Token

public final class Token

Class that represents connection to a smart card (or more generally, any cryptographic device). Token objects are obtained by calling the Reader.connect(completionHandler:) method.

  • Returns an array of Pin objects describing all the PINs available within this card.

    Declaration

    Swift

    public func pins() -> Array<Pin>

    Return Value

    An array of Pin objects.

  • Gets the Reader object from which this token is issued.

    Declaration

    Swift

    public func getReader() -> Reader

    Return Value

    The Reader object.

  • Gets the token model name.

    Declaration

    Swift

    public func getModel() -> String

    Return Value

    The model name.

  • Gets the token serial number.

    Declaration

    Swift

    public func getSerialNumber() -> String

    Return Value

    The serial number.

  • Gets the token label name.

    Declaration

    Swift

    public func getLabel() -> String

    Return Value

    The label name.

  • Gets the token manufacturer name.

    Declaration

    Swift

    public func getManufacturer() -> String

    Return Value

    The manufacturer name..

  • Returns if this token has been initialized for uses.

    Note

    This API does not provide any means to initialize a token.

    Declaration

    Swift

    public func isInitialized() -> Bool

    Return Value

    true if this token has been initialized; false otherwise.

  • Returns if this token allows user authentication through a hardware protected device (like a PIN pad reader, or using biometric recognition).

    Declaration

    Swift

    public func hasProtectedAuthPath() -> Bool

    Return Value

    true if this token allows user authentication through a hardware protected path, false otherwise.

  • Gets license validity for this card.

    Declaration

    Swift

    public func isLicenseValid(completionHandler: @escaping (_ isValid: Bool?, _ error: NSError?) -> Void)

    Parameters

    completionHandler

    The completion handler block to be called as soon as the operation has been performed. isValid contains whether license is valid. Error can occur if the SCMEnvironment has been released for instance.

  • Gets the end date for the license validity.

    Declaration

    Swift

    public func getLicenseEndDate(completionHandler: @escaping (_ endDate: String?, _ error: NSError?) -> Void)

    Parameters

    completionHandler

    The completion handler block to be called as soon as the operation has been performed. endDate contains the end date, as a string with the “YYYYMMDD” format. The return value may be “000000” for licenses with permanent validity. The return value may be an empty string for cards that do not have a license loaded, or for cards that benefit from a global licensing scheme. These cases can be identified depending on the isLicenseValid result. Error can occur if the SCMEnvironment has been released for instance.

  • Generates an App License for the current token, if current API embeds this mechanism.

    Note that the resulting license will be stored in app data; thus, for a same smart card, calling this function on each app instance (on a different device, after a re-installation or if app data is cleared) using this smart card is needed.

    Declaration

    Swift

    public func generateAppLicense(completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    completionHandler(error)

    The completion handler block to be called as soon as the operation has been performed. Error can occur if the SCMEnvironment has been released or typically if this API does not embed App License Generation.

  • Disconnects from the token.

    After performing this function, the token becomes unavailable.

    Note:

    If you wish to do more operation after you disconnected yourself from the token you should call Reader.connect(completionHandler:) in order to get a fresh token.

    Declaration

    Swift

    public func disconnect(completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    completionHandler

    The completion handler block to be called as soon as the operation has been performed. It takes the following parameter:

    • error NSError?: an error can occur if the SCMEnvironment has been released by ARC or if something bad happened during the release of the token.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Retrieves all objects found in the token (certificates and keys).

    Example:

    token.getObjects() { objects, error in
        if let error = error {
            print("fail to get objects: " + error.localizedDescription)
        }
        else {
            if let objects = objects {
                for object in objects {
                    // loop over all objects found
                }
            }
            // when done using the token you should release it
            token.disconnect() { error in
                if let error = error {
                    print("fail to disconnect: " + error.localizedDescription)
                }
            }
        }
    }
    

    Note:

    • The private objects cannot be returned if the associated PIN has not been verified previously.
    • Take in consideration that the API does not internally keep references to the retrieved objects, and calling this method will always return new TokenObject instances, even if the objects have been previously retrieved.
    • To check whether two TokenObject instances refer to the same physical object in the card, the == operator can be used.

    Declaration

    Swift

    public func getObjects(completionHandler: @escaping (_ objects: [TokenObject]?, _ error: NSError?) -> Void)

    Parameters

    completionHandler

    The completion handler block to be called as soon as the objets are retrieved. It takes the following parameters:

    • objects: the retrieved objects from the token.
    • error : nil if the objects were retrieved successfully; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.
  • Verifies the special PIN.

    Declaration

    Swift

    public func loginSpecial(value: String, type: String, completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    value

    the PIN value

    type

    a String indicating on which PIN the operation must be made. Possible values depending on the card profile.

    completionHandler

    The completion handler block to be called as soon as the operation has been performed. It takes the following parameter:

    • error: nil if the operation is successful; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Generates a new RSA key pair in the card, with some attributes.

    The key pair attributes are provided by the attributes parameter. It must be a [String: Any] object with the following keys:

    • container: the container label as a String in which the key pair will be stored in. Optional. When specified, can be "auth", "sign", "conf", "mpp", "mpp_rgs" or "winlogon". Possible values depending on the card profile. The container is chosen in EFID ascending order among available containers.
    • label: the ckLabel name as a String to give for both generated keys.
    • signVerify: Bool flag that will be use to initialize CKA_SIGN attribute for the private key and CKA_VERIFY for the public key. Optional, defaults to true.
    • encryptDecrypt: Bool flag that will be use to initialize CKA_DECRYPT attribute for the private key and CKA_ENCRYPT for the public key. Optional, defaults to true.
    • wrapUnwrap: Bool flag that will be use to initialize CKA_WRAP attribute for the private key and CKA_UNWRAP for the public key. Optional, defaults to true.

