Since: API level 20
public class

UniversalCredentialManager

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.ucm.configurator.UniversalCredentialManager

Class Overview

This class provides APIs for Configurator application to manage and configure Credential storages on the device. Credential Storage represent UCM plugin application. UCM framework binds to all Credential Storages on device. Configurator app can call getAvailableCredentialStorages() API to find all the Credential Storage on device. Configurator should manage Credential Storage by calling manageCredentialStorage(CredentialStorage, boolean) API before it calls other management API's.

Since
API level 20
KNOX 2.7

Summary

Constants
String ACTION_UCM_CONFIG_STATUS This broadcast intent is sent to notify Credential storage config status.
String ACTION_UCM_KEYGUARD_SET This broadcast intent is sent to notify all that UCM keyguard has been set
String ACTION_UCM_KEYGUARD_UNSET This broadcast intent is sent to notify all that UCM keyguard has been unset
String ACTION_UCM_NOTIFY_EVENT This broadcast intent is sent to notify UCM events.
String ACTION_UCM_REFRESH_AGENT_DONE This broadcast intent is sent to notify that agent refresh is done to caller
String APPLET_FORM_FACTOR_ESE This constant defines value for eSE form factor.
String APPLET_FORM_FACTOR_ESE1 This constant defines value for eSE1 form factor.
String APPLET_FORM_FACTOR_SD This constant defines value for SD form factor.
String APPLET_FORM_FACTOR_SD1 This constant defines value for SD1 form factor.
String APPLET_FORM_FACTOR_SIM This constant defines value for SIM form factor.
String APPLET_FORM_FACTOR_SIM1 This constant defines value for SIM1 form factor.
String APPLET_FORM_FACTOR_SIM2 This constant defines value for SIM2 form factor.
String BUNDLE_CA_CERT_TYPE This constant defines Bundle extra for CA certificate.
String BUNDLE_EXTRA_ACCESS_TYPE This constant defines Bundle extra for Credential Storage access type.
String BUNDLE_EXTRA_ADD_PIN_CACHE_EXEMPTLIST This constant defines Bundle Extra to add packages to pin cache exemptlist.
String BUNDLE_EXTRA_ALIAS This constant defines Bundle extra for alias name.
String BUNDLE_EXTRA_ALLOW_WIFI This constant defines Bundle extra to allow wifi certificate.
String BUNDLE_EXTRA_ENFORCE_LOCK_TYPE_DIRECT_SET This constant defines Bundle extra to specify if enforce lock type setting is directly shown.
String BUNDLE_EXTRA_EVENT_ID This constant defines Bundle extra for event id.
String BUNDLE_EXTRA_ODE_CA_CERT This constant defines Bundle extra to specify if CA certificate is for ODE.
String BUNDLE_EXTRA_PACKAGE This constant defines Bundle extra for package.
String BUNDLE_EXTRA_PIN_CACHE This constant defines Bundle extra for pin cache.
String BUNDLE_EXTRA_PIN_CACHE_TIMEOUT_MINUTES This constant defines Bundle Extra for timeout.
String BUNDLE_EXTRA_REMOVE_PIN_CACHE_EXEMPTLIST This constant defines Bundle Extra to remove packages from pin cache exemptlist.
String BUNDLE_EXTRA_REQUEST_ID This constant defines Bundle extra for request id.
String BUNDLE_EXTRA_STATUS_CODE This constant defines Bundle extra for status code.
String BUNDLE_EXTRA_USER_ID This constant defines Bundle Extra for user id.
int ERROR_UCM_ALIAS_ALREADY_EXIST This error constant is returned when certificate alias already exist for Credential Storage.
int ERROR_UCM_ALIAS_EMPTY This error constant is returned when Alias name is empty in Bundle.
int ERROR_UCM_ALIAS_NOT_EXIST This error constant is returned when alias do not exist for Credential storage.
int ERROR_UCM_APP_SIGNATURE_INVALID This error constant is returned when application signature is invalid.
int ERROR_UCM_CALLER_NOT_ALLOWED_TO_MANAGE_STORAGE This error constant is returned when caller is not allowed to manage Storage.
int ERROR_UCM_CALLER_NOT_CONTAINER_OWNER This error constant is returned when caller is not the owner of container.
int ERROR_UCM_FAILURE This error constant is returned when API execution failed.
int ERROR_UCM_INSTALL_DELEGATION_NOT_ALLOWED This error constant is returned when install delegation is not allowed.
int ERROR_UCM_INVALID_ACCESS_TYPE This error constant is returned when Access type is invalid.
int ERROR_UCM_INVALID_AUTH_TYPE This error constant is returned when Authentication type is invalid.
int ERROR_UCM_INVALID_CERTIFICATE This error constant is returned when certificate is not valid.
int ERROR_UCM_INVALID_EXEMPT_TYPE This error constant is returned when Exempt type is invalid.
int ERROR_UCM_INVALID_STORAGE_OPTION This error constant is returned when Storage option is invalid.
int ERROR_UCM_KEYGUARD_CONFIGURED This error constant is returned when configurator tries to unmanaged storage which is configured with Keyguard.
int ERROR_UCM_MISSING_ARGUMENT This error constant is returned when mandatory arguments were not passed.
int ERROR_UCM_PASSWORD_QUALITY_NOT_UNSPECIFIED This error constant is returned when current password quality is not "PASSWORD_QUALITY_UNSPECIFIED".
int ERROR_UCM_PASSWORD_UNSUPPORTED_STORAGE This error constant is returned when trying to set lock type to a Storage which does not support GeneratePassword.
int ERROR_UCM_STORAGE_ALREADY_CONFIGURED This error constant is returned when other admin has already configured the Credential storage as device lock type.
int ERROR_UCM_STORAGE_DELEGATION_NOT_ALLOWED This error constant is returned when storage delegation is not allowed.
int ERROR_UCM_STORAGE_NOT_ENABLED This error constant is returned when Credential storage is not enabled.
int ERROR_UCM_STORAGE_NOT_MANAGEABLE This error constant is returned when Storage is not manageable.
int ERROR_UCM_STORAGE_NOT_VALID This error constant is returned when Credential storage is not valid.
int EVENT_PLUGIN_LICENSE_EXPIRED This constant is returned in ACTION_UCM_NOTIFY_EVENT when Credential Storage license expired.
int EVENT_PLUGIN_UNINSTALLED This constant is returned in ACTION_UCM_NOTIFY_EVENT when Credential Storage uninstalled.
int PIN_CACHE_KEYGUARD_TIMEOUT This constant defines value to cache pin till keyguard timeout.
int PIN_CACHE_TIMEOUT This constant defines value to cache pin till timeout.
String RESET_APPLET_FORM_FACTOR This constant defines value to reset form factor to default.
String SCP_SD This constant defines value for CA certificate type.
int UCM_ACCESS_TYPE_CERTIFICATE This constant defines value for Certificate access type.
int UCM_ACCESS_TYPE_INSTALL This constant defines the Install delegation for access type
int UCM_ACCESS_TYPE_STORAGE This constant defines value for Storage access type.
String UCM_APPLET_ID This constant defines value for APPLET ID.
String UCM_APPLET_INSTALL_LOCATION This constant defines value for APPLET INSTALL location.
int UCM_AUTH_TYPE_LOCKED This constant defines value for Lock authentication type.
int UCM_AUTH_TYPE_NONE This constant defines value for NONE authentication type.
int UCM_EXEMPT_TYPE_AUTH This constant defines value for exempt type authentication.
int UCM_SUCCESS This constant is returned when API execution is successful.
int UCM_SUCCESS_KEYGUARD_ALREADY_CONFIGURED This constant is returned when same admin has already configured the keyguard using same plugin.
String WIFI_VIRTUAL_PACKAGE This constant defines value for virtual Wifi package.
Public Methods
int addPackagesToExemptList(CredentialStorage cs, int type, List<AppIdentity> list)
API to exempt application(s) to use Credential storage.
int addPackagesToWhiteList(CredentialStorage cs, List<AppIdentity> list, Bundle extras)
API to whitelist application(s) to use Credential storage or access the Certificate stored inside Credential Storage.
int clearWhiteList(CredentialStorage cs, Bundle extras)
API to clear whitelisted application(s) which are allowed to use Credential storage or access Certificate stored in Credential storage.
int configureCredentialStorageForODESettings(CredentialStorage cs, Bundle scpParam)
API to configure Credential Storage for ODE Settings.
int configureCredentialStoragePlugin(CredentialStorage cs, Bundle pluginConfig)
API to configure Credential storage plugin.
int deleteCACertificate(String alias)
API to delete CA certificate.
int deleteCertificate(CredentialStorage cs, String alias)
API to delete certificate from Credential storage.
int enforceCredentialStorageAsLockType(CredentialStorage cs)
API to enforce the Credential storage as Lock type.
int enforceCredentialStorageAsLockType(CredentialStorage cs, Bundle options)
API to enforce the Credential storage as Lock type.
String[] getAliases(CredentialStorage cs)
API to get all the certificate aliases related to Credential storage.
int getAuthType(CredentialStorage cs)
API to get the Authentication type for Credential storage.
CredentialStorage[] getAvailableCredentialStorages()
API to get the list of all available Credential storages on device.
CACertificateInfo getCACertificate(String alias)
API to get CA certificate.
String[] getCACertificateAliases(Bundle option)
API to get CA certificate aliases.
Bundle getCredentialStoragePluginConfiguration(CredentialStorage cs)
API to get Credential storage plugin configuration.
Bundle getCredentialStorageProperty(CredentialStorage cs, Bundle data)
API to get plugin property.
CredentialStorage[] getCredentialStorages(String packageName)
API to get all the Credential Storages which can be accessed by a package.
CredentialStorage getEnforcedCredentialStorageForLockType()
API to get the Credential storage which is enforced as Lock type.
Bundle getODESettingsConfiguration()
API to get ODE configuration settings.
List<AppIdentity> getPackagesFromExemptList(CredentialStorage cs, int type)
API to get the exempted application(s) related to Credential storage.
List<AppIdentity> getPackagesFromWhiteList(CredentialStorage cs, Bundle extras)
API to get all whitelisted application(s) which are allowed to use Credential storage or access Certificate stored in Credential storage.
String[] getSupportedAlgorithms(CredentialStorage cs)
API to get all the supported algorithms related to Credential storage.
synchronized static UniversalCredentialManager getUCMManager(Context context)
API to get UniversalCredentialManager instance.
synchronized static UniversalCredentialManager getUCMManager(Context context, int containerID)
API to get UniversalCredentialManager instance.
int installCACertificate(byte[] certBytes, String alias, Bundle options)
API to install CA certificate for SCP communication.
int installCertificate(CredentialStorage cs, byte[] certBytes, String alias, String privateKeyPassword, Bundle options)
API to install certificate in Credential storage.
boolean isCredentialStorageManaged(CredentialStorage cs)
API to check whether Credential Storage is managed by calling Configurator.
int manageCredentialStorage(CredentialStorage cs, boolean enable)
API to manage or unmanage Credential storage.
int removePackagesFromExemptList(CredentialStorage cs, int type, List<AppIdentity> list)
API to remove exempted application(s) related to Credential storage.
int removePackagesFromWhiteList(CredentialStorage cs, List<AppIdentity> list, Bundle extras)
API to remove whitelisted application(s) which are allowed to use Credential storage or access Certificate stored in Credential Storage.
int setAuthType(CredentialStorage cs, int type)
API to set the Authentication type for Credential storage.
Bundle setCredentialStorageProperty(CredentialStorage cs, Bundle property)
API to send properties to Credential Storage.
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final String ACTION_UCM_CONFIG_STATUS

