public class SystemConfig extends java.lang.Object implements SessionHandler
SystemConfig
singleton class allows one to perform security-critical system operations
on the security processor (like update secure date-time, performing secure update, uploading
security keys and credentials).
SystemConfig
singleton class can only be performed
by opening a secure session with the security processor on the Yello terminal.
SystemConfig
singleton class allows one to perform the security-critial
system operations either locally from the Yello Android device (via the method
openSession(String, String, String, int)
) or
remotely from a PC or Server (via the method
openSession(SocketChannel, String, String, String, int)
), provided
that there is a proxy agent running on the Yello terminal to relay the request.
The proxy-agent can be implemented by the client.
//Assuming that String ca_cert, cert and pkey are populated with data respectively from a SSL //CA Certificate, a SSL client certificate and SSL client private key, all in PEM format. import org.joda.time.Instant; ... String ca_cert, cert, pkey; // Populate ca_cert, cert, pkey ... SystemConfig systemConfig = SystemConfig.getInstance(); try { //Use default connection timeout systemConfig.openSession(ca_cert, cert, pkey, 0); // Setup using system date in UTC, using default timeout Instant date = Instant.now(); systemConfig.setSecureDateTime(date, 0); } catch (Exception e) { Log.e("DEMOAPP", "Failed to set secure date-time " + e); } finally { systemConfig.closeSession(); }NOTE: full example of remote access will be provided at a later time.
Modifier and Type | Method and Description |
---|---|
void |
closeSession()
Closes the currently opened session (normal or secure) to the secure processor
|
void |
firmwareDestroy(byte[] key,
int timeoutMs)
!!! ATTENTION !!!
This function destroys a secure processor firmware and revert back to a NXP factory state |
static SystemConfig |
getInstance()
Gets the instance of the
SystemConfig singleton |
int |
getKeyBlockVersion(KeyBlockType keyBlockType,
int timeoutMs)
Gets the version of a key, stored as a keyblock, from the security processor
|
boolean |
isSessionOpened()
Checks if a session to the secure processor is already opened
|
void |
openSession(int timeoutMs)
Opens a local session to the secure processor
(from an Android application running on the Yello terminal)
|
void |
openSession(java.nio.channels.SocketChannel channel,
java.security.cert.Certificate caCert,
java.security.cert.Certificate cert,
java.security.Key pKey,
int timeoutMs)
Opens a remote (from a PC or server) secure session to the secure processor.
|
void |
openSession(java.nio.channels.SocketChannel channel,
int timeoutMs)
Opens a remote (from PC or Server) session to the secure processor
|
void |
openSession(java.nio.channels.SocketChannel channel,
java.lang.String caCert,
java.lang.String cert,
java.lang.String pKey,
int timeoutMs)
Opens a remote (from a PC or server) secure session to the secure processor.
|
void |
openSession(java.lang.String caCert,
java.lang.String cert,
java.lang.String pKey,
int timeoutMs)
Opens a local secure session to the secure processor
(from an Android application running on the Yello terminal)
|
void |
secureUpdate(byte[] update,
int timeoutMs,
ProgressListener listener)
Performs a secure update on a secure processor using an already encrypted binary data
|
void |
secureUpdate(SecureUpdateType type,
byte[] key,
byte[] blob,
int timeoutMs,
ProgressListener listener)
Performs a secure update on the security processor
|
void |
setSecureDateTime(org.joda.time.Instant date,
int timeoutMs)
Sets the date-time of the secure processor in UTC
|
void |
useExistingSession(boolean secure)
Uses an existing session opened by another SessionHandler
|
public static SystemConfig getInstance()
SystemConfig
singletonSystemConfig
objectpublic void setSecureDateTime(org.joda.time.Instant date, int timeoutMs) throws java.lang.Exception
date
- date in form of an Instant
timeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedjava.io.IOException
- if the secure date-time cannot be set due to IO errorsjava.lang.Exception
- for other types of exceptionspublic void secureUpdate(byte[] update, int timeoutMs, ProgressListener listener) throws java.lang.Exception
update
- encrypted binary data to updatetimeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedlistener
- ProgressListener
to keep track of the update. Optional, can be null.java.io.IOException
- if the secure update cannot be executed due to IO errorsjava.lang.Exception
- for other types of exceptionspublic void secureUpdate(SecureUpdateType type, byte[] key, byte[] blob, int timeoutMs, ProgressListener listener) throws java.lang.Exception
type
- SecureUpdateType
type of secure updatekey
- byte array of key used to encrypt the binary datablob
- byte array binary blob to updatetimeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedlistener
