1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
|
/*
* Copyright (C) 2021 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security.attestationverification;
import android.annotation.NonNull;
import android.os.Binder;
import android.os.Bundle;
import android.os.Parcelable;
import android.security.attestationverification.AttestationVerificationManager.LocalBindingType;
import android.security.attestationverification.AttestationVerificationManager.VerificationResult;
import com.android.internal.util.DataClass;
import com.android.internal.util.Parcelling;
import com.android.internal.util.Parcelling.BuiltIn.ForInstant;
import java.time.Duration;
import java.util.concurrent.Executor;
import java.util.function.BiConsumer;
/**
* Token representing the result of an attestation verification, which can be passed to other parts
* of the OS or other apps as proof of the verification.
*
* Tokens are only valid within the same UID (which means within a single app unless the deprecated
* android:sharedUserId manifest value is used).
*
* @hide
* @see Bundle#putParcelable(String, Parcelable)
*/
@DataClass(
genConstructor = false,
genHiddenBuilder = true
)
public final class VerificationToken implements Parcelable {
/**
* The attestation profile which was used to perform the verification.
* @hide
*/
@NonNull
private final AttestationProfile mAttestationProfile;
/**
* The local binding type of the local binding data used to perform the verification.
* @hide
*/
@LocalBindingType
private final int mLocalBindingType;
/**
* The requirements used to perform the verification.
* @hide
*/
@NonNull
private final Bundle mRequirements;
/**
* The result of the {@link AttestationVerificationManager#verifyAttestation(int, int, Bundle,
* byte[], Executor, BiConsumer)} call. This value is kept hidden to prevent token holders from
* accidentally reading this value without calling {@code verifyToken}. Do <b>not</b> use this
* value directly; call {@link AttestationVerificationManager#verifyToken(VerificationToken,
* Duration)} to verify a valid token and it will return this value.
*
* If the token is valid, this value is returned directly by {#verifyToken}.
*
* @hide
*/
@VerificationResult
private final int mVerificationResult;
/**
* Time when the token was generated, set by the system.
*/
@NonNull
@DataClass.ParcelWith(ForInstant.class)
private final java.time.Instant mVerificationTime;
/**
* A Hash-based message authentication code used to verify the contents and authenticity of the
* rest of the token. The hash is created using a secret key known only to the system server.
* When verifying the token, the system re-hashes the token and verifies the generated HMAC is
* the same.
*
* @hide
*/
@NonNull
private final byte[] mHmac;
/**
* The UID of the process which called {@code verifyAttestation} to create the token, as
* returned by {@link Binder#getCallingUid()}. Calls to {@code verifyToken} will fail if the UID
* of calling process does not match this value. This ensures that tokens cannot be shared
* between UIDs.
*
* @hide
*/
private int mUid;
// Code below generated by codegen v1.0.23.
//
// DO NOT MODIFY!
// CHECKSTYLE:OFF Generated code
//
// To regenerate run:
// $ codegen $ANDROID_BUILD_TOP/frameworks/base/core/java/android/security/attestationverification/VerificationToken.java
//
// To exclude the generated code from IntelliJ auto-formatting enable (one-time):
// Settings > Editor > Code Style > Formatter Control
//@formatter:off
@DataClass.Generated.Member
/* package-private */ VerificationToken(
@NonNull AttestationProfile attestationProfile,
@LocalBindingType int localBindingType,
@NonNull Bundle requirements,
@VerificationResult int verificationResult,
@NonNull java.time.Instant verificationTime,
@NonNull byte[] hmac,
int uid) {
this.mAttestationProfile = attestationProfile;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mAttestationProfile);
this.mLocalBindingType = localBindingType;
com.android.internal.util.AnnotationValidations.validate(
LocalBindingType.class, null, mLocalBindingType);
this.mRequirements = requirements;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mRequirements);
this.mVerificationResult = verificationResult;
com.android.internal.util.AnnotationValidations.validate(
VerificationResult.class, null, mVerificationResult);
this.mVerificationTime = verificationTime;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mVerificationTime);
this.mHmac = hmac;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mHmac);
this.mUid = uid;
// onConstructed(); // You can define this method to get a callback
}
/**
* The attestation profile which was used to perform the verification.
