1504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun/* 2504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Copyright (C) 2015 The Android Open Source Project 3504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * 4504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Licensed under the Apache License, Version 2.0 (the "License"); 5504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * you may not use this file except in compliance with the License. 6504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * You may obtain a copy of the License at 7504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * 8504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * http://www.apache.org/licenses/LICENSE-2.0 9504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * 10504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Unless required by applicable law or agreed to in writing, software 11504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * distributed under the License is distributed on an "AS IS" BASIS, 12504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * See the License for the specific language governing permissions and 14504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * limitations under the License. 15504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun */ 16504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun 17504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurunpackage android.webkit; 18504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun 19504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurunimport android.annotation.SystemApi; 20504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurunimport android.net.Uri; 21504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun 22504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurunimport java.security.KeyPair; 23504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurunimport java.security.spec.AlgorithmParameterSpec; 24504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun 25504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun/** 26504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Enables the token binding procotol, and provides access to the keys. See 27504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * https://tools.ietf.org/html/draft-ietf-tokbind-protocol-03 28504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * 29504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * All methods are required to be called on the UI thread where WebView is 30504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * attached to the View hierarchy. 31504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * @hide 32504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun */ 33a5171370f21079fa91f4521dc37ef1bf79931c8fSelim Gurun@SystemApi 34504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurunpublic abstract class TokenBindingService { 35504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun 36504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun public static final String KEY_ALGORITHM_RSA2048_PKCS_1_5 = "RSA2048_PKCS_1.5"; 37504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun public static final String KEY_ALGORITHM_RSA2048_PSS = "RSA2048PSS"; 38504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun public static final String KEY_ALGORITHM_ECDSAP256 = "ECDSAP256"; 39504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun 40504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun /** 4157a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * Provides the KeyPair information. 4257a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun */ 4357a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun public static abstract class TokenBindingKey { 4457a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun /** 4557a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * The public, private key pair. 4657a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun */ 4757a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun public abstract KeyPair getKeyPair(); 4857a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun 4957a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun /** 5057a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * The algorithm that is used to generate the key pair. 5157a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun */ 5257a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun public abstract String getAlgorithm(); 5357a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun } 5457a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun 5557a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun /** 56504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Returns the default TokenBinding service instance. At present there is 57504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * only one token binding service instance for all WebView instances, 58504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * however this restriction may be relaxed in the future. 59504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * 60504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * @return The default TokenBindingService instance. 61504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun */ 62504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun public static TokenBindingService getInstance() { 63504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun return WebViewFactory.getProvider().getTokenBindingService(); 64504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun } 65504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun 66504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun /** 67504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Enables the token binding protocol. The token binding protocol 68504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * has to be enabled before creating any WebViews. 69504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * 70504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * @throws IllegalStateException if a WebView was already created. 71504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun */ 72504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun public abstract void enableTokenBinding(); 73504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun 74504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun /** 75504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Retrieves the key pair for a given origin from the internal 76504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * TokenBinding key store asynchronously. 7757a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * 7857a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * The user can provide a list of acceptable algorithms for the retrieved 7957a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * key pair. If a key pair exists and it is in the list of algorithms, then 8057a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * the key is returned. If it is not in the list, no key is returned. 8157a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * 8257a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * If no key pair exists, WebView chooses an algorithm from the list, in 8357a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * the order given, to generate a key. 8457a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * 8557a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * The user can pass a null if any algorithm is acceptable. 86504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * 87504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * @param origin The origin for the server. 8857a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * @param algorithm The list of algorithms. Can be null. An 8957a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun * IllegalArgumentException is thrown if array is empty. 90504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * @param callback The callback that will be called when key is available. 91504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Cannot be null. 92504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun */ 93504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun public abstract void getKey(Uri origin, 9457a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun String[] algorithm, 9557a8d2ae313eca86bef05791ceb2f086ec5b96baSelim Gurun ValueCallback<TokenBindingKey> callback); 96504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun /** 97504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Deletes specified key (for use when associated cookie is cleared). 98504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * 99504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * @param origin The origin of the server. 100504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * @param callback The callback that will be called when key is deleted. The 101504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * callback parameter (Boolean) will indicate if operation is 102504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * successful or if failed. The callback can be null. 103504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun */ 104504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun public abstract void deleteKey(Uri origin, 105504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun ValueCallback<Boolean> callback); 106504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun 107504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun /** 108504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * Deletes all the keys (for use when cookies are cleared). 109504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * 110504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * @param callback The callback that will be called when keys are deleted. 111504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * The callback parameter (Boolean) will indicate if operation is 112504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun * successful or if failed. The callback can be null. 113504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun */ 114504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun public abstract void deleteAllKeys(ValueCallback<Boolean> callback); 115504b81b02c428bbb59ca1704d653d0897e25c370Selim Gurun} 116