do decryption by the given private key.
static int	doRSAEncrypt(java.lang.String aliasPrivateKey, byte[] bufPlain, byte[] bufResult, int resMaxLength) Do encryption by the given private key.
static int	enableSensor(int key) Enable external sensor.
static int	existMethod(java.lang.String methodName) Get x509 crl
static int	generateCSR(java.lang.String aliasPrivateKey, java.lang.String commName, byte[] bufResult, int resMaxLength) Generate the CSR for given private key.
static int	generateKeyPair(java.lang.String alias, int algorithm, int keySize) Request security module to generate a key pair inside the module.
static int	generatePINPadCSR(byte[] bufResult, int length) Generate csr for pinpad inject key.
static int	getCertificate(int certType, java.lang.String alias, byte[] bufCert, int bufMaxLength, int dataFormat) Get the certificate data.
static int	getCrl(java.lang.String pLabel, byte[] pBuffer) Get x509 crl
static int	getFlashID(byte[] flashIDBuffer) Get flash id.
static int	getRandom(byte[] bufRandom, int length) Get the real random buffer from safe module.
static int	injectPublicKeyCertificate(java.lang.String alias, java.lang.String aliasPrivateKey, byte[] bufCert, int bufLength, int dataFormat) Inject the certificate of the existing key pair.
static int	injectRootCertificate(int certType, java.lang.String alias, byte[] bufCert, int bufLength, int dataFormat) Inject the root certificates to security module. All the certificate must signed by the terminal's owner certificate.
static boolean	isKeyExist(int nKeyID, int nKeyType) Query key whether exist or not.
static boolean	isOpened() if open or not.
static int	isTampered() Check the security module is tampered or not.
static int	keyDecrypt(int nKeyID, int nKeyType, int nMode, byte[] byteData, byte[] pIV) Key decrypt.
static int	keyEncrypt(int nKeyID, int nKeyType, int nMode, byte[] byteData, byte[] pIV) Key encrypt.
static int	open() Open the device. Require one of the SAFE_MODULE_READONLY, SAFE_MODULE or SAFE_MODULE_RESET permission.
static int	queryCertCount(int certType) Query the count of specific type certificate in the hardware secure module.
static int	queryCertLabels(int certType, byte[] bufLabels, int length) Query the lable of specific type certificate in the hardware secure module, every label separated by ':'.
static int	queryCrlLabels(byte[] pLabel) Query x509 crl labels
static int	queryPrivateKeyCount() Query the count of private key in the hardware secure module.
static int	queryPrivateKeyLabels(byte[] bufLabels, int length) Query the lable of private key in the hardware secure module, every label separated by ':'.
static int	resetSaveModule(java.lang.String pwd) Reset the safe module.
static int	saveCrl(java.lang.String pLabel, byte[] pBuffer) Save x509 crl
static int	saveUnionPayPrivateKey(byte[] byteData, int nDataLength) Save UnionPay private key.
static int	updateKey(int nKeyID, int nKeyType, byte[] byteData) Update Key.
static int	updateSM4Key(int nKeyID, byte[] pKeyBuffer, byte[] pSignature) Update sm4 key

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

FORMAT_PEM

public static final int FORMAT_PEM

See Also:

Constant Field Values

FORMAT_DER

public static final int FORMAT_DER

See Also:

Constant Field Values

CERT_TYPE_OWNER

public static final int CERT_TYPE_OWNER

See Also:

Constant Field Values

CERT_TYPE_PUBLIC_KEY

public static final int CERT_TYPE_PUBLIC_KEY

See Also:

Constant Field Values

CERT_TYPE_APP_ROOT

public static final int CERT_TYPE_APP_ROOT

See Also:

Constant Field Values

CERT_TYPE_COMMUNICATE

public static final int CERT_TYPE_COMMUNICATE

See Also:

Constant Field Values

ALGORITHM_RSA

public static final int ALGORITHM_RSA

See Also:

Constant Field Values

Constructor Detail

HSMInterface

public HSMInterface()

Method Detail

open

public static int open()

Open the device.
Require one of the SAFE_MODULE_READONLY, SAFE_MODULE or SAFE_MODULE_RESET permission.