*/
@DataClass.Generated.Member
public @NonNull AttestationProfile getAttestationProfile() {
return mAttestationProfile;
}
/**
* The local binding type of the local binding data used to perform the verification.
*/
@DataClass.Generated.Member
public @LocalBindingType int getLocalBindingType() {
return mLocalBindingType;
}
/**
* The requirements used to perform the verification.
*/
@DataClass.Generated.Member
public @NonNull Bundle getRequirements() {
return mRequirements;
}
/**
* The result of the {@link AttestationVerificationManager#verifyAttestation(int, int, Bundle,
* byte[], Executor, BiConsumer)} call. This value is kept hidden to prevent token holders from
* accidentally reading this value without calling {@code verifyToken}. Do <b>not</b> use this
* value directly; call {@link AttestationVerificationManager#verifyToken(VerificationToken,
* Duration)} to verify a valid token and it will return this value.
*
* If the token is valid, this value is returned directly by {#verifyToken}.
*
* @hide
*/
@DataClass.Generated.Member
public @VerificationResult int getVerificationResult() {
return mVerificationResult;
}
/**
* Time when the token was generated, set by the system.
*/
@DataClass.Generated.Member
public @NonNull java.time.Instant getVerificationTime() {
return mVerificationTime;
}
/**
* A Hash-based message authentication code used to verify the contents and authenticity of the
* rest of the token. The hash is created using a secret key known only to the system server.
* When verifying the token, the system re-hashes the token and verifies the generated HMAC is
* the same.
*
* @hide
*/
@DataClass.Generated.Member
public @NonNull byte[] getHmac() {
return mHmac;
}
/**
* The UID of the process which called {@code verifyAttestation} to create the token, as
* returned by {@link Binder#getCallingUid()}. Calls to {@code verifyToken} will fail if the UID
* of calling process does not match this value. This ensures that tokens cannot be shared
* between UIDs.
*
* @hide
*/
@DataClass.Generated.Member
public int getUid() {
return mUid;
}
@DataClass.Generated.Member
static Parcelling<java.time.Instant> sParcellingForVerificationTime =
Parcelling.Cache.get(
ForInstant.class);
static {
if (sParcellingForVerificationTime == null) {
sParcellingForVerificationTime = Parcelling.Cache.put(
new ForInstant());
}
}
@Override
@DataClass.Generated.Member
public void writeToParcel(@NonNull android.os.Parcel dest, int flags) {
// You can override field parcelling by defining methods like:
// void parcelFieldName(Parcel dest, int flags) { ... }
dest.writeTypedObject(mAttestationProfile, flags);
dest.writeInt(mLocalBindingType);
dest.writeBundle(mRequirements);
dest.writeInt(mVerificationResult);
sParcellingForVerificationTime.parcel(mVerificationTime, dest, flags);
dest.writeByteArray(mHmac);
dest.writeInt(mUid);
}
@Override
@DataClass.Generated.Member
public int describeContents() { return 0; }
/** @hide */
@SuppressWarnings({"unchecked", "RedundantCast"})
@DataClass.Generated.Member
/* package-private */ VerificationToken(@NonNull android.os.Parcel in) {
// You can override field unparcelling by defining methods like:
// static FieldType unparcelFieldName(Parcel in) { ... }
AttestationProfile attestationProfile = (AttestationProfile) in.readTypedObject(AttestationProfile.CREATOR);
int localBindingType = in.readInt();
Bundle requirements = in.readBundle();
int verificationResult = in.readInt();
java.time.Instant verificationTime = sParcellingForVerificationTime.unparcel(in);
byte[] hmac = in.createByteArray();
int uid = in.readInt();
this.mAttestationProfile = attestationProfile;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mAttestationProfile);
this.mLocalBindingType = localBindingType;
com.android.internal.util.AnnotationValidations.validate(
LocalBindingType.class, null, mLocalBindingType);
this.mRequirements = requirements;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mRequirements);
this.mVerificationResult = verificationResult;
com.android.internal.util.AnnotationValidations.validate(
VerificationResult.class, null, mVerificationResult);
