Package com.meawallet.mtp

Interface KeyStoreProtectionManager

public interface KeyStoreProtectionManager
Aggregation of KeyStoreProtectionKeyProvider and KeyStoreProtectionRemover interfaces.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    generatePublicKey(byte[] attestationChallenge)
    Generate RSA key pair and the attestation certificate in the AndroidKeyStore.
    String[]
    getCertificateChain()
    Get certificate chain of the RSA public key from the AndroidKeyStore.
    byte[]
    getKeyCertificate()
    Get key certificate of the RSA public key from the AndroidKeyStore.
    byte[]
    getPublicKey()
    Get RSA public key from the AndroidKeyStore.
    boolean
    hasSecretKey()
    Check if the secret key (payment credential transport key) is present in the AndroidKeyStore.
    boolean
    hasSecretKey()
    Check if the secret key (payment credential transport key) is present in the AndroidKeyStore.
    void
    importSecretKey(byte[] secretKey)
    Import secret key in the AndroidKeyStore.
    boolean
    isSecureImportSupported()
    Check if given OS version and the AndroidKeyStore supports secure key import.
    byte[]
    removeKeyStoreProtection(byte[] protectedData)
    Removes keystore protection (decrypts using secret key in the AndroidKeyStore) from protected data.

  • Method Details

    • importSecretKey

      void importSecretKey(byte[] secretKey) throws com.meawallet.mtp.KeyStoreProtectionException
      Import secret key in the AndroidKeyStore. If invoked multiple times, each time the key store entry is overwritten.
      Parameters:
      secretKey - in plain text as array of bytes
      Throws:
      com.meawallet.mtp.KeyStoreProtectionException - when import fails for any reason

    • generatePublicKey

      void generatePublicKey(byte[] attestationChallenge) throws com.meawallet.mtp.KeyStoreProtectionException
      Generate RSA key pair and the attestation certificate in the AndroidKeyStore. The first invocation generates a new pair, subsequent invocations has no effect.
      Parameters:
      attestationChallenge - challenge to be included into the key attestation certificate.
      Throws:
      com.meawallet.mtp.KeyStoreProtectionException - when the key generation fails for any reason.

    • getPublicKey

      byte[] getPublicKey() throws com.meawallet.mtp.KeyStoreProtectionException
      Get RSA public key from the AndroidKeyStore. The RSA pair has to be generated first by generatePublicKey(byte[])
      Returns:
      public key from the AndroidKeyStore as array of bytes.
      Throws:
      com.meawallet.mtp.KeyStoreProtectionException - when the key retrieval fails for any reason. Including if the key pair is not generated.

    • getKeyCertificate

      byte[] getKeyCertificate() throws com.meawallet.mtp.KeyStoreProtectionException
      Get key certificate of the RSA public key from the AndroidKeyStore. The RSA pair has to be generated first by generatePublicKey(byte[])
      Returns:
      key certificate (X509Certificate) generated in AndroidKeyStore as array of bytes.
      Throws:
      com.meawallet.mtp.KeyStoreProtectionException - when the certificate generation or retrieval fails for any reason.

    • getCertificateChain

      String[] getCertificateChain() throws com.meawallet.mtp.KeyStoreProtectionException
      Get certificate chain of the RSA public key from the AndroidKeyStore. The RSA pair has to be generated first by generatePublicKey(byte[])
      Returns:
      certificate chain generated in AndroidKeyStore as array of HEX string encoded certificates.
      Throws:
      com.meawallet.mtp.KeyStoreProtectionException - when the certificate generation or retrieval fails for any reason.

    • hasSecretKey

      boolean hasSecretKey()
      Check if the secret key (payment credential transport key) is present in the AndroidKeyStore.
      Returns:
      true if the secret key is imported and present in the AndroidKeyStore, false otherwise. Also returns false if any exception is thrown during the verification.

    • isSecureImportSupported

      boolean isSecureImportSupported()
      Check if given OS version and the AndroidKeyStore supports secure key import.
      Returns:
      true if the secure key import is supported, false otherwise. Also returns false if any exception is thrown during the verification.

    • removeKeyStoreProtection

      byte[] removeKeyStoreProtection(byte[] protectedData) throws com.meawallet.mtp.KeyStoreProtectionException
      Removes keystore protection (decrypts using secret key in the AndroidKeyStore) from protected data.
      Parameters:
      protectedData - Data encrypted by the secret key in the AndroidKeyStore
      Returns:
      Decrypted data as an array of bytes
      Throws:
      com.meawallet.mtp.KeyStoreProtectionException - when decryption fails for any reason

    • hasSecretKey

      boolean hasSecretKey()
      Check if the secret key (payment credential transport key) is present in the AndroidKeyStore.
      Returns:
      true if the secret key is imported and present in the AndroidKeyStore, false otherwise. Also returns false if any exception is thrown during the verification.