Summary: Ctors | Methods | Inherited Methods | [Expand All]
Since: API level 37
public static final class

CertProvisionProfile.Builder

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.zt.devicetrust.cert.CertProvisionProfile.Builder

Class Overview

Builder class to create Certificate provision profile

Summary

Public Constructors
Builder(String rootCA, String protocol, String provisionType, String keyProvider, int keyOwner, String keyAlias, Bundle subject)
Constructs a new Builder with the defaults.
Public Methods
CertProvisionProfile build()
Combine all of the options that have been set and return a new CertProvisionProfile object.
CertProvisionProfile.Builder setChallengePassword(String challengePassword)
Set a challenge password.
CertProvisionProfile.Builder setClientIdentifierType(int clientIdentifierType)
Set a client identifier type.
CertProvisionProfile.Builder setClientIdentifiers(String... clientIdentifiers)
Set a client identifier.
CertProvisionProfile.Builder setKeyExtendedPurposes(String... keyExtendedPurposes)
Set the extended purposes to be written to the certificate to be provisioned.
CertProvisionProfile.Builder setServerHost(String serverHost)
Set a certificate server host address.
CertProvisionProfile.Builder setServerPath(String serverPath)
Set a certificate server path.
CertProvisionProfile.Builder setServerPort(String serverPort)
Set a certificate server port.
CertProvisionProfile.Builder setSubjectAltName(Bundle subjectAltName)
Set a subject alternative name to be written on the certificate.
CertProvisionProfile.Builder setSystemKeyPurposes(int systemKeyPurposes)
Set a purpose of system key.
CertProvisionProfile.Builder setSystemKeySize(int systemKeySize)
Set a size of system key.
CertProvisionProfile.Builder setSystemKeyType(String systemKeyType)
Set a algorithm of system key.
[Expand]
Inherited Methods
From class java.lang.Object

Public Constructors

public Builder (String rootCA, String protocol, String provisionType, String keyProvider, int keyOwner, String keyAlias, Bundle subject)

Since: API level 37

Constructs a new Builder with the defaults.

Parameters
rootCA root of CA when remote certificate provisioning It can consist of either CA_DEFAULT or CA_LOOPBACK.
protocol protocol used when remote certificate provisioning It can consist of either PROTOCOL_ACME or PROTOCOL_SCEP.
provisionType provision type of remote certificate provisioning It can consist of either TYPE_PROVISION, TYPE_RENEW or TYPE_REVOKE.
keyProvider key provider of remote certificate provisioning It can consist of either PROVIDER_ANDROID or PROVIDER_UCM.
keyOwner key owner to be provisioned It can consist of either KEY_OWNER_SYSTEM or KEY_OWNER_APP.
keyAlias alias of the key to be provisioned
subject subject to be written in the certificate The representation of a X.500 name represented as an array of OID and value. For example, C=KR O=Samsung Electronics. O=Samsung Mobile. CN=foo 1.2.3.4=bar corresponds to: 
Bundle subject = new Bundle();
subject.putString("C", "KR");
subject.putStringArrayList("O", ["Samsung Electronics.", "Samsung Mobile."]);
subject.putString("CN", "foo");
subject.putString("1.2.3.4", "bar");
Dotted numbers can represent OIDs, with shortcuts for common name (CN), country (C), organization (O), organizational unit (OU), locality (L) and state (ST). The server may override or ignore this field in the certificate it issues.
Returns
Since
API level 37
KNOX 3.10

Public Methods

public CertProvisionProfile build ()

Since: API level 37

Combine all of the options that have been set and return a new CertProvisionProfile object.

Returns
Throws
KnoxZtException if a value other than the supported value comes.
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setChallengePassword (String challengePassword)

Since: API level 37

Set a challenge password. This value only valid for scep protocol case. That value is valid only when protocol is PROTOCOL_SCEP.

Parameters
challengePassword challenge password to communicate certificate server
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setClientIdentifierType (int clientIdentifierType)

Since: API level 37

Set a client identifier type. That value is valid only when protocol is PROTOCOL_ACME.

Parameters
clientIdentifierType Client identified type by the server. It can consist of either CLIENT_ID_TYPE_IMEI or CLIENT_ID_TYPE_SAK_UID.
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setClientIdentifiers (String... clientIdentifiers)

Since: API level 37

Set a client identifier. That value is valid only when protocol is PROTOCOL_ACME.

Parameters
clientIdentifiers client identified by the server
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setKeyExtendedPurposes (String... keyExtendedPurposes)

Since: API level 37

Set the extended purposes to be written to the certificate to be provisioned. The server may override or ignore this field in the certificate it issues.

Parameters
keyExtendedPurposes The value is an array of strings. Each string is an OID in dotted notation. For instance, ["1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.4"] indicates server authentication and email protection.
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setServerHost (String serverHost)

Since: API level 37

Set a certificate server host address. If loopback rootCA case, the value set here is ignored.

Parameters
serverHost host address of certificate server
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setServerPath (String serverPath)

Since: API level 37

Set a certificate server path. If loopback rootCA case, the value set here is ignored.

Parameters
serverPath path of certificate server
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setServerPort (String serverPort)

Since: API level 37

Set a certificate server port. If loopback rootCA case, the value set here is ignored.

Parameters
serverPort port of certificate server
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setSubjectAltName (Bundle subjectAltName)

Since: API level 37

Set a subject alternative name to be written on the certificate. The server may override or ignore this field in the certificate it issues.

Parameters
subjectAltName You can specify a single string or an array list of strings for each key. The key value must consist of SAN_DNS_NAME, SAN_IP_ADDRESS, SAN_RFC822_NAME or SAN_URI. For example, dns=127.0.1, dns=dns.samsung.com ip=192.168.0.1 corresponds to: 
Bundle subject = new Bundle();
subject.putStringArrayList(SAN_DNS_NAME, ["127.0.1", "dns.samsung.com"]);
subject.putString(SAN_IP_ADDRESS, "192.168.0.1");
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setSystemKeyPurposes (int systemKeyPurposes)

Since: API level 37

Set a purpose of system key. That value is valid only when key owner is KEY_OWNER_SYSTEM.

Parameters
systemKeyPurposes Set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used. It can consist of a combination of KEY_PURPOSE_ENCRYPT and KEY_PURPOSE_SIGN.
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setSystemKeySize (int systemKeySize)

Since: API level 37

Set a size of system key. That value is valid only when key owner is KEY_OWNER_SYSTEM.

Parameters
systemKeySize Sets the size (in bits) of the key to be generated
Returns
Since
API level 37
KNOX 3.10

public CertProvisionProfile.Builder setSystemKeyType (String systemKeyType)

Since: API level 37

Set a algorithm of system key. That value is valid only when key owner is KEY_OWNER_SYSTEM.

Parameters
systemKeyType Key algorithm to use (RSA, EC). It can consist of either KEY_TYPE_RSA or KEY_TYPE_EC.
Returns
Since
API level 37
KNOX 3.10