this.mVerificationTime = verificationTime;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mVerificationTime);
this.mHmac = hmac;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mHmac);
this.mUid = uid;
// onConstructed(); // You can define this method to get a callback
}
@DataClass.Generated.Member
public static final @NonNull Parcelable.Creator<VerificationToken> CREATOR
= new Parcelable.Creator<VerificationToken>() {
@Override
public VerificationToken[] newArray(int size) {
return new VerificationToken[size];
}
@Override
public VerificationToken createFromParcel(@NonNull android.os.Parcel in) {
return new VerificationToken(in);
}
};
/**
* A builder for {@link VerificationToken}
* @hide
*/
@SuppressWarnings("WeakerAccess")
@DataClass.Generated.Member
public static final class Builder {
private @NonNull AttestationProfile mAttestationProfile;
private @LocalBindingType int mLocalBindingType;
private @NonNull Bundle mRequirements;
private @VerificationResult int mVerificationResult;
private @NonNull java.time.Instant mVerificationTime;
private @NonNull byte[] mHmac;
private int mUid;
private long mBuilderFieldsSet = 0L;
/**
* Creates a new Builder.
*
* @param attestationProfile
* The attestation profile which was used to perform the verification.
* @param localBindingType
* The local binding type of the local binding data used to perform the verification.
* @param requirements
* The requirements used to perform the verification.
* @param verificationResult
* The result of the {@link AttestationVerificationManager#verifyAttestation(int, int, Bundle,
* byte[], Executor, BiConsumer)} call. This value is kept hidden to prevent token holders from
* accidentally reading this value without calling {@code verifyToken}. Do <b>not</b> use this
* value directly; call {@link AttestationVerificationManager#verifyToken(VerificationToken,
* Duration)} to verify a valid token and it will return this value.
*
* If the token is valid, this value is returned directly by {#verifyToken}.
* @param verificationTime
* Time when the token was generated, set by the system.
* @param hmac
* A Hash-based message authentication code used to verify the contents and authenticity of the
* rest of the token. The hash is created using a secret key known only to the system server.
* When verifying the token, the system re-hashes the token and verifies the generated HMAC is
* the same.
* @param uid
* The UID of the process which called {@code verifyAttestation} to create the token, as
* returned by {@link Binder#getCallingUid()}. Calls to {@code verifyToken} will fail if the UID
* of calling process does not match this value. This ensures that tokens cannot be shared
* between UIDs.
*/
public Builder(
@NonNull AttestationProfile attestationProfile,
@LocalBindingType int localBindingType,
@NonNull Bundle requirements,
@VerificationResult int verificationResult,
@NonNull java.time.Instant verificationTime,
@NonNull byte[] hmac,
int uid) {
mAttestationProfile = attestationProfile;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mAttestationProfile);
mLocalBindingType = localBindingType;
com.android.internal.util.AnnotationValidations.validate(
LocalBindingType.class, null, mLocalBindingType);
mRequirements = requirements;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mRequirements);
mVerificationResult = verificationResult;
com.android.internal.util.AnnotationValidations.validate(
VerificationResult.class, null, mVerificationResult);
mVerificationTime = verificationTime;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mVerificationTime);
mHmac = hmac;
com.android.internal.util.AnnotationValidations.validate(
NonNull.class, null, mHmac);
mUid = uid;
}
/**
* The attestation profile which was used to perform the verification.
*/
@DataClass.Generated.Member
public @NonNull Builder setAttestationProfile(@NonNull AttestationProfile value) {
checkNotUsed();
mBuilderFieldsSet |= 0x1;
mAttestationProfile = value;
return this;
}
/**
* The local binding type of the local binding data used to perform the verification.
