Token
public final class Token
Class that represents connection to a smart card (or more generally, any cryptographic device). Token objects are obtained by calling the Reader.connect(completionHandler:)
method.
-
Gets the token model name.
Declaration
Swift
public func getModel() -> String
Return Value
The model name.
-
Gets the token serial number.
Declaration
Swift
public func getSerialNumber() -> String
Return Value
The serial number.
-
Gets the token label name.
Declaration
Swift
public func getLabel() -> String
Return Value
The label name.
-
Gets the token manufacturer name.
Declaration
Swift
public func getManufacturer() -> String
Return Value
The manufacturer name..
-
Returns if this token has been initialized for uses.
Note
This API does not provide any means to initialize a token.
Declaration
Swift
public func isInitialized() -> Bool
Return Value
true
if this token has been initialized;false
otherwise. -
Returns if this token allows user authentication through a hardware protected device (like a PIN pad reader, or using biometric recognition).
Declaration
Swift
public func hasProtectedAuthPath() -> Bool
Return Value
true
if this token allows user authentication through a hardware protected path,false
otherwise. -
Gets license validity for this card.
Declaration
Swift
public func isLicenseValid(completionHandler: @escaping (_ isValid: Bool?, _ error: NSError?) -> Void)
Parameters
completionHandler
The completion handler block to be called as soon as the operation has been performed.
isValid
contains whether license is valid. Error can occur if theSCMEnvironment
has been released for instance. -
Gets the end date for the license validity.
Declaration
Swift
public func getLicenseEndDate(completionHandler: @escaping (_ endDate: String?, _ error: NSError?) -> Void)
Parameters
completionHandler
The completion handler block to be called as soon as the operation has been performed.
endDate
contains the end date, as a string with the “YYYYMMDD” format. The return value may be “000000” for licenses with permanent validity. The return value may be an empty string for cards that do not have a license loaded, or for cards that benefit from a global licensing scheme. These cases can be identified depending on theisLicenseValid
result. Error can occur if theSCMEnvironment
has been released for instance. -
Generates an App License for the current token, if current API embeds this mechanism.
Note that the resulting license will be stored in app data; thus, for a same smart card, calling this function on each app instance (on a different device, after a re-installation or if app data is cleared) using this smart card is needed.
Declaration
Swift
public func generateAppLicense(completionHandler: @escaping (_ error: NSError?) -> Void)
Parameters
completionHandler(error)
The completion handler block to be called as soon as the operation has been performed. Error can occur if the
SCMEnvironment
has been released or typically if this API does not embed App License Generation. -
Disconnects from the token.
After performing this function, the token becomes unavailable.
Note:
If you wish to do more operation after you disconnected yourself from the token you should call
Reader.connect(completionHandler:)
in order to get a fresh token.Declaration
Swift
public func disconnect(completionHandler: @escaping (_ error: NSError?) -> Void)
Parameters
completionHandler
The completion handler block to be called as soon as the operation has been performed. It takes the following parameter:
- error
NSError?
: an error can occur if theSCMEnvironment
has been released by ARC or if something bad happened during the release of the token.
Note
The completion handler is executed on the same type ofDispatchQueue
as in the calling code. - error
-
Retrieves all objects found in the token (certificates and keys).
Example:
token.getObjects() { objects, error in if let error = error { print("fail to get objects: " + error.localizedDescription) } else { if let objects = objects { for object in objects { // loop over all objects found } } // when done using the token you should release it token.disconnect() { error in if let error = error { print("fail to disconnect: " + error.localizedDescription) } } } }
Note:
- The private objects cannot be returned if the associated PIN has not been verified previously.
- Take in consideration that the API does not internally keep references to the retrieved objects, and calling this method will always return new
TokenObject
instances, even if the objects have been previously retrieved. To check whether two
TokenObject
instances refer to the same physical object in the card, the==
operator can be used.
Declaration
Swift
public func getObjects(completionHandler: @escaping (_ objects: [TokenObject]?, _ error: NSError?) -> Void)
Parameters
completionHandler
The completion handler block to be called as soon as the objets are retrieved. It takes the following parameters:
- objects: the retrieved objects from the token.
- error :
nil
if the objects were retrieved successfully; otherwise an error encapsulates the reason of failure.
Note
The completion handler is executed on the same type ofDispatchQueue
as in the calling code. -
Verifies the special PIN.
Declaration
Swift
public func loginSpecial(value: String, type: String, completionHandler: @escaping (_ error: NSError?) -> Void)
Parameters
value
the PIN value
type
a String indicating on which PIN the operation must be made. Possible values depending on the card profile.
completionHandler
The completion handler block to be called as soon as the operation has been performed. It takes the following parameter:
- error:
nil
if the operation is successful; otherwise an error encapsulates the reason of failure.
Note
The completion handler is executed on the same type ofDispatchQueue
as in the calling code. - error:
-
Generates a new RSA key pair in the card, with some attributes.
The key pair attributes are provided by the
attributes
parameter. It must be a[String: Any]
object with the following keys:container
: the container label as aString
in which the key pair will be stored in. Optional. When specified, can be"auth"
,"sign"
,"conf"
,"mpp"
,"mpp_rgs"
or"winlogon"
. Possible values depending on the card profile. The container is chosen in EFID ascending order among available containers.label
: the ckLabel name as aString
to give for both generated keys.signVerify
:Bool
flag that will be use to initializeCKA_SIGN
attribute for the private key andCKA_VERIFY
for the public key. Optional, defaults totrue
.encryptDecrypt
:Bool
flag that will be use to initializeCKA_DECRYPT
attribute for the private key andCKA_ENCRYPT
for the public key. Optional, defaults totrue
.wrapUnwrap
:Bool
flag that will be use to initializeCKA_WRAP
attribute for the private key andCKA_UNWRAP
for the public key. Optional, defaults totrue
.
