Since: API level 20
public abstract class

UcmAgentService

extends Service
java.lang.Object
   ↳ android.content.Context
     ↳ android.content.ContextWrapper
       ↳ android.app.Service
         ↳ com.samsung.android.knox.ucm.plugin.agent.UcmAgentService

Class Overview

This abstract class is for 3rd party application to implement Credential Storage Agent Service - UCM Plugin application. Application who extend from this service will be able to register with UCM framework as one of the external credential storage agent. This class provides abstract methods which extending class can implement to receive callback from UCM framework.
Application need to define the service in its AndroidManifest file with intent filter: "com.samsung.android.knox.intent.action.UCM_AGENT" to be picked up by UCM framework as UCM plugin. And the service should be protected by this permission "com.samsung.android.knox.permission.KNOX_UCM_BIND_PLUGIN_SERVICE" which has a protection level of signature.
Read UCM developer guide for more information.

 <service android:name=".MyUCMPluginService"
   android:enabled="true"
   android:exported="true"
   android:permission="com.samsung.android.knox.permission.KNOX_UCM_BIND_PLUGIN_SERVICE" />
   <intent-filter>
     <action android:name="com.samsung.android.knox.intent.action.UCM_AGENT" />
     <category android:name="android.intent.category.DEFAULT" />
   </intent-filter>
 </service>
 

