identity: Add support for setting minimum validity period for AuthKey.

    ctor public AlreadyPersonalizedException(@NonNull String, @NonNull Throwable);

  }

  public class AuthenticationKeyMetadata {

    method @NonNull public java.time.Instant getExpirationDate();

    method @IntRange(from=0) public int getUsageCount();

  }

  public class CipherSuiteNotSupportedException extends android.security.identity.IdentityCredentialException {

    ctor public CipherSuiteNotSupportedException(@NonNull String);

    ctor public CipherSuiteNotSupportedException(@NonNull String, @NonNull Throwable);

    method @NonNull public byte[] delete(@NonNull byte[]);

    method @Deprecated @NonNull public abstract byte[] encryptMessageToReader(@NonNull byte[]);

    method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getAuthKeysNeedingCertification();

    method @NonNull public abstract int[] getAuthenticationDataUsageCount();

    method @Deprecated @NonNull public abstract int[] getAuthenticationDataUsageCount();

    method @NonNull public java.util.List<android.security.identity.AuthenticationKeyMetadata> getAuthenticationKeyMetadata();

    method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getCredentialKeyCertificateChain();

    method @Deprecated @NonNull public abstract android.security.identity.ResultData getEntries(@Nullable byte[], @NonNull java.util.Map<java.lang.String,java.util.Collection<java.lang.String>>, @Nullable byte[], @Nullable byte[]) throws android.security.identity.EphemeralPublicKeyNotFoundException, android.security.identity.InvalidReaderSignatureException, android.security.identity.InvalidRequestMessageException, android.security.identity.NoAuthenticationKeyAvailableException, android.security.identity.SessionTranscriptMismatchException;

    method @NonNull public byte[] proveOwnership(@NonNull byte[]);

    method @Deprecated public abstract void setAllowUsingExhaustedKeys(boolean);

    method @Deprecated public void setAllowUsingExpiredKeys(boolean);

    method public abstract void setAvailableAuthenticationKeys(int, int);

    method @Deprecated public abstract void setAvailableAuthenticationKeys(int, int);

    method public void setAvailableAuthenticationKeys(@IntRange(from=0) int, @IntRange(from=1) int, @IntRange(from=0) long);

    method @Deprecated public abstract void setReaderEphemeralPublicKey(@NonNull java.security.PublicKey) throws java.security.InvalidKeyException;

    method @Deprecated public abstract void storeStaticAuthenticationData(@NonNull java.security.cert.X509Certificate, @NonNull byte[]) throws android.security.identity.UnknownAuthenticationKeyException;

    method public void storeStaticAuthenticationData(@NonNull java.security.cert.X509Certificate, @NonNull java.time.Instant, @NonNull byte[]) throws android.security.identity.UnknownAuthenticationKeyException;

/*

 * Copyright 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.security.identity;

import android.annotation.IntRange;

import android.annotation.NonNull;

import java.time.Instant;

/**

 * Data about authentication keys.

 */

public class AuthenticationKeyMetadata {

    private int mUsageCount;

    private Instant mExpirationDate;

    AuthenticationKeyMetadata(int usageCount, Instant expirationDate) {

        mUsageCount = usageCount;

        mExpirationDate = expirationDate;

    }

    /**

     * Gets usage count for the authentication key.

     *

     * @return the usage count

     */

    public @IntRange(from = 0) int getUsageCount() {

        return mUsageCount;

    }

    /**

     * Gets expiration date for the authentication key.

     *

     * @return the expiration date of the authentication key.

