Skip Headers
Java Card 3 Platform Runtime Environment Specification, Classic Edition
Version 3.0.4
E18985-01
  Go To Table Of Contents
Contents		 Go To Index
Index
Previous
Previous 		 Next
Next		  

8 Remote Method Invocation Service

The Remote Method Invocation Service is an optional component of the Java Card 3 Platform. The service is available when the javacard.framework.service package is present on the card.

Java Card platform Remote Method Invocation (Java Card RMI) is a subset of the Java platform Remote Method Invocation (RMI) system. It provides a mechanism for a client application running on the CAD platform to invoke a method on a remote object on the card. The on-card transport layer for Java Card RMI is provided in the package javacard.framework.service by the class RMIService. It is designed as a service requested by the Java Card RMI-based applet when it is the currently selected applet.

The Java Card RMI message is encapsulated within the APDU object passed into the RMIService methods.

8.1 Java Card Platform RMI

This section defines the subset of the RMI system that is supported by Java Card platform RMI.

8.1.1 Remote Objects

A remote object is one whose remote methods can be invoked remotely from the CAD client. A remote object is described by one or more remote interfaces. A remote interface is an interface that extends, directly or indirectly, the interface java.rmi.Remote. The methods of a remote interface are referred to as remote methods. A remote method declaration includes the exception java.rmi.RemoteException (or one of its superclasses such as java.io.IOException or java.lang.Exception) in its throws clause. Additionally, in the remote method declaration, a remote object declared as the return value must be declared as the remote interface, not the implementation class of that interface.

Java Card RMI imposes additional constraints on the definition of remote methods. These constraints are a result of the Java Card platform language subset and other feature limitations.

8.1.1.1 Parameters and Return Values

The parameters of a remote method must only include parameters of the following types:

  • Any supported primitive data types

  • Any single-dimension array of a supported primitive data type

The return value of a remote method must only be one of the following types:

  • Any supported primitive data type

  • Any single-dimension array type of a supported primitive data type

  • Any remote interface type

  • A void return

All parameters, including array parameters, are always transmitted by value during the remote method invocation. The return values from a remote method are transmitted by value for primitive types and arrays. Return values that are remote object references are transmitted by reference using a remote object reference descriptor.

8.1.1.2 Exceptions

Java Card RMI uses the following simplified model for returning exceptions thrown by remote methods:

  • When an exception defined in the Java Card API is thrown by a remote method, the exact exception type and the embedded reason code is transmitted to the client application. In essence, the exception object is transmitted by value.

  • When an exception not defined in the Java Card API is thrown by a remote method, the "closest" superclass exception type from the API and the embedded reason code is transmitted to the client application. In this case, the "closest" API defined superclass exception object is transmitted by value. The client application can distinguish an inexact exception from an exact one.

8.1.1.3 Functional Limitations

The definition of the supported subset of Java Card RMI for Java Card 3 Platform, implies functional limitations during the execution of Java Card API remote methods:

  • CAD client application remote objects cannot be passed as arguments to remote methods.

  • Card remote objects cannot be passed as arguments to remote methods.

  • Applets on the card cannot invoke remote methods on the CAD client.

  • Method argument data and return values, along with the Java Card RMI protocol overhead, must fit within the size constraints of an APDU command and APDU response, respectively.

8.2 RMI Messages

The Java Card RMI message protocol consists of two commands that are used to:

To ensure that the protocol is compatible with all applications, the SELECT FILE command is used for getting the initial reference. The response to the SELECT FILE command allows the remote method invocation command itself to be customized by the applet.

8.2.1 Applet Selection

The selection command used to retrieve the initial reference is the ISO 7816-4 SELECT FILE command, with the following options in the header:

  • Direct selection by DF Name, that is, selection by AID. This is the normal option used to select all applet instances in the Java Card platform.

  • Return FCI (File Control Information - ISO7816-4), optional template. This is an additional option that indicates that the applet is expected to return FCI information.

