1 /*
2  * Copyright (c) 2019, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_
18 #define SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_
19 
20 #include <string>
21 #include <vector>
22 
23 #include <android/security/identity/BnWritableCredential.h>
24 
25 #include <android/hardware/identity/IIdentityCredentialStore.h>
26 
27 #include "Credential.h"
28 
29 namespace android {
30 namespace security {
31 namespace identity {
32 
33 using ::android::binder::Status;
34 using ::android::hardware::identity::HardwareInformation;
35 using ::android::hardware::identity::IWritableIdentityCredential;
36 using ::std::string;
37 using ::std::vector;
38 
39 class WritableCredential : public BnWritableCredential {
40   public:
41     WritableCredential(const string& dataPath, const string& credentialName, const string& docType,
42                        bool isUpdate, HardwareInformation hwInfo,
43                        sp<IWritableIdentityCredential> halBinder);
44     ~WritableCredential();
45 
46     // Used when updating a credential
47     void setAttestationCertificate(const vector<uint8_t>& attestationCertificate);
48     void setAvailableAuthenticationKeys(int keyCount, int maxUsesPerKey,
49                                         int64_t minValidTimeMillis);
50 
51     // Used by Credential::update()
52     void setCredentialToReloadWhenUpdated(sp<Credential> credential);
53 
54     // IWritableCredential overrides
55     Status getCredentialKeyCertificateChain(const vector<uint8_t>& challenge,
56                                             vector<uint8_t>* _aidl_return) override;
57 
58     Status personalize(const vector<AccessControlProfileParcel>& accessControlProfiles,
59                        const vector<EntryNamespaceParcel>& entryNamespaces, int64_t secureUserId,
60                        vector<uint8_t>* _aidl_return) override;
61 
62   private:
63     string dataPath_;
64     string credentialName_;
65     string docType_;
66     bool isUpdate_;
67     HardwareInformation hwInfo_;
68     sp<IWritableIdentityCredential> halBinder_;
69 
70     vector<uint8_t> attestationCertificate_;
71     int keyCount_ = 0;
72     int maxUsesPerKey_ = 1;
73     int64_t minValidTimeMillis_ = 0;
74 
75     sp<Credential> credentialToReloadWhenUpdated_;
76 
77     ssize_t calcExpectedProofOfProvisioningSize(
78         const vector<AccessControlProfileParcel>& accessControlProfiles,
79         const vector<EntryNamespaceParcel>& entryNamespaces);
80 
81     Status ensureAttestationCertificateExists(const vector<uint8_t>& challenge);
82 };
83 
84 }  // namespace identity
85 }  // namespace security
86 }  // namespace android
87 
88 #endif  // SYSTEM_SECURITY_WRITABLE_CREDENTIAL_H_
89