1 /*
2  * Copyright (C) 2011 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package android.security;
17 
18 import android.content.pm.StringParceledListSlice;
19 import android.security.keymaster.KeymasterCertificateChain;
20 import android.security.keystore.ParcelableKeyGenParameterSpec;
21 import android.security.AppUriAuthenticationPolicy;
22 import android.net.Uri;
23 
24 /**
25  * Caller is required to ensure that {@link KeyStore#unlock
26  * KeyStore.unlock} was successful.
27  *
28  * @hide
29  */
30 interface IKeyChainService {
31     // APIs used by KeyChain
32     @UnsupportedAppUsage
requestPrivateKey(String alias)33     String requestPrivateKey(String alias);
getCertificate(String alias)34     byte[] getCertificate(String alias);
getCaCertificates(String alias)35     byte[] getCaCertificates(String alias);
isUserSelectable(String alias)36     boolean isUserSelectable(String alias);
setUserSelectable(String alias, boolean isUserSelectable)37     void setUserSelectable(String alias, boolean isUserSelectable);
38 
generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec)39     int generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec);
setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain)40     boolean setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain);
41 
42     // APIs used by CertInstaller and DevicePolicyManager
installCaCertificate(in byte[] caCertificate)43     String installCaCertificate(in byte[] caCertificate);
44 
45     // APIs used by DevicePolicyManager
installKeyPair( in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias, int uid)46     boolean installKeyPair(
47         in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias, int uid);
removeKeyPair(String alias)48     boolean removeKeyPair(String alias);
containsKeyPair(String alias)49     boolean containsKeyPair(String alias);
getGrants(String alias)50     int[] getGrants(String alias);
51 
52     // APIs used by Settings
deleteCaCertificate(String alias)53     boolean deleteCaCertificate(String alias);
reset()54     boolean reset();
getUserCaAliases()55     StringParceledListSlice getUserCaAliases();
getSystemCaAliases()56     StringParceledListSlice getSystemCaAliases();
containsCaAlias(String alias)57     boolean containsCaAlias(String alias);
getEncodedCaCertificate(String alias, boolean includeDeletedSystem)58     byte[] getEncodedCaCertificate(String alias, boolean includeDeletedSystem);
getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem)59     List<String> getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem);
setCredentialManagementApp(String packageName, in AppUriAuthenticationPolicy policy)60     void setCredentialManagementApp(String packageName, in AppUriAuthenticationPolicy policy);
hasCredentialManagementApp()61     boolean hasCredentialManagementApp();
getCredentialManagementAppPackageName()62     String getCredentialManagementAppPackageName();
getCredentialManagementAppPolicy()63     AppUriAuthenticationPolicy getCredentialManagementAppPolicy();
getPredefinedAliasForPackageAndUri(String packageName, in Uri uri)64     String getPredefinedAliasForPackageAndUri(String packageName, in Uri uri);
removeCredentialManagementApp()65     void removeCredentialManagementApp();
isCredentialManagementApp(String packageName)66     boolean isCredentialManagementApp(String packageName);
67 
68     // APIs used by KeyChainActivity
69     // setGrant may fail with value=false when ungrant operation fails in KeyStore.
setGrant(int uid, String alias, boolean value)70     boolean setGrant(int uid, String alias, boolean value);
hasGrant(int uid, String alias)71     boolean hasGrant(int uid, String alias);
72 
73     // API used by Wifi
getWifiKeyGrantAsUser(String alias)74     String getWifiKeyGrantAsUser(String alias);
75 }
76