Since
API level 20
KNOX 2.7

Summary

Constants
String ACTION_UCM_PLUGIN_STATUS Plugin should notify UCM framework after procesing of configureCredentialStoragePlugin API is completed.
String ADMIN_UID This constant defines Bundle extra for admin uid.
String ALIASES This constant defines Bundle extra for aliases names.
String ALLOWED_PACKAGES This constant defines Bundle extra for allowed packages.
int ALLOW_ALL This constant defines value for allow all in notifyChange API
int AUTH_ALPHA_NUMERIC This constant defines value for alpha numeric Applet authentication mode.
String AUTH_MAX_COUNT This constant defines Bundle extra for Authentication maximum count.
String AUTH_MODE This constant defines Bundle extra for Authentication mode.
int AUTH_NUMERIC This constant defines value for numeric Applet authentication mode.
int AUTH_UNKNOWN This constant defines value for unkown Applet authentication mode.
int BLOCK_ALL This constant defines value for block all in notifyChange API
String BUNDLE_EXTRA_ADD_PIN_CACHE_EXEMPTLIST This constant define Bundle extra for add package to pin cache exemptlist
String BUNDLE_EXTRA_APPLET_INSTALLATION_STATUS This constant define Bundle Extra for Applet installation status
String BUNDLE_EXTRA_PIN_CACHE This constant define Bundle extra for Pin cache
String BUNDLE_EXTRA_PIN_CACHE_TIMEOUT_MINUTES This constant define Bundle extra for timeout
String BUNDLE_EXTRA_REMOVE_PIN_CACHE_EXEMPTLIST This constant define Bundle extra for remove package from pin cache exemptlist
String CS_NAME This constant defines Bundle extra for Credential Storage name.
int ERROR_ALIAS_NOT_FOUND This error constant is returned when Alias not found.
int ERROR_APDU_CREATION This error constant is returned due to APDU creation failed.
int ERROR_APPLET_INSTALL_LOCATION This error constant is returned when Applet location is invalid.
int ERROR_APPLET_UNKNOWN This error constant is returned when Applet is unknown.
int ERROR_BAD_APPLET_RESPONSE This error constant is returned due to Bad Applet response.
int ERROR_BAD_PADDING_EXCEPTION This error constant is returned due to Bad padding exception.
int ERROR_CANNOT_CHANGE_ODE_CONFIGURATION ODE configuration can't be changed.
int ERROR_CERTFACTORY_INSTANCE_NOT_FOUND This error constant is returned when Certificate factory instance not found.
int ERROR_CERTIFICATE_ENCODING_EXCEPTION This error constant is returned due to Certificate encoding exception.
int ERROR_CERTIFICATE_EXCEPTION This error constant is returned due to Certificate exception.
int ERROR_CIPHER_INSTANCE_NOT_FOUND This error constant is returned when Cipher instance not found.
int ERROR_CORRUPTED_CS_RESPONSE This error constant is returned when response is corrupted.
int ERROR_CREDENTIAL_STORAGE_ACCESS_DENIED_BY_ADMIN_POLICY This error constant is returned when Configurator policy blocked access to storage.
int ERROR_CRYPTO_ENGINE_EXCEPTION This error constant is returned due to Crypto engine exception
int ERROR_EMPTY_CERTIFICATE_CHAIN This error constant is returned due to Empty certificate chain.
int ERROR_EMPTY_PARAMETER This error constant is returned when ired parameter is empty.
int ERROR_ESECOMM_TRANSMIT_FAILURE This error constant is returned when ESECOMM transmit failed.
int ERROR_FAILED_TO_GET_READER_FOR_STORAGE This error constant is returned when failed to get reader for storage.
int ERROR_FILE_NOT_FOUND_EXCEPTION This error constant is returned due to File not found exception.
int ERROR_GET_READERS_ILLEGAL_STATE_EXCEPTION This error constant is returned due to illegal state exception
int ERROR_GET_READERS_NULL_POINTER_EXCEPTION This error constant i4s returned due to nullpointer exception.
int ERROR_ILLEGAL_BLOCK_SIZE_EXCEPTION This error constant is returned due to Illegal black size exception.
int ERROR_INCORRECT_CARD This error constant is returned when Card is incorrect.
int ERROR_INCORRECT_PIN This error constant is returned when PIN is incorrect.
int ERROR_INCORRECT_PUK This error constant is returned when PUK is incorrect.
int ERROR_INTERNAL_COMMUNICATION This error constant is returned due to Internal communication error.
int ERROR_INTERNAL_UCM_FRMWK_END This error constant is returned due to UMC framework end error.
int ERROR_INTERNAL_UCM_FRMWK_START This error constant is returned due to UMC framework start error.
int ERROR_INVALID_ALGORTHM_PARAMETER_EXCEPTION This error constant is returned due to Invalid algorithm exception.
int ERROR_INVALID_INPUT This error constant is returned due to Invalid input.
int ERROR_INVALID_KEY_SPEC_EXCEPTION This error constant is returned due to Invalid key spec exception.
int ERROR_INVALID_ODE_CONFIGURATION ODE configuration is invalid.
int ERROR_IO_EXCEPTION This error constant is returned due to IO exception.
int ERROR_KEYSTORE_ENTRY_NOT_FOUND This error constant is returned when Entry is not found in keystore.
int ERROR_KEYSTORE_EXCEPTION This error constant is returned due to Keystore exception.
int ERROR_KEYSTORE_TYPE This error constant is returned due to Invalid keystore type.
int ERROR_MISSING_DEPENDENCY This error constant is returned due to Missing dependency.
int ERROR_NONE This error constant is returned when processing is successful.
int ERROR_NON_UCS_PLUGINSPI This error constant is returned when Unknown SPI is called.
int ERROR_NO_ADAPTER_FOUND This error constant is returned when No adapter found.
int ERROR_NO_ADAPTER_RESPONSE This error constant is returned when there is no response from adapter.
int ERROR_NO_PLUGIN_AGENT_FOUND This error constant is returned when Plugin is invalid.
int ERROR_NO_PLUGIN_RESPONSE This error constant is returned when Plugin fail to respond.
int ERROR_NO_SESSION_AVAILABLE This error constant is returned when no session is available.
int ERROR_NO_SUCH_ALGORITHM_EXCEPTION This error constant is returned due to no such algorithm exception.
int ERROR_NO_SUCH_PROVIDER_EXCEPTION This error constant is returned when No provider is found.
int ERROR_OMA_TRANSMIT_FAILURE This error constant is returned when OMA transmit failed.
int ERROR_OPEN_LOGICAL_CHANNEL_ILLEGAL_ARGUMENT_EXCEPTION This error constant is returned due to open logical channel illegal argument exception.
int ERROR_OPEN_LOGICAL_CHANNEL_ILLEGAL_STATE_EXCEPTION This error constant is returned due to open logical channel illegal state exception.
int ERROR_OPEN_LOGICAL_CHANNEL_IO_EXCEPTION This error constant is returned due to open logical channel IO exception.
int ERROR_OPEN_LOGICAL_CHANNEL_NO_SUCH_ELEMENT_EXCEPTION This error constant is returned due to open logical channel no such element exception.
int ERROR_OPEN_LOGICAL_CHANNEL_SECURITY_EXCEPTION This error constant is returned due to open logical channel security exception.
int ERROR_OPEN_LOGICAL_CHANNEL_UNKNOWN This error constant is returned due to open logical channel unknown exception
int ERROR_OPEN_SESSION_IO_EXCEPTION This error constant is returned due to OpenSSL IO exception.
int ERROR_OUT_OF_BOUND This error constant is returned due to Out of bound error.
int ERROR_PLUGIN_ALREADY_USED This error constant is returned when Plugin is already used.
int ERROR_PRIVATEKEY_ENTRY_NOT_FOUND This error constant is returned when Private key entry not found.
int ERROR_SCP_CREATE_CHANNEL_FAILED This error constant is returned when create channel failed in SCP
int ERROR_SCP_DECRYPTION_FAILED This error constant is returned when decryption failed in SCP
int ERROR_SCP_ENCRYPTION_FAILED This error constant is returned when encryption failed in SCP
int ERROR_SCP_NULL_RESPONSE_RECV This error constant is returned when no SCP response.
int ERROR_SCP_UNKNOWN This error constant is returned when Channel is unknown
int ERROR_SHORT_BUFFER_EXCEPTION This error constant is returned due to Short buffer exception.
int ERROR_SMARTCARD_UNAVAILABLE This error constant is returned when Smart card is unavailable.
int ERROR_STORAGE_FULL This error constant is returned when Storage is full.
int ERROR_TRANSMIT_ILLEGAL_ARGUMENT_EXCEPTION This error constant is returned due to transmit illegal argument exception
int ERROR_TRANSMIT_ILLEGAL_STATE_EXCEPTION This error constant is returned due to transmit illegal state exception
int ERROR_TRANSMIT_IO_EXCEPTION This error constant is returned due to transmit IO exception
int ERROR_TRANSMIT_NULL_POINTER_EXCEPTION This error constant is returned due to transmit nullpointer exception.
int ERROR_TRANSMIT_SECURITY_EXCEPTION This error constant is returned due to transmit security exception
int ERROR_TRANSMIT_UNKNOWN This error constant is returned due to transmit unknown exception.
int ERROR_UNDEFINED_EXCEPTION This error constant is returned due to Unknown exception.
int ERROR_UNKNOWN This error constant is returned due to Unknown error.
int ERROR_UNREADABLE_ODE_CONFIGURATION ODE configuration is unreadable
int ERROR_UNRECOVERABLE_KEY_EXCEPTION This error constant is returned due to Unrecoverable key exception.
int ERROR_UNRECOVERABLE_STATE This error constant is returned due to Unrecoverable state.
int ERROR_UNSUPPORTED_ALGORITHM This error constant is returned when Unsupported algorithm is used.
int ERROR_UNSUPPORTED_OPERATION This error constant is returned due to Unsupported operation.
int ERROR_UNSUPPORTED_PARAMETER This error constant is returned due to Unsupported parameter.
int EVENT_ADMIN_LICENSE_EXPIRED UCM Event - Configurator license is expired.
int EVENT_ADMIN_LICENSE_RENEWED UCM Event - Configurator license is renewed.
int EVENT_BOOT_COMPLETED UCM Event - device boot is completed.
int EVENT_CONTAINER_LOCKED UCM Event - Container is locked.
int EVENT_CONTAINER_UNLOCKED UCM Event - Container is unlocked.
int EVENT_DEVICE_LOCKED UCM Event - device is locked.
int EVENT_DEVICE_UNLOCKED UCM Event - device is unlocked.
int EVENT_FACTORY_RESET UCM Event - device is factory reset.
int EVENT_KEYGUARD_SET UCM Event - Keyguard is set
int EVENT_KEYGUARD_UNSET UCM Event - Keyguard is unset
int EVENT_PACKAGE_UNINSTALL UCM Event - package is uninstalled.
int EVENT_PLUGIN_UNMANAGED UCM Event - plugin is unmanaged.
int EVENT_USER_REMOVED UCM Event - user is removed.
String LOCK_STATE This constant defines Bundle extra for Lock state.
String MAX_PIN_LENGTH This constant defines Bundle extra for Maximum pin length.
String MAX_PUK_LENGTH This constant defines Bundle extra for Maximum PUK length.
String MIN_PIN_LENGTH This constant defines Bundle extra for Minimum pin length.
String MIN_PUK_LENGTH This constant defines Bundle extra for Minimum PUK length.
String MISC_INFO This constant defines Bundle extra for Misc information.
String PACKAGE_ACCESS_TYPE This constant defines Bundle extra for package access type.
String PACKAGE_UID This constant defines Bundle extra for package uid.
int PARTIALLY This constant defines value for partially in notifyChange API
int PIN_CACHE_KEYGUARD_TIMEOUT This constant define Bundle value for cache pin till keyguard timeout
int PIN_CACHE_TIMEOUT This constant define Bundle value to timeout
String PLUGIN_BOOLEAN_RESPONSE This constant defines Bundle extra for Credential Storage boolean response.
String PLUGIN_BUNDLE_RESPONSE This constant defines Bundle extra for Credential Storage bundle response.
String PLUGIN_BYTEARRAY_RESPONSE This constant defines Bundle extra for Credential Storage byte array response.
String PLUGIN_ERROR_CODE This constant defines Bundle extra for Credential Storage error response.
String PLUGIN_INT_RESPONSE This constant defines Bundle extra for Credential Storage int response.
String PLUGIN_STRINGARRAY_RESPONSE This constant defines Bundle extra for Credential Storage String array response.
String PLUGIN_STRING_RESPONSE This constant defines Bundle extra for Credential Storage String response.
String REMAIN_COUNT This constant defines Bundle extra for Remain count.
String REQUEST_ID This constant defines Bundle extra for request id.
int STATE_BLOCKED This constant defines value for Applet blocked state.
int STATE_LOCKED This constant defines value for Applet locked state.
int STATE_UNKNOWN This constant defines value for Applet unknown state.
int STATE_UNLOCKED This constant defines value for Applet unlocked state.
String STATUS_CODE This constant defines Bundle extra for status code.
String USER_ID This constant defines Bundle extra for user id.
[Expand]
Inherited Constants
From class android.app.Service
From class android.content.Context
From interface android.content.ComponentCallbacks2
Public Constructors
UcmAgentService()
Public Methods
abstract Bundle APDUCommand(byte[] apdu, Bundle extras)
API to process APDU command.
abstract Bundle changePin(String oldPin, String newPin)
API to change PIN.
abstract Bundle configureCredentialStoragePlugin(int adminUid, Bundle profile, int requestId)
API to configure Storage plugin from Configurator app.
abstract Bundle generateDek()
API to generate and encryption key from Credential Storage.
abstract Bundle generateKeyguardPassword(int userId, Bundle extras)
API to generate keyguard password.
abstract Bundle generateWrappedDek()
API to get wrapped device encryption key from Credential Storage.
abstract Bundle getCredentialStoragePluginConfiguration(int adminUid)
API to return Credential storage configuration.
abstract Bundle getCredentialStorageProperty(int adminUid, int userId, Bundle args)
API to get information from Credential Storage.
abstract Bundle getDek()
API to get device encryption key from Credential Storage.
abstract String getDetailErrorMessage(int errorCode)
API to get detail error message from Plugin.
abstract Bundle getInfo()
API to return Credential Storage information.
final Provider getProvider()
API to get current UCM provider to register UCM SPI Service.
abstract Bundle getStatus()
API to get the current status of the Credential Storage.
abstract int notifyChange(int eventId, Bundle data)
API which UCM framework will call to notify change.
abstract Bundle setCredentialStorageProperty(int adminUid, int userId, Bundle args)
API to set information in Credential Storage.
abstract Bundle setState(int state)
API to set state of Credential Storage.
abstract Bundle unwrapDek(byte[] wrappedDek)
API to unwrap wrapped key that wrapped and stored in device.
abstract Bundle verifyPin(int userId, String pin, Bundle extra)
API to verify input PIN and return current state and remaining retry count.
abstract Bundle verifyPuk(String puk, String pin)
API to verify the PUK and update new pin to be used for verification.
[Expand]
Inherited Methods
From class android.app.Service
From class android.content.ContextWrapper
From class android.content.Context
From class java.lang.Object
From interface android.content.ComponentCallbacks
From interface android.content.ComponentCallbacks2