When the operation completes, the newly created keys are returned, organized as a
KeyPair
object.Note:
It is strongly recommended not to generate a key through NFC reader interface. Indeed, key pair generation may take some time and a card disconnection during this operation may be fatal for the card’s contents.
Declaration
Swift
public func generateKeyPair( keyLength: Int, attributes: [String: Any], completionHandler: @escaping (_ keyPair: KeyPair?, _ error: NSError?) -> Void) -> Void
Parameters
keyLength
the length, in bits, of the new key to generate.
attributes
the key pair attributes given as described above.
completionHandler
The completion handler block to be called as soon as the operation has been performed. It takes the following parameters:
- keyPair: the generated key pair.
- error:
nil
if the keys were successfully generated; otherwise an error encapsulates the reason of failure.
Note
The completion handler is executed on the same type ofDispatchQueue
as in the calling code. -
Imports a single X.509 certificate or a PKCS#12 (containing both a key pair and a certificate) in the card.
The import attributes are provided by
attributes
parameter. It must be a[String: Any]
object with the following keys:container
: the container label as aString
in which the key pair will be stored in. Optional. When specified, can be"auth"
,"sign"
,"conf"
,"mpp"
,"mpp_rgs"
or"winlogon"
. Possible values depending on the card profile. The container is chosen in EFID ascending order among available containers.label
: the ckLabel name as aString
to give for both generated keys.signVerify
:Bool
flag that will be use to initializeCKA_SIGN
attribute for the private key andCKA_VERIFY
for the public key. Optional, defaults totrue
.encryptDecrypt
:Bool
flag that will be use to initializeCKA_DECRYPT
attribute for the private key andCKA_ENCRYPT
for the public key. Optional, defaults totrue
.wrapUnwrap
:Bool
flag that will be use to initializeCKA_WRAP
attribute for the private key andCKA_UNWRAP
for the public key. Optional, defaults totrue
.
When the operation completes, the newly created items are returned, organized as an Array of
TokenObject
.Declaration
Swift
public func importObject( data: Data, password: String?, attributes: [String: Any], completionHandler: @escaping (_ objects: [TokenObject]?, _ error: NSError?) -> Void) -> Void
Parameters
data
The binary data of the item to import. For a single certificate, the data can be either in raw binary (DER-encoded) form, or encoded in PEM form. For a PKCS#12, the data must be in binary form.
password
(only for importing a PKCS#12): Password string of the PKCS#12 file.
attributes
the imported object attributes given as described above.
completionHandler
The completion handler block to be called as soon as the operation has been performed. It takes the following parameters:
- objects: the newly created objects.
- error:
nil
if the operation is successful; otherwise an error encapsulates the reason of failure.
Note
The completion handler is executed on the same type ofDispatchQueue
as in the calling code. -
Creates a new data container in the card.
The data container attributes are provided by the
attributes
parameter. It must be a[String: Any]
object with the following keys:private
:Bool
indicating if the data container object is protected by PIN (for both reading and writing). Optional, defaults tofalse
.modifiable
:Bool
indicating if the data container object is modifiable. Optional, defaults totrue
.label
: labelString
of the data container object. Optional.application
:String
naming the application that manages the object. Optional.value
:Data
containing the data to store.
Declaration
Swift
public func createDataContainer( attributes: [String: Any], completionHandler: @escaping (_ dataContainer: DataContainer?, _ error: NSError?) -> Void)
Parameters
attributes
the data container attributes.
completionHandler
The completion handler block to be called as soon as the operation has been performed. It takes the following parameters:
- dataContainer: the newly created data container.
- error:
nil
if the operation is successful; otherwise an error encapsulates the reason of failure.
Note
The completion handler is executed on the same type ofDispatchQueue
as in the calling code. -
Destroys the given object(s).
The objects are physically destroyed from the smart card.
Declaration
Swift
public func destroyObjects(tokenObjects: TokenObject..., completionHandler: @escaping (_ error: NSError?) -> Void)
Parameters
tokenObjects
the objects to destroy.
completionHandler
The completion handler block to be called as soon as the operation has been performed. It takes the following parameter:
- error:
nil
if the operation is successful; otherwise an error encapsulates the reason of failure.
Note
The completion handler is executed on the same type ofDispatchQueue
as in the calling code. - error:
-
Destroys the given object(s).
The objects are physically destroyed from the smart card.
Declaration
Swift
public func destroyObjects(tokenObjects: [TokenObject], completionHandler: @escaping (_ error: NSError?) -> Void)
Parameters
tokenObjects
the objects to destroy.
completionHandler
The completion handler block to be called as soon as the operation has been performed. It takes the following parameter:
- error:
nil
if the operation is successful; otherwise an error encapsulates the reason of failure.
Note
The completion handler is executed on the same type ofDispatchQueue
as in the calling code. - error:
-
Sets PACE CAN value for further token connections.
Depending on card profile, a PACE with CAN value is done during token connection (see
Reader.connect(completionHandler:)
). This function must be called to set CAN value to use. This value is permanently stored in app data and is used for all connections to a card requiring PACE protocol.If stored CAN value (or if this function has never been called) does not permit a successful PACE protocol,
Reader.connect(completionHandler:)
will end with an error withSCMError.CXR_PACE_NEEDED
scmError
code. In this case, the app should ask the user to enter a CAN value before trying to read the token again.Declaration
Swift
public static func setPaceCanValue(_ can: String)
Parameters
can
the CAN value to set.