1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.rkp.service; 18 19 import static android.annotation.SystemApi.Client.SYSTEM_SERVER; 20 21 import android.annotation.NonNull; 22 import android.annotation.SystemApi; 23 24 /** 25 * Certified keys that have been received from the RKPD app. These keys are represented as 26 * implementation-specific binary key blobs and binary X.509 certificate chains. 27 * 28 * @see RegistrationProxy#getKeyAsync 29 * @hide 30 */ 31 @SystemApi(client = SYSTEM_SERVER) 32 public class RemotelyProvisionedKey { 33 private final byte[] mKeyBlob; 34 private final byte[] mEncodedCertChain; 35 36 /** @hide */ RemotelyProvisionedKey(com.android.rkpdapp.RemotelyProvisionedKey key)37 protected RemotelyProvisionedKey(com.android.rkpdapp.RemotelyProvisionedKey key) { 38 this.mKeyBlob = key.keyBlob; 39 this.mEncodedCertChain = key.encodedCertChain; 40 } 41 42 /** 43 * Accessor for a key blob to be used with a HAL. 44 * 45 * @return The raw key, encoded in an implementation-specific way according to the underlying 46 * HAL that generated the key. 47 */ 48 @NonNull getKeyBlob()49 public byte[] getKeyBlob() { 50 return mKeyBlob; 51 } 52 53 /** 54 * Accessor for the remotely-provisioned certificate chain for the key. 55 * 56 * @return a DER-encoded X.509 certificate chain 57 */ 58 @NonNull getEncodedCertChain()59 public byte[] getEncodedCertChain() { 60 return mEncodedCertChain; 61 } 62 } 63