Time-based credential

The sample code lets you perform the following tasks to manage a time-based credential:
Provisioning the credential
The following sample code provisions an authentication-based credential. After successful provisioning, the authentication credential object is returned to the mobile application, which can be used for generating the security code.
The Credential prefix (QAMT) provided in this sample are trial production account-specific values. Contact your Symantec representative for production values when you are ready to move to production implementation.
//Pass activationCode and the credential prefix to createTimeBasedCredential() //factory method CredentialFactory.createTimeBasedCredential(getApplicationContext(), testListener, 12345678, QAMT); //testListener refers to instance of NetworkListener. NetworkListener testListener = new NetworkListener(){ public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef){ if(vipExp == null) Credential credObject = credIRef; } }
This sample code performs the following functions:
  • Asynchronously initiates the Authentication Credential provisioning through
    VIP
    Services with an activation code and the credential prefix.
  • Returns the credential object (
    credObject
    ) as part of the provisioning response to the
    NetworkListener
    callback method
    onReceiveResponse ()
    .
Provisioning the device certificate
To have a device hygiene response signed, you must provision a device certificate for the user's credential. The following sample code provisions a device certificate for the credential. After successful provisioning, the authentication credential object is updated with the device certificate and returned to the mobile application. Store the updated credential object in the
VIP
SDK or locally in the mobile app.
try{ securityCredential = //retrieve the credential from the your store or SDK's Vault using Vault API or Create a new credential using Credential Factory API's; if(securityCredential !=null){ if(!securityCredential.isDeviceCertificateEnabled()) { securityCredential.provisionDeviceCertificate(context, new NetworkListener() { @Override public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef) { if (vipExp == null) { boolean success = vault.storeCredential(credList); } } }); } } }catch (MVIPException e) { showError(e.getMessage() + ":" + e.getCode());return; } }
This sample code performs the following functions:
  • Retrieves the credential from the
    VIP
    SDK or the local store in the mobile app.
    Asynchronously initiates the device certificate provisioning through
    VIP
    Services.
  • Updates the credential object (
    credObject
    ) with the device certificate.
  • Returns the credential object as part of the provisioning response to the
    NetworkListener
    callback method
    onReceiveResponse ()
    .
  • Stores the updated credential object in the
    VIP
    SDK.
Saving the credential
The following sample saves the credential object into the mobile device in encrypted form:
// Get the credential object and adds the credential object to an ArrayList of //credential interface. // Saves the data on the mobile device ArrayList<CredentialInterface> credentialArray=new ArrayList<CredentialInterface>(); if (credObject != null){ Vault repository = Vault.getInstance(activityContext); try { credentialArray.add((Credential) credObject); status = repository.storeCredential(credentialArray); } catch (MVIPException exception){ // Catch and handle exception } }
This sample code performs the following functions:
  • Gets the credential object that is specified when the credential is provisioned, and adds it to an ArrayList of the credential interface.
  • Saves the data on the mobile device vault.
    If you do not use the Vault interface that Symantec provides, you must first convert the Credential object to the JSON format using the
    toJSON
    API and then store it in the mobile device vault.
Restoring the credential and generating a security code
The following sample code retrieves the data from the mobile device, regenerates the credential object, and generates a security code.
// restore values from storage. Vault vault = Vault.getInstance(activityContext); String credentialId = null; ArrayList<CredentialInterface> mCredentials = null; try { mCredentials = vault.retrieveCredential(credentialId); } catch (MVIPException exception){ // Catch and handle exception }
This sample code performs the following functions:
  • Retrieves the serialized encrypted credential object that was saved earlier.
  • Calls
    getSecurityCode
    on the first element in the
    ArrayList
    returned from the
    retrieveCredential
    method. This call obtains the next sequential security code from the credential.
    The call to
    retrieveCredential
    with a
    credentialId
    returns an
    ArrayList
    that contains the credential with the given
    credentialId
    . In the case that a
    credentialId
    is passed as null to the
    retrieveCredential
    method, then an
    ArrayList
    of all credentials that are stored in vault is returned.
    If you do not use the Vault interface that Symantec provides, you must reconstruct the credential object from the JSON stored in the vault (non-Symantec) using the credential's constructor and then call the
    getSecurityCode
    method on the credential object.
Synchronizing the time of creation
The following code re-synchronizes the time of creation of the credential with the
VIP
server time. This functionality must be used when the credential goes out-of-sync with the
VIP
server time and starts generating invalid security codes. The credential may go out-of-sync with the
VIP
server time if the time of mobile device is changed or the
VIP
server time is changed.
//Asynchronously initiate the call to VIP Services to fetch the server time. credObj.resetServerTime(testListener, "https://services.vip.symantec.com/prov"); NetworkListener testListener = new NetworkListener(){ public void onReceiveResponse(MVIPException vipExp, CredentialInterface credIRef){ if(vipExp == null){ Credential credObject = credIRef; credObj = null; //Store the new credObject ..... } } } Re-generate the security code.
This sample code performs the following functions:
  • Asynchronously initiates the call to
    VIP
    Services to fetch the server time.
  • Returns the credential object (
    credObject
    ) with the updated server time as part of the
    resetServerTime
    response to the NetworkListener callback method
    onReceiveResponse ()
    .
  • Stores the credential object on the mobile device.
  • Re-generates the security code using the new credential object.