identity/WritableCredential.h - android_system_security - Gitiles

 /*
  * Copyright (c) 2019, The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #ifndef SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_
 #define SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_

 #include <string>
 #include <vector>

 #include <android/security/identity/BnWritableCredential.h>

 #include <android/hardware/identity/IIdentityCredentialStore.h>

 #include "Credential.h"

 namespace android {
 namespace security {
 namespace identity {

 using ::android::binder::Status;
 using ::android::hardware::identity::HardwareInformation;
 using ::android::hardware::identity::IWritableIdentityCredential;
 using ::std::string;
 using ::std::vector;

 class WritableCredential : public BnWritableCredential {
   public:
     WritableCredential(const string& dataPath, const string& credentialName, const string& docType,
                        bool isUpdate, HardwareInformation hwInfo,
                        sp<IWritableIdentityCredential> halBinder);
     ~WritableCredential();

     // Used when updating a credential
     void setAttestationCertificate(const vector<uint8_t>& attestationCertificate);
     void setAvailableAuthenticationKeys(int keyCount, int maxUsesPerKey,
                                         int64_t minValidTimeMillis);

     // Used by Credential::update()
     void setCredentialToReloadWhenUpdated(sp<Credential> credential);

     // IWritableCredential overrides
     Status getCredentialKeyCertificateChain(const vector<uint8_t>& challenge,
                                             vector<uint8_t>* _aidl_return) override;

     Status personalize(const vector<AccessControlProfileParcel>& accessControlProfiles,
                        const vector<EntryNamespaceParcel>& entryNamespaces, int64_t secureUserId,
                        vector<uint8_t>* _aidl_return) override;

   private:
     string dataPath_;
     string credentialName_;
     string docType_;
     bool isUpdate_;
     HardwareInformation hwInfo_;
     sp<IWritableIdentityCredential> halBinder_;

     vector<uint8_t> attestationCertificate_;
     int keyCount_ = 0;
     int maxUsesPerKey_ = 1;
     int64_t minValidTimeMillis_ = 0;

     sp<Credential> credentialToReloadWhenUpdated_;

     ssize_t calcExpectedProofOfProvisioningSize(
         const vector<AccessControlProfileParcel>& accessControlProfiles,
         const vector<EntryNamespaceParcel>& entryNamespaces);

     Status ensureAttestationCertificateExists(const vector<uint8_t>& challenge);
 };

 }  // namespace identity
 }  // namespace security
 }  // namespace android

 #endif  // SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_
	/*
	* Copyright (c) 2019, The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#ifndef SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_
	#define SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_

	#include <string>
	#include <vector>

	#include <android/security/identity/BnWritableCredential.h>

	#include <android/hardware/identity/IIdentityCredentialStore.h>

	#include "Credential.h"

	namespace android {
	namespace security {
	namespace identity {

	using ::android::binder::Status;
	using ::android::hardware::identity::HardwareInformation;
	using ::android::hardware::identity::IWritableIdentityCredential;
	using ::std::string;
	using ::std::vector;

	class WritableCredential : public BnWritableCredential {
	public:
	WritableCredential(const string& dataPath, const string& credentialName, const string& docType,
	bool isUpdate, HardwareInformation hwInfo,
	sp<IWritableIdentityCredential> halBinder);
	~WritableCredential();

	// Used when updating a credential
	void setAttestationCertificate(const vector<uint8_t>& attestationCertificate);
	void setAvailableAuthenticationKeys(int keyCount, int maxUsesPerKey,
	int64_t minValidTimeMillis);

	// Used by Credential::update()
	void setCredentialToReloadWhenUpdated(sp<Credential> credential);

	// IWritableCredential overrides
	Status getCredentialKeyCertificateChain(const vector<uint8_t>& challenge,
	vector<uint8_t>* _aidl_return) override;

	Status personalize(const vector<AccessControlProfileParcel>& accessControlProfiles,
	const vector<EntryNamespaceParcel>& entryNamespaces, int64_t secureUserId,
	vector<uint8_t>* _aidl_return) override;

	private:
	string dataPath_;
	string credentialName_;
	string docType_;
	bool isUpdate_;
	HardwareInformation hwInfo_;
	sp<IWritableIdentityCredential> halBinder_;

	vector<uint8_t> attestationCertificate_;
	int keyCount_ = 0;
	int maxUsesPerKey_ = 1;
	int64_t minValidTimeMillis_ = 0;

	sp<Credential> credentialToReloadWhenUpdated_;

	ssize_t calcExpectedProofOfProvisioningSize(
	const vector<AccessControlProfileParcel>& accessControlProfiles,
	const vector<EntryNamespaceParcel>& entryNamespaces);

	Status ensureAttestationCertificateExists(const vector<uint8_t>& challenge);
	};

	} // namespace identity
	} // namespace security
	} // namespace android

	#endif // SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_