AlisonMobile SDK
Armando Carratala
Nestor Markowicz
Description
AlisonSDK Mobile is a native library for IOS and Android platforms.
This library generates CAdES digital signatures for UTF-8 strings and allows the installation of digital certificates under a security policy that protects the certificate usage.
This library offers a similar behavior under both platforms, complying with a common security policy layer. This security policy protects certificate usage, controlled by the certificate issuer.
Platform compatibility
Android
| IOS
| IONIC
|
| Latest ✔ | Latest ✔ | Latest ✔ |
.png?version=1&modificationDate=1590972453003&cacheVersion=1&api=v2&width=48&height=48){kind=small}
Download
You can download latest stable release of AlisonSDK-Mobile:
Future Releases
It is possible to access future releases of the library to test new features to be implemented.
.
Disclaimer
Disclaimer
This is a work in progress.
It may be subject to changes in the future.
Related Product
Security Policy
Security Policy defines rules to protect certificate usage.
Following fields can be included into a security policy.
| Field | example | Description |
|---|---|---|
| name | client_name | Name of the policy. It can be used to recognize between different policies and values. |
| version | 5.0.1 | Version of the policy. |
| security_level | 2 | Security level required to protect the certificate. This value is explained below. |
| max_try | 5 | Limit of tries to enter a password or biometric factor. After the second try, a "toast or flash" message is displayed on screen. After reach the limit defined with this value, action defined in "fail_behavior" is executed. |
| fail_behavior* | lock || erase | This action is executed after reaching the max_try value.
|
| fail_timeout | 10 | Minutes to lock the certificate usage. |
Note: a typo was introduced in original library and is maintained by backward compatibility.
Security Level table
| Dec | Hex | Description |
|---|---|---|
| 0 | 0x0000 | none security. Each certificate can be used without any kind of control. |
| 1 | 0x0001 | requires lock-screen of the device to activate the certificate usage. |
| 2 | 0x0001 | requires biometric lock. If biometric lock is not available, level 1 is required. |
| 3 | 0x0003 | any kind of lock (level_1 or level_2). |
| 4 | 0x0004 | the password that protect the certificate is required. |
| 1025 | 0x0401 | password AND lock-screen is required. Both factor must be entered by the user. |
| 1026 | 0x0402 | password AND biometric is required. |
.
Methods
List of available methods.
Initialize
AlisonMobileSDK is a static class used to define some general behaviours of the library and to obtain execution results..
This class must be used to initialize the library before of using any of its methods or classes.
This method must be invoked after OnCreate callback and before of SetContent function. This is required condition to setup the language correctly.
initializeAlisonMobile( String initializeName, String language, boolean notification, Context context, String baseUrl );
| Argument | Values | Description |
|---|---|---|
| initializeName | string | it must indicate a unique identifier for the library. This identifier is used to mark those certificates related to this application. |
| language | en | es | language of the messages to show to the user. Other values can be used but programmer must extend the language definitions provided by the library. if none (null) value is defined, then the library uses the OS language. |
| notification | false | this value indicates to the library if toast messages must be displayed or not. |
| context | this is the context of the activity requiring this function. | |
| baseUrl | URL where to call to fetch renewal or inform the installation of a new request. This URL is provided by the certification authority, like: "https://panel.certisur.com/panel/acme" |
.
Version
String getLibVersion();
This method can be used to determine the library version. This can be useful under certain development conditions. This is a static method of AlisonMobileSDK.
.
Operations
This library is implemented as an general administrator of operation to be performed. Each operation has its own result, which is communicated to the caller throw the corresponding callback.
The function onActivityResult(int requestCode, int resultCode, Intent data) is used as a callback.
Each kind of operation has a specific class, and specific methods to use.
.
ListOperation
This class can be used to obtain all the certificates.
listOp = new AlisonListOperation(Context context, boolean eraseCerts);
To obtain the list of all certificates installed and controlled by the library and installed into the specific keystore of the application:
ArrayList<WebCertificate> certs= ListCertificates();
After obtaining the certificate, it is possible to get information of each certificate.
| Method | Description |
|---|---|
| String getAlias(); | Obtain the certificate's alias. |
| Int getDaysToExpire(); | Returns validity days of the certificate. A positive value represents that the certificate is still valid. |
| Int getCertificateStatus(); | Obtain the status of the certificate. This status is related to the security policy defined during its installation. A list of possible values can be found forward. |
Certificate Status
| Value | Code | Description |
|---|---|---|
| 0 | OK | Certificate status OK. Valid for a signature operation. |
| 22009 | STATUS_INVALIDATED_C | Invalid Status. A certificate with this status can't be used to sign. This status can be reached when user changes some security features of the device after installing the certificate. For example: user disables all methods that protect the login to the device. |
| 22010 | STATUS_CHECK_POLICY_ERROR_C | Certificate doesn't comply with the security defined by its policy. |
| 22011 | STATUS_POLICY_ERROR _AND_INVALIDATED_CERT_C | Certificate doesn't comply with the policy and it's invalid. |
Si no hay ningún certificado instalado devuelve una lista vacia.
| Argument | Description |
|---|---|
| Context | Context del activity que controla la actividad. |
| eraseCerts | this parameter can be used to delete those certificates, that are in INVALID status. |
.
