From c8e7161c7977de81c431df281b1af5e312ff41f8 Mon Sep 17 00:00:00 2001
From: Philippe Thierry <phil@reseau-libre.net>
Date: Wed, 12 Jun 2019 09:50:44 +0200
Subject: [PATCH] Add CI build for javacard applets (#2)

[enhancement] add CI javacard applets build
---
 .travis.yml | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md   | 36 +++++++++++++++++++++++++++++++
 2 files changed, 98 insertions(+)
 create mode 100644 .travis.yml
 create mode 100644 README.md

diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..62b7d90
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,62 @@
+language: java
+os: linux
+dist:
+    - xenial
+
+
+addons:
+    apt:
+        update: true
+        packages:
+            - repo
+            - git
+            - make
+            - gcc-arm-none-eabi
+            - binutils-arm-none-eabi
+            - python-pip
+            - python3-pip
+            - python-pyscard
+            - python-crypto
+            - openjdk-8-jdk
+            - maven
+            - ant
+            - curl
+            - zip
+            - unzip
+            - bash
+
+# installing dependencies
+before_install:
+    - pip install --user intelhex
+    - sudo pip3 install kconfiglib
+    - curl -s "https://get.sdkman.io" -o /tmp/sdk
+    - chmod +x /tmp/sdk
+    - /tmp/sdk
+    - sudo bash -c ". $HOME/.sdkman/bin/sdkman-init.sh && sdk install maven 3.6.1"
+    - git clone https://github.com/martinpaljak/oracle_javacard_sdks.git /tmp/oracle_sdks
+
+# let's sync and build for disco407, wookey, and build doc
+jobs:
+    include:
+        - stage: javacard_build
+          script:
+              - mkdir build && cd build
+              - export PATH=/usr/local/bin:$PATH
+              - git config --global color.ui true
+              - repo init -u https://github.com/wookey-project/manifest.git -m soft/wookey_nightly.xml && repo sync
+              - echo 'export CROSS_COMPILE=arm-none-eabi-' > setenv.local.sh
+              - echo 'export JAVA_SC_SDK=/tmp/oracle_sdks/jc303_kit' >> setenv.local.sh
+              - if [ "$TRAVIS_EVENT_TYPE" = "pull_request" ]; then cd javacard/applet && git fetch github refs/pull/${TRAVIS_PULL_REQUEST}/head && git checkout FETCH_HEAD; cd ../..; fi
+              - source setenv.sh
+              - make boards/wookey/configs/wookey2_graphic_ada_hs_defconfig
+              - make prepare
+              - make externals
+              - make javacard_compile
+
+notifications:
+  email:
+    recipients:
+      - wookey@ssi.gouv.fr
+    on_success: never
+    on_failure: always
+    on_pull_requests: always
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..bca9eaf
--- /dev/null
+++ b/README.md
@@ -0,0 +1,36 @@
+# Wookey Javacard applets
+
+[![Release](https://img.shields.io/github/release/wookey-project/javacard-applet.svg)](https://github.com/wookey-project/javacard-applet/releases/latest)
+[![Travis CI Build Status](https://api.travis-ci.com/wookey-project/javacard-applet.svg?branch=master)](https://travis-ci.com/wookey-project/javacard-applet)
+
+## About Wookey applets
+
+The WooKey project authentication, DFU and signature tokens are implemented using JavaCard (https://docs.oracle.com/en/java/javacard/).
+
+JavaCard is a public ecosystem for developing and distributing code on secure elements. Actually, this is one of the only frameworks allowing to access secure elements without signing NDAs: this makes it a perfect match for open source projects since the source code can be distributed.
+
+JavaCard systems (composed of a secure IC and a JavaCard framework) are usually certified using the EAL Common Criteria scheme: this ensures that security and penetration tests as well as code review have been performed by entitled ITSEF (Information Technology Security Evaluation Facility) using a formal and approved process.
+
+This makes certified JavaCards an interesting choice for hardened components when designing security solutions: they are robust against a wide variety of advanced attack scenarios.
+
+For the WooKey project, we have validated our JavaCard applets on an EAL 4+ NXP JCOP J3D081 (https://www.fi.muni.cz/~xsvenda/jcalgtest/run_time/NXPJCOPJ3D081.html). This JavaCard is dual interface (contact and contacless), is JavaCard 3.0.1 and GlobalPlatform 2.2 compliant, and is EAL 4+ certified. The public certification report can be found here:
+
+https://www.commoncriteriaportal.org/files/epfiles/0860b_pdf.pdf
+
+The JCOP J3D081 have been chosen for price and availability reasons. Please note that the WooKey project applets should be compatible with any JavaCard 3.0.1 and above compatible card!
+
+
+## About compilation step
+
+
+The JavaCard and GlobalPlatform ecosystems require tools for compiling as well as pushing the compiled applets (CAP files) to the target. Fortunately, open source components are available for all these steps.
+
+Compiling can be performed using the ant-javacard project, with Oracle SDKs:
+
+https://github.com/martinpaljak/ant-javacard
+
+https://github.com/martinpaljak/oracle_javacard_sdks
+
+Pushing the compiled applets can be done through the GlobalPlatformPro tool:
+
+https://github.com/martinpaljak/GlobalPlatformPro