Unknown macro: {next_previous_link3}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 28 Next »

You are not required to perform any additional steps to configure the Android server as it is preconfigured in WSO2 EMM.

Follow the instructions below to configure and build the Android client application:

Ensure that you have downloaded the Android Studio bundle before starting the configurations.

 Click here for prerequisites

Prior to installing or deploying WSO2 EMM, it is necessary to have the appropriate prerequisite software installed on your system. Verify that the computer has the supported operating system and development platforms before starting the installation.

When starting WSO2 EMM, it is mandatory to have an active internet connection; otherwise, the devices will not be able to connect to EMM.

System requirements

Memory

  • ~ 2 GB minimum
  • ~ 512 MB heap size. This is generally sufficient to process typical SOAP messages but the requirements vary with larger message sizes and  the number of messages processed concurrently.

Disk

  • ~ 1 GB, excluding space allocated for log files and databases.

Environment compatibility

Operating Systems / Databases

  • All WSO2 Carbon-based products are Java applications that can be run on any platform that is JDK 7 or 8 compliant
  • All WSO2 Carbon-based products are generally compatible with most common DBMSs. The embedded H2 database is suitable for development, testing, and some production environments. For most enterprise production environments, however, we recommend you use an industry-standard RDBMS such as Oracle, PostgreSQL, MySQL, MS SQL, etc. For more information, see Working with Databases. Additionally, we do not recommend the H2 database as a user store.
  • It is not recommended to use Apache DS in a production environment due to scalability issues. Instead, use an LDAP like OpenLDAP for user management.
  • For environments that WSO2 products are tested with, see Compatibility of WSO2 Products.
  • If you have difficulty in setting up any WSO2 product in a specific platform or database, please contact us.

Device OS prerequisites

PlatformSupported Versions
iOSVersion 7.0 - 9.0
Android

Version 4.1.x - 6.0 (Android Jelly Beans to Marshmallow)

WindowsVersion 8.1

Feature prerequisites

To enable encryption, the battery level should be 80% or more.

Required applications

The following applications are required for running the product and when building WSO2 EMM from the source code. Mandatory installs are marked with an asterisk  * .

Application

Purpose

Version

Download Links

Java SE Development Kit (JDK) / Java SE JRE*

JDK 7 or 8

Oracle and IBM JRE 1.7 are also supported when running (not building) WSO2 products.

http://www.oracle.com/technetwork/java/javase/archive-139210.html

MySQL*

Used as the WSO2 EMM DB.

5.6.*http://www.mysql.com/
MySQL Connector/J*Used for WSO2 EMM DB connectivity.5.1.*http://dev.mysql.com/downloads/connector/j/
Git1.8.*http://git-scm.com/
Android Studio*To build the Android client application.1.2.3 or laterhttps://developer.android.com/sdk/index.html
Android SDK*To build the Android client application.

Level 16 to 21

http://developer.android.com/sdk/index.html

Web Browser*

To access the product's Management Console. The Web Browser must be JavaScript enabled to take full advantage of the Management console.

NOTE: On Windows Server 2003, you must not go below the medium security level in Internet Explorer 6.x.



Apache Ant

To compile and run the product samples.

1.7.0 or later

http://ant.apache.org/  

Apache Maven

To build the product from the source distribution  (both JDK and Apache Maven are required). If you are installing by downloading and extracting the binary distribution instead of building from the source code, you do not need to install Maven.

http://maven.apache.org/  

Xcode*To build the iOS client application.1.7.0 or laterhttps://developer.apple.com/xcode/download/
or
https://itunes.apple.com/en/app/xcode/id497799835?mt=12 

Support for the Android Developer Tools (ADT) in Eclipse is ending. Therefore, you should migrate the app development projects to Android Studio. For more information on transitioning to Android Studio, see Migrating to Android Studio.

  1. Get a GIT clone of the Android Agent application from GitHub.

  2. Update the Android Software Development Kit with the following:

    • SDK Versions 22 and 16. 