Constants

public static final String ACTION_UCM_PLUGIN_STATUS

Since: API level 20

Plugin should notify UCM framework after procesing of configureCredentialStoragePlugin API is completed.

Since
API level 20
KNOX 2.7
Constant Value: "com.samsung.android.knox.intent.action.UCM_PLUGIN_STATUS"

public static final String ADMIN_UID

Since: API level 20

This constant defines Bundle extra for admin uid.

Since
API level 20
KNOX 2.7
Constant Value: "adminUid"

public static final String ALIASES

Since: API level 20

This constant defines Bundle extra for aliases names.

Since
API level 20
KNOX 2.7
Constant Value: "aliases"

public static final String ALLOWED_PACKAGES

Since: API level 20

This constant defines Bundle extra for allowed packages.

Since
API level 20
KNOX 2.7
Constant Value: "allowed_packages"

public static final int ALLOW_ALL

Since: API level 20

This constant defines value for allow all in notifyChange API

Since
API level 20
KNOX 2.7
Constant Value: 1 (0x00000001)

public static final int AUTH_ALPHA_NUMERIC

Since: API level 20

This constant defines value for alpha numeric Applet authentication mode.

Since
API level 20
KNOX 2.7
Constant Value: 1 (0x00000001)

public static final String AUTH_MAX_COUNT

Since: API level 20

This constant defines Bundle extra for Authentication maximum count.

Since
API level 20
KNOX 2.7
Constant Value: "maxAuthCnt"

public static final String AUTH_MODE

Since: API level 20

This constant defines Bundle extra for Authentication mode.

Since
API level 20
KNOX 2.7
Constant Value: "authMode"

public static final int AUTH_NUMERIC

Since: API level 20

This constant defines value for numeric Applet authentication mode.

Since
API level 20
KNOX 2.7
Constant Value: 0 (0x00000000)

public static final int AUTH_UNKNOWN

Since: API level 20

This constant defines value for unkown Applet authentication mode.

Since
API level 20
KNOX 2.7
Constant Value: -1 (0xffffffff)

public static final int BLOCK_ALL

Since: API level 20

This constant defines value for block all in notifyChange API

Since
API level 20
KNOX 2.7
Constant Value: 2 (0x00000002)

public static final String BUNDLE_EXTRA_ADD_PIN_CACHE_EXEMPTLIST

Since: API level 20

This constant define Bundle extra for add package to pin cache exemptlist

Since
API level 20
KNOX 2.7
Constant Value: "add_pin_cache_exemptlist"

public static final String BUNDLE_EXTRA_APPLET_INSTALLATION_STATUS

Since: API level 20

This constant define Bundle Extra for Applet installation status

Since
API level 20
KNOX 2.7
Constant Value: "applet_installation_status"

public static final String BUNDLE_EXTRA_PIN_CACHE

Since: API level 20

This constant define Bundle extra for Pin cache

Since
API level 20
KNOX 2.7
Constant Value: "pin_cache"

public static final String BUNDLE_EXTRA_PIN_CACHE_TIMEOUT_MINUTES

Since: API level 20

This constant define Bundle extra for timeout

Since
API level 20
KNOX 2.7
Constant Value: "timeout"

public static final String BUNDLE_EXTRA_REMOVE_PIN_CACHE_EXEMPTLIST

Since: API level 20

This constant define Bundle extra for remove package from pin cache exemptlist

Since
API level 20
KNOX 2.7
Constant Value: "remove_pin_cache_exemptlist"

public static final String CS_NAME

Since: API level 20

This constant defines Bundle extra for Credential Storage name.

Since
API level 20
KNOX 2.7
Constant Value: "csName"

public static final int ERROR_ALIAS_NOT_FOUND

Since: API level 20

This error constant is returned when Alias not found.

Since
API level 20
KNOX 2.7
Constant Value: 17 (0x00000011)

public static final int ERROR_APDU_CREATION

Since: API level 20

This error constant is returned due to APDU creation failed.

Since
API level 20
KNOX 2.7
Constant Value: 16777472 (0x01000100)

public static final int ERROR_APPLET_INSTALL_LOCATION

Since: API level 20

This error constant is returned when Applet location is invalid.

Since
API level 20
KNOX 2.7
Constant Value: 25 (0x00000019)

public static final int ERROR_APPLET_UNKNOWN

Since: API level 20

This error constant is returned when Applet is unknown.

Since
API level 20
KNOX 2.7
Constant Value: 134217728 (0x08000000)

public static final int ERROR_BAD_APPLET_RESPONSE

Since: API level 20

This error constant is returned due to Bad Applet response.

Since
API level 20
KNOX 2.7
Constant Value: 16777728 (0x01000200)

public static final int ERROR_BAD_PADDING_EXCEPTION

Since: API level 20

This error constant is returned due to Bad padding exception.

Since
API level 20
KNOX 2.7
Constant Value: 267 (0x0000010b)

public static final int ERROR_CANNOT_CHANGE_ODE_CONFIGURATION

Since: API level 20

ODE configuration can't be changed.

Since
API level 20
KNOX 2.7
Constant Value: 201327360 (0x0c000300)

public static final int ERROR_CERTFACTORY_INSTANCE_NOT_FOUND

Since: API level 20

This error constant is returned when Certificate factory instance not found.

Since
API level 20
KNOX 2.7
Constant Value: 12 (0x0000000c)

public static final int ERROR_CERTIFICATE_ENCODING_EXCEPTION

Since: API level 20

This error constant is returned due to Certificate encoding exception.

Since
API level 20
KNOX 2.7
Constant Value: 262 (0x00000106)

public static final int ERROR_CERTIFICATE_EXCEPTION

Since: API level 20

This error constant is returned due to Certificate exception.

Since
API level 20
KNOX 2.7
Constant Value: 261 (0x00000105)

public static final int ERROR_CIPHER_INSTANCE_NOT_FOUND

Since: API level 20

This error constant is returned when Cipher instance not found.

Since
API level 20
KNOX 2.7
Constant Value: 11 (0x0000000b)

public static final int ERROR_CORRUPTED_CS_RESPONSE

Since: API level 20

This error constant is returned when response is corrupted.

