Enabling Single and Mutual SSL Authentication

Secure sockets layer (SSL) is a protocol that governs certificate authentication. It exchanges the certificate information. SSL also encrypts all information that flows between a client and a server.

In single SSL connection, the client needs to trust the server certificate. This can be done one of the three ways:

The CA certificate can be installed on the device trust store which the application takes while connecting to the HTTPS URL.
The CA certificate can be bundled in the application and the setServerCertificate method can be invoked to provide the certificate. This is not a recommended way, but can used in case of backward compatibility.
Note: Applicable to android device older than 4.0 version.
If the application does not provide the certificate, application can implement the ISSLChallengeListener. The application receives a callback to the isServerTrusted method. Where the application receives the server certificate it can choose to trust the certificate or not. Based on that it returns the boolean value as true or false.

In mutual SSL connection, the server needs to trust the client certificate. In this case the application implements IMutualSSLChallengeListener. And getClientCertificate callback method is invoked to request the client certificate. The client returns an X.509 certificate, and a private key, which together will be formed into an HttpClientCertInfo object.

Note:

For mutual SSL, both single and mutual listeners need to be implemented.
During onboarding with single and mutual SSL, add fully qualified domain name of the SAP Mobile Server instead of providing the server IP address. For example the fully qualified domain name: vmw5541.wdf.sap.corp or vw<xxx>.dhcp.wdf.sap.corp.

Examples

Single SSL and Mutual SSL – Implement listeners for SSL callbacks.

public class LaunchActivity extends Activity implements ISSLChallengeListener, IMutualSSLChallengeListener {

		
	SDMRequestManager srm;
	ISDMLogger logger;
	ISDMConnectivitiyParameters params;
	ISDMPreferences prefer;
	String url="http://vmw3815.wdf.sap.corp:50009/sap/opu/sdata/iwfnd/RMTSAMPLEFLIGHT/";
		
	public void mreg(View v){
		ClientConnection clientConnection;
		UserManager userManager;
		logger=new SDMLogger();
		prefer=new SDMPreferences(this, logger);
		params=new SDMConnectivityParameters();
		params.setLanguage("en");
		params.setUserName("supuser2");
		params.setUserPassword("s3puser");
		
		Context c = getApplicationContext();
	  	try{ InputStream certStream = c.getResources().openRawResource(<certificate>); 
CertificateFactory cf = CertificateFactory.getInstance("X509");
 Certificate cer= cf.generateCertificate(certStream);

	  	
          param.setServerCertificate(cer); //to place certificate in the devices less than 4.0 
          
          Log.i("tag", "In Set Server certificate API");
          
	  	}catch(Exception e){
	  		Log.i("tag", "set certificate from file failed" + e.getMessage());
	  		e.printStackTrace();
	  	}

		
		srm=new SDMRequestManager(logger,prefer,params,1);

		/**
		* The set methods which should be called to register the listeners to the request manager
		 * 
		 */
		srm.setSSLChallengeListener(this);
		srm.setMutualSSLChallengeListener(this);
		
		
		ClientConnection.initInstance(getApplicationContext(), "<application>", "<domain>", "<security configuration>", <request manager>);
		try {
			j=ClientConnection.getInstace();
			j.setConnectionProfile("<connection url>");
			UserManager.registerUser(true);
			
			
			
		} catch (SMPException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}	
		
	}

Send X.509 certificate and private key to the client as an HttpClientCertInfo object.

public HttpsClientCertInfo getClientCertificate() 
{
		InputStream inStream;
		int cert="<p12 certificate location>";
		 Context context=this.getApplicationContext();
		 try {

			
			 inStream = context.getResources().openRawResource(cert);
			 
			 /*following code loads the key store, and retrieves
			   The alias under which it is loaded. */

			 KeyStore ks = KeyStore.getInstance("PKCS12");
		        ks.load(inStream, "mobile".toCharArray());
		        Enumeration aliases=ks.aliases();
		        String keyname=(String)aliases.nextElement();
		  		    
		     /* using the alias stored in the variable “keyname”
			We get the Private Key and the X509  Certificate
			Which we use to return HttpClientCertInfo object.*/
			
		     PrivateKey pk=(PrivateKey)ks.getKey(keyname,"mobile".toCharArray());
		     X509Certificate xcer=(X509Certificate)(ks.getCertificate(keyname));
	           	  
		       
             return new HttpsClientCertInfo(xcer,pk);}
		 
		 catch(Exception e){
			 return null;
		 }

		
	}
/*
	 * This is the callback which is invoked if
	 * 1) SSL is enabled,
	 * 2) The correct certificate is not installed on the device,in which case it   is required of the application to verify the server certificate.
	 */

@Override
	public boolean isServerTrusted(X509Certificate[] paramArrayOfX509Certificate) {
		// TODO Auto-generated method stub
		
		return true;
	}

}