| java.lang.Object | |
| ↳ | com.samsung.android.knox.ucm.core.UniversalCredentialUtil |
This class provides API's to fetch all providers, validate UCM URI and communicate with plugin/applet.
| API level 20 |
| KNOX 2.7 |
| Constants | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| String | AGENT_ID | Provider string property - Identifier string for storage. | |||||||||
| String | AGENT_ISMANAGEABLE | Provider boolean property - Is Storage manageable by Configurator app. | |||||||||
| String | AGENT_IS_GENERATE_PASSWORD_AVAILABLE | Provider boolean property - Is Password Generation Supported by storage. | |||||||||
| String | AGENT_IS_ODE_SUPPORTED | Provider boolean property - Is Device Encryption Supported by storage. | |||||||||
| String | AGENT_IS_PUK_SUPPORTED | Provider boolean property - Is PUK supported. | |||||||||
| String | AGENT_PACKAGENAME | Provider String property - Storage package name. | |||||||||
| String | AGENT_SUMMARY | Provider string property - Summary of storage. | |||||||||
| String | AGENT_TITLE | Provider string property - Title of storage. | |||||||||
| String | AGENT_VENDORID | Provider string property - Vendor ID of storage. | |||||||||
| String | ODE_ENABLED | Provider boolean property - Is device encrypted with UCM. | |||||||||
| String | ODE_SIGNATURE | Provider byte array property - signature of plugin used for device encryption. | |||||||||
| String | UNIQUE_ID | Provider string property - Identifier string which uniquely identify storage. | |||||||||
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
API to send APDU command to applet.
| |||||||||||
API to change applet pin.
| |||||||||||
API to get plugin/applet information.
| |||||||||||
Retrieve UniversalCredentialUtil Instance which can interact with KNOX Credential Storage.
| |||||||||||
Retrieve URI string that representing the credential storage and its resource from keychain.
| |||||||||||
Retrieve available UCM Plugin KeyStore Providers.
| |||||||||||
Retrieve the raw Alias name from the URI.
| |||||||||||
Retrieve the credential storage source identifier from the URI.
| |||||||||||
Check if the uri has valid URI scheme for UCM
| |||||||||||
API to notify result from UCM plugin.
| |||||||||||
API to update UCM plugin service binding.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
Provider string property - Identifier string for storage.
| API level 20 |
| KNOX 2.7 |
Provider boolean property - Is Storage manageable by Configurator app.
| API level 20 |
| KNOX 2.7 |
Provider boolean property - Is Password Generation Supported by storage.
| API level 20 |
| KNOX 2.7 |
Provider boolean property - Is Device Encryption Supported by storage.
| API level 22 |
| KNOX 2.8 |
Provider boolean property - Is PUK supported.
| API level 20 |
| KNOX 2.7 |
Provider String property - Storage package name.
| API level 20 |
| KNOX 2.7 |
Provider string property - Summary of storage.
| API level 20 |
| KNOX 2.7 |
Provider string property - Title of storage.
| API level 20 |
| KNOX 2.7 |
Provider string property - Vendor ID of storage.
| API level 20 |
| KNOX 2.7 |
Provider boolean property - Is device encrypted with UCM.
| API level 22 |
| KNOX 2.8 |
Provider byte array property - signature of plugin used for device encryption.
| API level 22 |
| KNOX 2.8 |
Provider string property - Identifier string which uniquely identify storage.
| API level 20 |
| KNOX 2.7 |
API to send APDU command to applet.
| apdu | byte array of apdu command |
|---|
| SecurityException | If caller does not have required permissions |
|---|
An application can use this API to send APDU command to applet. Calling application should send correct command which Applet can process. Plugin will return response in Bundle which can use one or more Bundle keys :
UniversalCredentialUtil ucmUtil = UniversalCredentialUtil.getInstance();
try {
String ucmUri = ucmUtil.getKeychainUri("Vendor Credential Storage Name", "");
Bundle pluginData = ucmUtil.APDUCommand(ucmUri, byte, bundle);
int errorCode = pluginData.getInt(
|
| The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature. |
| API level 20 |
| KNOX 2.7 |
| Global Scope |
API to change applet pin.
| oldPin | current PIN |
|---|---|
| newPin | new PIN |
| SecurityException | If caller does not have required permissions |
|---|
An application can use this API to change applet pin. Plugin will return response in Bundle which can use one or more Bundle keys :
UniversalCredentialUtil ucmUtil = UniversalCredentialUtil.getInstance();
try {
String ucmUri = ucmUtil.getKeychainUri("Vendor Credential Storage Name", "");
Bundle response = ucmUtil.changePin(ucmUri, "1234", "5678");
int errorCode = pluginData.getInt(
|
| The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature. |
| API level 20 |
| KNOX 2.7 |
| Global Scope |
API to get plugin/applet information.
| SecurityException | If caller does not have required permissions |
|---|
An application can use this API to get information from plugin/applet. Plugin will return response in Bundle which can use one or more Bundle keys :
UniversalCredentialUtil ucmUtil = UniversalCredentialUtil.getInstance();
try {
String ucmUri = ucmUtil.getKeychainUri("Vendor Credential Storage Name", "");
Bundle response = ucmUtil.getInfo(ucmUri);
int errorCode = pluginData.getInt(
|
| The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_UCM_MGMT" permission which has a protection level of signature. |
| API level 20 |
| KNOX 2.7 |
| Global Scope |
Retrieve UniversalCredentialUtil Instance which can interact with KNOX Credential Storage.
| API level 20 |
| KNOX 2.7 |
Retrieve URI string that representing the credential storage and its resource from keychain.
| source | The KNOX credential Storage Identifier. |
|---|---|
| alias | The resource's alias requested. |
Retrieve URI string that representing the credential storage and its resource from keychain. The return URI will be in format
("ucmkeychain://version/SOURCE/ResourceId/UID/ALIAS"). |
| API level 20 |
| KNOX 2.7 |
Retrieve available UCM Plugin KeyStore Providers.