    • Build Tools Version 22.0.1.

    • Install or update Android Support Library.

    • Install or update Google Play Services.

    • Install Google USB Driver, if you are on a Windows platform.

  3. By default, the Android agent communicates with the server via HTTP. Configure the following parameters to enable HTTPS communication in the production environment.

    • Configure the SERVER_PORT and SERVER_PROTOCOL parameters in the Constants.java class, which is in the org.wso2.emm.agent.utils package.
    • Configure the SERVER_PROTOCOL parameter in the Constants.java class, which is in the org.wso2.emm.agent.proxy.utils package.

    For more information see below:

     Generating a BKS File

    The Android agent must have the CA certificate inside the application when configuring the Secure Sockets Layer (SSL). The CA certificate is stored in a BKS (bouncycastle) file. Follow the steps given below to create and generate a BKS file: 

    Prerequisites 

    Step 1: Creating a BKS file

    If you configured EMM for iOS, you can skip this step and move to Step 2 by using the already generated and imported Certificate Authority (CA), Registration Authority (RA), and SSL certificate files.

    1. Navigate to the openssl.cnf file of the OpenSSL installation. 

    2. Make a copy of the  openssl.cnf  file, move it to another location, and configure the file to generate version 3 certificates as shown below:

      [ v3_req ] 
      # Extensions to add to a certificate request 
      basicConstraints=CA:TRUE 
      keyUsage = Digital Signature, Key Encipherment 
      
      [ v3_ca ] 
      # Extensions for a typical CA 
      # PKIX recommendation. 
      subjectKeyIdentifier=hash 
      authorityKeyIdentifier=keyid:always,issuer 
      # This is what PKIX recommends but some broken software chokes on critical 
      # extensions. 
      basicConstraints = critical,CA:true 
      # So we do this instead. 
      #basicConstraints = CA:true 
      # Key usage: this is typical for a CA certificate. However since it will 
      # prevent it being used as an test self-signed certificate it is best 
      # left out by default. 
      keyUsage = Digital Signature, Certificate Sign, CRL Sign
    3. In the location where you modified and saved the openssl.cnf file, run the following commands to generate a self-signed Certificate Authority (CA) certificate (version 3) and convert the certificate to the.pem format:

      1. openssl genrsa -out <CA PRIVATE KEY> 4096
        For example: openssl genrsa -out ca_private.key 4096
      2. openssl req -new -key <CA PRIVATE KEY> -out <CA CSR>
        For example: openssl req -new -key ca_private.key -out ca.csr
      3. openssl x509 -req -days <DAYS> -in <CA CSR> -signkey <CA PRIVATE KEY> -out <CA CRT> -extensions v3_ca -extfile <PATH-TO-MODIFIED-openssl.cnf-FILE>
        For example: openssl x509 -req -days 365 -in ca.csr -signkey ca_private.key -out ca.crt -extensions v3_ca -extfile ./openssl.cnf
      4. openssl rsa -in <CA PRIVATE KEY> -text > <CA PRIVATE PEM>
        For example:  openssl rsa -in ca_private.key -text > ca_private.pem
      5. openssl x509 -in <CA CRT> -out <CA CERT PEM>
        For example: openssl x509 -in ca.crt -out ca_cert.pem
    4. In the same location, run the following commands to generate a Registration Authority (RA) certificate (version 3), sign it with the CA, and convert the certificate to the .pem  format. 

