Authentication signing credential
The sample code lets you perform the following tasks to manage an authentication signing credential:
Provisioning the credential
The following sample code initiates the provisioning of an authentication and signing-capable credential. After successful provisioning, the authSigning credential object is returned to the mobile application, which can be used for generating the security code, and processing and signing the transactions.
The Credential prefix (QAMT) provided in this sample are trial production account-specific values. Contact your Symantec representative for production values when you are ready to move to production implementation.
//Pass activationCode and the credential prefix to createCredentialAuthSigning() //factory method CredentialFactory.createCredentialAuthSigning(getApplicationContext(), testListener, "12345678", "QAMT"); //testListener refers to instance of NetworkListener. testListener = new NetworkListener(){ public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef){ if(vipExp == null) CredentialAuthSigning credObject = credIRef; } }
This sample code performs the following functions:
- Asynchronously initiates the Authentication Signing Credential provisioning throughVIPServices with an activation code and the credential prefix.
- Returns the credential object (credObject) as part of the provisioning response to the NetworkListener callback methodonReceiveResponse ().
Provisioning the device certificate
To have a device hygiene response signed, you must provision a device certificate for the user's credential. The following sample code provisions a device certificate for the credential. After successful provisioning, the authentication credential object is updated with the device certificate and returned to the mobile application. Store the updated credential object in the
VIP
SDK or locally in the mobile app.try{ securityCredential = //retrieve the credential from the your store or SDK's Vault using Vault API or Create a new credential using Credential Factory API's; if(securityCredential !=null){ if(!securityCredential.isDeviceCertificateEnabled()) { securityCredential.provisionDeviceCertificate(context, new NetworkListener() { @Override public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef) { if (vipExp == null) { boolean success = vault.storeCredential(credList); } } }); } } }catch (MVIPException e) { showError(e.getMessage() + ":" + e.getCode());return; } }
This sample code performs the following functions:
- Retrieves the credential from theVIPSDK or the local store in the mobile app.Asynchronously initiates the device certificate provisioning throughVIPServices.
- Updates the credential object (credObject) with the device certificate.
- Returns the credential object as part of the provisioning response to theNetworkListenercallback methodonReceiveResponse ().
- Stores the updated credential object in theVIPSDK.
Saving the credential
The following sample code saves the credential object into the mobile device vault in the encrypted form:
// Get the credential object and adds the credential object to an ArrayList //of credential interface. // Saves the data on the mobile device ArrayList<CredentialInterface> credentialArray=new ArrayList<CredentialInterface>(); if (credObject != null){ Vault repository = new Vault(activityContext); try { credentialArray.add((CredentialAuthSigning) credObject); status = repository.storeCredential(credentialArray); } catch (MVIPException exception){ // Catch and handle exception } }
This sample code performs the following functions:
- Gets thecredentialAuthSigningobject that is generated during provisioning, and adds it to anArrayListof the credential interface.
- Saves the data on the mobile device vault.If you do not use the Vault interface that Symantec provides, you must first convert the credential object to the JSON format using the toJSON API and then store it in your vault.
Restoring the credential and generating a security code
The following sample code retrieves the data from the mobile device, regenerates the credentialAuthSigning object, and generates a security code.
// restore values from storage. Vault vault = new Vault(activityContext); String credentialId = null; ArrayList<CredentialInterface> mCredentials = null; try { mCredentials = vault.retrieveCredential(credentialId); } catch (MVIPException exception){ // Catch and handle exception } String code=null; try{ code = mCredentials.get(0).getSecurityCode(context); }catch (MVIPException exception){ // Catch and handle exception }
This sample code performs the following functions:
- Retrieves the serialized encrypted credential object that was saved with the credential.
- CallsgetSecurityCodeon the first element in the ArrayList returned from theretrieveCredentialmethod. This call obtains the next sequential security code from the credential.The call toretrieveCredentialwithcredentialIdreturns anArrayListthat contains the credential with the givencredentialId. In the case that acredentialIdis passed as null to theretrieveCredentialmethod, anArrayListof all the credentials that are stored in the vault is returned.If you do not use the Vault interface that Symantec provides, you must reconstruct the credential object from the JSON stored in the vault (non-Symantec) using the credential's constructor and then call thegetSecurityCodemethod on the credential object.