Returns:

value >= 0, success in starting the process; value < 0, error code

close

public static int close()

close the device

Returns:

value >= 0, success in starting the process; value < 0, error code

isTampered

public static int isTampered()

Check the security module is tampered or not. If the security module is tampered, all data in the security module should not be trusted.
This method requires SAFE_MODULE_READONLY or SAFE_MODULE permission.

Returns:

0 Not tampered.
1 Tampered.

getRandom

public static int getRandom(byte[] bufRandom,
                            int length)

Get the real random buffer from safe module.

This method requires SAFE_MODULE_READONLY or SAFE_MODULE permission.

Parameters:

bufRandom - the buffer to store random bytes.

length - the length of the buffer.

Returns:

>=0 success
<0 error

generateKeyPair

public static int generateKeyPair(java.lang.String alias,
                                  int algorithm,
                                  int keySize)

Request security module to generate a key pair inside the module.
This method requires SAFE_MODULE permission.

Parameters:

alias: - the alias of the private key.

algorithm: - the algorithm of the key pair. Currently, only ALGORITHM_RSA is supported.

keySize: - the bit size of the key. Currently, only 2048 is supported.

Returns:

>=0 success
<0 the error code

injectPublicKeyCertificate

public static int injectPublicKeyCertificate(java.lang.String alias,
                                             java.lang.String aliasPrivateKey,
                                             byte[] bufCert,
                                             int bufLength,
                                             int dataFormat)

Inject the certificate of the existing key pair.

Parameters:

alias: - the alias of the certificate.

aliasPrivateKey: - the alias of the key pair, usually it's the private key's alias.

bufCert: - the data of the certificate.

bufLength: - the length of the data buffer.enforceCalliUpdateServicengPermission

dataFormat: - the format of the buffer, Currently, only "PEM" is supported.

Returns:

>=0 success
<0 error code

injectRootCertificate

public static int injectRootCertificate(int certType,
                                        java.lang.String alias,
                                        byte[] bufCert,
                                        int bufLength,
                                        int dataFormat)

Inject the root certificates to security module.
All the certificate must signed by the terminal's owner certificate. The keyUsage flag must be set as define:

CERT_TYPE_OWNER certificate's keyUsage flag must be set as critical, and the KeyEncipherment, CertificateSign and CRLSign must be set, other flags are cleared. CERT_TYPE_APP_ROOT certificate's keyUsage flag must be set as critical, and the DigitalSignature, CertificateSign must be set, other flags are cleared. CERT_TYPE_COMMUNICATE certificate's keyUsage flag must be set as non-critical and DigitalSignature, KeyEncipherment, DataEncipherment must be set, other flags are cleared.
This method required SAFE_MODULE permission.

Parameters:

certType: - the certificate type, could be CERT_TYPE_OWNER, CERT_TYPE_APP_ROOT or CERT_TYPE_COMMUNICATE.

alias: - the alias of the certificate.getCertificate

bufCert: - the data of the certificate.

bufLength: - the length of the data buffer.

dataFormat: - the format of the buffer, Currently, only FORMAT_PEM is supported.

Returns:

>=0 success
<0 the error code

getCertificate

public static int getCertificate(int certType,
                                 java.lang.String alias,
                                 byte[] bufCert,
                                 int bufMaxLength,
                                 int dataFormat)

Get the certificate data.
This method requires SAFE_MODULE_READONLY permission.

Parameters:

certType: - the certificate type, could be CERT_TYPE_OWNER, CERT_TYPE_PUBLIC_KEY, CERT_TYPE_APP_ROOT or CERT_TYPE_COMMUNICATE.

alias: - the alias of the certificate

bufCert: - the output buffer to store the certificate PEM data.

bufMaxLength: - the max length of the result buffer.

dataFormat: - the format of the buffer, Currently, only FORMAT_PEM is supported.

Returns:

>=0 the length of the certificate PEM data.
<0 the error code.

deleteCertificate

public static int deleteCertificate(int certType,
                                    java.lang.String alias)

Remove the certificate of the given alias.
The OWNER certificate can't be removed.
This method requires SAVE_MODULE permission.

