This section describes how the Netcetera Android 3DS SDK should be configured.
When transaction is initiated, the SDK get the information about the Directory Server that will participate in the message flow. With that, the SDK determinate which DS public key to use for the data encryption and which DS logo to be shown.
The SDK uses the DS public key and the DS logo. These are configured in the ConfigParameters in Initialization.
The encryption key or certificate and the root certificate can be obtained from each scheme respectively.
Following are the steps for the DS configuration:
Some of the values can be omitted, please check Pre-configured Directory Servers for the pre-configured values that will be used instead.
Note: If public keys are provided, the keys can be either EC or RSA in PEM format. If certificates are provided, they need to be in the X.509 standard in either PEM or DER format.
To define the scheme DS, use the ConfigParameters.addParam(...) with the following arguments:
Argument | Value |
---|---|
group | null |
paramName | "schema_names" |
paramValue | Comma separated values of schemes. |
Example:
1 | configParameters.addParam( null , "schema_names" , "mastercard, visa" ); |
To define the DS IDs that belong to certain scheme, use the ConfigParameters.addParam(...) with the following arguments:
Argument | Value |
---|---|
group | "schema_ds_ids" |
paramName | The name of the scheme to define for. |
paramValue | Comma separated values of each DS id for the scheme. |
The 3DS Requestor App uses the Cardholder Account Number and optionally other cardholder information to identify the DS ID. A DS ID is the Scheme’s Card RID (Registered application provider identifier). The identifier, usually 5 bytes in length, is issued by the ISO/IEC 7816-5 registration authority and is used to address an application in the card. For example, an RID could be: A000000003. Please refer to the configuration for more RID values.
Example:
1 2 | configParameters.addParam( "schema_ds_ids" , "mastercard" , "A000000004" ); configParameters.addParam( "schema_ds_ids" , "visa" , "A000000003" ); |
To define the public key that will be used for certain scheme, use the ConfigParameters.addParam(...) with the following arguments:
Argument | Value |
---|---|
group | "schema_public_key" |
paramName | The name of the scheme to define for. |
paramValue | ASN.1 encoding of the public key or the certificate (DER/PEM) in Base64 encoded format. |
Example:
1 2 | configParameters.addParam( "schema_public_key" , "mastercard" , loadPublicKey( "certificates/mastercard_rsa.cer" )); configParameters.addParam( "schema_public_key" , "visa" , loadPublicKey( "certificates/visa_ec.cer" )); |
Note: loadPublicKey(...) is function that loads ASN.1 encoding of the public key in Base64 encoded format from a certificate file.
To define the root public key that will be used for certain scheme, use the ConfigParameters.addParam(...) with the following arguments:
Argument | Value |
---|---|
group | "schema_root_public_key" |
paramName | The name of the scheme to define for. |
paramValue | ASN.1 encoding of the public key or the certificate (DER/PEM) in Base64 encoded format. |
Note: In case the provided certificate is a chain of certificates, the first certificate in the list will be used.
Example:
1 2 | configParameters.addParam( "schema_root_public_key" , "mastercard" , loadPublicKey( "certificates/root_mastercard_rsa.cer" )); configParameters.addParam( "schema_root_public_key" , "visa" , loadPublicKey( "certificates/root_visa_ec.cer" )); |
Note: loadPublicKey(...) is function that loads ASN.1 encoding of the public key in Base64 encoded format from a certificate file.
To define the logo that will be used for certain scheme, use the ConfigParameters.addParam(...) with the following arguments:
Argument | Value |
---|---|
group | "schema_logo" |
paramName | The name of the scheme to define for. |
paramValue | String value of Drawable Resource ID. |
Example:
1 2 | configParameters.addParam( "schema_logo" , "mastercard" , Integer.toString(R.drawable.schema_logo_mastercard_1)); configParameters.addParam( "schema_logo" , "visa" , Integer.toString(R.drawable.schema_logo_visa)); |
The ConfigurationBuilder is a feature that is not defined in the specification, but has been provided by the Netcetera Android 3DS SDK to allow easier configuration of the ConfigParameters. It provides ease of use methods to set the required fields for new or existing schemes, as to prevent possible misconfigurations.
To define the scheme, use the ConfigurationBuilder.configureScheme(...) with the following arguments
Argument | Value |
---|---|
schemeConfiguration | The configuration of the scheme |
The Netcetera Android 3DS SDK provides a utility class to help with the configuration of the scheme. To define a new scheme use SchemeConfiguration.newSchemeConfiguration... with the following arguments
Argument | Value |
---|---|
schemeName | The name of the current scheme |
schemeIds | List containing the DS ids for the scheme. |
schemeLogo | String value of Drawable Resource ID |
encryptionPublicKey | ASN.1 encoding of the public key |
rootPublicKey | ASN.1 encoding of the public root key |
certificatePath | The path of the certificate (DER/PEM) in Base64 encoded format placed in the "assets" directory. |
Example:
1 2 3 4 5 6 7 8 9 10 | ConfigurationBuilder() .configureScheme( SchemeConfiguration.newSchemeConfiguration( "diners" ) .ids(Collections.singletonList( "A000000152" )) .logo(Integer.toString(R.drawable.ds_logo_diners)) .encryptionPublicKeyFromAssetCertificate(assetManager, "example-diners-sign-certeq-rsa.crt" ) .rootPublicKeyFromAssetCertificate(assetManager, "example-diners-sign-certeq-rsa.crt" ) .build() ) .build(); |
The utility class also inludes the option to modify a pre-configured scheme. For that purpose use SchemeConfiguration.{DSName}SchemeConfiguration..., with the aforementioned arguments, where {DSName} is the name of the scheme corresponding with a directory server from Pre-configured Directory Servers. The argument values that wont be specified shall be taken from Pre-configured Directory Servers.