Since: API level 20

This broadcast intent is sent to notify Credential storage config status.

Since
API level 20
KNOX 2.7
Constant Value: "com.samsung.android.knox.intent.action.UCM_CONFIG_STATUS"

public static final String ACTION_UCM_KEYGUARD_SET

Since: API level 20

This broadcast intent is sent to notify all that UCM keyguard has been set

Since
API level 20
KNOX 2.7
Constant Value: "com.samsung.android.knox.intent.action.UCM_KEYGUARD_SET"

public static final String ACTION_UCM_KEYGUARD_UNSET

Since: API level 20

This broadcast intent is sent to notify all that UCM keyguard has been unset

Since
API level 20
KNOX 2.7
Constant Value: "com.samsung.android.knox.intent.action.UCM_KEYGUARD_UNSET"

public static final String ACTION_UCM_NOTIFY_EVENT

Since: API level 20

This broadcast intent is sent to notify UCM events.

Since
API level 20
KNOX 2.7
Constant Value: "com.samsung.android.knox.intent.action.UCM_NOTIFY_EVENT"

public static final String ACTION_UCM_REFRESH_AGENT_DONE

Since: API level 26

This broadcast intent is sent to notify that agent refresh is done to caller

Since
API level 26
KNOX 3.2
Constant Value: "com.samsung.android.knox.intent.action.UCM_REFRESH_AGENT_DONE"

public static final String APPLET_FORM_FACTOR_ESE

Since: API level 20

This constant defines value for eSE form factor.

Since
API level 20
KNOX 2.7
Constant Value: "eSE"

public static final String APPLET_FORM_FACTOR_ESE1

Since: API level 20

This constant defines value for eSE1 form factor.

Since
API level 20
KNOX 2.7
Constant Value: "eSE1"

public static final String APPLET_FORM_FACTOR_SD

Since: API level 20

This constant defines value for SD form factor.

Since
API level 20
KNOX 2.7
Constant Value: "SD"

public static final String APPLET_FORM_FACTOR_SD1

Since: API level 20

This constant defines value for SD1 form factor.

Since
API level 20
KNOX 2.7
Constant Value: "SD1"

public static final String APPLET_FORM_FACTOR_SIM

Since: API level 20

This constant defines value for SIM form factor.

Since
API level 20
KNOX 2.7
Constant Value: "SIM"

public static final String APPLET_FORM_FACTOR_SIM1

Since: API level 20

This constant defines value for SIM1 form factor.

