Products Products
Support & Forums Support & Forums
Compliance Testing Compliance Testing
Labs & Sandboxes Labs & Sandboxes
Program Program
Co-Marketing Co-Marketing
Avaya Experience Platform Avaya Enterprise Cloud Avaya Client SDK Avaya Aura Platform See All Products Find Developer Resources

Avaya Experience Platform

Overview Interfaces Learning Support Options Compliance Testing

Avaya Enterprise Cloud

Overview Interfaces Learning Support Options Compliance Testing

Avaya Client SDK

Overview Programming Docs Developer Downloads Licensing Support & Testing

Avaya Aura Platform

Application Enablement Services Communication Manager Presence Services Snap-in Session Manager System Manager Session Border Controller
About DevConnect Support Submit Support Tickets Support Forums Other Support Options

About DevConnect Support

Support Options Support FAQs Supported Platforms and Interfaces

Submit Support Tickets

Procured System Support
For procurement issues or questions Remote Lab Support
For issues and questions related to DevConnect remote labs Membership & Program Support
For membership and program benefits questions General Support
For general issues not covered by the other support tickets

Support Forums

Avaya Client SDK AEServices DMCC APIs AEServices JTAPI AEServices Web Services Avaya Workspaces Avaya Experience Platform Orchestration Designer All Forums

Other Support Options

Product Notices Non-DevConnect Support Resources

Compliance Testing

About Compliance Testing Compliance Tested Solutions

About Compliance Testing

Compliance Testing Overview Avaya Interfaces Eligible For Testing Compliance Testing FAQs Compliance Testing Guide(s) (PDF)

Compliance Tested Solutions

DevConnect Marketplace Search Applications Notes

Labs & Sandboxes

Remote Labs Procurement Benefits

Remote Labs

Remote Labs Overview Avaya Aura Session Manager Avaya Aura AE Services & Communication Manager Self Services (Experience Portal) Avaya Proactive Outreach Manager Avaya Contact Center Elite

Procurement Benefits

About DevConnect Procurement Access/View Procurement Catalog Procurement FAQs DevConnect Procured System Support

Program

Program Overview Program Benefits Membership Options

Program Overview

DevConnect Membership Levels DevConnect Program Guide (PDF) DevConnect Program FAQs

Program Benefits

Membership Benefits DevConnect Procurement Co-marketing

Membership Options

Manage My Portfolio/Solutions Manage My Profile

Co-Marketing

Co-Marketing Benefits Relationship Benefits

Co-Marketing Benefits

Co-Marketing Overview Logos Marketplace Co-branded Collateral Select Product Program

Relationship Benefits

Social Media 8-and-Out Podcasts Sponsorships Advertising

Avaya Client SDK

< Back to Package Overview

Working with Client Identity Certificates

Servers are able to validate the identity of the client using Client Identity Certificates. Avaya Client SDK Communications Package support builds on concepts outlined in Working with Certificates.

Client Certificates are supported with the following providers:

  • SIP (SIP Servers and Session Border Controllers)
  • Aura Personal Profile Manager (PPM)
  • Avaya Multimedia Messaging (AMM)
  • Avaya Aura Device Services (AADS)
  • IPO (MTCTI Services)

The Client SDK does not provide validation of Client Certificates, and server validation responses are provided to your application.

Client Identity Certificates

Passing the Identity Certificate Chain

The following code snippet demonstrates how to pass the Certificate Chain to the Client SDK by using CertificateManager. 

// Retrieve the client certificate chain from the key store or a keychain 
// for the given alias.
final X509Certificate[] clientCertificateChain = 
    KeyChain.getCertificateChain(mContext, alias);

// Retrive an associated RSA private key
final PrivateKey privateKey = Keychain.getPrivateKey(mContext, alias);

// Set both client certificate chain and the private key. 
// Catch exceptions in case of errors.
client.certificateManager.setClientIdentityCertificateChain(
    clientCertificateChain, 
    privateKey);

// Client certificate has been successfully provisioned.

How to view / retrieve certificates

Use methods of the CertificateManager to obtain Certificate Chain and RSA private key used by the Client SDK. 

// Retrieve a complete client certificate chain.
List clientCertificateChain = 
    client.certificateManager.getClientIdentityCertificateChain();

// Retrieve the private key.
PrivateKey privateKey = client.certificateManager.getClientPrivateKey();

The following API allows developers to export the client certificate as a PKCS#12 keystore in order to directly use into their Socket Factory implementation. The client certificate can be retrieved using alias av-identity. 

// The client certificate and a private key can be exported
// as a PKCS#12 Keystore with a specified password.
char [] password = {'p', 'a', 's', 's','w','o','r','d'};
KeyStore keyStore = 
    client.certificateManager.getClientIdentityAsPKCS12KeyStore(password);

Certificate Expiration Notification and Renewal

You can register your application to receive expiration notifications (CertificateStatusListener).

Optionally use the SecurityPolicyConfiguration object to specify the percentage value (of client identity certificate's age) after which the certificate status notifications are issued. 

// Create and initialise the Security Policy Configuration 
// to use the Private Trust Store.
SecurityPolicyConfiguration securityPolicyConfig = 
    new SecurityPolicyConfiguration();
securityPolicyConfig.setCertificateRenewalValue(90);

// A listener class implementing CertificateStatusListener interface.
MyClientCertificateStatusListener clientCertificateStatusListener;

// Set the CertificateStatusListener
client.CertificateManager.addCertificateStatusListener(
    clientCertificateStatusListener);

// The expiration notification will be notified via 
// onCertificateExpiryNotification callback.

The Client SDK will notify your application when the identity certificate approaches expiration. 

public class MyClientCertificateStatusListener 
    implements CertificateStatusListener {

    @Override
    public void onCertificateExpiryNotification(
        java.security.cert.X509Certificate certificate,
        int numberOfDaysToExpiry) {

        // Add your code here. 
        // Use the number of days field to provide warning to your user.
    }
}

Certificate Removal

// Remove the certificate status listener
client.certificateManager.removeCertificateStatusListener(
    clientCertificateStatusListener);

// Delete the client certificate and a private key.
client.certificateManager.deleteClientIdentityCertificateChain();

Simple Certificate Enrollment Protocol (SCEP) Support

The Client SDK support SCEP to retrieve Identity Certificates. Create the ScepConfiguration object and pass it to the enroll() method of the CertificateManager object. 

ScepConfiguration scepConfiguration = new ScepConfiguration();
// Populate scepConfiguration details.
client.CertificateManager.enroll(
    ScepConfiguration, 
    EnrollmentCredentialProvider, 
    CertificateEnrollmentCompletionHandler)