Since
API level 20
KNOX 2.7
Constant Value: 23 (0x00000017)

public static final int ERROR_CREDENTIAL_STORAGE_ACCESS_DENIED_BY_ADMIN_POLICY

Since: API level 20

This error constant is returned when Configurator policy blocked access to storage.

Since
API level 20
KNOX 2.7
Constant Value: 15 (0x0000000f)

public static final int ERROR_CRYPTO_ENGINE_EXCEPTION

Since: API level 20

This error constant is returned due to Crypto engine exception

Since
API level 20
KNOX 2.7
Constant Value: 257 (0x00000101)

public static final int ERROR_EMPTY_CERTIFICATE_CHAIN

Since: API level 20

This error constant is returned due to Empty certificate chain.

Since
API level 20
KNOX 2.7
Constant Value: 9 (0x00000009)

public static final int ERROR_EMPTY_PARAMETER

Since: API level 20

This error constant is returned when ired parameter is empty.

Since
API level 20
KNOX 2.7
Constant Value: 16 (0x00000010)

public static final int ERROR_ESECOMM_TRANSMIT_FAILURE

Since: API level 20

This error constant is returned when ESECOMM transmit failed.

Since
API level 20
KNOX 2.7
Constant Value: 21 (0x00000015)

public static final int ERROR_FAILED_TO_GET_READER_FOR_STORAGE

Since: API level 20

This error constant is returned when failed to get reader for storage.

Since
API level 20
KNOX 2.7
Constant Value: 33555714 (0x02000502)

public static final int ERROR_FILE_NOT_FOUND_EXCEPTION

Since: API level 20

This error constant is returned due to File not found exception.

Since
API level 20
KNOX 2.7
Constant Value: 270 (0x0000010e)

public static final int ERROR_GET_READERS_ILLEGAL_STATE_EXCEPTION

Since: API level 20

This error constant is returned due to illegal state exception

Since
API level 20
KNOX 2.7
Constant Value: 33554690 (0x02000102)

public static final int ERROR_GET_READERS_NULL_POINTER_EXCEPTION

Since: API level 20

This error constant i4s returned due to nullpointer exception.

Since
API level 20
KNOX 2.7
Constant Value: 33554689 (0x02000101)

public static final int ERROR_ILLEGAL_BLOCK_SIZE_EXCEPTION

Since: API level 20

This error constant is returned due to Illegal black size exception.

Since
API level 20
KNOX 2.7
Constant Value: 268 (0x0000010c)

public static final int ERROR_INCORRECT_CARD

Since: API level 20

This error constant is returned when Card is incorrect.

Since
API level 20
KNOX 2.7
Constant Value: 36 (0x00000024)

public static final int ERROR_INCORRECT_PIN

Since: API level 20

This error constant is returned when PIN is incorrect.

Since
API level 20
KNOX 2.7
Constant Value: 32 (0x00000020)

public static final int ERROR_INCORRECT_PUK

Since: API level 20

This error constant is returned when PUK is incorrect.

Since
API level 20
KNOX 2.7
Constant Value: 33 (0x00000021)

public static final int ERROR_INTERNAL_COMMUNICATION

Since: API level 20

This error constant is returned due to Internal communication error.

Since
API level 20
KNOX 2.7
Constant Value: 16778240 (0x01000400)

public static final int ERROR_INTERNAL_UCM_FRMWK_END

Since: API level 20

This error constant is returned due to UMC framework end error.

Since
API level 20
KNOX 2.7
Constant Value: 8191 (0x00001fff)

public static final int ERROR_INTERNAL_UCM_FRMWK_START

Since: API level 20

This error constant is returned due to UMC framework start error.

Since
API level 20
KNOX 2.7
Constant Value: 4096 (0x00001000)

public static final int ERROR_INVALID_ALGORTHM_PARAMETER_EXCEPTION

Since: API level 20

This error constant is returned due to Invalid algorithm exception.

Since
API level 20
KNOX 2.7
Constant Value: 259 (0x00000103)

public static final int ERROR_INVALID_INPUT

Since: API level 20

This error constant is returned due to Invalid input.

Since
API level 20
KNOX 2.7
Constant Value: 4 (0x00000004)

public static final int ERROR_INVALID_KEY_SPEC_EXCEPTION

Since: API level 20

This error constant is returned due to Invalid key spec exception.

Since
API level 20
KNOX 2.7
Constant Value: 263 (0x00000107)

public static final int ERROR_INVALID_ODE_CONFIGURATION

Since: API level 20

ODE configuration is invalid.

Since
API level 20
KNOX 2.7
Constant Value: 201327104 (0x0c000200)

public static final int ERROR_IO_EXCEPTION

Since: API level 20

This error constant is returned due to IO exception.

Since
API level 20
KNOX 2.7
Constant Value: 269 (0x0000010d)

public static final int ERROR_KEYSTORE_ENTRY_NOT_FOUND

Since: API level 20

This error constant is returned when Entry is not found in keystore.

Since
API level 20
KNOX 2.7
Constant Value: 8 (0x00000008)

public static final int ERROR_KEYSTORE_EXCEPTION

Since: API level 20

This error constant is returned due to Keystore exception.

Since
API level 20
KNOX 2.7
Constant Value: 266 (0x0000010a)

public static final int ERROR_KEYSTORE_TYPE

Since: API level 20

This error constant is returned due to Invalid keystore type.

Since
API level 20
KNOX 2.7
Constant Value: 7 (0x00000007)

public static final int ERROR_MISSING_DEPENDENCY

Since: API level 20

This error constant is returned due to Missing dependency.

Since
API level 20
KNOX 2.7
Constant Value: 37 (0x00000025)

public static final int ERROR_NONE

Since: API level 20

This error constant is returned when processing is successful.

Since
API level 20
KNOX 2.7
Constant Value: 0 (0x00000000)

public static final int ERROR_NON_UCS_PLUGINSPI

Since: API level 20

This error constant is returned when Unknown SPI is called.

Since
API level 20
KNOX 2.7
Constant Value: 19 (0x00000013)

public static final int ERROR_NO_ADAPTER_FOUND

Since: API level 20

This error constant is returned when No adapter found.

Since
API level 20
KNOX 2.7
Constant Value: 24 (0x00000018)

public static final int ERROR_NO_ADAPTER_RESPONSE

Since: API level 20

This error constant is returned when there is no response from adapter.

Since
API level 20
KNOX 2.7
Constant Value: 20 (0x00000014)

public static final int ERROR_NO_PLUGIN_AGENT_FOUND

Since: API level 20

This error constant is returned when Plugin is invalid.

Since
API level 20
KNOX 2.7
Constant Value: 14 (0x0000000e)

public static final int ERROR_NO_PLUGIN_RESPONSE

Since: API level 20

This error constant is returned when Plugin fail to respond.

Since
API level 20
KNOX 2.7
Constant Value: 13 (0x0000000d)

public static final int ERROR_NO_SESSION_AVAILABLE

Since: API level 20

This error constant is returned when no session is available.

Since
API level 20
KNOX 2.7
Constant Value: 33555713 (0x02000501)

public static final int ERROR_NO_SUCH_ALGORITHM_EXCEPTION

Since: API level 20

This error constant is returned due to no such algorithm exception.

Since
API level 20
KNOX 2.7
Constant Value: 258 (0x00000102)

public static final int ERROR_NO_SUCH_PROVIDER_EXCEPTION

Since: API level 20

This error constant is returned when No provider is found.

Since
API level 20
KNOX 2.7
Constant Value: 264 (0x00000108)

public static final int ERROR_OMA_TRANSMIT_FAILURE

Since: API level 20

This error constant is returned when OMA transmit failed.

