module apdu { typedef sequence<APDUSlot> APDUSlotArray; [Callback=FunctionOnly, NoInterfaceObject] interface OpenSuccessCallback { void onSuccess (in short channel); }; [Callback=FunctionOnly, NoInterfaceObject] interface TransmitSuccessCallback { void onSuccess (in ByteArray response); }; interface APDUError : GenericError { const unsigned short CHANNEL_OPEN_ERROR = 1; const unsigned short CHANNEL_NOT_OPEN_ERROR = 2; }; interface APDUManager { readonly attribute APDUSlotArray availableSlots; APDUConnection createConnection(in APDUSlot slot) raises(SecurityError, DeviceAPIError); }; interface APDUConnection { readonly attribute APDUSlot slot; readonly attribute DOMString aid; readonly attribute short channel; boolean isCardPresent(); PendingOperation openLogicalChannel(in OpenSuccessCallback successCallback, in ErrorCallback errorCallback, in DOMString aid); PendingOperation openDefaultChannel(in SuccessCallback successCallback, in ErrorCallback errorCallback); void close() raises(DeviceAPIError, APDUError); ByteArray GetAnswerToReset(); PendingOperation transmit(in TransmitSuccessCallback successCallback, in ErrorCallback errorCallback, in Byte Class, in Byte Instruction, in Byte P1, in Byte P2, in unsigned short Lc, in ByteArray message, in unsigned short Le); }; interface APDUSlot { readonly attribute short id; readonly attribute DOMString description; }; }; BONDI APDU module

This module allows the communication between web application and a smart card by using the Application Protocol Data Units (APDUs). An APDU is a short message represented by bytes. APDU messages are either commands or responses. APDU protocol is defined by ISO 7816-4

Access to opening APDU Slot connection, used by APDUManager.createConnection

Access to opening APDU connection to a card application using a logical channel, used by APDUConnection.openLogicalChannel

Access to opening APDU connection to a card the default channel, used by APDUConnection.openDefaultChannel

Access to sending an APDU command, used by APDUConnection.transmit

Opens an connection between the device and a slot. string representing the slot (e.g."slot0")

Opens an APDU connection between the device and an application in the UICC or any other secure element. string representing the slot (e.g."slot0") string representing the card application (e.g. "a0 00 00 00 62 03 01 0c 02 01")

Opens an APDU connection between the device and the UICC or any other secure element. string representing the slot (e.g."slot0")

Send an APDU command. Class of the command Command instruction First parameter of the command Second parameter of the command

Daniel Coloma <dcoloma@tid.es> Alessandro Ossoli <alessandro.ossoli@telecomitalia.it> Stefano Vercelli <stefano.vercelli@telecomitalia.it> Jean-Francois Arnaud <jean-francois.arnaud@gemalto.com> Patrice Angelini <patrice.angelini@gemalto.com> Laurent Lagosanto <laurent.lagosanto@gemalto.com> 1.5 typedef sequence<APDUSlot> APDUSlotArray; Array of smart cards or secure elements slots. [Callback=FunctionOnly, NoInterfaceObject] interface OpenSuccessCallback { void onSuccess (in short channel); }; void onSuccess (in short channel); To be invoked when the APDU connection is opened

the logical channel used for this connection

[Callback=FunctionOnly, NoInterfaceObject] interface TransmitSuccessCallback { void onSuccess (in ByteArray response); }; void onSuccess (in ByteArray response); To be invoked when the APDU response is received

Response to the APDU command

interface APDUError : GenericError { const unsigned short CHANNEL_OPEN_ERROR = 1; const unsigned short CHANNEL_NOT_OPEN_ERROR = 2; }; const unsigned short CHANNEL_OPEN_ERROR = 1; The channel is already open const unsigned short CHANNEL_NOT_OPEN_ERROR = 2; The channel is not open. interface APDUManager { readonly attribute APDUSlotArray availableSlots; APDUConnection createConnection(in APDUSlot slot) raises(SecurityError, DeviceAPIError); }; Management of the APDU communication.

Provides a way to open communication with a smart card or secure element slot.

  var slot = availableSlots[0];
  var cnx;
  cnx = APDUManager.createConnection(slot);

readonly attribute APDUSlotArray availableSlots; The list of available slots on the device.

Might be updated if a new slot appears (e.g. a bluetooth enabled card reader)

APDUConnection createConnection(in APDUSlot slot) raises(SecurityError, DeviceAPIError); Creates an instance of the APDUConnection interface

the object containing the reference to the APDU Connection

is one of the slots referenced by availableSlots.

PERMISSION_DENIED_ERROR when access is denied by the security policy.

