Event-based credential
The sample code lets you perform the following tasks to manage an event-based credential:
Provisioning the credential
The following sample code provisions an authentication-based credential. After successful provisioning, the authentication credential object is returned to the mobile application. The credential object can then be used to generate the security code.
The Credential prefix (QAME) provided in this sample are trial production account-specific values. Contact your Symantec representative for production values when you are ready to move to production implementation.
//Pass activationCode and the credential prefix to createEventBasedCredential() //factory method CredentialFactory.createEventBasedCredential(getApplicationContext(), testListener, 12345678, QAME); //testListener refers to instance of NetworkListener. testListener = new NetworkListener(){ public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef){ if(vipExp == null) Credential credObject = credIRef; } }
This sample code performs the following functions:
- Asynchronously initiates the Authentication Credential provisioning throughVIPServices with an activation code and the credential prefix.
- Returns the credential object (credObject) as part of the provisioning response to theNetworkListenercallback methodonReceiveResponse ()
Saving the credential
The following sample saves the credential object into the mobile device in encrypted form:
// Get the credential object and adds the credential object to an ArrayList of //credential interface. // Saves the data on the mobile device ArrayList<CredentialInterface> credentialArray=new ArrayList<CredentialInterface>(); if (credObject != null){ Vault repository = Vault.getInstance(activityContext); try { credentialArray.add((Credential) credObject); status = repository.storeCredential(credentialArray); } catch (MVIPException exception){ // Catch and handle exception } }
This sample code performs the following functions:
- Gets the credential object that is specified when the credential is provisioned, and adds it to an ArrayList of credential interfaces.
- Saves the data on the mobile device vaultIf you do not use the Vault interface that Symantec provides, you must first convert the Credential object to the JSON format using the toJSONAPI. Then, store it in the mobile device vault.
Restoring the credential and generating a security code
The following sample code retrieves the data from the mobile device, regenerates the credential object, and generates a security code.
// restore values from storage. Vault vault = Vault.getInstance(activityContext); String credentialId = null; ArrayList<CredentialInterface> mCredentials = null; try { mCredentials = vault.retrieveCredential(credentialId); } catch (MVIPException exception){ // Catch and handle exception } String code=null; try { code = mCredentials.get(0).getSecurityCode(activityContext); } catch (MVIPException exception){ // Catch and handle exception }
This sample code performs the following functions:
- Retrieves the serialized encrypted credential object that was saved earlier
- CallsgetSecurityCodeon the first element in theArrayListreturned from theretrieveCredentialmethod. This call obtains the next sequential security code from the credential.The call toretrieveCredentialwith acredentialIdreturns anArrayListthat contains the credential with the givencredentialId. In the case that acredentialIdis passed as null to theretrieveCredentialmethod, then anArrayListof all the credentials that are stored in the vault are returned.
- For troubleshooting purposes, you can have this call return a map of the credential event counter, credential ID, and current timestamp information, along with the security code, by using thegetSecurityCodeDebugcall in place of thegetSecurityCodecall:Map<String,String> credentialDetails=null; String code=null; try { credentialDetails = ((CredentialEventBased)mCredentials.get(0)).getSecurityCodeDebug(activityContext); code = credentialDetails.get("securityCode"); } catch (MVIPException exception){ // Catch and handle exception }ThegetSecurityCodeDebugcall returns a map containing the following keys:
- securityCode: The next sequential security code
- credentialID: The credential ID
- currentTime: The current timestamp from the device
- currentCounter: The current count of security codes for this credential. The count is incremented each time a security code is generated for an event-based credential.
If you do not use the Vault interface that Symantec provides, you must reconstruct the credential object from the JSON stored in the vault (non-Symantec) using the constructor for the credential. Then, call the
getSecurityCode
method on the credential object. After the security code is generated, you must store the credential object in your vault. Storing the credential object ensures that your updated credential counter value is preserved.