Since
API level 20
KNOX 2.7
Constant Value: 22 (0x00000016)

public static final int ERROR_OPEN_LOGICAL_CHANNEL_ILLEGAL_ARGUMENT_EXCEPTION

Since: API level 20

This error constant is returned due to open logical channel illegal argument exception.

Since
API level 20
KNOX 2.7
Constant Value: 33555203 (0x02000303)

public static final int ERROR_OPEN_LOGICAL_CHANNEL_ILLEGAL_STATE_EXCEPTION

Since: API level 20

This error constant is returned due to open logical channel illegal state exception.

Since
API level 20
KNOX 2.7
Constant Value: 33555202 (0x02000302)

public static final int ERROR_OPEN_LOGICAL_CHANNEL_IO_EXCEPTION

Since: API level 20

This error constant is returned due to open logical channel IO exception.

Since
API level 20
KNOX 2.7
Constant Value: 33555201 (0x02000301)

public static final int ERROR_OPEN_LOGICAL_CHANNEL_NO_SUCH_ELEMENT_EXCEPTION

Since: API level 20

This error constant is returned due to open logical channel no such element exception.

Since
API level 20
KNOX 2.7
Constant Value: 33555205 (0x02000305)

public static final int ERROR_OPEN_LOGICAL_CHANNEL_SECURITY_EXCEPTION

Since: API level 20

This error constant is returned due to open logical channel security exception.

Since
API level 20
KNOX 2.7
Constant Value: 33555204 (0x02000304)

public static final int ERROR_OPEN_LOGICAL_CHANNEL_UNKNOWN

Since: API level 20

This error constant is returned due to open logical channel unknown exception

Since
API level 20
KNOX 2.7
Constant Value: 33555206 (0x02000306)

public static final int ERROR_OPEN_SESSION_IO_EXCEPTION

Since: API level 20

This error constant is returned due to OpenSSL IO exception.

Since
API level 20
KNOX 2.7
Constant Value: 33554945 (0x02000201)

public static final int ERROR_OUT_OF_BOUND

Since: API level 20

This error constant is returned due to Out of bound error.

Since
API level 20
KNOX 2.7
Constant Value: 6 (0x00000006)

public static final int ERROR_PLUGIN_ALREADY_USED

Since: API level 20

This error constant is returned when Plugin is already used.

Since
API level 20
KNOX 2.7
Constant Value: 34 (0x00000022)

public static final int ERROR_PRIVATEKEY_ENTRY_NOT_FOUND

Since: API level 20

This error constant is returned when Private key entry not found.

Since
API level 20
KNOX 2.7
Constant Value: 10 (0x0000000a)

public static final int ERROR_SCP_CREATE_CHANNEL_FAILED

Since: API level 20

This error constant is returned when create channel failed in SCP

Since
API level 20
KNOX 2.7
Constant Value: 50331651 (0x03000003)

public static final int ERROR_SCP_DECRYPTION_FAILED

Since: API level 20

This error constant is returned when decryption failed in SCP

Since
API level 20
KNOX 2.7
Constant Value: 50331650 (0x03000002)

public static final int ERROR_SCP_ENCRYPTION_FAILED

Since: API level 20

This error constant is returned when encryption failed in SCP

Since
API level 20
KNOX 2.7
Constant Value: 50331649 (0x03000001)

public static final int ERROR_SCP_NULL_RESPONSE_RECV

Since: API level 20

This error constant is returned when no SCP response.

Since
API level 20
KNOX 2.7
Constant Value: 50331652 (0x03000004)

public static final int ERROR_SCP_UNKNOWN

Since: API level 20

This error constant is returned when Channel is unknown

Since
API level 20
KNOX 2.7
Constant Value: 50331648 (0x03000000)

public static final int ERROR_SHORT_BUFFER_EXCEPTION

Since: API level 20

This error constant is returned due to Short buffer exception.

Since
API level 20
KNOX 2.7
Constant Value: 260 (0x00000104)

public static final int ERROR_SMARTCARD_UNAVAILABLE

Since: API level 20

This error constant is returned when Smart card is unavailable.

Since
API level 20
KNOX 2.7
Constant Value: 16777984 (0x01000300)

public static final int ERROR_STORAGE_FULL

Since: API level 20

This error constant is returned when Storage is full.

Since
API level 20
KNOX 2.7
Constant Value: 5 (0x00000005)

public static final int ERROR_TRANSMIT_ILLEGAL_ARGUMENT_EXCEPTION

Since: API level 20

This error constant is returned due to transmit illegal argument exception

Since
API level 20
KNOX 2.7
Constant Value: 33555459 (0x02000403)

public static final int ERROR_TRANSMIT_ILLEGAL_STATE_EXCEPTION

Since: API level 20

This error constant is returned due to transmit illegal state exception

Since
API level 20
KNOX 2.7
Constant Value: 33555458 (0x02000402)

public static final int ERROR_TRANSMIT_IO_EXCEPTION

Since: API level 20

This error constant is returned due to transmit IO exception

Since
API level 20
KNOX 2.7
Constant Value: 33555457 (0x02000401)

public static final int ERROR_TRANSMIT_NULL_POINTER_EXCEPTION

Since: API level 20

This error constant is returned due to transmit nullpointer exception.

Since
API level 20
KNOX 2.7
Constant Value: 33555461 (0x02000405)

public static final int ERROR_TRANSMIT_SECURITY_EXCEPTION

Since: API level 20

This error constant is returned due to transmit security exception

Since
API level 20
KNOX 2.7
Constant Value: 33555460 (0x02000404)

public static final int ERROR_TRANSMIT_UNKNOWN

Since: API level 20

This error constant is returned due to transmit unknown exception.

Since
API level 20
KNOX 2.7
Constant Value: 33555462 (0x02000406)

public static final int ERROR_UNDEFINED_EXCEPTION

Since: API level 20

This error constant is returned due to Unknown exception.

Since
API level 20
KNOX 2.7
Constant Value: 271 (0x0000010f)

public static final int ERROR_UNKNOWN

Since: API level 20

This error constant is returned due to Unknown error.

Since
API level 20
KNOX 2.7
Constant Value: 18 (0x00000012)

public static final int ERROR_UNREADABLE_ODE_CONFIGURATION

Since: API level 20

ODE configuration is unreadable

Since
API level 20
KNOX 2.7
Constant Value: 201326848 (0x0c000100)

public static final int ERROR_UNRECOVERABLE_KEY_EXCEPTION

Since: API level 20

This error constant is returned due to Unrecoverable key exception.

Since
API level 20
KNOX 2.7
Constant Value: 265 (0x00000109)

public static final int ERROR_UNRECOVERABLE_STATE

Since: API level 20

This error constant is returned due to Unrecoverable state.

Since
API level 20
KNOX 2.7
Constant Value: 35 (0x00000023)

public static final int ERROR_UNSUPPORTED_ALGORITHM

Since: API level 20

This error constant is returned when Unsupported algorithm is used.

Since
API level 20
KNOX 2.7
Constant Value: 2 (0x00000002)

public static final int ERROR_UNSUPPORTED_OPERATION

Since: API level 20

This error constant is returned due to Unsupported operation.

Since
API level 20
KNOX 2.7
Constant Value: 3 (0x00000003)

public static final int ERROR_UNSUPPORTED_PARAMETER

Since: API level 20

This error constant is returned due to Unsupported parameter.

Since
API level 20
KNOX 2.7
Constant Value: 1 (0x00000001)

public static final int EVENT_ADMIN_LICENSE_EXPIRED

Since: API level 20

UCM Event - Configurator license is expired.