Parameters:

certType: - the certificate type, could be CERT_TYPE_PUBLIC_KEY, CERT_TYPE_APP_ROOT or CERT_TYPE_COMMUNICATE.

alias: - the alias of the certificate

Returns:

>=0 success
<0 the error code

deleteKeyPair

public static int deleteKeyPair(java.lang.String aliasPrivateKey)

Remove the key pair of the given alias.
This method requires SAVE_MODULE permission.

Parameters:

aliasPrivateKey: - the alias of the private key.

Returns:

>=0 success
<0 the error code

generateCSR

public static int generateCSR(java.lang.String aliasPrivateKey,
                              java.lang.String commName,
                              byte[] bufResult,
                              int resMaxLength)

Generate the CSR for given private key.
This method requires SAVE_MODULE permission.

Parameters:

alias: - the alias of the private key

aliasPrivateKey: - the alias of the private key

commonName: - the DN of the commonName

bufResult: - the buffer to store the CSR data.

resMaxLength: - the max length of the result buffer.

Returns:

>=0 success, with the valid length of the bufResult.
<0 the error code

doRSAEncrypt

public static int doRSAEncrypt(java.lang.String aliasPrivateKey,
                               byte[] bufPlain,
                               byte[] bufResult,
                               int resMaxLength)

Do encryption by the given private key. The result data is in PKCS#1 padding format.
This method requires SAFE_MODULE permission.

Parameters:

aliasPrivateKey: - the alias of the given private key.

bufPlain: - the buffer of the plain data.

bufResult: - the buffer for the output cipher data.

resMaxLength: - the max length of the output buffer.

Returns:

>=0 encrypt success and return the length of the bufResult.
<0 the error code.

doRSADecrypt

public static int doRSADecrypt(java.lang.String aliasPrivateKey,
                               byte[] bufCipher,
                               byte[] bufResult,
                               int resMaxLength)

Do decryption by the given private key. The result data is in PKCS#1 padding format.
This method requires SAFE_MODULE permission.

Parameters:

aliasPrivateKey: - the alias of the given private key.

bufCipher: - the buffer of the cipher data.

bufResult: - the buffer for the output cipher data.

resMaxLength: - the max length of the output buffer.

Returns:

>=0 decrypt success and return the length of the bufResult.
<0 the error code.

queryPrivateKeyLabels

public static int queryPrivateKeyLabels(byte[] bufLabels,
                                        int length)

Query the lable of private key in the hardware secure module, every label separated by ':'.

Parameters:

bufLabels: - the buffer of the labels.

length: - the length of the output buffer.

Returns:

>=0 data length. <0 the error code.

queryPrivateKeyCount

public static int queryPrivateKeyCount()

Query the count of private key in the hardware secure module.

Returns:

>=0 count。 <0 the error code.

queryCertLabels

public static int queryCertLabels(int certType,
                                  byte[] bufLabels,
                                  int length)

Query the lable of specific type certificate in the hardware secure module, every label separated by ':'.

Parameters:

bufLabels: - the buffer of the labels.

length: - the length of the output buffer.

Returns:

>=0 data length. <0 the error code.

queryCertCount

public static int queryCertCount(int certType)

Query the count of specific type certificate in the hardware secure module.

Returns:

>=0 count。 <0 the error code.

resetSaveModule

public static int resetSaveModule(java.lang.String pwd)

Reset the safe module.

Parameters:

pwd: - the password of reset

Returns:

=0 success。 <0 the error code.

generatePINPadCSR

public static int generatePINPadCSR(byte[] bufResult,
                                    int length)

Generate csr for pinpad inject key.

Parameters:

bufResult: - data buffer.

length: - length of data buffer.

Returns:

>0 data length. <=0 the error code.

enableSensor

public static int enableSensor(int key)

Enable external sensor.

Parameters:

key: - indicate to enable which sensor, value must from 1 to 15.

Returns:

=0 success. >0 which pin not collect normal. <0 fail.

saveUnionPayPrivateKey

public static int saveUnionPayPrivateKey(byte[] byteData,
                                         int nDataLength)

Save UnionPay private key.

