Extend IKeyChainService AIDL with CACert retrieval
Bug:16029580
Change-Id: I41a3bd2f3bd95550e59f1d0d0acd0e765d7b62d7
diff --git a/keystore/java/android/security/IKeyChainService.aidl b/keystore/java/android/security/IKeyChainService.aidl
index 60fd7f7..a93891a4 100644
--- a/keystore/java/android/security/IKeyChainService.aidl
+++ b/keystore/java/android/security/IKeyChainService.aidl
@@ -15,6 +15,8 @@
*/
package android.security;
+import android.content.pm.ParceledListSlice;
+
/**
* Caller is required to ensure that {@link KeyStore#unlock
* KeyStore.unlock} was successful.
@@ -32,6 +34,11 @@
// APIs used by Settings
boolean deleteCaCertificate(String alias);
boolean reset();
+ ParceledListSlice getUserCaAliases();
+ ParceledListSlice getSystemCaAliases();
+ boolean containsCaAlias(String alias);
+ byte[] getEncodedCaCertificate(String alias, boolean includeDeletedSystem);
+ List<String> getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem);
// APIs used by KeyChainActivity
void setGrant(int uid, String alias, boolean value);
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index 0da2b99..131e689 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -397,7 +397,8 @@
return KeyStore.getInstance().isHardwareBacked(algorithm);
}
- private static X509Certificate toCertificate(byte[] bytes) {
+ /** @hide */
+ public static X509Certificate toCertificate(byte[] bytes) {
if (bytes == null) {
throw new IllegalArgumentException("bytes == null");
}