Development Kit User's Guide

This chapter describes the options used to configure a custom RI. This chapter is useful only if you have a source release of the develoment kit. For real cards, there are a few items such as Protection Domains and Certificates that must be setup at manufacturing time. The RI provides a means of configuring some factory settings by using the config.properties file under the lib folder.

This chapter contains the following sections:

• Configuring Authenticators
• Creating Custom Protection Domains
• Configuring SSL Support

---

Configuring Authenticators

In the lib/config.properties file, the following properties must be added to add an authenticator:

• authenticator . index . uri
• authenticator . index . factory
• authenticator . index . pin
• authenticator . index . digest

The following items describe the contents of the preceeding list of properties:

• index is a zero based number. At startup, the RI starts reading these properties beginning with index zero and creates authenticators until the sequence is broken.
• The uri property provides the SIO uri used for this authenticator.
• The factory property provides the factory class. For example, com.sun.javacard.security.PINSessionAuthenticatorFactory.
• The pin property provides the 4 digit pin number.
• The digest property provides true or false depending on if it should use digest .

---

Creating Custom Protection Domains

The Java Card 3 platform RI assigns a protection domain to an application based on the certificate used to sign the application bundle with the Packager tool. In the lib/config.properties file the following properties must be added to add a new protection domain:

• pd. pd-index .certificate
• pd. pd-index .include. include-index
• pd. pd-index .exclude. exclude-index

The following items describe the contents of the preceeding list of properties:

• All the indexes ( pd-index , include-index , and exclude-index ) are zero based numbers.
• The certificate property provides the BASE-64 encoded certificate.
• The include. include-index property provides a list of permissions that should be included for this protection domain.
• The exclude. exclude-index property provides a list of permissions that should be excluded for this protection domain.

Creating a Custom keystore

A custom ketstore can be crested by using the keytool to generate the certificates and private keys.

Using keytool to Generate Certificates and Private Keys

Enter the following keytool command and options on the command line:

keytool -genkey -alias alias -keyalg RSA
keytool -selfcert -alias alias
keytool -list -rfc
java DumpPrivateKey

This is how the PolicyManager.java certificate and key were generated. For scripting use the following keytool command:

keytool -keystore keystore -storepass keystore-password -alias alias -keypass alias-password -genkey -keyalg RSA -dname "cn=X, ou=U, o=O, c=US"

This keytool command runs in batch mode without prompting for input values.

---

Configuring SSL Support

In the lib/config.properties file, the following properties must be added to add an ssl support:

• ssl.serverIdentity
• ssl.selfIdentityAsClient
• ssl.selfIdentityAsServer
• ssl.selfIdentitySSLPrivateKeyExp
• ssl.selfIdentitySSLPrivateKeyMod
• PSKIdentityHint=X509

Development Kit User's Guide

May 2009

Copyright © 2009 Sun Microsystems, Inc. All rights reserved.