Package ch.nevis.mobile.sdk.api

Interface Configuration

public interface Configuration
The MobileAuthenticationClient configuration.

The Configuration is used to build and initialize the MobileAuthenticationClient.

See Also:

  • Method Details

    • builder

      static Configuration.Builder builder()
      Returns a new Configuration.Builder.
      Returns:
      a new Configuration.Builder

    • authCloudBuilder

      static Configuration.AuthCloudBuilder authCloudBuilder()
      Returns a new Configuration.AuthCloudBuilder. This is a simpler version of Configuration.Builder that can only be used when your application interacts with the Nevis Authentication Cloud.

      If you are fine with the default network parameters of the builder, you just need to provide the hostname and the PackageInfo of your application to build a Configuration object: 

           Configuration configuration = Configuration.authCloudBuilder()
                                .hostname(hostname)
                                .packageInfo(packageInfo)
                                .build();
      Returns:
      a new Configuration.CloudBuilder

    • packageInfo

      android.content.pm.PackageInfo packageInfo()
      The PackageInfo object of the main Activity. This is used by the SDK to generate the mobile application's facetId.

      The PackageInfo must contain the signature information of the application. To obtain it from a Context object, the following code can be used: 

       PackageInfo packageInfo = context.getPackageManager().getPackageInfo(
                                context.getPackageName(),
                                PackageManager.GET_SIGNING_CERTIFICATES);
      Returns:
      the package information

    • baseUrl

      URI baseUrl()
      The default base URL for the HTTP endpoints the SDK must interact with.

      If no URL is provided through the Registration.serverUrl(java.net.URI) method, all the authenticators will be registered against the server associate with this URL.

      Returns:
      the base URL.

    • registrationRequestPath

      String registrationRequestPath()
      The registration request URL path used to send the FIDO UAF registration GetUafRequest.

      The registration request URL is the result of combining the baseUrl() and this path.

      Returns:
      the registration request path

    • registrationResponsePath

      String registrationResponsePath()
      The registration response URL path used to send the final FIDO UAF registration response.

      The registration response URL is the result of combining the baseUrl() and this path.

      Returns:
      registration response path

    • authenticationRequestPath

      String authenticationRequestPath()
      The authentication request URL path used to send the FIDO UAF authentication GetUafRequest.

      The authentication request URL is the result of combining the baseUrl() and this path.

      Returns:
      the authentication request path

    • authenticationResponsePath

      String authenticationResponsePath()
      The authentication response URL path used to send the final FIDO UAF authentication response.

      The authentication response URL is the result of combining the baseUrl() and this path.

      Returns:
      the authentication response path

    • dispatchTargetResourcePath

      String dispatchTargetResourcePath()
      The dispatch target resource URL path.

      The dispatch target resource URL is the result of combining the baseUrl() and this path.

      Returns:
      the dispatch target resource path

    • deregistrationRequestPath

      String deregistrationRequestPath()
      Returns the URL path used to obtain the FIDO UAF deregistration request.

      The deregistration request URL is the result of combining the baseUrl() and this path.

      Returns:
      the deregistration request path

    • deviceResourcePath

      default String deviceResourcePath()
      Returns the device service URL path.

      The device service request URL is the result of combining the baseUrl() and this path.

      Returns:
      the device resource path

    • networkTimeoutInSeconds

      long networkTimeoutInSeconds()
      Time interval for network calls in seconds. Any network request that takes longer than this value, will result in a timeout.
      Returns:
      the time interval for network requests

    • authenticationRetryIntervalInSeconds

      @Deprecated(since="3.2.0") long authenticationRetryIntervalInSeconds()
      Deprecated.
      use Authentication.retryPolicyObtainingAuthorizationProvider(RetryPolicy) instead. The value returned by this method will be ignored.
      Time interval for authentication in seconds. The authentication retries will fail after this time is exceeded.
      Returns:
      the time interval for authentication

    • authenticationMaxRetries

      @Deprecated(since="3.2.0") int authenticationMaxRetries()
      Deprecated.
      use Authentication.retryPolicyObtainingAuthorizationProvider(RetryPolicy) instead. The value returned by this method will be ignored.
      The maximum number of retries for authentication. The authentication retries will fail after this count is exceeded.
      Returns:
      the maximum number of retries

    • userInteractionTimeoutInSeconds

      long userInteractionTimeoutInSeconds()
      The user interaction timeout in seconds. This is the maximum time that the SDK will wait to obtain a result when AccountSelector.selectAccount(AccountSelectionContext, AccountSelectionHandler), AuthenticatorSelector.selectAuthenticator(AuthenticatorSelectionContext, AuthenticatorSelectionHandler), PinUserVerifier.verifyPin(PinUserVerificationContext, PinUserVerificationHandler), FingerprintUserVerifier.verifyFingerprint(FingerprintUserVerificationContext, FingerprintUserVerificationHandler), or BiometricUserVerifier.verifyBiometric(BiometricUserVerificationContext, BiometricUserVerificationHandler) are invoked (i.e. the maximum time to wait before any of the methods of the provided consumer in any of those methods is invoked).

      If the timeout occurs, then the operation delegate failure method (Registration.onError(Consumer), OutOfBandRegistration.onError(Consumer), Authentication.onError(Consumer) or OutOfBandAuthentication.onError(Consumer), depending on the operation being executed) will be invoked. The provided exception will contain an FidoErrorCode.USER_NOT_RESPONSIVE error code.

      Returns:
      the timeout for user interaction

    • facetId

      Optional<String> facetId()
      Specifies facet ID of the application.

      The FIDO server (i.e. nevisFIDO) must be configured with the facet ID(s) of your application(s). If the facet ID of your application is not referenced by the nevisFIDO configuration, the operations will fail with an FidoErrorCode.UNTRUSTED_FACET_ID error.

      If the facet ID is not provided by invoking this method, the SDK assumes that the facet ID to be used is the one that follows the FIDO UAF 1.1 Specifications: the facet ID on Android should follow the android:apk-key-hash:HASH_VALUE format, where the HASH_VALUE is Base64 encoded SHA-256 hash of the APK signing certificate.

      The facet ID can be calculated using the following code snippet: 

       import java.io.ByteArrayInputStream;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;

 import android.content.pm.PackageInfo;
 import android.util.Base64;

 public class FacetIdCalculator {
     public static String calculateFacetId(PackageInfo packageInfo) {
               ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(packageInfo.signatures[0].toByteArray());
               try {
                       Certificate certificate = CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream);
                       MessageDigest digest = MessageDigest.getInstance("SHA-256");
                       return "android:apk-key-hash:" + Base64.encodeToString(digest.digest(certificate.getEncoded()), Base64.NO_PADDING | Base64.NO_WRAP);
         } catch (CertificateException | NoSuchAlgorithmException e) {
                       throw new IllegalStateException(e);
         }
     }
 }

      The value of the facet ID depends on the certificate used to build the application, which can change during the development, that is why this method has been introduced: by providing a constant facet ID and having it referenced in the server configuration, temporary changes in the APK signing certificate do not require changes in the backend.

      NOTE: this method must be used for development scenarios only. For production code do not invoke this method and configure the backend with the facet ID that can be calculated with the code snippet above. See the chapter Application Facet ID and the nevisFIDO Backend Configuration of the SDK reference guide for more details.

      Returns:
      the facet ID of the application. Empty Optional if the SDK should figure out the facet ID following the FIDO UAF specification.