Brian Carlstrom | b9a07c1 | 2011-04-11 09:03:51 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2011 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | package android.security; |
| 17 | |
Robin Lee | abaa069 | 2017-02-20 20:54:22 +0000 | [diff] [blame] | 18 | import android.content.pm.StringParceledListSlice; |
Eran Messeri | a173064 | 2017-12-11 17:48:47 +0000 | [diff] [blame] | 19 | import android.security.keymaster.KeymasterCertificateChain; |
Eran Messeri | 852c8f1 | 2017-11-15 05:55:52 +0000 | [diff] [blame] | 20 | import android.security.keystore.ParcelableKeyGenParameterSpec; |
Zoltan Szatmary-Ban | f0ae135 | 2014-08-18 10:48:33 +0100 | [diff] [blame] | 21 | |
Brian Carlstrom | b9a07c1 | 2011-04-11 09:03:51 -0700 | [diff] [blame] | 22 | /** |
| 23 | * Caller is required to ensure that {@link KeyStore#unlock |
| 24 | * KeyStore.unlock} was successful. |
| 25 | * |
| 26 | * @hide |
| 27 | */ |
| 28 | interface IKeyChainService { |
Brian Carlstrom | 2627d53 | 2011-05-13 12:54:24 -0700 | [diff] [blame] | 29 | // APIs used by KeyChain |
Andrei Onea | 4aa2a20 | 2019-02-27 14:22:05 +0000 | [diff] [blame] | 30 | @UnsupportedAppUsage |
Kenny Root | 5423e68 | 2011-11-14 08:43:13 -0800 | [diff] [blame] | 31 | String requestPrivateKey(String alias); |
Fred Quintana | ab8b84a | 2011-07-13 14:55:39 -0700 | [diff] [blame] | 32 | byte[] getCertificate(String alias); |
Rubin Xu | b436591 | 2016-03-23 12:13:22 +0000 | [diff] [blame] | 33 | byte[] getCaCertificates(String alias); |
Eran Messeri | 7039f41 | 2017-11-08 01:03:30 +0000 | [diff] [blame] | 34 | boolean isUserSelectable(String alias); |
| 35 | void setUserSelectable(String alias, boolean isUserSelectable); |
Brian Carlstrom | 2627d53 | 2011-05-13 12:54:24 -0700 | [diff] [blame] | 36 | |
Eran Messeri | 6169239 | 2018-03-26 16:43:14 +0100 | [diff] [blame] | 37 | int generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec); |
| 38 | int attestKey(in String alias, in byte[] challenge, in int[] idAttestationFlags, |
Eran Messeri | 94d5676 | 2017-12-21 20:50:54 +0000 | [diff] [blame] | 39 | out KeymasterCertificateChain chain); |
Eran Messeri | ecf0f22 | 2017-12-11 12:32:13 +0000 | [diff] [blame] | 40 | boolean setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain); |
Eran Messeri | 852c8f1 | 2017-11-15 05:55:52 +0000 | [diff] [blame] | 41 | |
Bartosz Fabianowski | 05dc9f7 | 2017-02-22 23:41:14 +0100 | [diff] [blame] | 42 | // APIs used by CertInstaller and DevicePolicyManager |
| 43 | String installCaCertificate(in byte[] caCertificate); |
Brian Carlstrom | 2627d53 | 2011-05-13 12:54:24 -0700 | [diff] [blame] | 44 | |
Bernhard Bauer | 26408cc | 2014-09-08 14:07:31 +0100 | [diff] [blame] | 45 | // APIs used by DevicePolicyManager |
Eran Messeri | d6ee4aa | 2019-09-10 17:23:48 +0100 | [diff] [blame^] | 46 | boolean installKeyPair( |
| 47 | in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias, int uid); |
Robin Lee | fbc6564 | 2015-08-03 16:21:22 +0100 | [diff] [blame] | 48 | boolean removeKeyPair(String alias); |
Bernhard Bauer | 26408cc | 2014-09-08 14:07:31 +0100 | [diff] [blame] | 49 | |
Brian Carlstrom | 2627d53 | 2011-05-13 12:54:24 -0700 | [diff] [blame] | 50 | // APIs used by Settings |
Brian Carlstrom | 6da0033 | 2011-06-26 21:08:03 -0700 | [diff] [blame] | 51 | boolean deleteCaCertificate(String alias); |
Brian Carlstrom | 2627d53 | 2011-05-13 12:54:24 -0700 | [diff] [blame] | 52 | boolean reset(); |
Robin Lee | abaa069 | 2017-02-20 20:54:22 +0000 | [diff] [blame] | 53 | StringParceledListSlice getUserCaAliases(); |
| 54 | StringParceledListSlice getSystemCaAliases(); |
Zoltan Szatmary-Ban | f0ae135 | 2014-08-18 10:48:33 +0100 | [diff] [blame] | 55 | boolean containsCaAlias(String alias); |
| 56 | byte[] getEncodedCaCertificate(String alias, boolean includeDeletedSystem); |
| 57 | List<String> getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem); |
Fred Quintana | ab8b84a | 2011-07-13 14:55:39 -0700 | [diff] [blame] | 58 | |
| 59 | // APIs used by KeyChainActivity |
| 60 | void setGrant(int uid, String alias, boolean value); |
| 61 | boolean hasGrant(int uid, String alias); |
Brian Carlstrom | b9a07c1 | 2011-04-11 09:03:51 -0700 | [diff] [blame] | 62 | } |