Since
API level 20
KNOX 2.7
Constant Value: "SIM1"

public static final String APPLET_FORM_FACTOR_SIM2

Since: API level 20

This constant defines value for SIM2 form factor.

Since
API level 20
KNOX 2.7
Constant Value: "SIM2"

public static final String BUNDLE_CA_CERT_TYPE

Since: API level 20

This constant defines Bundle extra for CA certificate.

Since
API level 20
KNOX 2.7
Constant Value: "cert_type"

public static final String BUNDLE_EXTRA_ACCESS_TYPE

Since: API level 20

This constant defines Bundle extra for Credential Storage access type.

Since
API level 20
KNOX 2.7
Constant Value: "access_type"

public static final String BUNDLE_EXTRA_ADD_PIN_CACHE_EXEMPTLIST

Since: API level 20

This constant defines Bundle Extra to add packages to pin cache exemptlist.

Since
API level 20
KNOX 2.7
Constant Value: "add_pin_cache_exemptlist"

public static final String BUNDLE_EXTRA_ALIAS

Since: API level 20

This constant defines Bundle extra for alias name.

Since
API level 20
KNOX 2.7
Constant Value: "alias"

public static final String BUNDLE_EXTRA_ALLOW_WIFI

Since: API level 20

This constant defines Bundle extra to allow wifi certificate.

Since
API level 20
KNOX 2.7
Constant Value: "allow_wifi"

public static final String BUNDLE_EXTRA_ENFORCE_LOCK_TYPE_DIRECT_SET

Since: API level 22

This constant defines Bundle extra to specify if enforce lock type setting is directly shown.

Since
API level 22
KNOX 2.8
Constant Value: "enforce_lock_type_direct_set"

public static final String BUNDLE_EXTRA_EVENT_ID

Since: API level 20

This constant defines Bundle extra for event id.

Since
API level 20
KNOX 2.7
Constant Value: "event_id"

public static final String BUNDLE_EXTRA_ODE_CA_CERT

Since: API level 20

This constant defines Bundle extra to specify if CA certificate is for ODE.

Since
API level 20
KNOX 2.7
Constant Value: "ode_ca_cert"

public static final String BUNDLE_EXTRA_PACKAGE

Since: API level 20

This constant defines Bundle extra for package.

Since
API level 20
KNOX 2.7
Constant Value: "package_name"

public static final String BUNDLE_EXTRA_PIN_CACHE

Since: API level 20

This constant defines Bundle extra for pin cache.

Since
API level 20
KNOX 2.7
Constant Value: "pin_cache"

public static final String BUNDLE_EXTRA_PIN_CACHE_TIMEOUT_MINUTES

Since: API level 20

This constant defines Bundle Extra for timeout.

Since
API level 20
KNOX 2.7
Constant Value: "timeout"

public static final String BUNDLE_EXTRA_REMOVE_PIN_CACHE_EXEMPTLIST

Since: API level 20

This constant defines Bundle Extra to remove packages from pin cache exemptlist.

Since
API level 20
KNOX 2.7
Constant Value: "remove_pin_cache_exemptlist"

public static final String BUNDLE_EXTRA_REQUEST_ID

Since: API level 20

This constant defines Bundle extra for request id.

Since
API level 20
KNOX 2.7
Constant Value: "request_id"

public static final String BUNDLE_EXTRA_STATUS_CODE

Since: API level 20

This constant defines Bundle extra for status code.

Since
API level 20
KNOX 2.7
Constant Value: "status_code"

public static final String BUNDLE_EXTRA_USER_ID

Since: API level 20

This constant defines Bundle Extra for user id.

Since
API level 20
KNOX 2.7
Constant Value: "userId"

public static final int ERROR_UCM_ALIAS_ALREADY_EXIST

Since: API level 20

This error constant is returned when certificate alias already exist for Credential Storage.

Since
API level 20
KNOX 2.7
Constant Value: -20 (0xffffffec)

public static final int ERROR_UCM_ALIAS_EMPTY

Since: API level 20

This error constant is returned when Alias name is empty in Bundle.

Since
API level 20
KNOX 2.7
Constant Value: -16 (0xfffffff0)

public static final int ERROR_UCM_ALIAS_NOT_EXIST

Since: API level 20

This error constant is returned when alias do not exist for Credential storage.

Since
API level 20
KNOX 2.7
Constant Value: -14 (0xfffffff2)

public static final int ERROR_UCM_APP_SIGNATURE_INVALID

Since: API level 20

This error constant is returned when application signature is invalid.

Since
API level 20
KNOX 2.7
Constant Value: -18 (0xffffffee)

public static final int ERROR_UCM_CALLER_NOT_ALLOWED_TO_MANAGE_STORAGE

Since: API level 20

This error constant is returned when caller is not allowed to manage Storage.

Since
API level 20
KNOX 2.7
Constant Value: -23 (0xffffffe9)

public static final int ERROR_UCM_CALLER_NOT_CONTAINER_OWNER

Since: API level 20

This error constant is returned when caller is not the owner of container.

Since
API level 20
KNOX 2.7
Constant Value: -24 (0xffffffe8)

public static final int ERROR_UCM_FAILURE

Since: API level 20

This error constant is returned when API execution failed.

Since
API level 20
KNOX 2.7
Constant Value: -1 (0xffffffff)

public static final int ERROR_UCM_INSTALL_DELEGATION_NOT_ALLOWED

Since: API level 22

This error constant is returned when install delegation is not allowed.

Since
API level 22
KNOX 2.8
Constant Value: -29 (0xffffffe3)

public static final int ERROR_UCM_INVALID_ACCESS_TYPE

Since: API level 20

This error constant is returned when Access type is invalid.

Since
API level 20
KNOX 2.7
Constant Value: -15 (0xfffffff1)

public static final int ERROR_UCM_INVALID_AUTH_TYPE

Since: API level 20

This error constant is returned when Authentication type is invalid.

Since
API level 20
KNOX 2.7
Constant Value: -17 (0xffffffef)

public static final int ERROR_UCM_INVALID_CERTIFICATE

Since: API level 20

This error constant is returned when certificate is not valid.

Since
API level 20
KNOX 2.7
Constant Value: -25 (0xffffffe7)

public static final int ERROR_UCM_INVALID_EXEMPT_TYPE

Since: API level 20

This error constant is returned when Exempt type is invalid.

Since
API level 20
KNOX 2.7
Constant Value: -21 (0xffffffeb)

public static final int ERROR_UCM_INVALID_STORAGE_OPTION

Since: API level 20

This error constant is returned when Storage option is invalid.

Since
API level 20
KNOX 2.7
Constant Value: -19 (0xffffffed)

public static final int ERROR_UCM_KEYGUARD_CONFIGURED

Since: API level 20

This error constant is returned when configurator tries to unmanaged storage which is configured with Keyguard.

Since
API level 20
KNOX 2.7
Constant Value: -26 (0xffffffe6)

public static final int ERROR_UCM_MISSING_ARGUMENT

Since: API level 20

This error constant is returned when mandatory arguments were not passed.

