Signing credential (Shared Secret-based)
The sample code lets you perform the following tasks to manage a signing credential (OCRA):
Provisioning the credential
The following sample code initiates the provisioning of a signing credential. After successful provisioning, the signing credential object is returned to the mobile application, which can be used for generating the challenge response based on the challenge that is provided by the mobile application.
The URL and the credential prefix (VSCR) provided in this sample are trial production-specific values. Contact your Symantec representative for production values when you are ready to move to production implementation.
//Pass activationCode and the credential prefix to createCredentialSigning() //factory method CredentialFactory.createCredentialSigning(getApplicationContext(), testListener, "12345678", "VSCR"); //testListener refers to instance of NetworkListener. testListener = new NetworkListener(){ public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef){ if(vipExp == null) CredentialSigning credObject = credIRef; } }
This sample code performs the following functions:
- Asynchronously initiates the Signing Credential provisioning throughVIPServices with an activation code and the credential prefix.
- Returns the credential object (credObject) as part of the provisioning response to the NetworkListener callback methodonReceiveResponse ().
Saving the credential
The following sample code saves the credential object into the mobile device vault in the encrypted form:
// Get the credential object and adds the credential object to an ArrayList of //credential interface. // Saves the data on the mobile device ArrayList<CredentialInterface> credentialArray=new ArrayList<CredentialInterface>(); if(credObject != null){ Vault repository = new Vault(activityContext); try { credentialArray.add((Credential) credObject); status = repository.storeCredential(credentialArray); } catch (MVIPException exception){ // Catch and handle exception } }
This sample code performs the following functions:
- Gets the credential object that is generated when the credential was provisioned, and adds it to anArrayListof the credential interface.
- Saves the data on the mobile device vault.If you do not use the Vault interface that Symantec provides, you must first convert the credential object to the JSON format using the toJSON API and then store it in your vault.
Restoring a credential and generating a challenge-response
The following sample code retrieves the data from the mobile device, regenerates the credential, and generates a challenge response based on the challenge that is provided by the mobile application.
// restore values from storage. Vault vault = new Vault(activityContext); String credentialId = null; ArrayList<CredentialInterface> mCredentials = null; try { mCredentials = vault.retrieveCredential(credentialId); } catch (MVIPException exception){ // Catch and handle exception } if (signingCredential != null){ if(credential.getCredentialType().contains("QH40")){ success=credential.setChallengeHex(ChallengeHex); } else{ success=credential.setChallengeNum(challengeNum); } String code=null; try{ code = mCredentials.get(0).getChallengeResponse(context); }catch (MVIPException exception){ // Catch and handle exception
This sample code performs the following functions:
- Retrieves the serialized encrypted credential object that was saved with the credential.
- Gets the first element in the array, which is the credential object and sets the challenge for the signing credential.
- CallsgetChallengeResponsefor the signing credential, which used the challenge that was set in the previous call.The call toretrieveCredentialwithcredentialIdreturns an ArrayList that contains the credential with givencredentialId. In the case that thecredentialIdis passed as null to theretrieveCredentialmethod, anArrayListof all the credentials stored in vault is returned.If you do not use the Vault interface that Symantec provides, you must reconstruct the credential object from the JSON stored in the vault (non-Symantec) using the credential's constructor and then call the getSecurityCode method on the credential object.
For signing credentials with a Credential Signing Suite that contain numeric challenges (items 3 to 6 in Supported credential signing suites), you can also use the
setChallengeNum
method to set the challenge. For signing credentials with a Credential Signing Suite that contain hexadecimal challenges (items 7 and 8 in Supported credential signing suites), you can also use the setChallengeHex
method to set the challenge.The challenge must contain the exact number of characters or digits that are specified in the table. Also, the challenge cannot be prefixed with 0. For example, 012345 is not a valid six-digit challenge, but 100000 is a valid six-digit challenge.
credSuite ENUM Reference | Credential Suite | Description | Challenge Set APIs |
|---|---|---|---|
AUTH | 1 AUTH:HOTP:SHA1:6 | Authentication Credential, SHA-1
hash OTP generation truncated to 6
digits.
| Not applicable
|
AUTH_SIGN | 2 AUTH:HOTP:SHA1:6: | SIGN Authentication and Signing
Credential, SHA1 hash OTP
generation truncated to 6 digits,
supporting transaction signing
capability.
| |
EVENT | EVENT:HOTP:SHA1:6: | Event based
credential, SHA1 hash OTP
generation truncated to 6 digits,
supporting event signing
capability. | |
OCRA_6_6 | 3 OCRA-1:HOTP-SHA1-6: | QN06 OCRA Version 1.0, SHA-1 hash OTP
generation truncated to 6 digits,
supporting only numeric challenge
of 6 digits. |
setChallengeNum
|
OCRA_8_6 | 4 OCRA-1:HOTP-SHA1-6: | QN08 OCRA Version 1.0, SHA-1 hash OTP
generation truncated to 6 digits,
supporting only numeric challenge
of 8 digits.
| |
OCRA_6_8 | 5 OCRA-1:HOTP-SHA1-8: | QN06 OCRA Version 1.0, SHA-1 hash OTP
generation truncated to 8 digits,
supporting only numeric challenge
of 6 digits.
| |
OCRA_8_8 | 6 OCRA-1:HOTP-SHA1-8: | QN08 OCRA Version 1.0, SHA-1 hash OTP
generation truncated to 8 digits,
supporting only numeric challenge
of 8 digits. | |
OCRA_40_6 | 7 OCRA-1:HOTP-SHA1-6: | QH40 OCRA Version 1.0, SHA-1 hash OTP
generation truncated to 6 digits,
supporting only hex challenge of 40
chars.
| setChallengeHex |
OCRA_40_8 | 8 OCRA-1:HOTP-SHA1-8: | QH40 OCRA Version 1.0, SHA-1 hash OTP
generation truncated to 8 digits,
supporting only hex challenge of 40
chars. |