Enabling Single and Mutual SSL Authentication

Secure sockets layer (SSL) is a protocol that governs certificate authentication. It exchanges the certificate information. SSL also encrypts all information that flows between a client and a server.

In a single SSL connection, the client must trust the server certificate. You can set this up in one of these ways:

Install the CA certificate on the device trustStore that application uses while connecting to the HTTPS URL.
If the application does not provide the certificate, implement the ISSLChallengeListener. The application receives a callback to the isServerTrusted method. When the application receives the server certificate, it can choose to trust the certificate or not. Based on that, it returns the Boolean value as true or false.

In mutual SSL connection, two parties authenticate each other through verifying the provided digital certificate (P12), so that both parties are assured of the others' identity.

The application must implement IMutualSSLChallengeListener, and invoke the getClientCertificate callback to request the client certificate. The client returns an X.509 certificate, and a private key, which together form an HttpClientCertInfo object.

Note:

For mutual SSL, both single and mutual listeners need to be implemented.
During onboarding with single and mutual SSL, add fully qualified domain name of the SAP Mobile Server. For example, vmw5541.wdf.sap.corp or vw<xxx>.dhcp.wdf.sap.corp.

Examples

Single SSL and Mutual SSL – Implement the IODPCertificateChallengeListener and IODPMutualSSLChallengeListener for mutual SSL authentication. Following sample code uses Helper class which contains variables to implement single and mutual SSL.

public class Helper {
	
	public static String serverIP,Port,secCon,domain="default";
	public static String userName;
	public static String password;
    public static String serviceDocUrl;
    public static String companyID="";
    public static String channel=SDMConstants.SDM_HTTP_HANDLER_CLASS;

    @SuppressLint("NewApi")
    public class IMO_Mutual_SSL_sync extends Activity implements IODPCertificateChallengeListener, IODPMutualSSLChallengeListener{
	boolean reg1= false, reg2;
	
	@SuppressLint("NewApi")
	public void onCreate(Bundle savedInstanceState)
    {
        super.onCreate(savedInstanceState);
        Registerapi();
	}

	public void Registerapi(){
		Helper.channel = SDMConstants.SDM_HTTP_HANDLER_CLASS;
			SDMLogger logger = new SDMLogger();
        ISDMPreferences pref = new SDMPreferences(getBaseContext(), logger);
        try {
        	Helper.channel = SDMConstants.SDM_IMO_HANDLER_CLASS;
			pref.setStringPreference(ISDMPreferences.SDM_CONNECTIVITY_HANDLER_CLASS_NAME, Helper.channel);
	        pref.setBooleanPreference(ISDMPreferences.SDM_PERSISTENCE_SECUREMODE, false);
	        
		} catch (SDMPreferencesException e2) {
			// TODO Auto-generated catch block
			e2.printStackTrace();
			Log.i("tag","problem with preferences");
		}
        logger.setLogLevel(ISDMLogger.DEBUG|ISDMLogger.INFO);
        logger.logToAndroid(true);
        SDMConnectivityParameters param = new SDMConnectivityParameters();   
        param.setUserName(Helper.userName);                   
        param.setUserPassword(Helper.password);               	
       
        //start to get the certificate from the application
          SDMRequestManager requestManager = new SDMRequestManager(logger, pref, param, 1);
          try {
			ODPUserManager.initInstance(getBaseContext(), Helper.appId);
			ODPClientConnection lm = null;
			lm = ODPClientConnection.getInstance();
			ODPUserManager lum = null;
			
			lum = ODPUserManager.getInstance();
			
           try {
			MessagingClientLib.getInstance().clearServerVerificationKey();
		} catch (MessagingClientException e) {
			
			e.printStackTrace();
			
			Log.i("tag", "Exception form Messaging client ");
		}		
        
     		try {
			lm.setODPMutualSSLChallengeListener(this);
			lm.setODPCertificateChallengeListener(this);
		} catch (ODPException e1) {
			// TODO Auto-generated catch block
			
			Log.i("tag", "in catch of setODPCertificateChallengeListener");
			e1.printStackTrace();
		}catch (Exception e){
			Log.i("tag", "in Exception");
		}
		ODPUserManager.enableHTTPS(true);
		lum.setConnectionProfile(<host>, <port>), <farmID>);
    		
        Helper.clientConn = new ClientConnection(getApplicationContext(),
				Helper.appId, Helper.domain, Helper.secCon, requestManager);
		Log.i("tag","executed init instance");
		
		Log.i("tag","in try block");
				
			lum.setConnectionProfile(Helper.serverIP
, Integer.parseInt(Helper.Port), Helper.companyID);
				
				if(!lum.isUserRegistered())
				{
					Log.i("tag","registering user");
					
					lum.registerUser(Helper.userName, Helper.secCon, Helper.password, true);
				
				
				Helper.serviceDocUrl = ODPAppSettings.getApplicationEndPoint();	
				Log.i("tag", "Application end point" + Helper.serviceDocUrl);
				Helper.pushendpt = ODPAppSettings.getPushEndPoint();
				Log.i("tag", "Push end point"+ Helper.pushendpt);
				Helper.channel = SDMConstants.SDM_IMO_HANDLER_CLASS;
							
				Intent s=new Intent(IMO_Mutual_SSL_sync.this,RR_SettingsExchange.class);
				startActivity(s);
				
	        }
			} catch (ODPException e2) {
				// TODO Auto-generated catch block
				Log.i("tag", "Registration failed error code" + e2.getErrorCode() + "error message" + e2.getMessage());
				e2.printStackTrace();
			}
		}

//mutual ssl
// start read from application	
	@Override
	public ClientCertificateInformation getClientCertificate() {
		// TODO Auto-generated method stub
		
        InputStream inStream;
        
        Log.i("tag", "in getclientcertificate");

        try {
               // get the p12 certificate as an inputstream 
               int dd = R.raw.supuser; //location of p12 file in the application
               Context context = this.getApplicationContext();
               inStream = context.getResources().openRawResource(dd);

              //  Create a KeyStore,load it with the inputstream,get the alias 
               KeyStore ks = KeyStore.getInstance("PKCS12");
               ks.load(inStream, "mobile".toCharArray());
               Enumeration aliases = ks.aliases();
               String keyname = (String) aliases.nextElement();

               // Using the alias retrieve the certificate n private key
               // cast them into X509Certificate and PrivateKey respectively
               PrivateKey pk = (PrivateKey) ks.getKey(keyname,
                            "mobile".toCharArray());
               X509Certificate xcer = (X509Certificate) ks.getCertificate(keyname);

               return new ClientCertificateInformation(xcer, pk);

        } catch (Exception e) {
        	
        	Log.i("tag", e.getMessage());
              
        	return null;
        }

	
	}

	@Override
	public boolean isServerTrusted(ODPCertInfo[] arg0) {
		// TODO Auto-generated method stub
		Log.i("tag", "In Is server trusted");
		return true;
	}

	
//end read from application

}