1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.webkit; 18 19import android.annotation.SystemApi; 20import android.net.Uri; 21 22import java.security.KeyPair; 23import java.security.spec.AlgorithmParameterSpec; 24 25/** 26 * Enables the token binding procotol, and provides access to the keys. See 27 * https://tools.ietf.org/html/draft-ietf-tokbind-protocol-03 28 * 29 * All methods are required to be called on the UI thread where WebView is 30 * attached to the View hierarchy. 31 * @hide 32 */ 33@SystemApi 34public abstract class TokenBindingService { 35 36 public static final String KEY_ALGORITHM_RSA2048_PKCS_1_5 = "RSA2048_PKCS_1.5"; 37 public static final String KEY_ALGORITHM_RSA2048_PSS = "RSA2048PSS"; 38 public static final String KEY_ALGORITHM_ECDSAP256 = "ECDSAP256"; 39 40 /** 41 * Provides the KeyPair information. 42 */ 43 public static abstract class TokenBindingKey { 44 /** 45 * The public, private key pair. 46 */ 47 public abstract KeyPair getKeyPair(); 48 49 /** 50 * The algorithm that is used to generate the key pair. 51 */ 52 public abstract String getAlgorithm(); 53 } 54 55 /** 56 * Returns the default TokenBinding service instance. At present there is 57 * only one token binding service instance for all WebView instances, 58 * however this restriction may be relaxed in the future. 59 * 60 * @return The default TokenBindingService instance. 61 */ 62 public static TokenBindingService getInstance() { 63 return WebViewFactory.getProvider().getTokenBindingService(); 64 } 65 66 /** 67 * Enables the token binding protocol. The token binding protocol 68 * has to be enabled before creating any WebViews. 69 * 70 * @throws IllegalStateException if a WebView was already created. 71 */ 72 public abstract void enableTokenBinding(); 73 74 /** 75 * Retrieves the key pair for a given origin from the internal 76 * TokenBinding key store asynchronously. 77 * 78 * The user can provide a list of acceptable algorithms for the retrieved 79 * key pair. If a key pair exists and it is in the list of algorithms, then 80 * the key is returned. If it is not in the list, no key is returned. 81 * 82 * If no key pair exists, WebView chooses an algorithm from the list, in 83 * the order given, to generate a key. 84 * 85 * The user can pass a null if any algorithm is acceptable. 86 * 87 * @param origin The origin for the server. 88 * @param algorithm The list of algorithms. Can be null. An 89 * IllegalArgumentException is thrown if array is empty. 90 * @param callback The callback that will be called when key is available. 91 * Cannot be null. 92 */ 93 public abstract void getKey(Uri origin, 94 String[] algorithm, 95 ValueCallback<TokenBindingKey> callback); 96 /** 97 * Deletes specified key (for use when associated cookie is cleared). 98 * 99 * @param origin The origin of the server. 100 * @param callback The callback that will be called when key is deleted. The 101 * callback parameter (Boolean) will indicate if operation is 102 * successful or if failed. The callback can be null. 103 */ 104 public abstract void deleteKey(Uri origin, 105 ValueCallback<Boolean> callback); 106 107 /** 108 * Deletes all the keys (for use when cookies are cleared). 109 * 110 * @param callback The callback that will be called when keys are deleted. 111 * The callback parameter (Boolean) will indicate if operation is 112 * successful or if failed. The callback can be null. 113 */ 114 public abstract void deleteAllKeys(ValueCallback<Boolean> callback); 115} 116