1 /* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package android.security; 17 18 import android.content.pm.StringParceledListSlice; 19 import android.security.keymaster.KeymasterCertificateChain; 20 import android.security.keystore.ParcelableKeyGenParameterSpec; 21 22 /** 23 * Caller is required to ensure that {@link KeyStore#unlock 24 * KeyStore.unlock} was successful. 25 * 26 * @hide 27 */ 28 interface IKeyChainService { 29 // APIs used by KeyChain 30 @UnsupportedAppUsage requestPrivateKey(String alias)31 String requestPrivateKey(String alias); getCertificate(String alias)32 byte[] getCertificate(String alias); getCaCertificates(String alias)33 byte[] getCaCertificates(String alias); isUserSelectable(String alias)34 boolean isUserSelectable(String alias); setUserSelectable(String alias, boolean isUserSelectable)35 void setUserSelectable(String alias, boolean isUserSelectable); 36 generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec)37 int generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec); attestKey(in String alias, in byte[] challenge, in int[] idAttestationFlags, out KeymasterCertificateChain chain)38 int attestKey(in String alias, in byte[] challenge, in int[] idAttestationFlags, 39 out KeymasterCertificateChain chain); setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain)40 boolean setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain); 41 42 // APIs used by CertInstaller and DevicePolicyManager installCaCertificate(in byte[] caCertificate)43 String installCaCertificate(in byte[] caCertificate); 44 45 // APIs used by DevicePolicyManager installKeyPair(in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias)46 boolean installKeyPair(in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias); removeKeyPair(String alias)47 boolean removeKeyPair(String alias); 48 49 // APIs used by Settings deleteCaCertificate(String alias)50 boolean deleteCaCertificate(String alias); reset()51 boolean reset(); getUserCaAliases()52 StringParceledListSlice getUserCaAliases(); getSystemCaAliases()53 StringParceledListSlice getSystemCaAliases(); containsCaAlias(String alias)54 boolean containsCaAlias(String alias); getEncodedCaCertificate(String alias, boolean includeDeletedSystem)55 byte[] getEncodedCaCertificate(String alias, boolean includeDeletedSystem); getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem)56 List<String> getCaCertificateChainAliases(String rootAlias, boolean includeDeletedSystem); 57 58 // APIs used by KeyChainActivity setGrant(int uid, String alias, boolean value)59 void setGrant(int uid, String alias, boolean value); hasGrant(int uid, String alias)60 boolean hasGrant(int uid, String alias); 61 } 62