Signing credential (Shared Secret-based)

The sample code lets you perform the following tasks to manage a signing credential (OCRA):
Provisioning the credential
The following sample code initiates the provisioning of a signing credential. After successful provisioning, the signing credential object is returned to the mobile application, which can be used for generating the challenge response based on the challenge that is provided by the mobile application.
The URL and the credential prefix (VSCR) provided in this sample are trial production-specific values. Contact your Symantec representative for production values when you are ready to move to production implementation.
//Pass activationCode and the credential prefix to createCredentialSigning() //factory method CredentialFactory.createCredentialSigning(getApplicationContext(), testListener, "12345678", "VSCR"); //testListener refers to instance of NetworkListener. testListener = new NetworkListener(){ public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef){ if(vipExp == null) CredentialSigning credObject = credIRef; } }
This sample code performs the following functions:
  • Asynchronously initiates the Signing Credential provisioning through
    VIP
    Services with an activation code and the credential prefix.
  • Returns the credential object (
    credObject
    ) as part of the provisioning response to the NetworkListener callback method
    onReceiveResponse ()
    .
Saving the credential
The following sample code saves the credential object into the mobile device vault in the encrypted form:
// Get the credential object and adds the credential object to an ArrayList of //credential interface. // Saves the data on the mobile device ArrayList<CredentialInterface> credentialArray=new ArrayList<CredentialInterface>(); if(credObject != null){ Vault repository = new Vault(activityContext); try { credentialArray.add((Credential) credObject); status = repository.storeCredential(credentialArray); } catch (MVIPException exception){ // Catch and handle exception } }
This sample code performs the following functions:
  • Gets the credential object that is generated when the credential was provisioned, and adds it to an
    ArrayList
    of the credential interface.
  • Saves the data on the mobile device vault.
    If you do not use the Vault interface that Symantec provides, you must first convert the credential object to the JSON format using the toJSON API and then store it in your vault.
Restoring a credential and generating a challenge-response
The following sample code retrieves the data from the mobile device, regenerates the credential, and generates a challenge response based on the challenge that is provided by the mobile application.
// restore values from storage. Vault vault = new Vault(activityContext); String credentialId = null; ArrayList<CredentialInterface> mCredentials = null; try { mCredentials = vault.retrieveCredential(credentialId); } catch (MVIPException exception){ // Catch and handle exception } if (signingCredential != null){ if(credential.getCredentialType().contains("QH40")){ success=credential.setChallengeHex(ChallengeHex); } else{ success=credential.setChallengeNum(challengeNum); } String code=null; try{ code = mCredentials.get(0).getChallengeResponse(context); }catch (MVIPException exception){ // Catch and handle exception
This sample code performs the following functions:
  • Retrieves the serialized encrypted credential object that was saved with the credential.
  • Gets the first element in the array, which is the credential object and sets the challenge for the signing credential.
  • Calls
    getChallengeResponse
    for the signing credential, which used the challenge that was set in the previous call.
    The call to
    retrieveCredential
    with
    credentialId
    returns an ArrayList that contains the credential with given
    credentialId
    . In the case that the
    credentialId
    is passed as null to the
    retrieveCredential
    method, an
    ArrayList
    of all the credentials stored in vault is returned.
    If you do not use the Vault interface that Symantec provides, you must reconstruct the credential object from the JSON stored in the vault (non-Symantec) using the credential's constructor and then call the getSecurityCode method on the credential object.
For signing credentials with a Credential Signing Suite that contain numeric challenges (items 3 to 6 in Supported credential signing suites), you can also use the
setChallengeNum
method to set the challenge. For signing credentials with a Credential Signing Suite that contain hexadecimal challenges (items 7 and 8 in Supported credential signing suites), you can also use the
setChallengeHex
method to set the challenge.
The challenge must contain the exact number of characters or digits that are specified in the table. Also, the challenge cannot be prefixed with 0. For example, 012345 is not a valid six-digit challenge, but 100000 is a valid six-digit challenge.
Supported credential signing suites
credSuite ENUM Reference
Credential Suite
Description
Challenge Set APIs
AUTH
1 AUTH:HOTP:SHA1:6
Authentication Credential, SHA-1 hash OTP generation truncated to 6 digits.
Not applicable
AUTH_SIGN
2 AUTH:HOTP:SHA1:6:
SIGN Authentication and Signing Credential, SHA1 hash OTP generation truncated to 6 digits, supporting transaction signing capability.
EVENT
EVENT:HOTP:SHA1:6:
Event based credential, SHA1 hash OTP generation truncated to 6 digits, supporting event signing capability.
OCRA_6_6
3 OCRA-1:HOTP-SHA1-6:
QN06 OCRA Version 1.0, SHA-1 hash OTP generation truncated to 6 digits, supporting only numeric challenge of 6 digits.
setChallengeNum
OCRA_8_6
4 OCRA-1:HOTP-SHA1-6:
QN08 OCRA Version 1.0, SHA-1 hash OTP generation truncated to 6 digits, supporting only numeric challenge of 8 digits.
OCRA_6_8
5 OCRA-1:HOTP-SHA1-8:
QN06 OCRA Version 1.0, SHA-1 hash OTP generation truncated to 8 digits, supporting only numeric challenge of 6 digits.
OCRA_8_8
6 OCRA-1:HOTP-SHA1-8:
QN08 OCRA Version 1.0, SHA-1 hash OTP generation truncated to 8 digits, supporting only numeric challenge of 8 digits.
OCRA_40_6
7 OCRA-1:HOTP-SHA1-6:
QH40 OCRA Version 1.0, SHA-1 hash OTP generation truncated to 6 digits, supporting only hex challenge of 40 chars.
setChallengeHex
OCRA_40_8
8 OCRA-1:HOTP-SHA1-8:
QH40 OCRA Version 1.0, SHA-1 hash OTP generation truncated to 8 digits, supporting only hex challenge of 40 chars.