    In addition, an alternate RFU variant of the Return FCI option is required to configure the RMIService for an alternate Java Card RMI protocol format. For more details see Section 8.4.1, "SELECT FILE Command".

The answer to this command is a constructed TLV (tag-length-value) data structure (ISO 7816-6) that includes the following information:

  • The byte to be used as instruction byte (INS) for subsequent invocation commands.

  • The initial remote object reference descriptor. The descriptor includes the remote object identifier and information to identify the associated class.

8.2.2 Method Invocation

To request a method invocation, the CAD client provides the following information:

  • The remote object identifier. This identifier is used to uniquely identify the object on the card.

  • The invoked method identifier. This designator uniquely identifies the remote method within the remote object class or superclass.

  • The values of the arguments. These values are raw values for primitive data types, and for arrays, a length followed by the values.

The response to the invocation request may include one of the following items:

  • A primitive return value. This is a raw primitive data type value.

  • An array of primitive components. This is a length followed by the raw primitive data type values.

  • A remote object reference descriptor. The descriptor includes the remote object identifier and information to instantiate a proxy instance of the remote card object.

  • An exception. This is thrown by the remote method.

8.3 Data Formats

This section describes the formats used to encapsulate the following:

This section uses a C-like structure notation similar to that used in the Virtual Machine Specification, Java Card 3 Platform, Version 3.0.4, Classic Edition.

8.3.1 Remote Object Identifier

A remote object identifier is a 16-bit unsigned number that uniquely identifies a remote object on the card.

8.3.2 Remote Object Reference Descriptor

The remote object reference descriptor includes the remote object identifier, as well as information to instantiate the proxy class on the CAD client. The remote object reference descriptor uses one of two alternate formats. The representation based on the name of the class uses the remote_ref_with_class format. The representation based on the names of the implemented remote interfaces uses the remote_ref_with_interfaces format.

A remote object reference descriptor is therefore defined as follows:

remote_ref_descriptor {
    union {
        ref_null remote_ref_null
        remote_ref_with_class remote_ref_c
        remote_ref_with_interfaces remote_ref_i
        }
}

Note:

Even though this structure uses the C-like "union" notation, the lengths of the alternate representations within the union do not use any padding to normalize their lengths.

The following items are in the remote_ref_descriptor structure:

ref_null is the representation of a null reference using the following format:

ref_null {
   u2 remote_ref_id = 0xFFFF
}

The remote_ref_id item must be the reserved value 0xFFFF.

remote_ref_with_class is the definition of a remote object reference using the class name and uses the following format:

remote_ref_with_class {
      u2 remote_ref_id != 0xFFFF
      u1 hash_modifier_length
      u1 hash_modifier[ hash_modifier_length ]
      u1 pkg_name_length
      u1 package_name[ pkg_name_length ]
      u1 class_name_length
      u1 class_name[ class_name_length ]
    }

The remote_ref_id item represents the remote reference identifier. The value of this field must not be 0xFFFF, which denotes the null reference.

The hash_modifier item is an UTF-8 string of length specified in the hash_modifier_length item and is used to ensure that method identifier hash codes are unique.

The pkg_name_length item is the number of bytes in the package_name item to represent the name of the package in UTF-8 string notation. The value of this item must be non-zero.

The package_name item is the variable length representation of the fully qualified name of the package which contains the remote class in UTF-8 string notation. The fully qualified name of the package represented here uses the internal form wherein the ASCII periods (.) that normally separate the identifiers that make up the fully qualified name are replaced by ASCII forward slashes (/). For example, the internal form of the normally fully qualified package name of the package java.rmi is java/rmi.

The class_name_length item is the number of bytes in the class_name item to represent the name of the remote class in UTF-8 string notation. The value of this item must be non-zero.