AuthOperation
This class can be used to generate a signed authentication token. This token is used to determine the certificate used to login into the application.
authOp = new AlisonAuthOperation(String certAlias);
| Argument | Description |
|---|---|
| certAlias | Receives the certificate alias that identify the certificate. If none parameter is provided, then the library select automatically the certificate to be used. |
.
SignatureOperation
This class can be used to generate a signature of a UTF-8 string.
The signature is CAdES format, without data included into it.
signOp = new AlisonSignatureOperation(String text2sign, String certAlias);
If none certAlias is specified, then the last used certificate is selected for this operation.
If there is more than one certificate that can be used, then the select-certificate windows is displayed.
.
ImportOperation
This class can be used to import a certificate into the keystore.
importOp = new AlisonImportOperation(String certUrl);
This operation download the security policy related to this certificate and check if device comply with this its specification.
If device allows intallation, certificate is downloaded and installed into the keystore. Since that the certificate is protected by a password, user must enter the correct password to proceed with installation.
| Argument | Description |
|---|---|
| certUrl | URL to the certificate (and its policy) to be downloaded and installed. This URL usually was obtained from an email or scanned QR from the end-user approval console. |
.
RenewOperation
This operation allows renewal of a certificate close to expire.
A new certificate will be downloaded and installed replacing the certificate to expire. The new certificate can download a new security policy.
importOp = new AlisonRenewOperation(String renewUrl);
.
EraseOperation
This operation erase the certificate corresponding to the alias passed as a parameter.
int deleteSelectedCertificate(String aliasCert);
To delete all the certificates stored into the keystore of this application:
int deleteCertificates();
Return code:
| Value | Description |
|---|---|
| 1 | Success. A certificate or certificates was/were deleted. |
| 0 | None certificate was found to be deleted. |
| -1 | Error. It was not possible to delete the certificate or certificates. |
.
Activity Result
Since operation works in a asynchronic mode, the result of each operation is obtained throw the onActivityResult method.
void onActivityResult(int requestCode, int resultCode, Intent data);
| Field | Description |
|---|---|
| requestCode | Request code included into the Intent used to perform the operation. |
| resultCode | Result code returned by the operation. Possible values:
|
| data | Additional information returned by the operation. The method getStringExtra() can be used to fetch the information of the operation. |
Use this method to obtain information of the operation.
String value = data.getStringExtra(String key);
where key can be one of the following values:
| Key | Description |
|---|---|
| opResult | Detailled information of the result code. A json structure is returned with the following format: {"opResult":[{"code": CODE,"detail": DESCRIPTON}],"opType": OP_TYPE,"resultStatus":RES_STATUS}
|
| signatureB64 | signature CAdES in base64 format. This value can be obtained for AuthOperation and SignatureOperation. |
| signedText | signed Text. This value can be obtained for AuthOperation and SignatureOperation. |
| lockedTime | when the result.code of the operation is ERR_C_CERT_LOCKED (22311), this value can be obtained to to inform to the end-user how long this certificate will be locked. |
.
Error Codes
Following error codes can be returned by this library. This values are defined into the class AlisonCodes.
Common codes
| Value | Code | Description |
|---|---|---|
| 0 | C_OPERATION_SUCCESS | Operation finished successfully. |
| 2 | STATUS_ERROR | Operation finished with error. |
| 22105 | C_CANCELLED | User cancelled the operation. |
| 22310 | ERR_C_CERT_ERASED | Certificate erased because wrong password quantity exceeded limit. |
| 22311 | ERR_C_CERT_LOCKED | Certificate locked because wrong password quantity exceeded limit. |
| 22700 | ERR_C_ERROR_BACKEND | CpLT Backend Error. This error can be generated by a CoLT error, or a conexion error. |
Import & Authentication Operation error codes
| Value | Code | Description |
|---|---|---|
| 22307 | ERR_C_WRONG_PASS | Password incorrect. |
| 22315 | ERR_C_1_CERTIFICATE_INSTALLED | Error trying to install a certificate when there is already another certificate installed. |
Signature Operation error codes
| Value | Code | Description |
|---|---|---|
| 22008 | AUTHENTICATION_MODE_NOT_SETTED_C | Screen lock is not enabled in the device. |
| 22401 | ERR_NO_C_CANDIDATE_CERT_FOUND | None certificate found. |
| 22402 | PKCS12_PASSWORD_HASH _DOES_NOT_MATCH_C | Entered password doesn't match with the certificate password. |
.
Additional Files
Following additional files must be included into the project to use the library.
Check that all these folders are defined and created, otherwise complete them.
layout
- Password_dialog.xml: dialog window to request certificate password. This window could be displayed on signature or installation operations.
- Renew_dialog.xml: dialog window to request certificate password to be renewed.
- sdk_activity: container used to show fragments of the windows used to renew or sign.
- popup_loading.xml: loading popup to show the downloading progress (distributed
values
- Alison-leng.xml: english strings used by the library.
- Colors.xml: color pantone used by popup_loading.xml.
value_es
- Alison-leng.xml: spanish strings used by the library.