- ProgressListener
to keep track of the update. Optional, can be null.java.io.IOException
- if the secure update cannot be executed due to IO errorsjava.lang.Exception
- for other types of exceptionspublic void firmwareDestroy(byte[] key, int timeoutMs) throws java.lang.Exception
key
- - Tamper erase keytimeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedjava.io.IOException
- if the secure update cannot be executed due to IO errorsjava.lang.Exception
- for other types of exceptionspublic int getKeyBlockVersion(KeyBlockType keyBlockType, int timeoutMs) throws java.lang.Exception
keyBlockType
- KeyBlockType
type of keyblock representing the stored keytimeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedjava.util.NoSuchElementException
- is the key does not exist inside the security processorjava.lang.Exception
- for other types of exceptionspublic void openSession(java.nio.channels.SocketChannel channel, java.lang.String caCert, java.lang.String cert, java.lang.String pKey, int timeoutMs) throws java.lang.Exception
SessionHandler
openSession
in interface SessionHandler
channel
- SocketChannel opened and connected to a proxy agent running on the Yello terminalcaCert
- String containing SSL CA certificate data in PEM formatcert
- String containing an SSL client certificate data in PEM formatpKey
- String containing an SSL client private key data in PEM formattimeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedjava.lang.IllegalAccessException
- if a session (either secure or non-secure) is already openedjava.io.IOException
- if the session cannot be opened due to IO errors or if
the SocketChannel provided as parameter is not connected.java.lang.Exception
- for other types of exceptionspublic void openSession(java.nio.channels.SocketChannel channel, java.security.cert.Certificate caCert, java.security.cert.Certificate cert, java.security.Key pKey, int timeoutMs) throws java.lang.Exception
SessionHandler
openSession
in interface SessionHandler
channel
- SocketChannel opened and connected to a proxy agent running on the Yello terminalcaCert
- SSL CA certificatecert
- SSL client certificatepKey
- SSL client private keytimeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedjava.lang.IllegalAccessException
- if a session (either secure or non-secure) is already openedjava.io.IOException
- if the session cannot be opened due to IO errors or if
the SocketChannel provided as parameter is not connected.java.lang.Exception
- for other types of exceptionspublic void openSession(java.lang.String caCert, java.lang.String cert, java.lang.String pKey, int timeoutMs) throws java.lang.Exception
SessionHandler
openSession
in interface SessionHandler
caCert
- String containing SSL CA certificate data in PEM formatcert
- String containing an SSL client certificate data in PEM formatpKey
- String containing an SSL client private key data in PEM formattimeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedjava.lang.IllegalAccessException
- if a session (either secure or non-secure) is already opened.java.io.IOException
- if the session cannot be opened due to IO errors or if
the SocketChannel provided as parameter is not connected.java.lang.Exception
- for other types of exceptionspublic void openSession(java.nio.channels.SocketChannel channel, int timeoutMs) throws java.lang.Exception
SessionHandler
openSession
in interface SessionHandler
channel
- SocketChannel opened and connected to a proxy agent running on the Yello terminaltimeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedjava.lang.IllegalAccessException
- if a session (either secure or non-secure) is already opened.java.io.IOException
- if the session cannot be opened due to IO errors or if
the SocketChannel provided as parameter is not connected.java.lang.Exception
- for other types of exceptionspublic void openSession(int timeoutMs) throws java.lang.Exception
SessionHandler
openSession
in interface SessionHandler
timeoutMs
- Timeout in milliseconds. If timeoutMs is <= 0, internal default timeout will be usedjava.lang.IllegalAccessException
- if a session (either secure or non-secure) is already opened.java.io.IOException
- if the session cannot be opened due to IO errors or if
the SocketChannel provided as parameter is not connected.java.lang.Exception
- for other types of exceptionspublic boolean isSessionOpened()
SessionHandler
isSessionOpened
in interface SessionHandler
public void closeSession()
SessionHandler
closeSession
in interface SessionHandler
public void useExistingSession(boolean secure) throws java.lang.Exception
SessionHandler
useExistingSession
in interface SessionHandler
secure
- boolean indicating whether to reused a secure session or plain sessionjava.lang.IllegalAccessException
- if no session is opened.java.lang.Exception
- for other types of exceptionsCopyright © 2019 Yello. All rights reserved.