The class_name item is the variable length representation of the name of the implementation class (or superclass) of the remote object in UTF-8 string notation. The class referenced in the remote object reference descriptor must directly implement a remote interface. If the implementation class of the remote object does not directly implement a remote interface, the class name of the "closest" superclass of the implementation class which directly implements a remote interface must be used.

remote_ref_with_interfaces item is the definition of a remote object reference using the names of the interfaces and uses the following format:

remote_ref_with_interfaces {
      u2 remote_ref_id != 0xFFFF
      u1 hash_modifier_length
      u1 hash_modifier[ hash_modifier_length ]
      u1 remote_interface_count
      rem_interface_def remote_interfaces[remote_interface_count]
   }

The definition of the remote_ref_id, the hash_modifier_length and the hash_modifier item are the same as that described earlier in the remote_ref_with_class structure.

The remote_interface_count item indicates the number of rem_interface_def format entries in the remote_interfaces item. This number must be less than 16.

The remote_interfaces item comprises a sufficient list of rem_interface_def format entries containing the names of remote interfaces implemented. This list is such that when combined with their remote superinterfaces, the complete set of remote interfaces implemented by the remote object can be enumerated. The rem_interface_def item uses the following format:

rem_interface_def {
      u1 pkg_name_length
      u1 package_name[ pkg_name_length ]
      u1 interface_name_length
      u1 interface_name[ interface_name_length ]
      }

The items in the rem_interface_def structure are as follows:

The pkg_name_length item is the number of bytes used in the package_name item to represent the name of the package in UTF-8 string notation. If the value of this item is 0, it indicates that the package name of the previous remote_interfaces item must be used instead. The value of this item in remote_interfaces[0] must not be 0.

The package_name item is the pkg_name_length byte length representation of the fully qualified name of the package which contains the remote interface in UTF-8 string notation. The fully qualified name of the package represented here uses the internal form wherein the ASCII periods (.) that normally separate the identifiers that make up the fully qualified name are replaced by ASCII forward slashes (/). For example, the internal form of the normally fully qualified package name of the package java.rmi is java/rmi.

The interface_name_length item is the number of bytes in the interface_name item to represent the name of the remote interface in UTF-8 string notation.

The interface_name item is the variable length representation of the name of the remote interface implemented by the remote object in UTF-8 string notation.

8.3.3 Method Identifier

A method identifier is always used in association with a remote object reference. A method identifier is defined as follows:

u2 method_id

The method_id is a unique 16-bit hashcode identifier of the remote method within the remote class. This 16-bit hashcode consists of the first two bytes of the SHA-1 message digest function performed on a class specific hash modifier string, followed by the name of the method, followed by the method descriptor representation in UTF-8 format. Representation of a method descriptor is the same as that described in The Java Virtual Machine Specification (Section 4.3.3).

8.3.4 Parameter Encoding

Every parameter has the following generic format:

param {
      u1 value[]
    }

8.3.4.1 Primitive Data Type Parameter Encoding

Primitive data types void, boolean, byte, short and int are respectively encoded as follows:

void_param {
    }
boolean_param {
      u1 boolean_value
    }
byte_param {
      s1 byte_value
    }
short_param {
      s2 short_value
    }
int_param {
      s4 int_value
    }

The boolean_value field may only take the values 0 (for false) and 1 (for true). All the other fields can take any value in their range.

8.3.4.2 Array Parameter Encoding

The representation of the null array parameter and arrays of the boolean, byte, short and int component types include the length information and are respectively encoded as follows:

null_array_param {
      u1 length = 0xFF
    }
boolean_array_param {
      u1 length != 0xFF
      u1 boolean_value[length]
    }
byte_array_param {
      u1 length != 0xFF
      s1 byte_value[length]
    }
short_array_param {
      u1 length != 0xFF
      s2 short_value[length]
    }
int_array_param {
      u1 length != 0xFF
      s4 int_value[length]
    }

Note:

The length field in each of this array data structure represents the number of elements of the array, not its size in bytes.

8.3.5 Return Value Encoding

A return value may be any of the parameter types described in the previous section encapsulated within a normal response format. In addition, the return value may represent a remote object reference type, a null return type, various exceptions and the error type.

