First draft of an external TLS provider app.

author: Arne Schwabe <arne@rfc2549.org> 2018-06-28 15:21:18 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2018-07-27 12:53:11 +0200
commit: 7b7940186fafcdf4bb15ea8e087b8cf345cd53c8 (patch)
tree: d11cb5bc887ace20d14ef42daf778709e7eb5e79 /tlsexternalcertprovider/src/main/aidl
parent: d8ee68b5d912933f36e0fc9edc63a2e7eb7f819f (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
new file mode 100644
index 00000000..d1e1a4bf
--- /dev/null
+++ b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
@@ -0,0 +1,28 @@
+// ExternalCertificateProvider.aidl
+package de.blinkt.openvpn.api;
+
+
+/*
+ * This is very simple interface that is specialised to have only the minimal set of crypto
+ * operation that are needed for OpenVPN to authenticate with an external certificate
+ */
+interface ExternalCertificateProvider {
+    /**
+     * Requests signing the data with RSA/ECB/PKCS1PADDING
+     * for RSA certficate and with NONEwithECDSA for EC certificates
+     * @parm alias the parameter that
+     */
+    byte[] getSignedData(String alias, in byte[] data);
+
+    /**
+     * Requests a
+     */
+    String[] getCertificateChain(in String alias);
+
+    /**
+     * request an Intent that should be started when user uses the select certificate box
+     * the already selected alias will be provided in the extra android.security.extra.KEY_ALIAS
+     * if applicable
+     */
+
+}
author	Arne Schwabe <arne@rfc2549.org>	2018-06-28 15:21:18 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2018-07-27 12:53:11 +0200
commit	7b7940186fafcdf4bb15ea8e087b8cf345cd53c8 (patch)
tree	d11cb5bc887ace20d14ef42daf778709e7eb5e79 /tlsexternalcertprovider/src/main/aidl
parent	d8ee68b5d912933f36e0fc9edc63a2e7eb7f819f (diff)