Skip to content

Store Manager

StoreManagerStep opens a secure store on the device. For the onboard scenario, a new secure store is created. For the restore scenario, an existing secure store is reopened.

For the reset scenario, the existing secure store is erased and a new empty one created.

Input Parameters

Mandatory input parameters: * client policy – Specifies the passcode policy. This is set on the flowContext, typically provided by the SettingsDownloadStep.

  • context – Specifies the android context initiating the flow such as the caller Activity. This setting has to be provided on the initial FlowContext.

  • flowPresentationActionHandler – Specifies the Action Handler for Flow Presentation. If the user does not want to specify it's functionality, the default implementation can be used instead. (This is set on the flowContext by the app developer at the start of the flow.)

Optional input parameters:

  • EnterPasscodeSettings – Specifies the settings for the Enter Passcode Screen. If there are no specified values passed for the view objects of the screen, the default string values are set. Please note that there is no need to set the action handler because the flows implementation sets a default action handler if one is not set.

  • SetPasscodeSettings – Specifies the settings for the Create Passcode Screen. If there are no specified values passed for the view objects of the screen, the default string values are set. Please note that there is no need to set the action handler because the flows implementation sets a default action handler if one is not set.

  • ConfirmPasscodeSettings – Specifies the settings for the Verify Passcode Screen. If there are no specified values passed for the view objects of the screen, the default string values are set. Please note that there is no need to set the action handler because the flows implementation sets a default action handler if one is not set.

Output Parameters

  • secure store – Properly initialized and opened secure store implementation.

Using StoreManagerStep

  1. Set the policy data in the flowContext.

    1
      flowContext.setPolicy(policy);
    
  2. Initiate the step:

    1
      StoreManagerStep storeManagerStep = new StoreManagerStep();
    
  3. Specify the execute method's FlowActionHandler parameter's "onFailure" and "onSuccess" behaviour:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
        flowManagerService.execute(flow, flowContext, new FlowActionHandler() {
            @Override
            public void onFailure(Throwable t) {
                //set the status, update the caller activity
            }
    
            @Override
            public void onSuccess(FlowContext result) {
                //set the status, update the caller activity
                //read the result
            }
        });
    

Behaviour of StoreManagerStep

For the onboard scenario, this step checks first if the default passcode policy is allowed. If it is, then a new secure store instance is created with a generated passcode. If it is not (the passcode has to be provided by the end user), then the Create Passcode/Verify Passcode screens of the UI layer are displayed.

The required passcode should fulfill the passcode policy determined by the policy object on the flowContext (which was provided by the SettingsDownloadStep). If the end user entered a valid passcode on both screens, then a new secure store is opened using this passcode information.

After the successful Create Passcode/Verify Passcode part of the onboarding, the fingerprint screen is displayed if the passcode policy allows the end user to set fingerprint mode as well. In order to activate the fingerprint mode, the end user has to touch the fingerprint sensor during onboarding.

Based on this, a fingerprint-protected cipher object is created. This cipher is used to generate one more key for the existing application store. (The first key was generated with the passcode provided by the Create Passcode/Verify Passcode screens.)

For the restore scenario, either the generated passcode is used to reopen the store if a generated passcode was used for the encryption, or the Enter Passcode screen of the UI layer is displayed. If the Enter Passcode is displayed, then the end user has to enter the passcode which was used during onboarding to create the secure store, and this passcode is used to reopen the store.

If fingerprint feature was enabled in the passcode policy and, during the onboaring process, the end user activated this feature also on the device, then the StoreManagerStep displays the Fingerprint screen instead of the Enter Passcode screen.

If the Fingerprint screen is displayed and the end user touches the fingerprint sensor, then the application store is unlocked with the fingerprint-protected cipher and not with the passcode.

The Fingerprint screen also provides a fallback option to use the Enter Passcode screen in this scenario. If the end user taps on the Use Fingerprint button, then the Enter Passcode is opened and the application store is opened with the passcode.

For the reset scenario, this step erases the application's secure store and recreates an empty one.