Since
API level 20
KNOX 2.7
Constant Value: 13 (0x0000000d)

public static final int EVENT_ADMIN_LICENSE_RENEWED

Since: API level 20

UCM Event - Configurator license is renewed.

Since
API level 20
KNOX 2.7
Constant Value: 14 (0x0000000e)

public static final int EVENT_BOOT_COMPLETED

Since: API level 20

UCM Event - device boot is completed.

Since
API level 20
KNOX 2.7
Constant Value: 17 (0x00000011)

public static final int EVENT_CONTAINER_LOCKED

Since: API level 20

UCM Event - Container is locked.

Since
API level 20
KNOX 2.7
Constant Value: 20 (0x00000014)

public static final int EVENT_CONTAINER_UNLOCKED

Since: API level 20

UCM Event - Container is unlocked.

Since
API level 20
KNOX 2.7
Constant Value: 21 (0x00000015)

public static final int EVENT_DEVICE_LOCKED

Since: API level 20

UCM Event - device is locked.

Since
API level 20
KNOX 2.7
Constant Value: 15 (0x0000000f)

public static final int EVENT_DEVICE_UNLOCKED

Since: API level 20

UCM Event - device is unlocked.

Since
API level 20
KNOX 2.7
Constant Value: 16 (0x00000010)

public static final int EVENT_FACTORY_RESET

Since: API level 20

UCM Event - device is factory reset.

Since
API level 20
KNOX 2.7
Constant Value: 101 (0x00000065)

public static final int EVENT_KEYGUARD_SET

Since: API level 20

UCM Event - Keyguard is set

Since
API level 20
KNOX 2.7
Constant Value: 18 (0x00000012)

public static final int EVENT_KEYGUARD_UNSET

Since: API level 20

UCM Event - Keyguard is unset

Since
API level 20
KNOX 2.7
Constant Value: 19 (0x00000013)

public static final int EVENT_PACKAGE_UNINSTALL

Since: API level 20

UCM Event - package is uninstalled.

Since
API level 20
KNOX 2.7
Constant Value: 12 (0x0000000c)

public static final int EVENT_PLUGIN_UNMANAGED

Since: API level 20

UCM Event - plugin is unmanaged.

Since
API level 20
KNOX 2.7
Constant Value: 10 (0x0000000a)

public static final int EVENT_USER_REMOVED

Since: API level 20

UCM Event - user is removed.

Since
API level 20
KNOX 2.7
Constant Value: 11 (0x0000000b)

public static final String LOCK_STATE

Since: API level 20

This constant defines Bundle extra for Lock state.

Since
API level 20
KNOX 2.7
Constant Value: "state"

public static final String MAX_PIN_LENGTH

Since: API level 20

This constant defines Bundle extra for Maximum pin length.

Since
API level 20
KNOX 2.7
Constant Value: "maxPinLength"

public static final String MAX_PUK_LENGTH

Since: API level 20

This constant defines Bundle extra for Maximum PUK length.

Since
API level 20
KNOX 2.7
Constant Value: "maxPukLength"

public static final String MIN_PIN_LENGTH

Since: API level 20

This constant defines Bundle extra for Minimum pin length.

Since
API level 20
KNOX 2.7
Constant Value: "minPinLength"

public static final String MIN_PUK_LENGTH

Since: API level 20

This constant defines Bundle extra for Minimum PUK length.

Since
API level 20
KNOX 2.7
Constant Value: "minPukLength"

public static final String MISC_INFO

Since: API level 20

This constant defines Bundle extra for Misc information.

Since
API level 20
KNOX 2.7
Constant Value: "miscInfo"

public static final String PACKAGE_ACCESS_TYPE

Since: API level 20

This constant defines Bundle extra for package access type.

Since
API level 20
KNOX 2.7
Constant Value: "package_access_type"

public static final String PACKAGE_UID

Since: API level 20

This constant defines Bundle extra for package uid.

Since
API level 20
KNOX 2.7
Constant Value: "packageUid"

public static final int PARTIALLY

Since: API level 20

This constant defines value for partially in notifyChange API

Since
API level 20
KNOX 2.7
Constant Value: 3 (0x00000003)

public static final int PIN_CACHE_KEYGUARD_TIMEOUT

Since: API level 20

This constant define Bundle value for cache pin till keyguard timeout

Since
API level 20
KNOX 2.7
Constant Value: 2 (0x00000002)

public static final int PIN_CACHE_TIMEOUT

Since: API level 20

This constant define Bundle value to timeout

Since
API level 20
KNOX 2.7
Constant Value: 1 (0x00000001)

public static final String PLUGIN_BOOLEAN_RESPONSE

Since: API level 20

This constant defines Bundle extra for Credential Storage boolean response.

Since
API level 20
KNOX 2.7
Constant Value: "booleanresponse"

public static final String PLUGIN_BUNDLE_RESPONSE

Since: API level 20

This constant defines Bundle extra for Credential Storage bundle response.

Since
API level 20
KNOX 2.7
Constant Value: "bundleresponse"

public static final String PLUGIN_BYTEARRAY_RESPONSE

Since: API level 20

This constant defines Bundle extra for Credential Storage byte array response.

Since
API level 20
KNOX 2.7
Constant Value: "bytearrayresponse"

public static final String PLUGIN_ERROR_CODE

Since: API level 20

This constant defines Bundle extra for Credential Storage error response.

Since
API level 20
KNOX 2.7
Constant Value: "errorresponse"

public static final String PLUGIN_INT_RESPONSE

Since: API level 20

This constant defines Bundle extra for Credential Storage int response.

Since
API level 20
KNOX 2.7
Constant Value: "intresponse"

public static final String PLUGIN_STRINGARRAY_RESPONSE

Since: API level 20

This constant defines Bundle extra for Credential Storage String array response.

Since
API level 20
KNOX 2.7
Constant Value: "stringarrayresponse"

public static final String PLUGIN_STRING_RESPONSE

Since: API level 20

This constant defines Bundle extra for Credential Storage String response.

Since
API level 20
KNOX 2.7
Constant Value: "stringresponse"

public static final String REMAIN_COUNT

Since: API level 20

This constant defines Bundle extra for Remain count.

Since
API level 20
KNOX 2.7
Constant Value: "remainCnt"

public static final String REQUEST_ID

Since: API level 20

This constant defines Bundle extra for request id.

Since
API level 20
KNOX 2.7
Constant Value: "request_id"

public static final int STATE_BLOCKED

Since: API level 20

This constant defines value for Applet blocked state.

Since
API level 20
KNOX 2.7
Constant Value: 133 (0x00000085)

public static final int STATE_LOCKED

Since: API level 20

This constant defines value for Applet locked state.

Since
API level 20
KNOX 2.7
Constant Value: 132 (0x00000084)

public static final int STATE_UNKNOWN

Since: API level 20

This constant defines value for Applet unknown state.

Since
API level 20
KNOX 2.7
Constant Value: -1 (0xffffffff)

public static final int STATE_UNLOCKED

Since: API level 20

This constant defines value for Applet unlocked state.

Since
API level 20
KNOX 2.7
Constant Value: 131 (0x00000083)

public static final String STATUS_CODE

Since: API level 20

This constant defines Bundle extra for status code.

Since
API level 20
KNOX 2.7
Constant Value: "status_code"

public static final String USER_ID

Since: API level 20

This constant defines Bundle extra for user id.

Since
API level 20
KNOX 2.7
Constant Value: "userId"

Public Constructors

public UcmAgentService ()

Since: API level 20

Public Methods

public abstract Bundle APDUCommand (byte[] apdu, Bundle extras)

Since: API level 20

API to process APDU command. Implementation of this API is optional.

