From 7b7940186fafcdf4bb15ea8e087b8cf345cd53c8 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Thu, 28 Jun 2018 15:21:18 +0200
Subject: First draft of an external TLS provider app.

---
 .../openvpn/api/ExternalCertificateProvider.aidl   | 28 ++++++++++++++++++++++
 .../de/blinkt/openvpn/api/IOpenVPNAPIService.aidl  |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 main/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl

(limited to 'main/src')

diff --git a/main/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl b/main/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
new file mode 100644
index 00000000..d1e1a4bf
--- /dev/null
+++ b/main/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
@@ -0,0 +1,28 @@
+// ExternalCertificateProvider.aidl
+package de.blinkt.openvpn.api;
+
+
+/*
+ * This is very simple interface that is specialised to have only the minimal set of crypto
+ * operation that are needed for OpenVPN to authenticate with an external certificate
+ */
+interface ExternalCertificateProvider {
+    /**
+     * Requests signing the data with RSA/ECB/PKCS1PADDING
+     * for RSA certficate and with NONEwithECDSA for EC certificates
+     * @parm alias the parameter that
+     */
+    byte[] getSignedData(String alias, in byte[] data);
+
+    /**
+     * Requests a
+     */
+    String[] getCertificateChain(in String alias);
+
+    /**
+     * request an Intent that should be started when user uses the select certificate box
+     * the already selected alias will be provided in the extra android.security.extra.KEY_ALIAS
+     * if applicable
+     */
+
+}
diff --git a/main/src/main/aidl/de/blinkt/openvpn/api/IOpenVPNAPIService.aidl b/main/src/main/aidl/de/blinkt/openvpn/api/IOpenVPNAPIService.aidl
index c0108a90..ac731b56 100644
--- a/main/src/main/aidl/de/blinkt/openvpn/api/IOpenVPNAPIService.aidl
+++ b/main/src/main/aidl/de/blinkt/openvpn/api/IOpenVPNAPIService.aidl
@@ -18,7 +18,7 @@ interface IOpenVPNAPIService {
 	boolean addVPNProfile (String name, String config);
 	
 	/** start a profile using a config as inline string. Make sure that all needed data is inlined,
-	 * e.g., using <ca>...</ca> or <auth-user-data>...</auth-user-data>
+	 * e.g., using <ca>...</ca> or <auth-user-pass>...</auth-user-pass>
 	 * See the OpenVPN manual page for more on inlining files */
 	void startVPN (in String inlineconfig);
 	
-- 
cgit v1.2.3