1*e1997b9aSAndroid Build Coastguard Worker /* 2*e1997b9aSAndroid Build Coastguard Worker * Copyright (c) 2019, The Android Open Source Project 3*e1997b9aSAndroid Build Coastguard Worker * 4*e1997b9aSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*e1997b9aSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*e1997b9aSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*e1997b9aSAndroid Build Coastguard Worker * 8*e1997b9aSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*e1997b9aSAndroid Build Coastguard Worker * 10*e1997b9aSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*e1997b9aSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*e1997b9aSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*e1997b9aSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*e1997b9aSAndroid Build Coastguard Worker * limitations under the License. 15*e1997b9aSAndroid Build Coastguard Worker */ 16*e1997b9aSAndroid Build Coastguard Worker 17*e1997b9aSAndroid Build Coastguard Worker #ifndef SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_ 18*e1997b9aSAndroid Build Coastguard Worker #define SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_ 19*e1997b9aSAndroid Build Coastguard Worker 20*e1997b9aSAndroid Build Coastguard Worker #include <string> 21*e1997b9aSAndroid Build Coastguard Worker #include <vector> 22*e1997b9aSAndroid Build Coastguard Worker 23*e1997b9aSAndroid Build Coastguard Worker #include <android/security/identity/BnWritableCredential.h> 24*e1997b9aSAndroid Build Coastguard Worker 25*e1997b9aSAndroid Build Coastguard Worker #include <android/hardware/identity/IIdentityCredentialStore.h> 26*e1997b9aSAndroid Build Coastguard Worker 27*e1997b9aSAndroid Build Coastguard Worker #include "Credential.h" 28*e1997b9aSAndroid Build Coastguard Worker 29*e1997b9aSAndroid Build Coastguard Worker namespace android { 30*e1997b9aSAndroid Build Coastguard Worker namespace security { 31*e1997b9aSAndroid Build Coastguard Worker namespace identity { 32*e1997b9aSAndroid Build Coastguard Worker 33*e1997b9aSAndroid Build Coastguard Worker using ::android::binder::Status; 34*e1997b9aSAndroid Build Coastguard Worker using ::android::hardware::identity::HardwareInformation; 35*e1997b9aSAndroid Build Coastguard Worker using ::android::hardware::identity::IWritableIdentityCredential; 36*e1997b9aSAndroid Build Coastguard Worker using ::std::string; 37*e1997b9aSAndroid Build Coastguard Worker using ::std::vector; 38*e1997b9aSAndroid Build Coastguard Worker 39*e1997b9aSAndroid Build Coastguard Worker class WritableCredential : public BnWritableCredential { 40*e1997b9aSAndroid Build Coastguard Worker public: 41*e1997b9aSAndroid Build Coastguard Worker WritableCredential(const string& dataPath, const string& credentialName, const string& docType, 42*e1997b9aSAndroid Build Coastguard Worker bool isUpdate, HardwareInformation hwInfo, 43*e1997b9aSAndroid Build Coastguard Worker sp<IWritableIdentityCredential> halBinder); 44*e1997b9aSAndroid Build Coastguard Worker ~WritableCredential(); 45*e1997b9aSAndroid Build Coastguard Worker 46*e1997b9aSAndroid Build Coastguard Worker // Used when updating a credential 47*e1997b9aSAndroid Build Coastguard Worker void setAttestationCertificate(const vector<uint8_t>& attestationCertificate); 48*e1997b9aSAndroid Build Coastguard Worker void setAvailableAuthenticationKeys(int keyCount, int maxUsesPerKey, 49*e1997b9aSAndroid Build Coastguard Worker int64_t minValidTimeMillis); 50*e1997b9aSAndroid Build Coastguard Worker 51*e1997b9aSAndroid Build Coastguard Worker // Used by Credential::update() 52*e1997b9aSAndroid Build Coastguard Worker void setCredentialToReloadWhenUpdated(sp<Credential> credential); 53*e1997b9aSAndroid Build Coastguard Worker 54*e1997b9aSAndroid Build Coastguard Worker // IWritableCredential overrides 55*e1997b9aSAndroid Build Coastguard Worker Status getCredentialKeyCertificateChain(const vector<uint8_t>& challenge, 56*e1997b9aSAndroid Build Coastguard Worker vector<uint8_t>* _aidl_return) override; 57*e1997b9aSAndroid Build Coastguard Worker 58*e1997b9aSAndroid Build Coastguard Worker Status personalize(const vector<AccessControlProfileParcel>& accessControlProfiles, 59*e1997b9aSAndroid Build Coastguard Worker const vector<EntryNamespaceParcel>& entryNamespaces, int64_t secureUserId, 60*e1997b9aSAndroid Build Coastguard Worker vector<uint8_t>* _aidl_return) override; 61*e1997b9aSAndroid Build Coastguard Worker 62*e1997b9aSAndroid Build Coastguard Worker private: 63*e1997b9aSAndroid Build Coastguard Worker string dataPath_; 64*e1997b9aSAndroid Build Coastguard Worker string credentialName_; 65*e1997b9aSAndroid Build Coastguard Worker string docType_; 66*e1997b9aSAndroid Build Coastguard Worker bool isUpdate_; 67*e1997b9aSAndroid Build Coastguard Worker HardwareInformation hwInfo_; 68*e1997b9aSAndroid Build Coastguard Worker sp<IWritableIdentityCredential> halBinder_; 69*e1997b9aSAndroid Build Coastguard Worker 70*e1997b9aSAndroid Build Coastguard Worker vector<uint8_t> attestationCertificate_; 71*e1997b9aSAndroid Build Coastguard Worker int keyCount_ = 0; 72*e1997b9aSAndroid Build Coastguard Worker int maxUsesPerKey_ = 1; 73*e1997b9aSAndroid Build Coastguard Worker int64_t minValidTimeMillis_ = 0; 74*e1997b9aSAndroid Build Coastguard Worker 75*e1997b9aSAndroid Build Coastguard Worker sp<Credential> credentialToReloadWhenUpdated_; 76*e1997b9aSAndroid Build Coastguard Worker 77*e1997b9aSAndroid Build Coastguard Worker ssize_t calcExpectedProofOfProvisioningSize( 78*e1997b9aSAndroid Build Coastguard Worker const vector<AccessControlProfileParcel>& accessControlProfiles, 79*e1997b9aSAndroid Build Coastguard Worker const vector<EntryNamespaceParcel>& entryNamespaces); 80*e1997b9aSAndroid Build Coastguard Worker 81*e1997b9aSAndroid Build Coastguard Worker Status ensureAttestationCertificateExists(const vector<uint8_t>& challenge); 82*e1997b9aSAndroid Build Coastguard Worker }; 83*e1997b9aSAndroid Build Coastguard Worker 84*e1997b9aSAndroid Build Coastguard Worker } // namespace identity 85*e1997b9aSAndroid Build Coastguard Worker } // namespace security 86*e1997b9aSAndroid Build Coastguard Worker } // namespace android 87*e1997b9aSAndroid Build Coastguard Worker 88*e1997b9aSAndroid Build Coastguard Worker #endif // SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_ 89