Parameters
apdu byte array of APDU command
extras input bundle parameters
Returns
  • Bundle
Usage

API to process APDU command. Input APDU command is sent to plugin application, and plugin application can support APDU command directly without framework interface.
It can be called using APDUCommand(String, byte[], Bundle) API of UniversalCredentialUtil class, and calling application should know how to use APDU of the plugin application.

 public Bundle APDUCommand (byte[] apdu, Bundle extras) {
   //After processing the APDU command in an Applet.
   Bundle pluginResponse = new Bundle();
   pluginResponse.putByteArray(PLUGIN_BYTEARRAY_RESPONSE, applet_response);
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
  }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle changePin (String oldPin, String newPin)

Since: API level 20

API to change PIN. Implementation of this API is optional.

Parameters
oldPin current PIN
newPin new PIN
Returns
Usage

This API will be called to change PIN. It is not called in UCM framework side. It can be called using changePin(String, String, String) of UniversalCredentialUtil. After current PIN verification, the PIN value is change to entered new PIN.

 public Bundle changePin(String oldPin, String newPin) {
   Bundle pluginResponse = new Bundle();
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle configureCredentialStoragePlugin (int adminUid, Bundle profile, int requestId)

Since: API level 20

API to configure Storage plugin from Configurator app. Implementation of this API is optional.

Parameters
adminUid Configurator Uid
profile request information
requestId request Id
Returns
  • Bundle result to confirm that configuration requeset has been accepted
Usage

API to configure Storage plugin from Configurator app. Once API call is received then plugin application has to send below intent once configuration is completed with request Id to calling Configurator(adminUid). The request Id is created by UCM framework automatically.

 public Bundle configureCredentialStoragePlugin(int adminUid, Bundle data, int requestId) {
   // Start processing the data received from API and the reply to confirm that configuration request has been accepted.
   Bundle pluginResponse = new Bundle();
   pluginResponse.putInt(PLUGIN_INT_RESPONSE, 0);
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 

 private void notifyOperationResult(int adminUid, int requestId, int result) {
   // After completing sync or async operation in this API then notify to Configurator.
   Intent intent = new Intent(ACTION_UCM_PLUGIN_STATUS);
   Bundle data = new Bundle();
   data.putInt(REQUEST_ID, requestId);
   data.putInt(ADMIN_UID, adminUid);
   data.putInt(STATUS_CODE, result);
   intent.putExtras(data);
   getApplicationContext().sendBroadcast(intent);
 }
 

Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle generateDek ()

Since: API level 22

API to generate and encryption key from Credential Storage. Implementation of this API is madatory to support UCM ODE to store DEK on the Credential Storage.

Returns
  • Bundle
Usage

This API triggers device encryption key generation to Credential Storage, but the key is not retrieved by this API.
The generated device encryption key is retrieved when getDek() is called.
Basically this API can be called after PIN authentication.

 public Bundle generateDek() {
   Bundle pluginResponse = new Bundle();
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 22
Knox 2.8
Multiuser Environment
Global Scope
See Also

public abstract Bundle generateKeyguardPassword (int userId, Bundle extras)

Since: API level 20

API to generate keyguard password. Implementation of this API is madatory to support UCM Keyguard or UCM ODE.

Parameters
userId user Id
extras reserved
Returns
  • Bundle
Usage

API to generate and return the password from Credential Storage. The password is used as keyguard password.
Basically this API can be called after PIN authentication.

 public Bundle generateKeyguardPassword(int userId, Bundle extras) {
   Bundle pluginResponse = new Bundle();
   String password = "PASSWORD";
   pluginResponse.putString(PLUGIN_BYTEARRAY_RESPONSE, password.getBytes());
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle generateWrappedDek ()

Since: API level 22

API to get wrapped device encryption key from Credential Storage. Implementation of this API is madatory to support UCM ODE to store (wrapped) DEK on the device side.

Returns
  • Bundle
Usage

API to get wrapped device encryption key from Credential Storage. The wrapped key is stored in device side. But this key can be unwrapped by Credential Storage by unwrapDek(byte[]).
Basically this API can be called after PIN authentication.

 public Bundle generateWrappedDek() {
   Bundle pluginResponse = new Bundle();
   byte[] wrapped_dek = getWrappedDek();
   pluginResponse.putByteArray(PLUGIN_BYTEARRAY_RESPONSE, wrapped_dek);
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 22
Knox 2.8
Multiuser Environment
Global Scope

public abstract Bundle getCredentialStoragePluginConfiguration (int adminUid)

Since: API level 20

API to return Credential storage configuration. Implementation of this API is optional.

Parameters
adminUid Configurator Uid
Returns
  • Bundle plugin configuration result
Usage

API to return Credential storage configuration. Plugin application can use one or more Bundle keys in response : PLUGIN_ERROR_CODE, PLUGIN_BOOLEAN_RESPONSE,PLUGIN_BUNDLE_RESPONSE,PLUGIN_BYTEARRAY_RESPONSE,PLUGIN_INT_RESPONSE, ,PLUGIN_STRINGARRAY_RESPONSE ,PLUGIN_STRING_RESPONSE.

 public Bundle getCredentialStoragePluginConfiguration(int adminUid) {
   Bundle pluginResponse = new Bundle();
   pluginResponse.putString(PLUGIN_STRING_RESPONSE, configuration);
   return pluginResponse;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle getCredentialStorageProperty (int adminUid, int userId, Bundle args)

Since: API level 20

API to get information from Credential Storage. Implementation of this API is optional.

Parameters
adminUid MDM uid
userId user Id
args plugin specific properties
Returns
  • Bundle plugin specific properties
Usage

Some Credential Storage has each plugin specific properties like PIN timeout. Configurator can manage plugin properties using this API.
This API is used to get plugin specific properties.

 public Bundle getCredentialStorageProperty(int adminUid, String userId, Bundle extra) {
   Bundle properties = new Bundle();
   int pinCacheOption = PIN_CACHE_TIMEOUT;
   properties.putInt(BUNDLE_EXTRA_PIN_CACHE, pinCacheOption);
   return pluginResponse;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle getDek ()

Since: API level 22

API to get device encryption key from Credential Storage. Implementation of this API is madatory to support UCM ODE to store DEK on the Credential Storage.

Returns
  • Bundle
Usage

API to get device encryption key from Credential Storage. The key is generated when generateDek() API is called.
Basically this API can be called after PIN authentication.

 public Bundle getDek() {
   Bundle pluginResponse = new Bundle();
   byte[] dek = getDek();
   pluginResponse.putByteArray(PLUGIN_BYTEARRAY_RESPONSE, dek);
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 22
Knox 2.8
Multiuser Environment
Global Scope
See Also

public abstract String getDetailErrorMessage (int errorCode)

Since: API level 22

API to get detail error message from Plugin. Implementation of this API is optional.

Parameters
errorCode error code
Returns
  • String
Usage

API to get detail error message for error code. Plugin application return detail error message will be shown to Keyguard or ODE UX.

 public String getDetailErrorMessage (int errorCode) {
     String errorMsg = null;
     if (errorCode == UcmAgentService.ERROR_NO_PLUGIN_RESPONSE) {
         errorMsg = "There is no plugin response";
     }
     return errorMsg;
 }
 
Since
API level 22
Knox 2.8
Multiuser Environment
Global Scope

public abstract Bundle getInfo ()

Since: API level 20

API to return Credential Storage information. Implementation of this API is optional.