Since
API level 20
KNOX 2.7
Constant Value: -11 (0xfffffff5)

public static final int ERROR_UCM_PASSWORD_QUALITY_NOT_UNSPECIFIED

Since: API level 20

This error constant is returned when current password quality is not "PASSWORD_QUALITY_UNSPECIFIED".

Since
API level 20
KNOX 2.7
Constant Value: -28 (0xffffffe4)

public static final int ERROR_UCM_PASSWORD_UNSUPPORTED_STORAGE

Since: API level 20

This error constant is returned when trying to set lock type to a Storage which does not support GeneratePassword.

Since
API level 20
KNOX 2.7
Constant Value: -27 (0xffffffe5)

public static final int ERROR_UCM_STORAGE_ALREADY_CONFIGURED

Since: API level 20

This error constant is returned when other admin has already configured the Credential storage as device lock type.

Since
API level 20
KNOX 2.7
Constant Value: -10 (0xfffffff6)

public static final int ERROR_UCM_STORAGE_DELEGATION_NOT_ALLOWED

Since: API level 22

This error constant is returned when storage delegation is not allowed.

Since
API level 22
KNOX 2.8
Constant Value: -30 (0xffffffe2)

public static final int ERROR_UCM_STORAGE_NOT_ENABLED

Since: API level 20

This error constant is returned when Credential storage is not enabled.

Since
API level 20
KNOX 2.7
Constant Value: -12 (0xfffffff4)

public static final int ERROR_UCM_STORAGE_NOT_MANAGEABLE

Since: API level 20

This error constant is returned when Storage is not manageable.

Since
API level 20
KNOX 2.7
Constant Value: -22 (0xffffffea)

public static final int ERROR_UCM_STORAGE_NOT_VALID

Since: API level 20

This error constant is returned when Credential storage is not valid.

Since
API level 20
KNOX 2.7
Constant Value: -13 (0xfffffff3)

public static final int EVENT_PLUGIN_LICENSE_EXPIRED

Since: API level 20

This constant is returned in ACTION_UCM_NOTIFY_EVENT when Credential Storage license expired.

Since
API level 20
KNOX 2.7
Constant Value: 2 (0x00000002)

public static final int EVENT_PLUGIN_UNINSTALLED

Since: API level 20

This constant is returned in ACTION_UCM_NOTIFY_EVENT when Credential Storage uninstalled.

Since
API level 20
KNOX 2.7
Constant Value: 1 (0x00000001)

public static final int PIN_CACHE_KEYGUARD_TIMEOUT

Since: API level 20

This constant defines value to cache pin till keyguard timeout.

Since
API level 20
KNOX 2.7
Constant Value: 2 (0x00000002)

public static final int PIN_CACHE_TIMEOUT

Since: API level 20

This constant defines value to cache pin till timeout.

Since
API level 20
KNOX 2.7
Constant Value: 1 (0x00000001)

public static final String RESET_APPLET_FORM_FACTOR

Since: API level 20

This constant defines value to reset form factor to default.

Since
API level 20
KNOX 2.7
Constant Value: "reset"

public static final String SCP_SD

Since: API level 20

This constant defines value for CA certificate type.

Since
API level 20
KNOX 2.7
Constant Value: "SCP_SD"

public static final int UCM_ACCESS_TYPE_CERTIFICATE

Since: API level 20

This constant defines value for Certificate access type.

Since
API level 20
KNOX 2.7
Constant Value: 104 (0x00000068)

public static final int UCM_ACCESS_TYPE_INSTALL

Since: API level 22

This constant defines the Install delegation for access type

Since
API level 22
KNOX 2.8
Constant Value: 107 (0x0000006b)

public static final int UCM_ACCESS_TYPE_STORAGE

Since: API level 20

This constant defines value for Storage access type.

Since
API level 20
KNOX 2.7
Constant Value: 103 (0x00000067)

public static final String UCM_APPLET_ID

Since: API level 20

This constant defines value for APPLET ID.

Since
API level 20
KNOX 2.7
Constant Value: "applet_id"

public static final String UCM_APPLET_INSTALL_LOCATION

Since: API level 20

This constant defines value for APPLET INSTALL location.

Since
API level 20
KNOX 2.7
Constant Value: "applet_location"

public static final int UCM_AUTH_TYPE_LOCKED

Since: API level 20

This constant defines value for Lock authentication type.

Since
API level 20
KNOX 2.7
Constant Value: 100 (0x00000064)

public static final int UCM_AUTH_TYPE_NONE

Since: API level 20

This constant defines value for NONE authentication type.

Since
API level 20
KNOX 2.7
Constant Value: 105 (0x00000069)

public static final int UCM_EXEMPT_TYPE_AUTH

Since: API level 20

This constant defines value for exempt type authentication.

Since
API level 20
KNOX 2.7
Constant Value: 106 (0x0000006a)

public static final int UCM_SUCCESS

Since: API level 20

This constant is returned when API execution is successful.

Since
API level 20
KNOX 2.7
Constant Value: 0 (0x00000000)

public static final int UCM_SUCCESS_KEYGUARD_ALREADY_CONFIGURED

Since: API level 21

This constant is returned when same admin has already configured the keyguard using same plugin.

Since
API level 21
KNOX 2.7.1
Constant Value: 10 (0x0000000a)

public static final String WIFI_VIRTUAL_PACKAGE

Since: API level 20

This constant defines value for virtual Wifi package.

Since
API level 20
KNOX 2.7
Constant Value: "com.samsung.knox.virtual.wifi"

Public Methods

public int addPackagesToExemptList (CredentialStorage cs, int type, List<AppIdentity> list)

Since: API level 20

API to exempt application(s) to use Credential storage.

Parameters
cs Credential Storage of plugin
type UCM_EXEMPT_TYPE_AUTH
list AppIdentity list to exempt
Throws
SecurityException If caller does not have required permissions
Usage

UCM default behavior is to allow whitelisted application(s) to access Credential Storage when device is locked. But authentication type is configured as UCM_AUTH_TYPE_LOCKED, application(s) cannot access Credential Storage when device is locked. In this case, Configurator can use this API to exempt application(s) to allow to access Credential storage even if device is locked.
This is required in case an application (running in background) need access to certificates when the device/container is locked or user is not expected to enter password. e.g - 3rd party VPN application which needs access to certificates without user interaction.
Valid exempt type is UCM_EXEMPT_TYPE_AUTH.
Note: Configurator application should use WIFI_VIRTUAL_PACKAGE package to exempt WIFI.
Note: Application signature is optional. It is recommended to send application signature for security purpose.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   Listlist = new ArrayList();
   AppIdentity pkg = new AppIdentity();
   pkg.setPackageName("com.android.myapplication");
   list.add(pkg);
 
   // allow WIFI
   AppIdentity wifi = new AppIdentity();
   wifi.setPackageName(WIFI_VIRTUAL_PACKAGE);
   list.add(wifi);
 
   int result = ucmMgr.addPackagesToExemptList(cs, UCM_EXEMPT_TYPE_AUTH, list);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   Listlist = new ArrayList();
   AppIdentity pkg = new AppIdentity();
   pkg.setPackageName("com.android.myapplication");
   list.add(pkg);

   int result = ucmMgr.addPackagesToExemptList(cs, UCM_EXEMPT_TYPE_AUTH, list);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int addPackagesToWhiteList (CredentialStorage cs, List<AppIdentity> list, Bundle extras)

Since: API level 20

API to whitelist application(s) to use Credential storage or access the Certificate stored inside Credential Storage.

