1 /*
2  * Copyright (C) 2011 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package android.security;
17 
18 import android.content.pm.StringParceledListSlice;
19 import android.security.keymaster.KeymasterCertificateChain;
20 import android.security.keystore.ParcelableKeyGenParameterSpec;
21 
22 /**
23  * Caller is required to ensure that {@link KeyStore#unlock
24  * KeyStore.unlock} was successful.
25  *
26  * @hide
27  */
28 interface IKeyChainService {
29     // APIs used by KeyChain
30     @UnsupportedAppUsage
requestPrivateKey(String alias)31     String requestPrivateKey(String alias);
getCertificate(String alias)32     byte[] getCertificate(String alias);
getCaCertificates(String alias)33     byte[] getCaCertificates(String alias);
isUserSelectable(String alias)34     boolean isUserSelectable(String alias);
setUserSelectable(String alias, boolean isUserSelectable)35     void setUserSelectable(String alias, boolean isUserSelectable);
36 
generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec)37     int generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec);
attestKey(in String alias, in byte[] challenge, in int[] idAttestationFlags, out KeymasterCertificateChain chain)38     int attestKey(in String alias, in byte[] challenge, in int[] idAttestationFlags,
39             out KeymasterCertificateChain chain);
setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain)40     boolean setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain);
41 
42     // APIs used by CertInstaller and DevicePolicyManager
installCaCertificate(in byte[] caCertificate)43     String installCaCertificate(in byte[] caCertificate);
44 
45     // APIs used by DevicePolicyManager
installKeyPair(in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias)46     boolean installKeyPair(in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias);
removeKeyPair(String alias)47     boolean removeKeyPair(String alias);
48 
49     // APIs used by Settings
deleteCaCertificate(String alias)50     boolean deleteCaCertificate(String alias);
reset()51     boolean reset();
getUserCaAliases()52     StringParceledListSlice getUserCaAliases();
getSystemCaAliases()53     StringParceledListSlice getSystemCaAliases();
containsCaAlias(String alias)54     boolean containsCaAlias(String alias);
getEncodedCaCertificate(String alias, boolean includeDeletedSystem)55     byte[] getEncodedCaCertificate(String alias, boolean includeDeletedSystem);
getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem)56     List<String> getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem);
57 
58     // APIs used by KeyChainActivity
setGrant(int uid, String alias, boolean value)59     void setGrant(int uid, String alias, boolean value);
hasGrant(int uid, String alias)60     boolean hasGrant(int uid, String alias);
61 }
62