Example:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | ConfigurationBuilder() //Mastercard configuration .configureScheme( SchemeConfiguration.mastercardSchemeConfiguration() .encryptionPublicKeyFromAssetCertificate(assetManager, "example-mc-sign-certeq-rsa.crt" ) .build() ) //Visa configuration .configureScheme( SchemeConfiguration.visaSchemeConfiguration() .encryptionPublicKeyFromAssetCertificate(assetManager, "example-visa-sign-certeq-rsa.crt" ) .rootPublicKeyFromAssetCertificate(assetManager, "example-visa-sign-certeq-rsa.crt" ) .build() ) .build(); |
The Netcetera Android 3DS SDK comes bundled with configuration for the following directory servers, listed in the table below.
Scheme | RIDs | DS Public Key | DS Root Public Key | DS Logo |
---|---|---|---|---|
Mastercard | |
3ds2.directory.mastercard.com Expiry: 20.11.2021 |
PRD MasterCard Identity Check Root CA Expiry: 15.07.2030 |
R.drawable.ds_logo_mastercard |
Visa | |
3ds2.rsa.encryption.visa.com Expiry: 03.11.2020 |
Visa eCommerce Root Expiry: 24.07.2022 |
R.drawable.ds_logo_visa |
Amex | |
|
|
R.drawable.ds_logo_amex |
Diners | |
Discover SDK Key |
ProtectBuy Root Expiry: 03.02.2027 |
R.drawable.ds_logo_diners |
JCB | |
|
|
R.drawable.ds_logo_jcb |
MIR | |
|
|
R.drawable.ds_logo_mir |
Union | |
|
|
R.drawable.ds_logo_union |
The binding between the configuration and the pre-configured values is done with the RID value of the Directory Server.
The configuration has precedence over pre-configured values and overwrites them i.e. if a configuration is provided for a parameter, that one will be used, instead of the pre-configured one.
Note: The pre-configured DS Public Key and DS Root Public Key serve for convenience, while the integrators have to verify their compatibility to the Directory Server. The integrators are encouraged to complete the configuration.
To define which device info parameters shall be considered as restricted and thus not collected, use the ConfigParameters.addParam(...) with the following arguments:
Argument | Value |
---|---|
group | null |
paramName | "restricted_device_info_parameters" |
paramValue | Comma separated values of IDs of the device info parameters. |
Example:
1 | configParameters.addParam( null , "restricted_device_info_parameters" , "A001,A016,C005" ); |
To define which device info parameters shall be considered as restricted and thus not collected, use the ConfigurationBuilder.restrictedParameters(...) with the following arguments:
Argument | Value |
---|---|
restrictedParameters | List containing the IDs of the device info parameters. |
Example:
1 | ConfigurationBuilder().restrictedParameters(Arrays.asList( "A001" , "A016" , "C005" )).build(); |
List of device info parameters and their corresponding IDs can be found at EMVCo 3DS SDK Device Info. If a entry in the restricted device info parameters configuration has value that doesn’t correspond to any predefined device info parameter ID, an InvalidInputException is thrown.
The Netcetera Android 3DS SDK supports customization of the UI elements that are being shown by the SDK itself. For this purpose UiCustomization is used.
For detailed information of the UiCustomization API and how to be used, refer to 4.5 in the EMVCo 3DS SDK Specification.
The Netcetera Android 3DS SDK uses SLF4J for logging purposes, logging only messages on level WARN and ERROR. The logging of this log levels can be configured by using any logging implementation on top of SLF4J.
Sample implementation that uses logback-android can be found in the guide for the demo reference application and the source code itself.
This section describes which Android permissions are required to be granted and which are optional.
Permission | Mandatory | Description |
---|---|---|
android.permission.INTERNET | Yes | Required for communication with the ACS in Challenge Flow. Must be permitted before Starting of Challenge Flow. |
android.permission.ACCESS_COARSE_LOCATION | No | Required for collecting the device coarse location that will be provided as device info parameter. Should be permitted before Initialization. |
android.permission.ACCESS_FINE_LOCATION | No | Required for collecting the device fine location that will be provided as device info parameter. Should be permitted before Initialization. |
android.permissions.ACCESS_NETWORK_STATE | No | Required for collecting device’s IP Address that will be provided as device info parameter. Should be permitted before Initialization. |
android.permission.BLUETOOTH | No | Required for collecting bluetooth hardware info that will be provided as device info parameter. Should be permitted before Initialization. |
android.permission.READ_PHONE_STATE | No | Required for collecting Telephony information that will be provided as device info parameters. Should be permitted before Initialization. |
android.permission.SEND_SMS | No | Required for collecting Telephony information that will be provided as device info parameters. Should be permitted before Initialization. |
android.permission.ACCESS_WIFI_STATE | No | Required for collecting WiFi and Network related information that will be provided as device info parameters. Should be permitted before Initialization. |