1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.webkit; 18 19import android.annotation.NonNull; 20import android.annotation.Nullable; 21import android.annotation.SystemApi; 22import android.net.Uri; 23 24import java.security.KeyPair; 25 26/** 27 * Enables the token binding procotol, and provides access to the keys. See 28 * https://tools.ietf.org/html/draft-ietf-tokbind-protocol-03 29 * 30 * All methods are required to be called on the UI thread where WebView is 31 * attached to the View hierarchy. 32 * @hide 33 */ 34@SystemApi 35public abstract class TokenBindingService { 36 37 public static final String KEY_ALGORITHM_RSA2048_PKCS_1_5 = "RSA2048_PKCS_1.5"; 38 public static final String KEY_ALGORITHM_RSA2048_PSS = "RSA2048PSS"; 39 public static final String KEY_ALGORITHM_ECDSAP256 = "ECDSAP256"; 40 41 /** 42 * Provides the KeyPair information. 43 */ 44 public static abstract class TokenBindingKey { 45 /** 46 * The public, private key pair. 47 */ 48 public abstract KeyPair getKeyPair(); 49 50 /** 51 * The algorithm that is used to generate the key pair. 52 */ 53 public abstract String getAlgorithm(); 54 } 55 56 /** 57 * Returns the default TokenBinding service instance. At present there is 58 * only one token binding service instance for all WebView instances, 59 * however this restriction may be relaxed in the future. 60 * 61 * @return The default TokenBindingService instance. 62 */ 63 public static TokenBindingService getInstance() { 64 return WebViewFactory.getProvider().getTokenBindingService(); 65 } 66 67 /** 68 * Enables the token binding protocol. The token binding protocol 69 * has to be enabled before creating any WebViews. 70 * 71 * @throws IllegalStateException if a WebView was already created. 72 */ 73 public abstract void enableTokenBinding(); 74 75 /** 76 * Retrieves the key pair for a given origin from the internal 77 * TokenBinding key store asynchronously. 78 * 79 * The user can provide a list of acceptable algorithms for the retrieved 80 * key pair. If a key pair exists and it is in the list of algorithms, then 81 * the key is returned. If it is not in the list, no key is returned. 82 * 83 * If no key pair exists, WebView chooses an algorithm from the list, in 84 * the order given, to generate a key. 85 * 86 * The user can pass {@code null} if any algorithm is acceptable. 87 * 88 * @param origin The origin for the server. 89 * @param algorithm The list of algorithms. An IllegalArgumentException is thrown if array is 90 * empty. 91 * @param callback The callback that will be called when key is available. 92 */ 93 public abstract void getKey(Uri origin, 94 @Nullable String[] algorithm, 95 @NonNull ValueCallback<TokenBindingKey> callback); 96 /** 97 * Deletes specified key (for use when associated cookie is cleared). 98 * 99 * @param origin The origin of the server. 100 * @param callback The callback that will be called when key is deleted. The 101 * callback parameter (Boolean) will indicate if operation is 102 * successful or if failed. 103 */ 104 public abstract void deleteKey(Uri origin, 105 @Nullable ValueCallback<Boolean> callback); 106 107 /** 108 * Deletes all the keys (for use when cookies are cleared). 109 * 110 * @param callback The callback that will be called when keys are deleted. 111 * The callback parameter (Boolean) will indicate if operation is 112 * successful or if failed. 113 */ 114 public abstract void deleteAllKeys(@Nullable ValueCallback<Boolean> callback); 115} 116