[security-dev 00821]: smartcardio - detecting smart token plug in

Michael StJohns mstjohns at comcast.net
Tue May 19 07:04:45 PDT 2009


The current smart card model (javax.smartcardio) permits the application to sit and wait for actions on a collection of "Terminals" (e.g. smart card insertion).  The set of terminals you can watch are limited to the terminals that are connected to the system at the time you call the method.  Unfortunately, this doesn't work very well with crypto tokens which are logically both a terminal (reader) and a smart card.  The only way to detect the plugin of a token is to loop every so often looking for new terminals.  

There is support in the underlying PCSC calls that allows you to detect the changes in the set of terminals by including the special name "\\?PnP?Notification" in the list of terminal names, but that isn't currently used by the javax.smartcardio or sun.security.smartcardio provider.

I've doing an implementation that adds this in a backwards compatible manner - by changing the provider code.  If you pass in "trackNewReaders" as a string parameter when you do a "getInstance" of  TerminalFactory, each list of terminals will include this special PnP pseudo terminal and will cause a return from the CardTerminals.waitForChange() and waitForChange(timeout) methods if a token is plugged in or removed.

Three questions 1) Is this a useful change 2) is this a reasonable approach or would it be better to change the behavior to track new readers without requiring specific configuration?  3) Where can I document this for end-users?  Since its in the provider it really needs to go in the ancillary documentation and that doesn't appear to be available as part of the openjdk project.

Mike




More information about the security-dev mailing list