1 /*
2  * Copyright (c) 2019, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.identity;
18 
19 import android.security.identity.IWritableCredential;
20 
21 import android.security.identity.RequestNamespaceParcel;
22 import android.security.identity.GetEntriesResultParcel;
23 import android.security.identity.AuthKeyParcel;
24 
25 /**
26  * @hide
27  */
28 interface ICredential {
29     /* The STATUS_* constants are used in the status field in ResultEntryParcel.
30      * Keep in sync with ResultNamespace.java.
31      */
32     const int STATUS_OK = 0;
33     const int STATUS_NO_SUCH_ENTRY = 1;
34     const int STATUS_NOT_REQUESTED = 2;
35     const int STATUS_NOT_IN_REQUEST_MESSAGE = 3;
36     const int STATUS_USER_AUTHENTICATION_FAILED = 4;
37     const int STATUS_READER_AUTHENTICATION_FAILED = 5;
38     const int STATUS_NO_ACCESS_CONTROL_PROFILES = 6;
39 
createEphemeralKeyPair()40     byte[] createEphemeralKeyPair();
41 
setReaderEphemeralPublicKey(in byte[] publicKey)42     void setReaderEphemeralPublicKey(in byte[] publicKey);
43 
deleteCredential()44     byte[] deleteCredential();
deleteWithChallenge(in byte[] challenge)45     byte[] deleteWithChallenge(in byte[] challenge);
46 
proveOwnership(in byte[] challenge)47     byte[] proveOwnership(in byte[] challenge);
48 
getCredentialKeyCertificateChain()49     byte[] getCredentialKeyCertificateChain();
50 
selectAuthKey(in boolean allowUsingExhaustedKeys, in boolean allowUsingExpiredKeys)51     long selectAuthKey(in boolean allowUsingExhaustedKeys,
52                        in boolean allowUsingExpiredKeys);
53 
getEntries(in byte[] requestMessage, in RequestNamespaceParcel[] requestNamespaces, in byte[] sessionTranscript, in byte[] readerSignature, in boolean allowUsingExhaustedKeys, in boolean allowUsingExpiredKeys)54     GetEntriesResultParcel getEntries(in byte[] requestMessage,
55                                       in RequestNamespaceParcel[] requestNamespaces,
56                                       in byte[] sessionTranscript,
57                                       in byte[] readerSignature,
58                                       in boolean allowUsingExhaustedKeys,
59                                       in boolean allowUsingExpiredKeys);
60 
setAvailableAuthenticationKeys(in int keyCount, in int maxUsesPerKey)61     void setAvailableAuthenticationKeys(in int keyCount, in int maxUsesPerKey);
62 
getAuthKeysNeedingCertification()63     AuthKeyParcel[] getAuthKeysNeedingCertification();
64 
storeStaticAuthenticationData(in AuthKeyParcel authenticationKey, in byte[] staticAuthData)65     void storeStaticAuthenticationData(in AuthKeyParcel authenticationKey,
66                                        in byte[] staticAuthData);
67 
storeStaticAuthenticationDataWithExpiration(in AuthKeyParcel authenticationKey, in long expirationDateMillisSinceEpoch, in byte[] staticAuthData)68     void storeStaticAuthenticationDataWithExpiration(in AuthKeyParcel authenticationKey,
69                                        in long expirationDateMillisSinceEpoch,
70                                        in byte[] staticAuthData);
71 
getAuthenticationDataUsageCount()72     int[] getAuthenticationDataUsageCount();
73 
update()74     IWritableCredential update();
75 }
76 
77