Wallet Manager Classes

This section lists and describes the Wallet Manager classes. For more details, refer to the Javadoc.

The WalletManagerFactory constructs the desired WalletManager.

The factory configuration parameters are:

Either:

  • CONFIG_URL—URL of the CredentialManager service in ActivID CMS.

Or both of the following:

  • CONFIG_HOST_NAME—Hostname of the CredentialManager service in ActivID CMS.

  • CONFIG_HOST_PORT—Port number of the CredentialManager service in ActivID CMS.

And:

  • CONNECT_TIMEOUT—Represents the client timeout used when connecting to the ActivID CMS HTTP server hosting the corresponding ActivID CMS service. A value of zero (0) means that there is no client timeout; the client timeout is determined by the server settings. The timeout value is for each connection attempt; the default value is zero (0).

  • CONNECT_RETRY—Represents the number of retry attempts permitted for connecting to the ActivID CMS service host. The default value is 1.

For Java implementations:

  • CONFIG_TRUSTSTORE (optional)—Truststore containing the root or intermediate certificate that issued the server certificate. If not present, the default Java truststore is used.

  • CONFIG_TRUSTSTORE_PWD (optional)—Password to the truststore.

  • CONFIG_KEYSTORE (mandatory)—Keystore which contains client certificate.

  • CONFIG_KEYSTORE_PWD (mandatory)—Password to the keystore.

  • CONFIG_ TRUSTMANAGERS (optional)—TrustManagers containing the root certificate.

  • CONFIG_ KEYMANAGERS (optional)—KeyManagers containing client certificate.SSL

An action in ActivID CMS and the CCM API corresponds to a set of logical operations (device issuance, recycling, post-issuance, or unlock) that are used to personalize the security module during synchronization. The Action object represents an operation to be performed on a wallet and allows high-level operations to be performed against a wallet and indirectly against the security modules bound to it. The subject of the performProcess method is a wallet.

The applicationSet attribute of an Action indicates the set of applications (device policy) that is issued (or post-issued) to the wallet, and therefore, the corresponding security modules. The setApplicationSet method can be used to select the ActivID CMS device policy ID (which denotes a set of applications) for the corresponding action.

Attributes

A device policy (applicationSet) is named at ActivID CMS configuration time; these are not predetermined values. The applicationSet attribute can be set using the Action.setApplicationSet(String) method.

Note: This applies to issuance and produce action types only.

The reason attribute can take the following values:

  • ACTION_REASON_NONE—For initial issuance.

  • ACTION_REASON_FORGOTTEN—For temporary replacement.

  • ACTION_REASON_LOST—For permanent replacement when lost.

  • ACTION_REASON_STOLEN—For permanent replacement when stolen.

  • ACTION_REASON_DAMAGED—For permanent replacement due to damage.

  • ACTION_REASON_RENEW—For reissuance

The action status may be one of the following types:

  • ACTION_STATUS_REQUESTED

  • ACTION_STATUS_PENDING

  • ACTION_STATUS_DENIED

  • ACTION_STATUS_FAILED

The following action types are supported:

  • ACTION_TYPE_ISSUANCE

  • ACTION_TYPE_PRODUCE

  • ACTION_TYPE_RECYCLE

  • ACTION_TYPE_POSTISSUANCE

  • ACTION_TYPE_PINUNLOCK

  • ACTION_TYPE_CARDLOCK

  • ACTION_TYPE_CARDUNLOCK

The following definitions describe these supported action types:

  • ACTION_TYPE_ISSUANCE

Issues a security module to the logical state of issued. A security module in this state is considered fully personalized, unlocked, and in the hands of the user.

  • ACTION_TYPE_PRODUCE

Effectively issues a device content-wise, but it leaves the device in a produced lifecycle state indicating that the user has not yet taken possession of the security module. As the security module has not been issued to the user, you must activate the device to bring it to the logical state of being issued.

For additional information about unlocking a GlobalPlatform locked security module, see ACTION_TYPE_CARDUNLOCK below in this list. Also see getLifecycleStatus in Credential Manager Methods for additional information about activation. The security module production may be modified with the runtime parameter (LOCK=true) to GlobalPlatform lock the security module.

  • ACTION_TYPE_RECYCLE

Performs recycling of the security module so that it is suitable for issuance again. Note that a recycle is a security module content-level operation, and this does not influence whether the security module is bound.

  • ACTION_TYPE_POSTISSUANCE

Performs a post-issuance update of the device based upon the application differences between the currently employed device policy (applicationSet) and the new device policy (applicationSet) supplied with the post-issuance action.

  • ACTION_TYPE_PINUNLOCK

Unlocks a device that was PIN-locked for security reasons. For example, this can occur from a multiple number of wrong PIN attempts. This also allows a change to be made in the user’s PIN.

  • ACTION_TYPE_CARDLOCK

Performs a GlobalPlatform lock of the card manager, which prevents access to all of the security module’s applications. This action type has the same effect as passing the runtime parameter of LOCK=true to a ACTION_TYPE_PRODUCE action.

  • ACTION_TYPE_CARDUNLOCK

Performs a GlobalPlatform unlock of the card manager, which allows access to all of the security module’s applications. This action type reverses the ACTION_TYPE_CARDLOCK effect or the locking effect of the runtime parameter LOCK=true on a security module production.