Public Key Infrastructure Integration. More...
BlackBerry Dynamics can be integrated into a public key infrastructure (PKI) implementation. BlackBerry Dynamics has a number of capabilities for handling the X.509 public key certificates that would be associated with an end user within an enterprise PKI implementation.
The BlackBerry Dynamics runtime maintains a secure certificate store on the device. The application code can be notified when certificates are added to, and removed from, the secure certificate store.
The typical usage of the notification interface is as follows.
ficate Listener
The BlackBerry Dynamics runtime synchronizes User Credential Profile (UCP) configuration for app-based certificates from the enterprise management console.
BlackBerry Dynamics UCP configuration has the following structure.
User Credentials Profile ... User Credentials Profile | | +---- Credential ... Credential | | +---- User certificate | | +---- Auxiliary certificate ... Auxiliary certificate
The configuration can be traversed as follows.
CredentialsProfile
instance.The BlackBerry Dynamics runtime has a programming interface by which credentials can be imported by the application code. The interface is session-based.
Since UEM 12.10, UCPs for app-based credentials are no longer supported. Native keystore UCPs are the recommended approach and enable the app to directly access user credentials within the device's key store without requiring importation of key material into the app.
The import interface makes use of formats originally published as Public-Key Cryptography Standards (PKCS). These formats are identified by PKCS numbers.
Successful use of the import interface depends on configuration at the enterprise. The end user must be activated against management console software that supports certificate import.
The state of a UCP, and the UCP configuration, can change. When this happens, the BlackBerry Dynamics runtime notifies the application code by dispatching a UCP event.
UCP events are also used to notify the application in the case that a requirement for credentials arises in another application, that doesn't have the capability to import credentials itself.
An application that has the certificate import capability should implement a UCP event observer, as follows.
To receive notifications, register a receiver class:
BroadcastReceiver
object.When a UCP state change occurs, the BlackBerry Dynamics runtime sends an Android Intent by local broadcast. The Intent will include a Bundle that specifies the details of the change. The CredentialsProfile class includes a number of helper methods for retrieving the details. The helpers are class methods that take an Intent as a parameter and return the detail value. For example, CredentialsProfile.getId(Instance) retrieves the UCP identifier. Note that there are also methods with the same names as the helpers that take no parameters, for example getId()
, but these are just normal property value accessors that are called as instance methods.
This following code snippet illustrates registration of a UCP event receiver.
Classes | |
class | Certificate |
X.509 Public Key Certificate. More... | |
class | CertificateHandler |
PKI certificate management interface. More... | |
interface | CertificateListener |
Certificate listener for PKI integration. More... | |
class | Credential |
User identity credential certificate chain. More... | |
class | CredentialException |
User Credentials Profile Exception. More... | |
class | CredentialsProfile |
User Credential profile. More... | |