Security and Bugfixes (#99)

Author: kpanugan-anet

emv-anet-sdk.aar

@@ -6,7 +6,7 @@ android {
 
     defaultConfig {
         applicationId "authorize.net.inperson_sdk_android"
-        minSdkVersion 30
+        minSdkVersion 33
         targetSdkVersion 34
         versionCode 2
         versionName "1.1"

sampleapp/app/build.gradle

@@ -26,6 +26,7 @@
 import net.authorize.aim.emv.EMVTransactionManager;
 import net.authorize.auth.PasswordAuthentication;
 import net.authorize.auth.SessionTokenAuthentication;
+import net.authorize.auth.TransactionKeyAuthentication;
 import net.authorize.data.Order;
 import net.authorize.data.OrderItem;
 import net.authorize.data.creditcard.CreditCard;
@@ -39,7 +40,7 @@
 public class LoginActivity extends FragmentActivity {
     Button b;
     EditText login;
-    EditText pwd;
+    EditText transactionKey;
     Context context;
     Environment environment = Environment.SANDBOX;
     RadioGroup radioGroup;
@@ -55,7 +56,7 @@ protected void onCreate(Bundle savedInstanceState) {
         b.setOnClickListener(mListner);
 
         login = (EditText)findViewById(R.id.editTextLoginLoginID);
-        pwd = (EditText)findViewById(R.id.editTextLoginPassword);
+        transactionKey = (EditText)findViewById(R.id.editTextLoginPassword);
 
         radioGroup = (RadioGroup) findViewById(R.id.login_type_radio_group);
         testButton = (RadioButton) findViewById(R.id.test_radio_button);
@@ -111,52 +112,22 @@ public void onClick(View view){
                 @Override
                 public void run(){
 
-//                handler.sendEmptyMessage(0);
-                    net.authorize.mobile.Result result;
-                    String deviceID = "Test EMV Android";
-                    PasswordAuthentication passAuth = PasswordAuthentication
-                            .createMerchantAuthentication(login.getText().toString(), pwd.getText().toString(), deviceID);
-
-                    AppManager.merchant = Merchant.createMerchant(environment, passAuth);
-
-                    net.authorize.mobile.Transaction transaction = AppManager.merchant
-                            .createMobileTransaction(net.authorize.mobile.TransactionType.MOBILE_DEVICE_LOGIN);
-                    MobileDevice mobileDevice = MobileDevice.createMobileDevice(deviceID,
-                            "Device description", "425-555-0000", "Android");
-                    transaction.setMobileDevice(mobileDevice);
-
-                    Gson gson = new GsonBuilder().setPrettyPrinting().create();
-                    String transactionJson = gson.toJson(transaction);
-                    Log.d("LoginRequest", "Sending request: " + transactionJson);
-
-                    result = (net.authorize.mobile.Result) AppManager.merchant
-                            .postTransaction(transaction);
-
-                    // Log incoming response
-                    Log.d("LoginResponse", "Received response: " + result.getXmlResponse());
-
-                    if(result.isOk()){
-
-                        try {
-                            SessionTokenAuthentication sessionTokenAuthentication = SessionTokenAuthentication
-                                    .createMerchantAuthentication(AppManager.merchant
-                                            .getMerchantAuthentication().getName(), result
-                                            .getSessionToken(), "Test EMV Android");
-                            if ((result.getSessionToken() != null)
-                                    && (sessionTokenAuthentication != null)) {
-                                AppManager.merchant
-                                        .setMerchantAuthentication(sessionTokenAuthentication);
-
-                                handler.sendEmptyMessage(0);
-                            }
-                        } catch (Exception ex) {
-                            Log.e("loginException", "Exception: " + ex.getMessage());
-                        }
-                    }
-                    else{
+                    try {
+                        // Use TransactionKeyAuthentication (no session token needed)
+                        TransactionKeyAuthentication merchantAuth = TransactionKeyAuthentication
+                                .createMerchantAuthentication(login.getText().toString(), transactionKey.getText().toString());
+
+                        AppManager.merchant = Merchant.createMerchant(environment, merchantAuth);
+
+                        Log.d("LoginInfo", "Using Transaction Key Authentication");
+
+                        // Transaction key authentication doesn't require a login transaction
+                        // Authentication is validated on the first actual transaction
+                        handler.sendEmptyMessage(0);
+
+                    } catch (Exception ex) {
+                        Log.e("loginException", "Exception: " + ex.getMessage());
                         handler.sendEmptyMessage(1);
-                        Log.e("EMVResponse",result.getXmlResponse());
-//                    Toast.makeText(context, result.getXmlResponse(),Toast.LENGTH_SHORT).show();
                     }
 
                 }

sampleapp/app/proguard-rules.pro

@@ -24,7 +24,7 @@
                 android:layout_height="wrap_content"
                 android:ems="10"
                 android:textSize="22sp"
-                android:hint="Login Id"
+                android:hint="Login ID"
                 android:textColor="@android:color/black"
                 android:inputType="text"
 
@@ -39,7 +39,7 @@
                 android:ems="10"
                 android:textSize="22sp"
 
-                android:hint="Password"
+                android:hint="Transaction Key"
                 android:inputType="textPassword"