Retrieving and signing the transaction
The AuthSigning type credential is capable of processing and signing the transaction that is initiated from the
VIP
member site application to VIP
Services. The following code processes the outstanding transaction with VIP
Services for the particular credential.//demonstrates a way of retrieving and signing a transaction //receives the transaction details as a JSONObject. credAuthSignObj.retrieveTransaction(getApplicationContext(), txListener, transactionID); TransactionListener txListener = new TransactionListener(){ @Override public void onTransactionSuccess(JSONObject transactionDetails) { //parse the transactionDetails for title, displayMsg, rpUrl, timestamp, //expiration parameters //take the user approval and call completeTransaction() } @Override public void onTransactionFailed(MVIPException vipExp) { } //signingthetransaction credAuthSignObj.completeTransaction(getApplicationContext(), txListener, transactionDetails, userSelection); TransactionListener txListener = new TransactionListener(){ @Override public void onTransactionSuccess(JSONObject transactionDetails) { //acknowledgement will be received } @Override public void onTransactionFailed(MVIPException vipExp) { } } }
If the
VIP
member site application has initiated the authenticate request with the push parameters as enforcelocalauth, the completeTransaction API prompts for device authentication through the application.Retrieving and signing the transaction with number challenge
The AuthSigning type credential is capable of processing and signing the transaction that is initiated from the
VIP
member site application to VIP
Services. The following code processes the outstanding transaction with VIP
Services for the particular credential.//demonstrates a way of retrieving and signing a transaction //receives the transaction details as a JSONObject. credAuthSignObj.retrieveTransaction(getApplicationContext(), txListener, transactionID); TransactionListener txListener = new TransactionListener(){ @Override public void onTransactionSuccess(JSONObject transactionDetails) { //parse the transactionDetails for title, displayMsg, rpUrl, timestamp, //parse the isNumbersChallenge values (boolean) //expiration parameters //take the user approval and call completeTransaction() } @Override public void onTransactionFailed(MVIPException vipExp) { } //signingthetransaction credAuthSignObj.completeTransaction(getApplicationContext(), txListener, transactionDetails, userSelection, numbersChallenge); TransactionListener txListener = new TransactionListener(){ @Override public void onTransactionSuccess(JSONObject transactionDetails) { //acknowledgement will be received } @Override public void onTransactionFailed(MVIPException vipExp) { } } }
If the
VIP
member site application has initiated the authenticate request with the push parameters as enforcelocalauth, the completeTransaction API prompts for device authentication through the application.Migrating the authentication credential to authentication signing credential
The following code helps to migrate the Authentication-based credential to Authentication Signing-based credential. After migration, it is recommended that you use the new AuthSigning credential object for further operations on the credential.
// This call creates new CredentialAuthSigning object out of this Credential object. // It is recommended to null the old Credential object reference and persist // the new CredentialAuthSigning object before further use. credObj.enableSigning(getApplicationContext(), testListener, "https://services.vip.symantec.com/prov"); NetworkListener testListener = new NetworkListener(){ public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef){ if(vipExp == null){ CredentialAuthSigning credAuthSignObject = credIRef; credObj = null; //Store credAuthSignObject
Synchronizing the time of creation
The following code re-synchronizes the time of creation of the credential with the
VIP
server time. Use this functionality when the credential goes out-of-sync with the VIP
server time and starts generating an invalid security code. The credential may go out-of-sync with the VIP
server time if the time of the mobile device or the VIP
server time is changed.//Asynchronously initiate the call to VIP Services to fetch the server time. credObj.resetServerTime(testListener, "https://services.vip.symantec.com/prov"); NetworkListener testListener = new NetworkListener(){ public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef){ if(vipExp == null){ Credential credObject = credIRef; credObj = null; //Store the new credObject ..... } } } Re-generate the security code.
This sample code performs the following functions:
- Asynchronously initiates the call toVIPServices to fetch the server time.
- Returns the credential object (credObject) with the updated server time as part of theresetServerTimeresponse to the NetworkListener callback methodonReceiveResponse ().
- Stores the credential object on the mobile device.
- Re-generates the security code using the new credential object.