Event-based credential
The sample code lets you perform the following tasks to manage an EventBased credential:
Provisioning the credential
The following sample code provisions an event-based credential. After successful provisioning, the event-based credential object is returned to the mobile application, which can be used for generating the security code.
The Credential prefix (QAME) provided in this sample are trial production account-specific values. Contact your Symantec representative for production values when you are ready to move to production implementation.
//Pass activationCode and the credential prefix to createEventBasedCredential() //factory method 1 [CredentialFactory createEventBasedCredential:@"QAME" activationCode:@"12345678" success:^(id<CredentialProtocol> iRefCredential) { 2 CredentialEventBased * securityCredential = (CredentialEventBased *) iRefCredential; } failure:^(NSError *error) { // Handle Error }];
This code performs the following functions:
- Asynchronously initiates the event-based credential provisioning throughVIPServices with an activation code and the credential prefix.
- CredentialEventBasedobject (securityCredential) is returned as part of the provisioning response in the success callback.
Saving the credential
The following sample code gets the credential object and saves it:
NSError *error = [[NSError alloc] init]; if(securityCredential != nil){ NSArray *credentialArray = [NSArray arrayWithObjects:securityCredential, nil]; // store the values in secure storage. BOOL isSucess = [self.vault storeCredential:credentialArray error:&error]; NSString *CredentialId = [securityCredential getCredentialId]; // Save credentialIds }
This code performs the following functions:
- Puts the credential object into an NSArray.
- Saves the array on the mobile device.
- Saves the credential ID of the credential.
If you do not use the Vault interface that Symantec provides, you must use the following code snippet to the credential object as NSData. Save this data in the encrypted form on the mobile device (for example, in the Keychain).
Credential *securityCredential = nil; NSData *myData = nil; NSMutableDictionary *dict = nil; if(securityCredential!= nil){ NSString *credentialId = [securityCredential getCredentialId]; [dict setObject: securityCredential forKey:credentialId]; myData = [NSKeyedArchiver archivedDataWithRootObject:dict]; // Store myData (NSData) in the key chain storage. }
Restoring the credential and generating a security code
The following sample code retrieves the data from the mobile device, regenerates the credential, and generates a security code.
CredentialEventBased *securityCredential = nil; NSMutableArray *credentialArray = [[NSMutableArray alloc] init]; NSError *error = [[NSError alloc] init]; // Restore values from storage BOOL success = [self.vault retrieveCredential:credentialId credentialArray:credentialArray error:&error]; if(success) { securityCredential = [credentialArray objectAtIndex:0]; NSString *code = nil; code = [securityCredential getSecurityCode:&error]; }
This code performs the following functions:
- Retrieves the NSArray that was saved using the previous sample code by specifying the saved credentialID.
- Gets the first element in the array, which is the credential object.
- CallsgetSecurityCode. This call obtains the next sequential security code from the credential.
- For troubleshooting purposes, you can have this call return a map of the credential event counter, credential ID, and current timestamp information, along with the security code, by using thegetSecurityCodeDebugcall in place ofgetSecurityCodecall:NSDictionary *secCodeDict = [securityCredential getSecurityCodeDebug:&error]; code = [secCodeDict objectForKey:@"securityCode"];ThegetSecurityCodeDebugcall returns a map containing the following keys:
- securityCode: The next sequential security code
- credentialID: The credential ID
- currentTime: The current timestamp from the device
- currentCounter: The current count of security codes for this credential. The count is incremented each time a security code is generated for an event-based credential.
If you do not use the Vault interface that Symantec provides, you must retrieve CredentialEventBased Object that was saved in the mobile storage using the previous sample code and then call the
getSecurityCode
method on the credential object. After the security code is generated, you must store the credential object in your vault. Storing the credential object ensures that your updated credential counter value is preserved.NSData *credData = nil; NSMutableDictionary *query = nil; NSString *credId = nil; // Get NSData object of credential from the keychain *dict = [NSKeyedUnarchiver unarchiveObjectWithData:credData]; securityCredential = [dict objectForKey: credId];