    When the operation completes, the newly created keys are returned, organized as a KeyPair object.

    Note:

    It is strongly recommended not to generate a key through NFC reader interface. Indeed, key pair generation may take some time and a card disconnection during this operation may be fatal for the card’s contents.

    Declaration

    Swift

    public func generateKeyPair(
    	keyLength: Int,
    	attributes: [String: Any],
    	completionHandler: @escaping (_ keyPair: KeyPair?, _ error: NSError?) -> Void) -> Void

    Parameters

    keyLength

    the length, in bits, of the new key to generate.

    attributes

    the key pair attributes given as described above.

    completionHandler

    The completion handler block to be called as soon as the operation has been performed. It takes the following parameters:

    • keyPair: the generated key pair.
    • error: nil if the keys were successfully generated; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Imports a single X.509 certificate or a PKCS#12 (containing both a key pair and a certificate) in the card.

    The import attributes are provided by attributes parameter. It must be a [String: Any] object with the following keys:

    • container: the container label as a String in which the key pair will be stored in. Optional. When specified, can be "auth", "sign", "conf", "mpp", "mpp_rgs" or "winlogon". Possible values depending on the card profile. The container is chosen in EFID ascending order among available containers.
    • label: the ckLabel name as a String to give for both generated keys.
    • signVerify: Bool flag that will be use to initialize CKA_SIGN attribute for the private key and CKA_VERIFY for the public key. Optional, defaults to true.
    • encryptDecrypt: Bool flag that will be use to initialize CKA_DECRYPT attribute for the private key and CKA_ENCRYPT for the public key. Optional, defaults to true.
    • wrapUnwrap: Bool flag that will be use to initialize CKA_WRAP attribute for the private key and CKA_UNWRAP for the public key. Optional, defaults to true.

    When the operation completes, the newly created items are returned, organized as an Array of TokenObject.

    Declaration

    Swift

    public func importObject(
    	data: Data,
    	password: String?,
    	attributes: [String: Any],
    	completionHandler: @escaping (_ objects: [TokenObject]?, _ error: NSError?) -> Void) -> Void

    Parameters

    data

    The binary data of the item to import. For a single certificate, the data can be either in raw binary (DER-encoded) form, or encoded in PEM form. For a PKCS#12, the data must be in binary form.

    password

    (only for importing a PKCS#12): Password string of the PKCS#12 file.

    attributes

    the imported object attributes given as described above.

    completionHandler

    The completion handler block to be called as soon as the operation has been performed. It takes the following parameters:

    • objects: the newly created objects.
    • error: nil if the operation is successful; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Creates a new data container in the card.

    The data container attributes are provided by the attributes parameter. It must be a [String: Any] object with the following keys:

    • private: Bool indicating if the data container object is protected by PIN (for both reading and writing). Optional, defaults to false.
    • modifiable: Bool indicating if the data container object is modifiable. Optional, defaults to true.
    • label: label String of the data container object. Optional.
    • application: String naming the application that manages the object. Optional.
    • value: Data containing the data to store.

    Declaration

    Swift

    public func createDataContainer(
    	attributes: [String: Any],
    	completionHandler: @escaping (_ dataContainer: DataContainer?, _ error: NSError?) -> Void)

    Parameters

    attributes

    the data container attributes.

    completionHandler

    The completion handler block to be called as soon as the operation has been performed. It takes the following parameters:

    • dataContainer: the newly created data container.
    • error: nil if the operation is successful; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.
  • Destroys the given object(s).

    The objects are physically destroyed from the smart card.

    Declaration

    Swift

    public func destroyObjects(tokenObjects: TokenObject..., completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    tokenObjects

    the objects to destroy.

    completionHandler

    The completion handler block to be called as soon as the operation has been performed. It takes the following parameter:

    • error: nil if the operation is successful; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Destroys the given object(s).

    The objects are physically destroyed from the smart card.

    Declaration

    Swift

    public func destroyObjects(tokenObjects: [TokenObject], completionHandler: @escaping (_ error: NSError?) -> Void)

    Parameters

    tokenObjects

    the objects to destroy.

    completionHandler

    The completion handler block to be called as soon as the operation has been performed. It takes the following parameter:

    • error: nil if the operation is successful; otherwise an error encapsulates the reason of failure.

    Note

    The completion handler is executed on the same type of DispatchQueue as in the calling code.

  • Sets PACE CAN value for further token connections.

    Depending on card profile, a PACE with CAN value is done during token connection (see Reader.connect(completionHandler:)). This function must be called to set CAN value to use. This value is permanently stored in app data and is used for all connections to a card requiring PACE protocol.

    If stored CAN value (or if this function has never been called) does not permit a successful PACE protocol, Reader.connect(completionHandler:) will end with an error with SCMError.CXR_PACE_NEEDED scmError code. In this case, the app should ask the user to enter a CAN value before trying to read the token again.

    Declaration

    Swift

    public static func setPaceCanValue(_ can: String)

    Parameters

    can

    the CAN value to set.