Provisioning an Initial Password

The initial password is used to authenticate the user during device self issuance. Before the initial password can be provisioned, the following requirements must be met:

  • The device must be bound to the user.

  • An issuance request with the specified device policy must exist.

  • The initial password must comply with the PIN policy specified in the device policy provision.

To provision the initial password, complete the following steps:

  1. Establish the wallet and credential manager clients.

    Copy 
    CredentialManager cm = …; WalletId walletId = …;

  2. Set up search criteria based on password credential type and wallet ID, and observe the following considerations:

    • The application ID is not necessary since setting the password is not associated with the device profile.

    • CRED_ID_TYPE_PASSWORD is the credential type for initial passwords.

      Copy 
      Criteria[] criteria = {new Criteria(CCMConstants.
      CRITERIA_CRED_TYPE, CCMConstants. CRITERIA_COMPARISON_EQUAL, CCMConstants. CRED_ID_TYPE_PASSWORD),
      new Criteria(CCMConstants. CRITERIA_CRED_PARENT_WALLET, CCMConstants.
      CRITERIA_COMPARISON_EQUAL, walletId.getId())
      };

  3. Find the credential IDs that meet the supplied search criteria:

    Copy 
    CredentialId[] credIds = cm.findCredentialIds(criteria, maxItem);

  4. At this point, there are two possibilities:

    • Either an initial password has already been provisioned, or

    • An initial password has not been provisioned.

    If an initial password has already been provisioned, then the update can occur based on the following conditions and tasks being met:

    • Once a credential that matches the supplied criteria has been found, get the credentials based on credential IDs:

      Copy 
      if (credIds.length == 1)
      Credential[] creds = cm.getCredentials(credIds);

    • Get the Input Requirements for an update based on the profile ID:

      Copy 
      EntryTemplate[] entries = cm.getProfileDynamicEntries(creds[0]. getProfileId());

    • getProfileDynamicEntries should return only one entry. You can set its initial password value using setValue:

      Copy 
      String initialPassword=... // Initial Password
      entries[0].setValue(initialPassword);

    • Once all inputs are collected from the user interface, perform an update:

      Copy 
      cm.updateCredential(credIds[0], CCMConstants.
      ACTION_ID_CRED_REPLACE, entries);

    If an initial password has not yet been provisioned, then you can import the initial password and perform the following:

    • Set up new search criteria:

      Copy 
      Criteria[] profCriteria = {new Criteria(CCMConstants.
      CRITERIA_CRED_TYPE, CCMConstants.CRITERIA_COMPARISON_EQUAL, CCMConstants.CRED_ID_TYPE_PASSWORD),
      new Criteria(CCMConstants. CRITERIA_CRED_PARENT_WALLET, CCMConstants.CRITERIA_COMPARISON_EQUAL,
      walletId.getId())
      };

    • Retrieve the IDs of all credential profiles that match the supplied criteria:

      Copy 
      ConfigurationId[] credProfIds = credMgr. findCredentialProfileIds(profCriteria, maxItems);

    • Throw an exception if there is no credential profile returned:

      Copy 
      if (credProfIds.length != 1) {
      throw new Exception("more than expected single credential profile returned");
      }

    • Get the list of runtime input requirements for the specified credential:

      Copy 
      EntryTemplate[] entries = credMgr. getProfileDynamicEntries(credProfIds[0]);

    • Create an array of credentials:

      Copy 
      Credential[] creds = { new Credential() }; creds[0].setProfileId(credProfIds[0]); CredentialElement credEl = new CredentialElement(); credEl.setId(entries[0].getKey()); credEl.setIsReference(false);
      String initialPassword = ..........;
      credEl.setValue(initialPassword);
      creds[0].setCredentialElements(new CredentialElement[] {
      credEl });

    • Import the set of externally formed credentials:

      Copy 
      credMgr.importCredentials(walletId, creds);