Site Tools

Sidebar

Smart Card Solution

User Manual

JavaCard API Samples

Java Card Specification

Knowledge Sharing

javacard:jcre:4.5.2_applet_selection_with_select_file

4.5.2 Applet Selection with SELECT FILE

Upon receiving a SELECT FILE command on an I/O interface, the Java Card RE shall run the following procedure:

1. The Applet SELECT FILE command uses: CLA=%b000000cc* (where cc in the bits (b2,b1*) specifies the logical channel to be selected: 0-3), or CLA=%0100dddd* (where dddd in the bits (b4-b1) denote the origin logical channel: 4-19) and INS=0xA4.

If the SELECT FILE command has non-zero secure messaging bits (b4,b3*) in the CLA byte when the origin logical channel is 0-3 or non-zero bit (b6*) when the origin logical channel is 4-19, it is deemed not to be an Applet SELECT FILE command. The Java Card RE simply forwards the command to the active applet on the specified logical channel.

  • The Applet SELECT FILE command uses “Selection by DF name” with P1=0x04.
  • The Java Card RE shall support both of the following:
  • Selection by “exact DF name(AID)” with P2=%b0000xx00 (b4,b3* are don't care) and
  • The RFU variant described in ISO 7816-4 Specification with P2=%b0001xx00 (b4,b3* are don't care).

2. If resources for the specified logical channel (in bits cc of the CLA) are not available, the Java Card RE responds with status code 0x6881 (SW_LOGICAL_CHANNEL_NOT_SUPPORTED).

3. If the specified logical channel is not open on the I/O interface that received the SELECT FILE command, it is now opened and the Java Card RE state is set so that no applet is active on this new logical channel. The specified logical channel will be the assigned channel for the applet instance that will be active on it.

4. The Java Card RE searches the internal applet table which lists all successfully installed applet instances on the card for an applet instance with a matching AID. If a matching applet instance is found, it is picked as the candidate applet instance. Otherwise, if no AID match is found:

  • If there is no active applet instance on the specified logical channel, the Java Card RE responds with status code 0x6999 (SW_APPLET_SELECT_FAILED).
  • Otherwise, the active applet instance on this logical channel is set as the currently selected applet instance and the SELECT FILE command is forwarded to that applet instance's process method. A context switch into the applet instance's context occurs at this point, see Section 6.1.1, Firewall Protection. Applets may use the SELECT FILE command for their own internal processing. Upon return from the applet's process method, the Java Card RE sends the applet instance's response as the response to the SELECT FILE command.

5. If the candidate applet instance is not a multiselectable applet, and the candidate applet's context is active, the logical channel remains open and the Java Card RE records an error response status code of 0x6985 (SW_CONDITIONS_NOT_SATISFIED). Prior to sending the response code, if there is an active applet instance on the logical channel, then the Java Card RE may optionally deselect the applet instance, as described in Section 4.6, Applet Deselection, and set the state so that no applet is active on the specified logical channel.

6. Assign the CLEAR_ON_DESELECT transient memory segment for the new logical channel in the following cases:

  • If any applet instance from the same package as that of the candidate applet instance is active on another logical channel, assign the same CLEAR_ON_DESELECT transient memory segment to this logical channel.
  • Otherwise, assign a different (zero-filled) CLEAR_ON_DESELECT transient memory segment to this new logical channel.

7. Check whether the candidate applet instance accepts selection:

  • If the candidate applet's context is active, the Java Card RE shall set the candidate applet instance as the currently selected applet instance and call the MultiSelectable.select(appInstAlreadyActive) method, where the parameter appInstAlreadyActive is set to true if the same applet instance is already active on another logical channel. A context switch into the candidate applet instance's context occurs at this point, see Section 6.1.2, Contexts and Context Switching.
  • Otherwise, if the candidate applet's context is not active, the Java Card RE shall set the candidate applet instance as the currently selected applet instance and call the Applet.select method. A context switch into the candidate applet instance's context occurs at this point.
  • If the applet instance's select method throws an exception or returns false, then the Java Card RE state is set so that no applet is active on the specified logical channel. The logical channel remains open, and the Java Card RE responds with status code 0x6999 (SW_APPLET_SELECT_FAILED).

8. The Java Card RE shall set the candidate applet instance as the currently selected applet instance and call the Applet.process method with the SELECT FILE APDU as the input parameter. A context switch occurs into the applet instance's context at this point. Upon return from the applet instance's process method, the Java Card RE sends the applet instance's response as the response to the SELECT FILE command.

Note - If the SELECT FILE command does not conform to the exact format of an Applet SELECT FILE command described in item 1 above or if there is no matching AID, the SELECT FILE command is forwarded to the active applet instance (if any) on that logical channel for processing as a normal applet APDU command. If there is a matching AID and the SELECT FILE command fails, the Java Card RE always sets the state in which no applet is active on that logical channel. If the matching AID is the same as the active applet instance on the specified logical channel, the Java Card RE still goes through the process of deselecting the applet instance and then selecting it. Reselection could fail, leaving the card in a state in which no applet is active on that logical channel.

javacard/jcre/4.5.2_applet_selection_with_select_file.txt · Last modified: 2017/05/13 04:07 (external edit)