*/
@DataClass.Generated.Member
public @NonNull Builder setLocalBindingType(@LocalBindingType int value) {
checkNotUsed();
mBuilderFieldsSet |= 0x2;
mLocalBindingType = value;
return this;
}
/**
* The requirements used to perform the verification.
*/
@DataClass.Generated.Member
public @NonNull Builder setRequirements(@NonNull Bundle value) {
checkNotUsed();
mBuilderFieldsSet |= 0x4;
mRequirements = value;
return this;
}
/**
* The result of the {@link AttestationVerificationManager#verifyAttestation(int, int, Bundle,
* byte[], Executor, BiConsumer)} call. This value is kept hidden to prevent token holders from
* accidentally reading this value without calling {@code verifyToken}. Do <b>not</b> use this
* value directly; call {@link AttestationVerificationManager#verifyToken(VerificationToken,
* Duration)} to verify a valid token and it will return this value.
*
* If the token is valid, this value is returned directly by {#verifyToken}.
*
* @hide
*/
@DataClass.Generated.Member
public @NonNull Builder setVerificationResult(@VerificationResult int value) {
checkNotUsed();
mBuilderFieldsSet |= 0x8;
mVerificationResult = value;
return this;
}
/**
* Time when the token was generated, set by the system.
*/
@DataClass.Generated.Member
public @NonNull Builder setVerificationTime(@NonNull java.time.Instant value) {
checkNotUsed();
mBuilderFieldsSet |= 0x10;
mVerificationTime = value;
return this;
}
/**
* A Hash-based message authentication code used to verify the contents and authenticity of the
* rest of the token. The hash is created using a secret key known only to the system server.
* When verifying the token, the system re-hashes the token and verifies the generated HMAC is
* the same.
*
* @hide
*/
@DataClass.Generated.Member
public @NonNull Builder setHmac(@NonNull byte... value) {
checkNotUsed();
mBuilderFieldsSet |= 0x20;
mHmac = value;
return this;
}
/**
* The UID of the process which called {@code verifyAttestation} to create the token, as
* returned by {@link Binder#getCallingUid()}. Calls to {@code verifyToken} will fail if the UID
* of calling process does not match this value. This ensures that tokens cannot be shared
* between UIDs.
*
* @hide
*/
@DataClass.Generated.Member
public @NonNull Builder setUid(int value) {
checkNotUsed();
mBuilderFieldsSet |= 0x40;
mUid = value;
return this;
}
/** Builds the instance. This builder should not be touched after calling this! */
public @NonNull VerificationToken build() {
checkNotUsed();
mBuilderFieldsSet |= 0x80; // Mark builder used
VerificationToken o = new VerificationToken(
mAttestationProfile,
mLocalBindingType,
mRequirements,
mVerificationResult,
mVerificationTime,
mHmac,
mUid);
return o;
}
private void checkNotUsed() {
if ((mBuilderFieldsSet & 0x80) != 0) {
throw new IllegalStateException(
"This Builder should not be reused. Use a new Builder instance instead");
}
}
}
@DataClass.Generated(
time = 1633629747234L,
codegenVersion = "1.0.23",
sourceFile = "frameworks/base/core/java/android/security/attestationverification/VerificationToken.java",
inputSignatures = "private final @android.annotation.NonNull android.security.attestationverification.AttestationProfile mAttestationProfile\nprivate final @android.security.attestationverification.AttestationVerificationManager.LocalBindingType int mLocalBindingType\nprivate final @android.annotation.NonNull android.os.Bundle mRequirements\nprivate final @android.security.attestationverification.AttestationVerificationManager.VerificationResult int mVerificationResult\nprivate final @android.annotation.NonNull @com.android.internal.util.DataClass.ParcelWith(com.android.internal.util.Parcelling.BuiltIn.ForInstant.class) java.time.Instant mVerificationTime\nprivate final @android.annotation.NonNull byte[] mHmac\nprivate int mUid\nclass VerificationToken extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genConstructor=false, genHiddenBuilder=true)")
@Deprecated
private void __metadata() {}
//@formatter:on
// End of generated code
}
|