The generic structure of a return value is as follows:

return_response {
      u1 tag
      u1[] value
    }

The return value using the return_response encoding is always followed by a good completion status code of 0x9000 in the response APDU.

8.3.5.1 Normal Response Encoding

A normal response encapsulates primitive return types, arrays of primitive data types using the same format for the param item, as described in Section 8.3.4, "Parameter Encoding", using the following format:

normal_param_response {
      u1 normal_tag = 0x81
      param normal_value
    }

The null_array_param format described in Section 8.3.4, "Parameter Encoding" is not used to represent a null array reference. Instead, a null object reference, as well as a null array reference, shares the following common format:

normal_null_response {
      u1 normal_tag = 0x81
      ref_null null_array_or_ref
    }

In addition, a remote object reference descriptor type is also encapsulated using the normal response format as follows:

normal_ref_response {
      u1 normal_tag = 0x81
      remote_ref_descriptor remote_ref
    }

8.3.5.2 Exception Response Encoding

Following is the encoding when an API defined exception is thrown by the remote method. It may be returned during any remote method invocation. The reason item is the Java Card platform exception reason code, or 0 for a java.lang, java.rmi or java.io exceptions:

exception_response {
      u1 exception_tag = 0x82
      u1 exception_type
      s2 reason
    }

Following are the values for the exception_type item:

java.lang.Throwable = 0x00
java.lang.ArithmeticException = 0x01
java.lang.ArrayIndexOutOfBoundsException = 0x02
java.lang.ArrayStoreException = 0x03
java.lang.ClassCastException = 0x04
java.lang.Exception = 0x05
java.lang.IndexOutOfBoundsException = 0x06
java.lang.NegativeArraySizeException = 0x07
java.lang.NullPointerException = 0x08
java.lang.RuntimeException = 0x09
java.lang.SecurityException = 0x0A
java.io.IOException = 0x0B
java.rmi.RemoteException = 0x0C
javacard.framework.APDUException = 0x20
javacard.framework.CardException = 0x21
javacard.framework.CardRuntimeException = 0x22
javacard.framework.ISOException = 0x23
javacard.framework.PINException = 0x24
javacard.framework.SystemException = 0x25
javacard.framework.TransactionException = 0x26
javacard.framework.UserException = 0x27
javacard.security.CryptoException = 0x30
javacard.framework.service.ServiceException = 0x40
javacardx.biometry.BioException = 0x50
javacardx.external.ExternalException = 0x60
javacardx.framework.tlv.TLVException = 0x70
javacardx.framework.util.UtilException = 0x80

Following is the encoding when a user defined exception is thrown by the remote method. The exception_type item represents the closest API defined exception type. It may be returned during any remote method invocation. The reason item is the Java Card platform exception reason code, or 0 for the subclasses of java.lang, java.rmi or java.io exceptions:

exception_subclass_response {
      u1 exception_subclass_tag = 0x83
      u1 exception_type
      s2 reason
    }

8.3.5.3 Error Response Encoding

The following encoding represents an error condition on the card. The error may occur due to marshalling, unmarshalling or resource-related problems.

error_response {
      u1 error_tag = 0x99
      s2 error_detail
    }

Following are the values of the error_detail item:

  • The Remote Object Identifier is invalid or ineligible for Java Card RMI = 0x0001

  • The Remote Method could not be identified = 0x0002

  • The Remote Method signature did not match the parameter format = 0x0003

  • Insufficient resources available to unmarshall parameters = 0x0004

  • Insufficient resources available to marshall response = 0x0005

  • Java Card Remote Method Invocation protocol error = 0x0006

  • Internal Error occurred = 0xFFFF

8.4 APDU Command Formats

Section 8.3, "Data Formats" described the various elements included in the data portion of the Java Card RMI messages. This section describes the complete format of the APDU commands: the header as well as the data portion containing the message elements described earlier.


