1 /* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.security; 17 18 import android.content.pm.StringParceledListSlice; 19 import android.security.keymaster.KeymasterCertificateChain; 20 import android.security.keystore.ParcelableKeyGenParameterSpec; 21 22 /** 23 * Caller is required to ensure that {@link KeyStore#unlock 24 * KeyStore.unlock} was successful. 25 * 26 * @hide 27 */ 28 interface IKeyChainService { 29 // APIs used by KeyChain requestPrivateKey(String alias)30 String requestPrivateKey(String alias); getCertificate(String alias)31 byte[] getCertificate(String alias); getCaCertificates(String alias)32 byte[] getCaCertificates(String alias); isUserSelectable(String alias)33 boolean isUserSelectable(String alias); setUserSelectable(String alias, boolean isUserSelectable)34 void setUserSelectable(String alias, boolean isUserSelectable); 35 generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec)36 int generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec); attestKey(in String alias, in byte[] challenge, in int[] idAttestationFlags, out KeymasterCertificateChain chain)37 int attestKey(in String alias, in byte[] challenge, in int[] idAttestationFlags, 38 out KeymasterCertificateChain chain); setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain)39 boolean setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain); 40 41 // APIs used by CertInstaller and DevicePolicyManager installCaCertificate(in byte[] caCertificate)42 String installCaCertificate(in byte[] caCertificate); 43 44 // APIs used by DevicePolicyManager installKeyPair(in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias)45 boolean installKeyPair(in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias); removeKeyPair(String alias)46 boolean removeKeyPair(String alias); 47 48 // APIs used by Settings deleteCaCertificate(String alias)49 boolean deleteCaCertificate(String alias); reset()50 boolean reset(); getUserCaAliases()51 StringParceledListSlice getUserCaAliases(); getSystemCaAliases()52 StringParceledListSlice getSystemCaAliases(); containsCaAlias(String alias)53 boolean containsCaAlias(String alias); getEncodedCaCertificate(String alias, boolean includeDeletedSystem)54 byte[] getEncodedCaCertificate(String alias, boolean includeDeletedSystem); getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem)55 List<String> getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem); 56 57 // APIs used by KeyChainActivity setGrant(int uid, String alias, boolean value)58 void setGrant(int uid, String alias, boolean value); hasGrant(int uid, String alias)59 boolean hasGrant(int uid, String alias); 60 } 61