Parameters
cs Credential Storage of plugin
list AppIdentity list to whitelist
extras bundle for whitelist type
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to whitelist application(s) to use Credential storage or access the Certificate stored inside Credential Storage.
There are two type of whitelist to access storage and access certificate stored inside Credential Storage.
So the application should be included in these two whitelist to access certificates. Configurator can use the wild character "*" to whitelist all applications to use Credential storage or access the Certificate.

Note: Application signature is optional. It is recommended to send application signature for security purpose.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   Listlist = new ArrayList();
   AppIdentity pkg = new AppIdentity();
   pkg.setPackageName("com.android.myapplication");
   list.add(pkg);
  
   // Whitelist application to access storage
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_STORAGE);
   int result = ucmMgr.addPackagesToWhiteList(cs, list, data);
   // Whitelist application to access Certificate stored inside Credential Storage.
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_CERTIFICATE);
   data.putString(BUNDLE_EXTRA_ALIAS, "test");
   result = ucmMgr.addPackagesToWhiteList(cs, list, data);
 } catch (SecurityException e) {
    Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   Listlist = new ArrayList();
   AppIdentity pkg = new AppIdentity();
   pkg.setPackageName("com.android.myapplication");
   list.add(pkg);
 
   // Whitelist application to access storage
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_STORAGE);
   int result = ucmMgr.addPackagesToWhiteList(cs, list, data);
   // Whitelist application to access Certificate stored inside Credential Storage.
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_CERTIFICATE);
   data.putString(BUNDLE_EXTRA_ALIAS, "alias_name");
   result = ucmMgr.addPackagesToWhiteList(cs, list, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int clearWhiteList (CredentialStorage cs, Bundle extras)

Since: API level 20

API to clear whitelisted application(s) which are allowed to use Credential storage or access Certificate stored in Credential storage.

Parameters
cs Credential Storage of plugin
extras bundle for whitelist type
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to clear whitelisted application(s) which are allowed to use Credential storage or access Certificate stored in Credential storage.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   // Clear whitelisted application which is allowed to access storage
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_STORAGE);
   int result = ucmMgr.clearWhiteList(cs, data);

   // Clear whitelisted application which is allowed to access Certificate stored inside Credential Storage
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_CERTIFICATE);
   data.putString(BUNDLE_EXTRA_ALIAS, "alias_name");
   result = ucmMgr.clearWhiteList(cs, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   // Clear whitelisted application which is allowed to access storage
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_STORAGE);
   int result = ucmMgr.clearWhiteList(cs, data);

   // Clear whitelisted application which is allowed to access Certificate stored inside Credential Storage
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_CERTIFICATE);
   data.putString(BUNDLE_EXTRA_ALIAS, "alias_name");
   result = ucmMgr.clearWhiteList(cs, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int configureCredentialStorageForODESettings (CredentialStorage cs, Bundle scpParam)

Since: API level 22

API to configure Credential Storage for ODE Settings.

Parameters
cs Credential Storage of plugin
scpParam SCP parameters it is vendor specific parameters
Returns
Throws
SecurityException If caller does not have required permissions or caller is not device administrator
Usage

Configurator can use this API to configure Credential Storage for ODE Settings. Credential Storage plugin with attribute "isODESupport = true" can be configured for ODE. Once configured then Credential Storage will be used for ODE configuration. If device is encrypted using UCM then Configurator application cannot set any new Credential Storage.
If device is encrypted using UCM yet then Configurator application which earlier set the Credential Storage can only remove the configured Credential Storage by passing null in the API.
Configurator has to be active administrator to call this API.

Note: This API is available in system user only.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   Bundle scpParam = new Bundle();
   int result = ucmMgr.configureCredentialStorageForODESettings(cs, scpParam);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 22
KNOX 2.8
Multiuser Environment
Global Scope

public int configureCredentialStoragePlugin (CredentialStorage cs, Bundle pluginConfig)

Since: API level 20

API to configure Credential storage plugin.

Parameters
cs CredentialStorage of plugin
pluginConfig bundle for configuration parameters
Returns
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to configure Credential storage plugin by passing Bundle data. Successful API call will return requestId.
Plugin can notify configure status to Configurator via ACTION_UCM_CONFIG_STATUS, and Configurator should match requestId received from API call with requestId received by intent to authenticate the plugin.

Note: Plugin vendor should share the bundle keys and values to Configurator and Configurator should know the keys to access data from bundle.
Note: requestId will always be > 10000 else it's an error.

  private BroadcastReceiver mUcsReceiver = new BroadcastReceiver() {
    public void onReceive(Context context, Intent intent) {
      if (intent.getAction().equals(UniversalCredentialStorageManager.INTENT_UCSM_CONFIG_STATUS)) {
        if(intent.getExtras() != null) {
          Bundle data = intent.getExtras();
          if(data != null) {
            int requestId = data.getInt(UniversalCredentialStorageManager.BUNDLE_EXTRA_REQUEST_ID , 0);
            int statusCode = data.getInt(UniversalCredentialStorageManager.BUNDLE_EXTRA_STATUS_CODE, -1);
          }
        }
      }
    }
  };
 
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   Bundle data = new Bundle();
   data.putString("Plugin pre-shared key", "Plugin pre-shared value");
   int requestId = ucmMgr.configureCredentialStoragePlugin(cs, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   Bundle data = new Bundle();
   data.putString("Plugin pre-shared key", "Plugin pre-shared value");
   int requestId = ucmMgr.configureCredentialStoragePlugin(cs, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int deleteCACertificate (String alias)

Since: API level 20

API to delete CA certificate.

Parameters
alias alias name to remove
Returns
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to delete CA certificate.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   int result = ucmMgr.deleteCACertificate(alias);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   int result = ucmMgr.deleteCACertificate(alias);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int deleteCertificate (CredentialStorage cs, String alias)

Since: API level 20

API to delete certificate from Credential storage.

Parameters
cs Credential Storage of plugin
alias alias name to remove
Returns
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to delete certificate from Credential storage.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   String alias = "alias_name";
   int result = ucmMgr.deleteCertificate(cs, alias);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   String alias = "alias_name";
   int result = ucmMgr.deleteCertificate(cs, alias);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int enforceCredentialStorageAsLockType (CredentialStorage cs)

Since: API level 20

API to enforce the Credential storage as Lock type.

Parameters
cs Credential Storage of plugin
Throws
SecurityException If caller does not have required permissions or caller is not device administrator
Usage

Configurator can use this API to enforce the Credential storage as only Lock Type.
If one Configurator set the Credential Storage Lock type for a user, then other admin cannot override it for the same user.
Even if this API is called, user still can use current lock type before UCM keyguard is enabled. But UCM keyguard is enabled once, user cannot change the lock type.
After Configurator revokes this policy, user can change the lock type. Configurator should pass Credential Storage object as null to revoke its policy.
Configurator has to be active administrator to call this API.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   int result = ucmMgr.enforceCredentialStorageAsLockType(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   int result = ucmMgr.enforceCredentialStorageAsLockType(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int enforceCredentialStorageAsLockType (CredentialStorage cs, Bundle options)

Since: API level 22

API to enforce the Credential storage as Lock type.

