Hide Secret:
./gradlew hideSecretFromPropertiesFile -PpropertiesFileName=credentials.properties- Issue tickets with constant number of rides (5).
- Validate the ticket (check expiry time and remaining rides, decrement remaining rides).
- The tickets are valid for a certain time (normally one day, use 2 minute for testing) from the time when they were issued.
- Start the validity period only when the ticket is used for the first time (if initial counter value equals to the current counter value, set expiry time).
- If the tickets have expired or they have been fully used, reformat the card and issue a new ticket.
- Issue additional rides (+5) to a card without erasing any still valid ticket.
- Move the master-key to the Android keystore instead of in an XML file on the reader device.
- Implement both client and server authentication between cloud and Android App. (API master secret hides with hidden-secrets-gradle-plugin).
- Implement logging of the ticket events to cloud.
- Implement blacklisting of tickets in the cloud, so that detected forgeries can be added to the blacklist, which is downloaded to the ticker reader. The reader device should be able to work without Internet connectivity, but it should make use of the cloud connection when available.
- Implement master-key fetching from the cloud, and compare it to the Android keystore cached one. If any difference is found, report it to the cloud.
- 4 -> application tag
- 5 -> version
- 6 -> max ride number (counter limit), initial counter
- 7 -> expiration time
- 8 -> expected counter
- 9 -> last check-in time
- 10 -> hmac
- 11 -> expected counter
- 12 -> last check-in time
- 13 -> hmac
- 30,31 -> timestamp, remaining ride, type
- 32,33 -> timestamp, remaining ride, type
- 34,35 -> timestamp, remaining ride, type
- 36,37 -> timestamp, remaining ride, type
- 38,39 -> timestamp, remaining ride, type