Note:

Java Card RMI message protocol supports only the 1 byte encodings of the Lc and Le values of the APDU data length.

8.4.1 SELECT FILE Command

Table 8-1 lists the formats required for the Select command for an RMI-based applet.


Note:

(%b) indicates binary notation using bit numbering as in the ISO 7816 specification. The most significant bit is b8. The least significant bit is b1. An "x" notation represents a "don't care".

Table 8-1 Select File Command

Field Value Description

CLA

%b000000cc

or

%b0100dddd

The cc in bits (b2,b1) denote the origin logical channels number in the range 0-3.

The dddd in bits (b4-b1) denote the origin logical channel number 4-19 using 0 origin notation.

See Figure 4-1 for CLA field encoding format.

INS

0xA4

SELECT FILE

P1

0x04

Select by AID

P2

%b000x00xx

Return FCI information.The bits (b2,b1) are used for partial selection, if supported. If bit b5 is 1, the remote reference descriptor uses the remote_ref_with_interfaces format, otherwise it uses the alternate remote_ref_with_class format.

Lc

Lc

Length of the AID

Data

AID

AID of the applet to be selected (between 5 and 16 bytes)

Following is the format of the response. Note that the applet may extend the format to include additional information, if necessary before sending the response back to the CAD. The additional information must retain the TLV format and must not introduce any additional information under the jc_rmi_data_tag.

select_response {
    u1 fci_tag = 0x6F
    u1 fci_length
        u1 application_data_tag = 0x6E
        u1 application_data_length
            u1 jc_rmi_data_tag = 0x5E
            u1 jc_rmi_data_length
            u2 version = 0x0202
            u1 invoke_ins
            union {
                normal_ref_response normal_initial_ref
                normal_null_response null_initial_ref
                error_response initial_ref_error
                } initial_ref
    }

The jc_rmi_data_length item is the combined length in bytes of the version item, invoke_ins item and the initial_ref item. The application_data_length item is jc_rmi_data_length + 2. The fci_length item is application_data_length + 2.

The response data includes invoke_ins, the instruction byte to use in the method invocation command. It also includes initial_ref, the initial remote object reference descriptor. The initial_ref item corresponds to the remote object designated as the initial reference to the RMIService instance during construction. The initial_ref item can be a normal_ref_response item described in Section 8.3.5.1, "Normal Response Encoding" or a null representation using a normal_null_response item described in that same section, if the initial remote reference object is not enabled for remote access. Also, note that if an error occurs during the marshalling of the initial remote reference descriptor, an error response is returned in initial_ref instead of using the error_response item format described in Section 8.3.5.3, "Error Response Encoding".


Note:

Even though the select_response structure uses the C-like "union" notation, the lengths of the alternate representations within the union do not use any padding to normalize their lengths.

The format of the remote_ref_descriptor to be used in this response as well as all subsequent responses (remote_ref_with_class or remote_ref_with_interfaces) is determined by the value of the P2 byte of the SELECT FILE command.


Note:

Only the RMIService instance that processes the SELECT FILE command sets (or changes) the format of the remote object reference descriptor based on the value of the P2 byte. Once set or changed, the RMIService instance uses only that format in all Java Card RMI responses it generates.

8.4.2 INVOKE Command

Table 8-2 lists the format required for the Invoke command for a remote method invocation request.

Table 8-2 Invoke Command Format

Field Value Description

CLA

%b1000 yycc or

%b1010 yycc or

%b11y0 dddd

The cc in bits (b2,b1) denotes the origin logical channel number in the range 1-3. The yy in bits (b4,b3) of the type 4 formats denote secure messaging.

The dddd in bits (b4-b1) denote the origin logical channel number in the range 4-19 using 0 origin notation. The y in bit b6 of the type 16 format denotes secure messaging.

See Figure 4-1 for CLA field encoding formats.