Parameters
cs Credential Storage of plugin
options includes BUNDLE_EXTRA_ENFORCE_LOCK_TYPE_DIRECT_SET options
Throws
SecurityException If caller does not have required permissions or caller is not device administrator
Usage

Configurator can use this API to enforce the Credential storage as only Lock Type.
If one Configurator set the Credential Storage Lock type for a user, then other admin cannot override it for the same user.
Even if this API is called, user still can use current lock type before UCM keyguard is enabled. But UCM keyguard is enabled once, user cannot change the lock type.
After Configurator revokes this policy, user can change the lock type. Configurator should pass Credential Storage object as null to revoke its policy.
Configurator has to be active administrator to call this API.

Note: If BUNDLE_EXTRA_ENFORCE_LOCK_TYPE_DIRECT_SET is true in bundle input parameter, lock type settings is shown directly.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   Bundle options = new Bundle();
   options.putBoolean(UniversalCredentialManager.BUNDLE_EXTRA_ENFORCE_LOCK_TYPE_DIRECT_SET, true);
   int result = ucmMgr.enforceCredentialStorageAsLockType(cs, options);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   Bundle options = new Bundle();
   options.putBoolean(UniversalCredentialManager.BUNDLE_EXTRA_ENFORCE_LOCK_TYPE_DIRECT_SET, true);
   int result = ucmMgr.enforceCredentialStorageAsLockType(cs, options);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 22
KNOX 2.8
Multiuser Environment
User Scope

public String[] getAliases (CredentialStorage cs)

Since: API level 20

API to get all the certificate aliases related to Credential storage.

Parameters
cs Credential Storage of plugin
Returns
  • String[] alias name list
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get all the aliases related to Credential storage.

Note: Certificate aliases will be returned which are only installed by Configurator.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   String[] aliases = ucmMgr.getAliases(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   String[] aliases = ucmMgr.getAliases(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int getAuthType (CredentialStorage cs)

Since: API level 20

API to get the Authentication type for Credential storage.

Parameters
cs Credential Storage of plugin
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get Authentication type for Credential storage.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   int type = ucmMgr.getAuthType(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   int type = ucmMgr.getAuthType(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public CredentialStorage[] getAvailableCredentialStorages ()

Since: API level 20

API to get the list of all available Credential storages on device.

Returns
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get the list of all available storages on device.

Note: Currently this API returns all the UCM plugin(s) installed in system user only.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage[] storages = ucmMgr.getAvailableCredentialStorages();
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage[] storages = ucmMgr.getAvailableCredentialStorages();
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public CACertificateInfo getCACertificate (String alias)

Since: API level 20

API to get CA certificate.

Parameters
alias alias name to get
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get CA certificate.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CACertificateInfo result = ucmMgr.getCACertificate(alias);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CACertificateInfo result = ucmMgr.getCACertificate(alias);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public String[] getCACertificateAliases (Bundle option)

Since: API level 20

API to get CA certificate aliases.

Parameters
option reserved
Returns
  • String[]
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get CA certificate aliases.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   Bundle options = new Bundle();
   String[] result = ucmMgr.getCACertificateAliases(options);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   Bundle options = new Bundle();
   String[] result = ucmMgr.getCACertificateAliases(options);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public Bundle getCredentialStoragePluginConfiguration (CredentialStorage cs)

Since: API level 20

API to get Credential storage plugin configuration.

Parameters
cs Credential Storage of plugin
Returns
  • Bundle for configuration parameters
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get Credential storage plugin configuration.

Note: Plugin vendor should share the bundle keys and values to Configurator and Configurator should know the keys to access data from bundle.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   Bundle data = ucmMgr.getCredentialStoragePluginConfiguration(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   Bundle data = ucmMgr.getCredentialStoragePluginConfiguration(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public Bundle getCredentialStorageProperty (CredentialStorage cs, Bundle data)

Since: API level 20

API to get plugin property.

Parameters
cs Credential Storage of plugin
data reserved
Returns
  • Bundle properties applied options and values
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get data from plugin.
If Configurator configured properties using setCredentialStorageProperty, Configurator can get applied properties using this API.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   Bundle option = ucmMgr.getCredentialStorageProperty(cs, null);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   Bundle option = ucmMgr.getCredentialStorageProperty(cs, null);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public CredentialStorage[] getCredentialStorages (String packageName)

Since: API level 20

API to get all the Credential Storages which can be accessed by a package.

Parameters
packageName package name of application to check Credential Storage access
Returns
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get all the Credential Storages which can be accessed by a package.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage[] storages = ucmMgr.getCredentialStorages("com.test");
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage[] storages = ucmMgr.getCredentialStorages("com.test");
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public CredentialStorage getEnforcedCredentialStorageForLockType ()

Since: API level 20

API to get the Credential storage which is enforced as Lock type.

Returns
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get the Credential storage which is enforced as Lock type.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage storage = ucmMgr.getEnforcedCredentialStorageForLockType();
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage storage = ucmMgr.getEnforcedCredentialStorageForLockType();
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public Bundle getODESettingsConfiguration ()

Since: API level 22

API to get ODE configuration settings.

Returns
  • Bundle configured ODE parameters
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get ODE configuration settings.

Note: This API is available in system user only.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   Bundle result = ucmMgr.getODESettingsConfiguration();
   String agentId = result.getString(UniversalCredentialUtil.AGENT_ID, "");
   byte[] pluginSignature = result.getByteArray(UniversalCredentialUtil.ODE_SIGNATURE);
   boolean encrypted = result.getBoolean(UniversalCredentialUtil.ODE_ENABLED, false);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 22
KNOX 2.8
Multiuser Environment
Global Scope

public List<AppIdentity> getPackagesFromExemptList (CredentialStorage cs, int type)

Since: API level 20

API to get the exempted application(s) related to Credential storage.

Parameters
cs Credential Storage of plugin
type UCM_EXEMPT_TYPE_AUTH
Returns
  • List of AppIdentity
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get the exempt application(s) related to Credential storage.
Valid exempt type is UCM_EXEMPT_TYPE_AUTH.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   List apps = ucmMgr.getPackagesFromExemptList(cs, UCM_EXEMPT_TYPE_AUTH);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   List apps = ucmMgr.getPackagesFromExemptList(cs, UCM_EXEMPT_TYPE_AUTH);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public List<AppIdentity> getPackagesFromWhiteList (CredentialStorage cs, Bundle extras)

Since: API level 20

API to get all whitelisted application(s) which are allowed to use Credential storage or access Certificate stored in Credential storage.