Retrieve available UCM Plugin KeyStore Providers. Will return the list of available UCM Plugin backend Providers that can be used as keystore. Caller need to add the required KeyStore Provider into the Java Security Infrastructure before usage. To use the UCM Plugin KeyStore backend, provide the Keystore type as "KNOX" and if there is multiple UCM Plugin KeyStore backend being used, need to provide the Provider name.
UniversalCredentialUtil ucmUtil = UniversalCredentialUtil.getInstance();
Provider[] providers = ucmUtil.getProviders();
for (Provider provider: providers) {
String providerName = provider.getName();
if (!providerName.contains("Vendor Credential Storage Name")) {
continue;
}
Log.d(TAG, "providername = " + providerName);
Log.d(TAG, "AGENT_ID = " + provider.getProperty(UniversalCredentialUtil.AGENT_ID));
Log.d(TAG, "AGENT_SUMMARY = " + provider.getProperty(UniversalCredentialUtil.AGENT_SUMMARY));
Log.d(TAG, "AGENT_TITLE = " + provider.getProperty(UniversalCredentialUtil.AGENT_TITLE));
Log.d(TAG, "AGENT_VENDORID = " + provider.getProperty(UniversalCredentialUtil.AGENT_VENDORID));
Log.d(TAG, "AGENT_PACKAGENAME = " + provider.getProperty(UniversalCredentialUtil.AGENT_PACKAGENAME));
Log.d(TAG, "AGENT_IS_GENERATE_PASSWORD_AVAILABLE = " + provider.getProperty(UniversalCredentialUtil.AGENT_IS_GENERATE_PASSWORD_AVAILABLE));
Log.d(TAG, "AGENT_IS_PUK_SUPPORTED = " + provider.getProperty(UniversalCredentialUtil.AGENT_IS_PUK_SUPPORTED));
if (Security.getProvider(providerName) == null) {
int result = Security.addProvider(provider);
Log.d("providerName result= " + result);
}
try {
KeyStore ks = KeyStore.getInstance("KNOX", providerName);
ks.load(null);
} catch(Exception e){
Log.w(TAG, "Exception: " + e);
}
}
|
| API level 20 |
| KNOX 2.7 |
Retrieve the raw Alias name from the URI.
Retrieve the raw Alias name from the URI. UCM URI is in form of ucmkeychain://version/SOURCE/ResourceId/UID/ALIAS. |
| API level 20 |
| KNOX 2.7 |
Retrieve the credential storage source identifier from the URI.
Retrieve the credential storage source identifier from the URI. UCM URI is in form of ucmkeychain://version/SOURCE/ResourceId/UID/ALIAS. |
| API level 20 |
| KNOX 2.7 |
Check if the uri has valid URI scheme for UCM
true if successful, else falseCheck if the uri has valid URI scheme for UCM |
| API level 20 |
| KNOX 2.7 |
API to notify result from UCM plugin.
Notify the results for the asynchronous API. And admin can receive results from Plugin. Only managed plugins can notify the results to the EMM.
Bundle data = new Bundle();
data.putInt(UcmAgentService.REQUEST_ID, requestId);
data.putInt(UcmAgentService.ADMIN_UID, adminUid);
data.putInt(UcmAgentService.STATUS_CODE, statusCode);
data.putString("RESPONSE_DATA", responseCode);
UniversalCredentialUtil ucmUtil = UniversalCredentialUtil.getInstance();
ucmUtil.notifyPluginResult(data);
|
| API level 37 |
| KNOX 3.10 |
| Global Scope |
API to update UCM plugin service binding.
Until Knox 3.1, UCM plugin service should have plugin permission to be bound with UCM framework.
So the plugin service need Knox license activation logic, and the plugin is bound after license activation.
BroadcastReceiver mRefreshReceiver = new BroadcastReceiver() {
public void onReceive(Context context, Intent intent) {
Log.d(TAG, "Received : " + intent.getAction());
if ("com.samsung.android.knox.intent.action.UCM_REFRESH_AGENT_DONE".equals(intent.getAction())) {
Toast.makeText(getApplicationContext(), "Plugin refresh is done", Toast.LENGTH_LONG).show();
Log.d(TAG, "Plugin refresh is done");
}
}
};
IntentFilter intentFilter = new IntentFilter(UniversalCredentialManager.ACTION_UCM_REFRESH_AGENT_DONE);
registerReceiver(mRefreshReceiver, intentFilter);
UniversalCredentialUtil ucmUtil = UniversalCredentialUtil.getInstance();
ucmUtil.refreshUCMPlugin();
|
| API level 26 |
| KNOX 3.2 |
| Global Scope |