Returns
  • Bundle
Usage

API to get Credential Storage information. This api depends on the implementation of plugin, plugin can use one or more Bundle keys in response : PLUGIN_ERROR_CODE, PLUGIN_BOOLEAN_RESPONSE, PLUGIN_BUNDLE_RESPONSE, PLUGIN_BYTEARRAY_RESPONSE, PLUGIN_INT_RESPONSE, , PLUGIN_STRINGARRAY_RESPONSE, PLUGIN_STRING_RESPONSE.
It can be called using getInfo(String) API of UniversalCredentialUtil class, and calling application should know pre-defined the key value of the plugin application to get return value.

 public Bundle getInfo() {
   //After processing in an Applet.
   Bundle pluginResponse = new Bundle();
   pluginResponse.putString(PLUGIN_STRING_RESPONSE, "information");
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public final Provider getProvider ()

Since: API level 20

API to get current UCM provider to register UCM SPI Service.

Returns
  • Provider
Usage

API to get current UCM provider to register UCM SPI Service. Refer putServiceImpl(Provider.Service) API for it's usage.

Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle getStatus ()

Since: API level 20

API to get the current status of the Credential Storage. Implementation of this API is madatory to support UCM Keyguard or UCM ODE.

Returns
Usage

API to get the current status of the Credential Storage, and the result should include these values that basic plugin error code and current lock state and remaining retry count.
If current lock state is STATE_BLOCKED, plugin can send more information string to display in Keyguard and ODE UI. It is MISC information and optional.
To send custom string, the string should be included into return bundle by MISC_INFO.

 public Bundle getStatus() {
   int remaining_count = 5;
   Bundle pluginResponse = new Bundle();
   pluginResponse.putInt(LOCK_STATE, STATE_UNLOCKED);
   pluginResponse.putInt(REMAIN_COUNT, remaining_count);
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   // if state is STATE_BLOCKED,
   pluginResponse.putString(MISC_INFO, "Vendor specific message");
   return pluginResponse;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract int notifyChange (int eventId, Bundle data)

Since: API level 20

API which UCM framework will call to notify change. Implementation of this API is recommended.

Returns
  • not used
Usage

UCM framework notify plugin when different event occured. Plugin application can peform operation based event received.

 
 
 public int notifyChange(int eventId, Bundle data) {
   int adminUid = data.getInt(ADMIN_UID, -1);
   int userId = data.getInt(USER_ID, -1);
   switch (eventId) {
     case EVENT_PLUGIN_UNMANAGED:
          Log.d(TAG, "plugin is unmanaged");
          break;
      case EVENT_USER_REMOVED:
          Log.d(TAG, "user is removed : " + userId);
          break;
      case EVENT_PACKAGE_UNINSTALL:
          int packageUid = data.getInt(PACKAGE_UID, NOT_INITIALIZED);
          Log.d(TAG, "application is uninstalled : " + packageUid);
          break;
      case EVENT_ADMIN_LICENSE_EXPIRED:
          Log.d(TAG, "Admin license is expired : " + adminUid);
          break;
      case EVENT_ADMIN_LICENSE_RENEWED:
          Log.d(TAG, "Admin license is renewed : " + adminUid);
          break;
      case EVENT_DEVICE_LOCKED:
          Log.d(TAG, "Device is locked : " + userId);
          break;
      case EVENT_DEVICE_UNLOCKED:
          Log.d(TAG, "Device is unlocked : " + userId);
          break;
      case EVENT_KEYGUARD_SET:
          Log.d(TAG, "UCM Keyguard is set : " + userId);
          break;
      case EVENT_KEYGUARD_UNSET:
          Log.d(TAG, "UCM Keyguard is unset : " + userId);
          break;
      default:
          Log.d(TAG, " Event ID: " + eventId);
      }
      return 0;
  }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle setCredentialStorageProperty (int adminUid, int userId, Bundle args)

Since: API level 20

API to set information in Credential Storage. Implementation of this API is optional.

Parameters
adminUid MDM uid
userId user Id
args plugin specific properties
Returns
  • Bundle plugin specific properties
Usage

Some Credential Storage has each plugin specific properties like PIN timeout. Configurator can manage plugin properties using this API.
This API is used to set plugin specific properties.

 public Bundle setCredentialStorageProperty(int adminUid, String userId, Bundle extra) {
   int pinCacheOption = extra.getInt(BUNDLE_EXTRA_PIN_CACHE, -1);
   return extra;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle setState (int state)

Since: API level 20

API to set state of Credential Storage. Implementation of this API is optional.

Parameters
state STATE_LOCKED or STATE_UNLOCKED or STATE_BLOCKED
Returns
Usage

API to set state of Credential Storage. It is not called in UCM framework and basically this plugin service is protected by System permission "com.samsung.android.knox.permission.KNOX_UCM_BIND_PLUGIN_SERVICE".
So only for some special use case, this API can be called in plugin side.

 public Bundle setState(int state) {
   Bundle pluginResponse = new Bundle();
   pluginResponse.putBoolean(PLUGIN_BOOLEAN_RESPONSE, applet_response);
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle unwrapDek (byte[] wrappedDek)

Since: API level 22

API to unwrap wrapped key that wrapped and stored in device. Implementation of this API is madatory to support UCM ODE to store (wrapped) DEK on the device side.

Parameters
wrappedDek wrapped device encryption key stored in device
Returns
  • Bundle
Usage

API to unwrap key that wrapped and stored in device. The wrapped key returned by generateWrappedDek().
Basically this API can be called after PIN authentication.

 public Bundle unwrapDek(byte[] wrappedDek) {
   Bundle pluginResponse = new Bundle();
   byte[] unwrapped_dek = unwrapDek(wrappedDek);
   pluginResponse.putByteArray(PLUGIN_BYTEARRAY_RESPONSE, unwrapped_dek);
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 22
Knox 2.8
Multiuser Environment
Global Scope

public abstract Bundle verifyPin (int userId, String pin, Bundle extra)

Since: API level 20

API to verify input PIN and return current state and remaining retry count. Implementation of this API is madatory to support UCM Keyguard or UCM ODE.

Parameters
userId user Id
pin entered PIN
extra reserved
Returns
Usage

API is to verify input PIN and updates the current state and returns the state and remaining retry count of Credential Storage. It will be called in UCM Keyguard(registration / unlock device) and ODE(device encryption /decryption) scenario. Return bundle should include LOCK_STATE, REMAIN_COUNT and PLUGIN_ERROR_CODE.

 public Bundle verifyPin(int userId, String pin, Bundle extra) {
   Bundle pluginResponse = new Bundle();
   int remaining_count = 5;
   pluginResponse.putInt(LOCK_STATE, STATE_UNLOCKED);
   pluginResponse.putInt(REMAIN_COUNT, remaining_count);
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope

public abstract Bundle verifyPuk (String puk, String pin)

Since: API level 20

API to verify the PUK and update new pin to be used for verification. Implementation of this API is optional.

Parameters
puk entered PUK
pin entered PIN
Returns
Usage

This API will be called when PIN has expired. It is to verify the PUK, update new PIN and lock state, return the state and remaining retry count of the Credential Storage. It will be called in UCM Keyguard(registration / unlock device) and ODE(device encryption /decryption) scenario.
Return bundle should include LOCK_STATE, REMAIN_COUNT and PLUGIN_ERROR_CODE.

 public Bundle verifyPuk(String puk, String pin) {
   Bundle pluginResponse = new Bundle();
   int remaining_count = 5;
   pluginResponse.putInt(LOCK_STATE, STATE_UNLOCKED);
   pluginResponse.putInt(REMAIN_COUNT, remaining_count);
   pluginResponse.putInt(PLUGIN_ERROR_CODE, ERROR_NONE);
   return pluginResponse;
 }
 
Since
API level 20
KNOX 2.7
Multiuser Environment
Global Scope