Parameters
cs Credential Storage of plugin
extras bundle for whitelist type
Returns
  • List of AppIdentity
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get all whitelisted application(s) which are allowed to use Credential storage or access Certificate stored in Credential storage.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   // Get all the whitelisted application(s) which are allowed to access storage
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_STORAGE);
   List list = ucmMgr.getPackagesFromWhiteList(cs, data);

   // Get all the whitelisted application(s) which are allowed to access Certificate stored inside Credential Storage.
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_CERTIFICATE);
   data.putString(BUNDLE_EXTRA_ALIAS, "alias_name");
   list = ucmMgr.getPackagesFromWhiteList(cs, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   // Get all the whitelisted application(s) which are allowed to access storage
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_STORAGE);
   List list = ucmMgr.getPackagesFromWhiteList(cs, data);

   // Get all the whitelisted application(s) which are allowed to access Certificate stored inside Credential Storage.
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_CERTIFICATE);
   data.putString(BUNDLE_EXTRA_ALIAS, "alias_name");
   list = ucmMgr.getPackagesFromWhiteList(cs, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public String[] getSupportedAlgorithms (CredentialStorage cs)

Since: API level 20

API to get all the supported algorithms related to Credential storage.

Returns
  • String[] supported algorithm list
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to get all the supported algorithms related to Credential storage.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   String[] algorithms = ucmMgr.getSupportedAlgorithms(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   String[] algorithms = ucmMgr.getSupportedAlgorithms(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public static synchronized UniversalCredentialManager getUCMManager (Context context)

Since: API level 20

API to get UniversalCredentialManager instance.

Parameters
context Context of calling application
Usage

API to get UniversalCredentialManager instance.

 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
Since
API level 20
KNOX 2.7

public static synchronized UniversalCredentialManager getUCMManager (Context context, int containerID)

Since: API level 20

API to get UniversalCredentialManager instance.

Parameters
context Context of calling application
containerID Id of the container
Usage

API to get UniversalCredentialManager instance.

 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
Since
API level 20
KNOX 2.7

public int installCACertificate (byte[] certBytes, String alias, Bundle options)

Since: API level 20

API to install CA certificate for SCP communication.

Parameters
certBytes CA certificate byte array to install
alias CA certificate alias to install
options bundle to determine CA certificate type
Returns
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to install certificate for SCP communication.

Note: Configurator should pass BUNDLE_EXTRA_ODE_CA_CERT equals true if CA certificate is for ODE configuration.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   File objFile = new File("/mnt/sdcard/cacert.der");
   byte object_buffer[] = new byte[(int) objFile.length()];
   FileInputStream fs = new FileInputStream(objFile);
   fs.read(object_buffer);
   fs.close();

   String alias = "ca_cert";
   Bundle options = new Bundle();
   options.putString(UniversalCredentialManager.BUNDLE_CA_CERT_TYPE, UniversalCredentialManager.SCP_SD);
   options.putBoolean(UniversalCredentialManager.BUNDLE_EXTRA_ODE_CA_CERT, false);
   int result = ucmMgr.installCACertificate(object_buffer, alias, options);
 
   // CA certificate for ode
   alias = "ca_cert_ode";
   options = new Bundle();
   options.putString(UniversalCredentialManager.BUNDLE_CA_CERT_TYPE, UniversalCredentialManager.SCP_SD);
   options.putBoolean(UniversalCredentialManager.BUNDLE_EXTRA_ODE_CA_CERT, true);
   result = ucmMgr.installCACertificate(object_buffer, alias, options);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   File objFile = new File("/mnt/sdcard/cacert.der");
   byte object_buffer[] = new byte[(int) objFile.length()];
   FileInputStream fs = new FileInputStream(objFile);
   fs.read(object_buffer);
   fs.close();

   String alias = "ca_cert";
   Bundle options = new Bundle();
   options.putString(UniversalCredentialManager.BUNDLE_CA_CERT_TYPE, UniversalCredentialManager.SCP_SD);
   options.putBoolean(UniversalCredentialManager.BUNDLE_EXTRA_ODE_CA_CERT, false);
   int result = ucmMgr.installCACertificate(object_buffer, alias, options);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int installCertificate (CredentialStorage cs, byte[] certBytes, String alias, String privateKeyPassword, Bundle options)

Since: API level 20

API to install certificate in Credential storage.

Parameters
cs Credential Storage of plugin
certBytes certificate byte array to install
alias certificate alias to install
privateKeyPassword password of input certificate file
options bundle to determine certificate type
Returns
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to install certificate in Credential storage.

Note: Wifi certificate is allowed to be install in user 0 only. Wifi certificate will avaiable in Setting app-> Wifi profile screen without explict whitelisting.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   File objFile = new File("/mnt/sdcard/cert.pem");
   byte object_buffer[] = new byte[(int) objFile.length()];
   FileInputStream fs = new FileInputStream(objFile);
   fs.read(object_buffer);
   fs.close();
 
   String alias = "alias_name";
   String certPwd = "1234";
   Bundle data = new Bundle();
 
   // To install wifi certificate
   options.putBoolean(BUNDLE_EXTRA_ALLOW_WIFI, true);
   int result = ucmMgr.installCertificate(cs, object_buffer, alias, certPwd, options);
  
   // To install non wifi certificate
   options.putBoolean(BUNDLE_EXTRA_ALLOW_WIFI, false);
   result = ucmMgr.installCertificate(cs, object_buffer, alias, certPwd, options);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   File objFile = new File("/mnt/sdcard/cert.pem");
   byte object_buffer[] = new byte[(int) objFile.length()];
   FileInputStream fs = new FileInputStream(objFile);
   fs.read(object_buffer);
   fs.close();
 
   String alias = "alias_name";
   String certPwd = "1234";
   Bundle data = new Bundle();
 
   // To install non wifi certificate
   options.putBoolean(BUNDLE_EXTRA_ALLOW_WIFI, false);
   result = ucmMgr.installCertificate(cs, object_buffer, alias, certPwd, options);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public boolean isCredentialStorageManaged (CredentialStorage cs)

Since: API level 20

API to check whether Credential Storage is managed by calling Configurator.

Parameters
cs Credential Storage of plugin
Returns
  • boolean whether the Credential Storage is managed
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to check whether Credential Storage is managed by calling Configurator.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   boolean status = ucmMgr.isCredentialStorageManaged(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   boolean status = ucmMgr.isCredentialStorageManaged(cs);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int manageCredentialStorage (CredentialStorage cs, boolean enable)

Since: API level 20

API to manage or unmanage Credential storage.

Parameters
cs Credential Storage of plugin
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to manage or unmanage Credential Storage. Configurator should manage Credential Storage before it calls other management API's except getAvailableCredentialStorages() API.
And Credential Storage can be managed by multiple Configurators separately.
Once Credential Storage is unmanaged by then all the data configuraed by calling Configurator to the Credential Storage i.e whitelist, certificate etc will be removed and an event is triggered to plugin to cleanup it's data.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   // manage Credential Storage
   int result = ucmMgr.manageCredentialStorage(cs, true);
   // unmanage Credential Storage
   result = ucmMgr.manageCredentialStorage(cs, false);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
   // manage Credential Storage
   int result = ucmMgr.manageCredentialStorage(cs, true);
   // unmanage Credential Storage
   result = ucmMgr.manageCredentialStorage(cs, false);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int removePackagesFromExemptList (CredentialStorage cs, int type, List<AppIdentity> list)

Since: API level 20

API to remove exempted application(s) related to Credential storage.