      1. openssl genrsa -out <RA PRIVATE KEY> 4096
        For example:  openssl genrsa -out ra_private.key 4096

      2. openssl req -new -key <RA PRIVATE KEY> -out <RA CSR>
        For example: openssl req -new -key ra_private.key -out ra.csr
      3. openssl x509 -req -days <DAYS> -in <RA CSR> -CA <CA CRT> -CAkey <CA PRIVATE KEY> -set_serial <SERIAL NO> -out <RA CRT> -extensions v3_req -extfile <PATH-TO-MODIFIED- openssl.cnf-FILE >
        For example: openssl x509 -req -days 365 -in ra.csr -CA ca.crt -CAkey ca_private.key -set_serial 02 -out ra.crt -extensions v3_req -extfile ./openssl.cnf
      4. openssl rsa -in <CA PRIVATE KEY> -text > <RA PRIVATE PEM>
        For example: openssl rsa -in ra_private.key -text > ra_private.pem
      5. openssl x509 -in <RA CRT> -out <RA CERT PEM>
        For example: openssl x509 -in ra.crt -out ra_cert.pem
    5. Generate the SSL certificate (version 3) based on your domain/IP address:

      You must add your IP address/domain as the Common Name. Otherwise, provisioning will fail. 

      1. Generate an RSA key.
        openssl genrsa -out <RSA_key>.key 4096
        For example:
        openssl genrsa -out ia.key 4096
      2. Generate a CSR file.
        openssl req -new -key <RSA_key>.key -out <CSR>.csr
        For example:
        openssl req -new -key ia.key -out ia.csr
        Enter your server IP address/domain name (e.g., 192.168.1.157) as the Common Name else provisioning will fail.
      3. Generate the SSL certificate.
        openssl x509 -req -days 730 -in <CSR>.csr -CA ca_cert.pem -CAkey ca_private.pem -set_serial <serial number> -out ia.crt
        For example: 
        openssl x509 -req -days 730 -in ia.csr -CA ca_cert.pem -CAkey ca_private.pem -set_serial 044324343 -out ia.crt
    6. Export the SSL, CA, and RA files as PKCS12 files with an alias.

      1. Export the SSL file as a PKCS12 file with "wso2carbon" as the alias. 
        openssl pkcs12 -export -out <KEYSTORE>.p12 -inkey <RSA_key>.key -in ia.crt -CAfile ca_cert.pem -name "<alias>"
        For example:
        openssl pkcs12 -export -out KEYSTORE.p12 -inkey ia.key -in ia.crt -CAfile ca_cert.pem -name "wso2carbon"

      2. Export the CA file as a PKCS12 file with an alias.
        openssl pkcs12 -export -out <CA>.p12 -inkey <CA private key>.pem -in <CA Cert>.pem -name "<alias>"
        For example:
        openssl pkcs12 -export -out ca.p12 -inkey ca_private.pem -in ca_cert.pem -name "cacert"
        In the above example, cacert has been used as the CA alias. 
      3. Export the RA file as a PKCS12 file with an alias.
        openssl pkcs12 -export -out <RA>.p12 -inkey <RA private key>.pem -in <RA Cert>.pem -chain -CAfile <CA cert>.pem -name "<alias>"
        For example:
        openssl pkcs12 -export -out ra.p12 -inkey ra_private.pem -in ra_cert.pem -chain -CAfile ca_cert.pem -name "racert"
        In the above example, racert has been used as the RA alias. 
    7. Copy the three P12 files to the <EMM_HOME>/repository/resources/security directory.
    8. Import the generated P12 files as follows:
      1. Import the generated <KEYSTORE>.p12 file into the wso2carbon.jks and client-truststore.jks in the <EMM_HOME>/repository/resources/security directory.
        keytool -importkeystore -srckeystore <KEYSTORE>.p12 -srcstoretype PKCS12 -destkeystore <wso2carbon.jks/client-truststore.jks>

        When prompted, enter the keystore password and keystore key password as wso2carbon.

        For example:
        keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore wso2carbon.jks
        keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore client-truststore.jks

      2. Import the generated <CA>.p12 and <RA>.p12 files into the wso2certs.jks file, which is in the <EMM_HOME>/repository/resources/security directory.
        keytool -importkeystore -srckeystore <CA/RA>.p12 -srcstoretype PKCS12 -destkeystore wso2emm.jks

        For example:
        keytool -importkeystore -srckeystore ca.p12 -srcstoretype PKCS12 -destkeystore wso2certs.jks 
        Enter the keystore password as wso2carbon and keystore key password as cacert.

        keytool -importkeystore -srckeystore ra.p12 -srcstoretype PKCS12 -destkeystore wso2certs.jks 
        Enter the keystore password as  wso2carbon  and keystore key password as racert.

