-
- BlackBerry Spark AppSecure
- Security library for Android applications
- 0.7.915.0
Class to manage initialization of the runtime library. More...
This class contains the methods needed to initialize the BlackBerry Spark AppSecure library within your application.
The BlackBerry Spark AppSecure runtime maintains the initialization state of the library within the application. The programming interfaces that can be utilized by the application depend on its current initialization state.
The state of the runtime when the application starts is 'Initial'. In this state the application can call enableSecurity but cannot utilize any principal interfaces, such as getting the threat status or changing security configuration.
After the first time enableSecurity has been called, the runtime enters the 'Registration' state. In this state the library is initialized, secure storage is provisioned and the recommended setting for detecting threats is configured. However, the library is not yet active. To enable the library so it can retrieve the latest detection models from BlackBerry and scan for threats a valid user identity token is required.
Call provideToken including a valid OpenID Connect Identity token for the user. This token may be issued by any OpenID Connect compliant Identity Provider used by your application.
While the token is being validated by BlackBerry Identity the runtime will transition momentarily to the 'Token Validation' state. Once validated the library will automatically transition to the 'Active' state. In this state all the principle interfaces may be utilized. The application should generally wait to be notified of transition to the 'Active' state before attempting to utilize any other BlackBerry Spark AppSecure interfaces.
Access to the interfaces may be temporarily withdrawn if the Identity Token for the user expires. When this happens the initialization state changes to 'Token Expired'. To keep the library active, call provideToken with an updated Identity Token.
This optional feature enables a user to set an application password or PIN during setup which is then required to subsequently login to the application. Requiring an application password further protects access to the runtime's Secure Storage and controls authorized access when the device is off-line.
Call enableSecurity() with the configuration key 'AuthenticationRequired' to enable this feature. See com.blackberry.security.auth.AppAuthentication for details.
Public Member Functions | |
| boolean | enableSecurity () |
| Call this method to initialize BlackBerry Spark AppSecure runtime library. More... | |
| boolean | enableSecurity (Bundle configuration) |
| Call this method to initialize BlackBerry Spark AppSecure runtime library including configuration. More... | |
| void | provideToken (String aToken) |
| Provide the Identity Token (JWT) of your authenticated user from your Identity Provider. More... | |
| void | registerReceiver (BroadcastReceiver receiver, IntentFilter filter) |
| Register to receive local broadcasts from runtime library on library state changes or Threat status changes. More... | |
| void | unregisterReceiver (BroadcastReceiver receiver) |
| Remove a previously registered BroadcastReceiver. More... | |
| boolean | isSecurityEnabled () |
| Checks if the runtime library has been enabled. More... | |
| InitializationState | getCurrentState () |
| Provides the current state of runtime initialization. More... | |
| boolean | deactivate () |
| Call this method to deactivate the runtime library. More... | |
Static Public Attributes | |
| static final String | ACTION_INITIALIZATION_STATE_NOTIFICATION = "BBDInitializationStatus" |
| Intent Filter key for InitializationState changes. More... | |
| static final String | CONFIGURATION_KEY_CLIENTID = "ClientID" |
| Constant key value for providing the BlackBerry Application Client ID. More... | |
| static final String | CONFIGURATION_KEY_AUTHENTICATION_REQUIRED = "AuthenticationRequired" |
| Constant key value to indicate if authentication should be required by the runtime. More... | |
| static final String | CONFIGURATION_KEY_PASSWORD_MAX_ATTEMPTS = "PWMaxTries" |
| Constant key value to control the number of unsuccessful login attempts permitted. More... | |
| boolean enableSecurity | ( | ) |
Initialization sets up security policies and configurations as recommended by BlackBerry.
The following example demonstrates how to initialize the library.
After initialization the runtime will transition to the REGISTRATION InitializationState. To register this instance of the runtime with BlackBerry and change the state to ACTIVE the next step is to provide a valid token from your Identity Provider. See SecurityControl.provideToken.
The library must be in the `INITIAL` InitializationState for the request to be successful.
| boolean enableSecurity | ( | Bundle | configuration | ) |
The following example demonstrates how to initialize the library with configuration to require an application password.
After initialization the runtime will transition to the AUTHENTICATION_REQUIRED`InitializationState`. For details on how to set the password, see AppAuthentication.setPassword.
The library must be in the `INITIAL` InitializationState for the request to be successful.
| void provideToken | ( | String | aToken | ) |
Call this method to provide a JSON Web Token (JWT) identity token which belongs to the application end user. The ID token should be retrieved from your OpenID Connect Identity Provider (IDP) after the user has been authenticated.
The BlackBerry Spark AppSecure runtime reuses the existing user identity within your application to facilitate getting the latest security threat information from the BlackBerry Cloud. The library works with your user identity and management systems to provide strong authentication and authorization. An OpendID Connect Identity Token is used as authorization from your Identity Provider which avoids the need to rely on an application-specific API Key.
An ID Token is a JWT (JSON Web Token), that is a cryptographically signed Base64-encoded JSON object (See https://tools.ietf.org/html/rfc7519). To retrieve the ID token from your IDP you'll need to have already authenticated the user.
Call this method including a valid OpenID Connect JWT Identity Token from your Identity Provider to transition the runtime from REGISTRATION to ACTIVE InitializationState,
See the Getting Started section of the Developer Guide for detailed instructions on how to configure your Identity Provider.
| void registerReceiver | ( | BroadcastReceiver | receiver, |
| IntentFilter | filter | ||
| ) |
To receive a local broadcast when the InitializationState of the library changes register to intent action SecurityControl.ACTION_INITIALIZATION_STATE_NOTIFICATION,
To receive a local broadcast when the ThreatStatus changes register to intent action SecurityControl.ACTION_THREAT_STATE_NOTIFICATION,
| void unregisterReceiver | ( | BroadcastReceiver | receiver | ) |
Remove or unregister a previously registered BroadcastReceiver
| boolean isSecurityEnabled | ( | ) |
This method determines if the runtime library has been enabled.
| InitializationState getCurrentState | ( | ) |
This method returns the current InitializationState of the runtime. To be notified of state changes, use SecurityControl.registerReceiver.
| boolean deactivate | ( | ) |
This will remove all the settings and application data that has been stored by the application in secure storage.
|
static |
This type of broadcast event will be dispatched when the InitializationState of the library changes
|
static |
Constant key value for providing the BlackBerry Application Client ID. Optionally use this instead of setting com.blackberry.security.ClientID within AndroidManifest.xml
Set Client ID value as a string.
|
static |
Constant key value to indicate if authentication should be required by the runtime.
Set value as a boolean where true means authentication is enabled.
|
static |
Constant key value to control the number of unsuccessful login attempts permitted when entering the password. If this limit is exceed the runtime is deactivated and will need to be setup again.
Set max password attempts value as an int.