INS

value of invoke_ins

invoke_ins returned in the previous select_response

P1

02

RMI major version #

P2

02

RMI minor version #

Data

As described below

As described below

Following is the structure of the data part of the request command:

invoke_data {
     u2 object_id
     u2 method_id
     param parameters[]
   }

The object_id is the remote object identifier of the object whose remote method is to be invoked. The method to be invoked is specified by the method_id item, and each parameter is specified by a param structure.

The response format uses the return_response structure as described in Section 8.3.5, "Return Value Encoding".

8.5 RMIService Class

The RMIService class implements the Java Card RMI protocol and processes the RMI access commands described earlier: SELECT FILE and INVOKE. It performs the function of the transport layer for Java Card RMI commands on the card.

The RMIService object maintains a list of remote objects that have been returned during the current applet selection session. It enforces the following rules for the lifetime of the remote object references:

In addition, a remote object reference descriptor of an object must only be returned from the card if it is exported. See the class javacard.framework.service.CardRemoteObject. Otherwise, an exception is thrown. See the class javacard.framework.service.RMIService.

8.5.1 setInvokeInstructionByte Method

This method sets the value of invoke_ins described in Section 8.4.1, "SELECT FILE Command", which is returned in the response to the SELECT FILE command. The change in the Java Card RMI protocol only goes into effect the next time this RMIService instance processes the SELECT FILE command. If this method is not called, the default instruction byte value (DEFAULT_RMI_INVOKE_INSTRUCTION) is used.

8.5.2 processCommand Method

The processCommand method of the RMIService class is invoked by the applet to process an incoming RMI message. RMIService collaborates with other services by using the common service format (CSF) in the APDU buffer. It processes only the incoming Java Card RMI APDU commands and produces output as described in the previous sections.

When called with a SELECT FILE command with format described in Section 8.4.1, "SELECT FILE Command", this method builds a response APDU as described in that section.

When called with an INVOKE command with the format described in Section 8.4.2, "INVOKE Command", this method must call the specified remote method of the identified remote object with the specified parameters. It must catch all exceptions thrown by the remote method. When an exception is caught or the remote method returns, this method must build a response APDU in the format described in Section 8.4.2, "INVOKE Command".

Prior to invoking the remote method, the following errors must be detected and must result in an error response in the format described in Section 8.3.5.3, "Error Response Encoding":

  • The remote object identifier is not valid.

  • The remote object identifier was not returned during the current selection session.

  • The method identifier does not match any remote methods in the remote class associated with the identified remote object.

  • The length of the INVOKE message is inconsistent with the signature of the remote method.

  • There is insufficient space to allocate array parameters for the remote method. The implementation must support at least eight input parameters of type array.

In addition, upon return from the remote method, the following errors must be detected and must result in an error response in the format described in Section 8.3.5.3, "Error Response Encoding":

  • There is insufficient space to allocate the array response from the remote method. The implementation must support an APDU buffer of at least 133 bytes.

  • A remote object is being returned, and its associated remote object identifier was not previously returned during the current selection session, and there is insufficient space to add the remote object identifier to the session remote object identifier list. The implementation must support at least eight remote object identifiers during a selection session.

In addition, the object access firewall rules must be enforced in a manner similar to that of the invokevirtual instruction (Section 6.2.8.4, "Accessing Class Instance Object Methods") by this method when a remote method is invoked. Only methods of a remote object owned by the context of the currently selected applet may be invoked.

8.5.2.1 Allocation of Incoming Objects

Because array parameters to remote methods are transmitted by value, array objects need to be allocated on the card when a remote method with array arguments is invoked via the INVOKE command. Global array objects (Section 6.2.2, "Global Arrays") must be used for incoming remote method arguments. Global arrays have the following properties:

  • They are owned by the Java Card RE, but they can be freely accessed from all contexts.

  • They are temporary objects and cannot be stored in any object.

  • They are not subject to transactions.

The implementation may choose to maintain the data portion of these global array objects used for remote method parameters in the APDU buffer itself.

  Previous
Previous 		 Next
Next
  Go To Table Of Contents
Contents		 Go To Index
Index