        Troubleshooting

        Why does the following error occur: " keytool error: java.io.IOException: Invalid keystore format"?

        If you enter the wrong private key password when importing the <CA>.p12 or <RA>.p12 files, the wso2certs.jks file will get corrupted and the above error message will appear.

        In such a situation, delete the wso2certs.jks file and execute the following command to import the generated <CA>.p12 and <RA>.p12 files into the wso2certs.jks file again.
        keytool -importkeystore -srckeystore <CA/RA>.p12 -srcstoretype PKCS12 -destkeystore wso2certs.jks

        When the above command is executed, EMM will automatically create a new wso2certs.jks file with the imported file.

    Step 2: Generating a BKS file

    Follow all the steps given under step 1 before generating the BKS file to avoid errors.

    1. Generate the BKS file:

      Ensure that you have the bcprov-jdk16-146.jar file in the same folder where you will be generating the BKS file before you run this command.

      keytool -noprompt -import -v -trustcacerts -alias 'openssl x509 -inform PEM -subject_hash -noout -in ca_cert.pem' -file ca_cert.pem -keystore emm_truststore.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-146.jar -storepass 'wso2carbon'

      If you are using an SSL certificate by a trusted authority such as GoDaddy, the cert.crt defined in the command should be the interim certificate. 
      Example:

      keytool -noprompt -import -v -trustcacerts -alias godaddy -file cert.crt -keystore emm_truststore.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-146.jar -storepass 'wso2carbon'
    2. Optionally, view the list of certificates in the BKS form using the following command:

      keytool -list -v -keystore "emm_truststore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-1.46.jar" -storetype BKS -storepass "wso2carbon"
    3. Copy the generated emm_truststore.bks file to the Android res/raw folder. 
    4. Navigate to the Constants.java file, which is in the Android folder and configure the following:
      • Provide the HTTPS_HOST_IP as the value for the SERVER_PORT parameter.
        Example: 9443.
      • Change the SERVER_PROTOCOL to https://.
      • Provide the BKS file password as the value for the TRUSTSTORE_PASSWORD parameter.
      Sample
      	public static boolean DEBUG_MODE_ENABLED = false;
      	public static boolean LOCAL_NOTIFICATIONS_ENABLED = true;
      	public static boolean GCM_ENABLED = false;
      
      	public static String SERVER_IP = "";
      
      	public static String SERVER_PORT = "9443";
      	public static String SERVER_PROTOCOL = "https://";
      	public static String API_VERSION = "1.0.0";
      	
      	public static String SERVER_APP_ENDPOINT = "/EMM/api/";
      
      	public static String OAUTH_ENDPOINT = "/oauth2/token";
      	public static String SENDER_ID_ENDPOINT = "devices/sender_id/";
      	public static String IS_REGISTERED_ENDPOINT = "devices/isregistered/";
      	public static String LICENSE_ENDPOINT = "devices/license/";
      	public static String REGISTER_ENDPOINT = "devices/register/";
      	public static String UNREGISTER_ENDPOINT = "devices/unregister/";
      	public static String NOTIFICATION_ENDPOINT = "notifications/pendingOperations/";
      	
      	public static String SERVER_URL = SERVER_PROTOCOL + SERVER_IP + ":"
      			+ SERVER_PORT + SERVER_APP_ENDPOINT;
      
      	public static final String TRUSTSTORE_PASSWORD = "";
      	public static final String EULA_TITLE = "POLICY AGREEMENT";

  4. Import the project on Android Studio, clean and build the project.

  5. Run the project on a device.

    The .apk file can be found in the <EMM_HOME>/repository/deployment/server/jaggeryapps/emm-web-agent/units/asset-download-agent-android/public/asset directory.


 

What's next

 

 

  • No labels