From b9ac2b15eac3e5e5f9dc89c948ec8278e2e7c1f9 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Mon, 6 Aug 2018 18:19:41 +0200
Subject: Implement certificate authentication via external provider

---
 .../openvpn/api/ExternalCertificateProvider.aidl   | 25 ++++++++++++++++------
 1 file changed, 18 insertions(+), 7 deletions(-)

(limited to 'tlsexternalcertprovider/src/main/aidl/de')

diff --git a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
index d1e1a4bf..c6db965b 100644
--- a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
+++ b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
@@ -12,17 +12,28 @@ interface ExternalCertificateProvider {
      * for RSA certficate and with NONEwithECDSA for EC certificates
      * @parm alias the parameter that
      */
-    byte[] getSignedData(String alias, in byte[] data);
+    byte[] getSignedData(in String alias, in byte[] data);
 
     /**
-     * Requests a
+     * Requests the certificate chain for the selected alias
+     * The first certifcate returned is assumed to be
+     * the user certificate
      */
-    String[] getCertificateChain(in String alias);
+    byte[] getCertificateChain(in String alias);
 
     /**
-     * request an Intent that should be started when user uses the select certificate box
-     * the already selected alias will be provided in the extra android.security.extra.KEY_ALIAS
-     * if applicable
+     * This function is called for the app to get additional meta information from the
+     * external provider and will be called with the stored alias in the app
+     *
+     * For external app provider that do not provide an activity to configure them, this
+     * is used to get the alias that should be used.
+     * The format is the same as the activity should return, i.e.
+     *
+     * EXTRA_ALIAS = "de.blinkt.openvpn.api.KEY_ALIAS"
+     * EXTRA_DESCRIPTION = "de.blinkt.openvpn.api.KEY_DESCRIPTION"
+     *
+     * as the keys for the bundle.
+     *
      */
-
+    Bundle getCertificateMetaData(in String alias);
 }
-- 
cgit v1.2.3