INVALID_ARGUMENT_ERROR if an invalid slot is passed

interface APDUConnection { readonly attribute APDUSlot slot; readonly attribute DOMString aid; readonly attribute short channel; boolean isCardPresent(); PendingOperation openLogicalChannel(in OpenSuccessCallback successCallback, in ErrorCallback errorCallback, in DOMString aid); PendingOperation openDefaultChannel(in SuccessCallback successCallback, in ErrorCallback errorCallback); void close() raises(DeviceAPIError, APDUError); ByteArray GetAnswerToReset(); PendingOperation transmit(in TransmitSuccessCallback successCallback, in ErrorCallback errorCallback, in Byte Class, in Byte Instruction, in Byte P1, in Byte P2, in unsigned short Lc, in ByteArray message, in unsigned short Le); }; Interface to communicate through APDU commands.

  var cnx;

  // Define the APDUExchange success callback.
  function APDUSuccess(response) {
    alert("APDU Response is " + response);
  }

  // Define the APDUExchange failure callback.
  function APDUFailure(e) {
    alert("Error while executing the APDU Command");
  }

  // Define the open success callback.
  function openSuccess() {
    alert("APDU Connection opened successfully");

      // send a select file ( selection of 3F00)
      var data = new ByteArray(1);

      data[0] = 0x3F;
      data[1] = 0x00;

     cnx.transmit(APDUSuccess, APDUFailure, 0x00, 0xA4, 0x00, 0x02, data, 0x00);
   }

  // Define the open failure callback.
  function openFailure(e) {
    alert("Cannot open the APDUSlot connection");
  }

  var slot = availableSlots[0];
  var aid = "a0 00 00 00 62 03 01 0c 02 01";

  cnx = APDUManager.createConnection(slot);
  // Get ATR
  var ATR = cnx.GetAnswerToReset();
  cnx.openLogicalChannel(openSuccess, openFailure, aid);

readonly attribute APDUSlot slot; The slot used by this connection readonly attribute DOMString aid; Card application identifier readonly attribute short channel; The logical channel used by this connection boolean isCardPresent(); Tells whether a card is present in this slot

true if a card is present, or false.

PendingOperation openLogicalChannel(in OpenSuccessCallback successCallback, in ErrorCallback errorCallback, in DOMString aid); Opens the APDU Connection to a card application, using a logical channel chosen by the system.

Errors that can be returned in the ErrorCallback: SecurityError PERMISSION_DENIED_ERROR when access is denied by the security policy. DeviceAPIError IO_ERROR if the communication with the slot fails DeviceAPIError INVALID_ARGUMENT_ERROR if an invalid aid is passed DeviceAPIError PENDING_OPERATION_ERROR if another Open APDU operation is being processed APDUError CHANNEL_OPEN_ERROR if the channel is already open

PendingOperation enabling the requester to cancel this request.

Callback issued when the opening is correctly finished.

Callback issued if an error occurs during the opening.

the application identifier of the application (e.g. "a0 00 00 00 62 03 01 0c 02 01").

PendingOperation openDefaultChannel(in SuccessCallback successCallback, in ErrorCallback errorCallback); Opens the APDU Connection to a card in a slot using the default logical channel if available.

Errors that can be returned in the ErrorCallback: SecurityError PERMISSION_DENIED_ERROR when access is denied by the security policy. DeviceAPIError IO_ERROR if the communication with the slot fails DeviceAPIError PENDING_OPERATION_ERROR if another Open APDU operation is being processed APDUError CHANNEL_OPEN_ERROR if the channel is already open

PendingOperation enabling the requester to cancel this request.

Callback issued when the opening is correctly finished.

Callback issued if an error occurs during the opening.

void close() raises(DeviceAPIError, APDUError); Closes the APDU Connection

Closes the APDU Connection.

IO_ERROR if the communication with the slot fails

PENDING_OPERATION_ERROR if an Open APDU operation is being processed

CHANNEL_NOT_OPEN_ERROR if the channel is not open

ByteArray GetAnswerToReset(); Get Answer To Reset

Get Answer To Reset.

ATR if successful

PendingOperation transmit(in TransmitSuccessCallback successCallback, in ErrorCallback errorCallback, in Byte Class, in Byte Instruction, in Byte P1, in Byte P2, in unsigned short Lc, in ByteArray message, in unsigned short Le); Sends an APDU command

Sends the APDU command to the card. When the card sends its response APDU, the successCallback is invoked containing the response as another byte array.

Errors that can be returned in the ErrorCallback: DeviceAPIError IO_ERROR if the communication with the slot fails DeviceAPIError INVALID_ARGUMENT_ERROR if any of the parameters is not valid DeviceAPIError PENDING_OPERATION_ERROR if another open or transmit operation is being processed APDUError CHANNEL_NOT_OPEN_ERROR if the channel is not open

PendingOperation enabling the requester to cancel this request.

Callback issued when the operation is correctly finished.

Callback issued if an error occurs during the operation.

Class of the APDU command as defined in ISO 7816-4

Command Instruction as defined in ISO 7816-4

First Parameter of the APDU command as defined in ISO 7816-4

Second Parameter of the APDU command as defined in ISO 7816-4

Length of the APDU message

APDU message data to sent

Length of the expected answer

interface APDUSlot { readonly attribute short id; readonly attribute DOMString description; }; Definition of a card or secure element Slot. readonly attribute short id; the numerical identifier of the slot. Used internally only. readonly attribute DOMString description; a human-readable description of the slot (e.g. "(U)SIM Slot". May be displayed to the user in a list so he can select which slot to use.