I am trying to build a sample app to test the App Authenticity, but unfortunately I do not succeed.
I am testing on an Android device, therefore I have signed my app with a custom certificate and extracted this certificate through the Worklight wizzard into the application-descriptor.xml. I have also deployed my project on a standalone WL server, not using the Studio. And my mobile security test looks like this: `
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="MyRealm" />
</mobileSecurityTest>
`
Here are the unexpected behaviors that I find:
- On the client side, despite the order shown above, the user login page comes before the AppAuthenticity check.
- Once the user form has been submitted, I see on the server side the following error message, whereas at this stage the mobile app should be authentic: [12/09/13 20:12:31:649 CEST] 00000070 com.worklight.core.auth.ext.AuthenticityLoginModule E FWLSE0127E: Authenticity check failed. [project worklight]
- On the client side, after this error happens, I see in logcat the following Javascript error. I would have imagined that the framework would have told me that the security check failed and would have forced by default the app to shutdown: 09-12 20:12:30.822: I/dalvikvm(20308): Could not find method com.worklight.utils.PaidSecurityUtils.kpg, referenced from method com.worklight.utils.SecurityUtils.kpg 09-12 20:12:30.827: W/dalvikvm(20308): VFY: unable to resolve static method 9603: Lcom/worklight/utils/PaidSecurityUtils;.kpg (Landroid/content/Context;[Ljava/lang/String;)[B
Thank you for telling me if I did anything wrong. FYI if on the WL console I disable the authenticity check, of course the app works fine.
Etienne
