From 7b7940186fafcdf4bb15ea8e087b8cf345cd53c8 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Thu, 28 Jun 2018 15:21:18 +0200
Subject: First draft of an external TLS provider app.

---
 .../openvpn/api/ExternalCertificateProvider.aidl   | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl

(limited to 'tlsexternalcertprovider/src/main/aidl/de/blinkt')

diff --git a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
new file mode 100644
index 00000000..d1e1a4bf
--- /dev/null
+++ b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
@@ -0,0 +1,28 @@
+// ExternalCertificateProvider.aidl
+package de.blinkt.openvpn.api;
+
+
+/*
+ * This is very simple interface that is specialised to have only the minimal set of crypto
+ * operation that are needed for OpenVPN to authenticate with an external certificate
+ */
+interface ExternalCertificateProvider {
+    /**
+     * Requests signing the data with RSA/ECB/PKCS1PADDING
+     * for RSA certficate and with NONEwithECDSA for EC certificates
+     * @parm alias the parameter that
+     */
+    byte[] getSignedData(String alias, in byte[] data);
+
+    /**
+     * Requests a
+     */
+    String[] getCertificateChain(in String alias);
+
+    /**
+     * request an Intent that should be started when user uses the select certificate box
+     * the already selected alias will be provided in the extra android.security.extra.KEY_ALIAS
+     * if applicable
+     */
+
+}
-- 
cgit v1.2.3