Parameters:

byteData: - key buffer.

nDataLength: - length of key buffer.

Returns:

>=0 success. <0 fail.

deleteUnionPayPrivateKey

public static int deleteUnionPayPrivateKey()

Delete UnionPay private key.

Returns:

>=0 success. <0 fail.

updateKey

public static int updateKey(int nKeyID,
                            int nKeyType,
                            byte[] byteData)
                     throws java.lang.NoSuchMethodException

Update Key.

Parameters:

nKeyID: - key index, from 0 to 9.

nKeyType: - indicate the key type:SM4, DES,3DES or AES.

byteData: - key data.

Returns:

>=0 success. <0 fail.

Throws:

java.lang.NoSuchMethodException

keyEncrypt

public static int keyEncrypt(int nKeyID,
                             int nKeyType,
                             int nMode,
                             byte[] byteData,
                             byte[] pIV)
                      throws java.lang.NoSuchMethodException

Key encrypt.

Parameters:

nKeyID: - key index, from 0 to 9.

nKeyType: - indicate the key type:SM4, DES,3DES or AES.

nMode: - 0: ECB 1: CBC 2:CFB 3:OFB

byteData: - plain text to be encryt.

pIV: - initialize vector.

Returns:

>=0 cipher text length. <0 fail.

Throws:

java.lang.NoSuchMethodException

keyDecrypt

public static int keyDecrypt(int nKeyID,
                             int nKeyType,
                             int nMode,
                             byte[] byteData,
                             byte[] pIV)
                      throws java.lang.NoSuchMethodException

Key decrypt.

Parameters:

nKeyID: - key index, from 0 to 9.

nKeyType: - indicate the key type:SM4, DES,3DES or AES.

nMode: - 0: ECB 1: CBC 2:CFB 3:OFB

byteData: - plain text to be decryt.

pIV: - initialize vector.

Returns:

>=0 decrypt text length. <0 fail.

Throws:

java.lang.NoSuchMethodException

isKeyExist

public static boolean isKeyExist(int nKeyID,
                                 int nKeyType)
                          throws java.lang.NoSuchMethodException

Query key whether exist or not.

Parameters:

nKeyID: - key index, from 0 to 9.

nKeyType: - indicate the key type:SM4, DES,3DES or AES.

Returns:

true exist. false not exist.

Throws:

java.lang.NoSuchMethodException

getFlashID

public static int getFlashID(byte[] flashIDBuffer)
                      throws java.lang.NoSuchMethodException

Get flash id.

Parameters:

flashIDBuffer: - data buffer.

Returns:

>=0 success. <0 fail.

Throws:

java.lang.NoSuchMethodException

isOpened

public static boolean isOpened()

if open or not.

Returns:

true opened. false not opened.

updateSM4Key

public static int updateSM4Key(int nKeyID,
                               byte[] pKeyBuffer,
                               byte[] pSignature)
                        throws java.lang.NoSuchMethodException

Update sm4 key

Parameters:

nKeyID: - key index, from 0 to 2.

pKeyBuffer: - key data.

pSignature: - signature data. return value : >= 0 : success < 0 : fail

Throws:

java.lang.NoSuchMethodException

saveCrl

public static int saveCrl(java.lang.String pLabel,
                          byte[] pBuffer)
                   throws java.lang.NoSuchMethodException

Save x509 crl

Throws:

java.lang.NoSuchMethodException

getCrl

public static int getCrl(java.lang.String pLabel,
                         byte[] pBuffer)
                  throws java.lang.NoSuchMethodException

Get x509 crl

Throws:

java.lang.NoSuchMethodException

existMethod

public static int existMethod(java.lang.String methodName)

Get x509 crl

queryCrlLabels

public static int queryCrlLabels(byte[] pLabel)
                          throws java.lang.NoSuchMethodException

Query x509 crl labels

Parameters:

pLabel: - the labels of crl return value : > 0 : success, return crl data length <= 0 : fail

Throws:

java.lang.NoSuchMethodException