One of the features of Afaria is the ability to provide a device with a signed certificate that could be used as an authentication credential for SAP Mobile Platform. This note explains how to take a certificate provided by Afaria and convert it into a form suitable for use with SAP Mobile Platform.
Prerequisites:
In SAP Mobile Platform, a certificate can be used for authentication by creating a LoginCertificate object (the LoginCertificate class), and setting that as the certificate property in the client's synchronization profile.
After calling the Afaria APIs to get initial settings and configuration data, an application using Afaria may obtain a signed certificate using this API:
X509Certificate com.sybase.afaria.SeedDataAPI.retrieveCertificate(RSAPublicKey arg0, RSAPrivateKey arg1, String arg2, String arg3, SeedDataCredentials arg4) throws SeedDataAPIException
After this, the application will have an X509Certificate object. The certificate data in the X509Certificate object cannot be used as a LoginCertificate. It must be converted into a LoginCertificate.
This sample code shows how to get the Afaria certificate, create a LoginCertificate object, and attach it to a SAP Mobile Platform synchronization profile.
The part of the code from the top through the section which retrieves the LoginCertificate object is performed only once during application initialization where you are obtaining the certificate through Afaria. The LoginCertificate is next stored in the data vault. Each time the application runs thereafter, it retrieves the LoginCertificate from the data vault and sets it into theĀ connProperties.setLoginCertificate(lc); as shown, before synchronizing.
String commonName = "SMP-SSO";
String passWord = "smp";
String pkcsFile = "/mnt/sdcard/SMP-SSO.pfx";
//first, initialize SeedDataAPI using current Android Activity context
SeedDataAPI.initialize(this);
//generate a key pair using java.security API
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
keyPairGen.initialize(1024);
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
//get the X509Certificate object from Afaria server by Afaria API
X509Certificate cer = SeedDataAPI.retrieveCertificate(publicKey, privateKey, commonName, passWord, null);
//we need to wrap the X509Certificate and private key to a PKCS12 Certificate
java.security.KeyStore ks = java.security.KeyStore.getInstance("PKCS12");
ks.load(null, passWord.toCharArray());
ks.setCertificateEntry(commonName, cer);
Certificate[] chain = {cer};
ks.setKeyEntry(commonName, privateKey, passWord.toCharArray(), chain);
FileOutputStream out = new FileOutputStream(pkcsFile);
ks.store(out, passWord.toCharArray());
//call API to get LoginCertificate object from the PKCS12 certificate file
LoginCertificate lc = CertificateStore.getDefault().getSignedCertificateFromFile(pkcsFile, passWord);
//use the loginCertificate to register Application
Application app = Application.getInstance();
ConnectionProperties connProperties = app.getConnectionProperties();
connProperties.setLoginCertificate(lc);