Parameters
cs Credential Storage of plugin
type UCM_EXEMPT_TYPE_AUTH
list AppIdentity list remove
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to remove exempt application(s) related to Credential storage.
If app list is passed as null then all exempted list will be cleared.
Valid exempt type is UCM_EXEMPT_TYPE_AUTH.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   Listlist = new ArrayList();
   AppIdentity pkg = new AppIdentity();
   pkg.setPackageName("com.android.myapplication");
   list.add(pkg);

   int result = ucmMgr.removePackagesFromExemptList(cs, UCM_EXEMPT_TYPE_AUTH, list);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   Listlist = new ArrayList();
   AppIdentity pkg = new AppIdentity();
   pkg.setPackageName("com.android.myapplication");
   list.add(pkg);

   int result = ucmMgr.removePackagesFromExemptList(cs, UCM_EXEMPT_TYPE_AUTH, list);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int removePackagesFromWhiteList (CredentialStorage cs, List<AppIdentity> list, Bundle extras)

Since: API level 20

API to remove whitelisted application(s) which are allowed to use Credential storage or access Certificate stored in Credential Storage.

Parameters
cs Credential Storage of plugin
list AppIdentity list to remove
extras bundle for whitelist type
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to remove whitelisted application(s) which are allowed to use Credential storage or access Certificate stored in Credential Storage.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   Listlist = new ArrayList();
   AppIdentity pkg = new AppIdentity();
   pkg.setPackageName("com.android.myapplication");
   list.add(pkg);

   // Remove whitelisted application which is allowed to access storage
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_STORAGE);
   int result = ucmMgr.removePackagesFromWhiteList(cs, list, data);

   // Remove whitelisted application which is allowed to access Certificate stored inside Credential Storage
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_CERTIFICATE);
   data.putString(BUNDLE_EXTRA_ALIAS, "alias_name" )
   result = ucmMgr.removePackagesFromWhiteList(cs, list, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   Listlist = new ArrayList();
   AppIdentity pkg = new AppIdentity();
   pkg.setPackageName("com.android.myapplication");
   list.add(pkg);

   // Remove whitelisted application which is allowed to access storage
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_STORAGE);
   int result = ucmMgr.removePackagesFromWhiteList(cs, list, data);

   // Remove whitelisted application which is allowed to access Certificate stored inside Credential Storage
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_ACCESS_TYPE, UCM_ACCESS_TYPE_CERTIFICATE);
   data.putString(BUNDLE_EXTRA_ALIAS, "alias_name" )
   result = ucmMgr.removePackagesFromWhiteList(cs, list, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public int setAuthType (CredentialStorage cs, int type)

Since: API level 20

API to set the Authentication type for Credential storage.

Parameters
cs Credential Storage of plugin
type authentication type
Throws
SecurityException If caller does not have required permissions
Usage

Configurator can use this API to set Authentication type for Credential storage. Configurator can use UCM_AUTH_TYPE_LOCKED or UCM_AUTH_TYPE_NONE.
If UCM_AUTH_TYPE_LOCKED is set then no application can access the Credential storage when device/container is locked. If UCM_AUTH_TYPE_NONE is set then application can access the Credential storage at any time.
By default UCM_AUTH_TYPE_NONE is enforced on Credential storage.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   int status = ucmMgr.setAuthType(cs, UCM_AUTH_TYPE_LOCKED);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";

   int status = ucmMgr.setAuthType(cs, UCM_AUTH_TYPE_LOCKED);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope

public Bundle setCredentialStorageProperty (CredentialStorage cs, Bundle property)

Since: API level 20

API to send properties to Credential Storage.

Parameters
cs Credential Storage of plugin
property options that send to plugin
Returns
  • Bundle properties applied options and values
Throws
SecurityException If caller does not have required permissions
Usage

An configurator can use this API to send properties to Credential Storage. This api depends on the implementation of plugin.
For example, UCM framework defines BUNDLE_EXTRA_PIN_CACHE, BUNDLE_EXTRA_PIN_CACHE_TIMEOUT_MINUTES, BUNDLE_EXTRA_ADD_PIN_CACHE_EXEMPTLIST to configure pin cache option.
If plugin handles this options, Configurator can configure pin cache option. But it is not madatory.

 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 UniversalCredentialManager ucmMgr = ekm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   // Cache pin till keyguard timeout
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_PIN_CACHE, PIN_CACHE_KEYGUARD_TIMEOUT);
   Bundle result = ucmMgr.setCredentialStorageProperty(cs, data);
 
   // Cache pin till timeout
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_PIN_CACHE, PIN_CACHE_TIMEOUT);
   data.putInt(BUNDLE_EXTRA_PIN_CACHE_TIMEOUT_MINUTES, 10);
   result = ucmMgr.setCredentialStorageProperty(cs, data);
 
   //Allow packages to access Credential storage in the background even after pin caching timeout.
   List pkgs = new Arraylist();
   pkgs.add("com.android.myapplication");
   data = new Bundle();
   data.putStringArrayList(BUNDLE_EXTRA_ADD_PIN_CACHE_EXEMPTLIST, pkgs));
   result = ucmMgr.setCredentialStorageProperty(cs, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 
For Container:
 // under KNOX 3.2 device
 UniversalCredentialManager ucmMgr = UniversalCredentialManager.getUCMManager(mContext, containerID);
 
 // from KNOX 3.2 device
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(mContext);
 KnoxContainerManager kcm = ekm.getKnoxContainerManager(containerID);
 UniversalCredentialManager ucmMgr = kcm.getUCMManager();
 
 try {
   CredentialStorage cs = new CredentialStorage();
   cs.name = "Vendor Credential Storage Name";
   cs.packageName = "com.mycompany.ucm.plugin";
 
   // Cache pin till keyguard timeout
   Bundle data = new Bundle();
   data.putInt(BUNDLE_EXTRA_PIN_CACHE, PIN_CACHE_KEYGUARD_TIMEOUT);
   Bundle result = ucmMgr.setCredentialStorageProperty(cs, data);
 
   // Cache pin till timeout
   data = new Bundle();
   data.putInt(BUNDLE_EXTRA_PIN_CACHE, PIN_CACHE_TIMEOUT);
   data.putInt(BUNDLE_EXTRA_PIN_CACHE_TIMEOUT_MINUTES, 10);
   result = ucmMgr.setCredentialStorageProperty(cs, data);
 
   //Allow packages to access Credential storage in the background even after pin caching timeout.
   List pkgs = new Arraylist();
   pkgs.add("com.android.myapplication");
   data = new Bundle();
   data.putStringArrayList(BUNDLE_EXTRA_ADD_PIN_CACHE_EXEMPTLIST, pkgs));
   result = ucmMgr.setCredentialStorageProperty(cs, data);
 } catch (SecurityException e) {
   Log.w(TAG, "SecurityException: " + e);
 }
 

Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature.

Since
API level 20
KNOX 2.7
Multiuser Environment
User Scope