     */

    public @NonNull Instant getExpirationDate() {

        return mExpirationDate;

    }

}

    @Override

    public void setAvailableAuthenticationKeys(int keyCount, int maxUsesPerKey) {

        setAvailableAuthenticationKeys(keyCount, maxUsesPerKey, 0);

    }

    @Override

    public void setAvailableAuthenticationKeys(int keyCount, int maxUsesPerKey,

                                               long minValidTimeMillis) {

        try {

            mBinder.setAvailableAuthenticationKeys(keyCount, maxUsesPerKey);

            mBinder.setAvailableAuthenticationKeys(keyCount, maxUsesPerKey, minValidTimeMillis);

        } catch (android.os.RemoteException e) {

            throw new RuntimeException("Unexpected RemoteException ", e);

        } catch (android.os.ServiceSpecificException e) {

        }

    }

    @Override

    public @NonNull List<AuthenticationKeyMetadata> getAuthenticationKeyMetadata() {

        try {

            int[] usageCount = mBinder.getAuthenticationDataUsageCount();

            long[] expirationsMillis = mBinder.getAuthenticationDataExpirations();

            if (usageCount.length != expirationsMillis.length) {

                throw new IllegalStateException("Size og usageCount and expirationMillis differ");

            }

            List<AuthenticationKeyMetadata> mds = new ArrayList<>();

            for (int n = 0; n < expirationsMillis.length; n++) {

                AuthenticationKeyMetadata md = null;

                long expirationMillis = expirationsMillis[n];

                if (expirationMillis != Long.MAX_VALUE) {

                    md = new AuthenticationKeyMetadata(

                        usageCount[n],

                        Instant.ofEpochMilli(expirationMillis));

                }

                mds.add(md);

            }

            return mds;

        } catch (android.os.RemoteException e) {

            throw new IllegalStateException("Unexpected RemoteException ", e);

        } catch (android.os.ServiceSpecificException e) {

            throw new IllegalStateException("Unexpected ServiceSpecificException with code "

                    + e.errorCode, e);

        }

    }

    @Override

    public @NonNull byte[] proveOwnership(@NonNull byte[] challenge) {

        try {

package android.security.identity;

import android.annotation.IntRange;

import android.annotation.NonNull;

import android.annotation.Nullable;

import java.security.cert.X509Certificate;

import java.time.Instant;

import java.util.Collection;

import java.util.List;

import java.util.Map;

/**

     *                                                session transcripts.

     * @throws NoAuthenticationKeyAvailableException  if authentication keys were never

     *                                                provisioned, the method

     *                                             {@link #setAvailableAuthenticationKeys(int, int)}

     *                                      {@link #setAvailableAuthenticationKeys(int, int, long)}

     *                                                was called with {@code keyCount} set to 0,

     *                                                the method

     *                                                {@link #setAllowUsingExhaustedKeys(boolean)}

     * for which this method has not been called behave as though it had been called wit

     * {@code keyCount} 0 and {@code maxUsesPerKey} 1.

     *

     * <p>The effect of this method is like calling

     * {@link #setAvailableAuthenticationKeys(int, int, long)} with the last parameter is set to 0.

     *

     * @param keyCount      The number of active, certified dynamic authentication keys the

     *                      {@code IdentityCredential} will try to keep available. This value

     *                      must be non-negative.

     * @param maxUsesPerKey The maximum number of times each of the keys will be used before it's

     *                      eligible for replacement. This value must be greater than zero.

     * @deprecated Use {@link #setAvailableAuthenticationKeys(int, int, long)} instead.

     */

    @Deprecated

    public abstract void setAvailableAuthenticationKeys(int keyCount, int maxUsesPerKey);

    /**

     * Gets a collection of dynamic authentication keys that need certification.

     *

     * <p>When there aren't enough certified dynamic authentication keys, either because the key

     * count has been increased or because one or more keys have reached their usage count, this

     * count has been increased or because one or more keys have reached their usage count or

     * it if a key is too close to its expiration date, this

     * method will generate replacement keys and certificates and return them for issuer

     * certification.  The issuer certificates and associated static authentication data must then

     * be provided back to the Identity Credential using

     * This should only be called for an authenticated key returned by

     * {@link #getAuthKeysNeedingCertification()}.

     *

     * <p>This is only implemented in feature version 202101 or later. If not implemented, the call

     * fails with {@link UnsupportedOperationException}. See

     * {@link android.content.pm.PackageManager#FEATURE_IDENTITY_CREDENTIAL_HARDWARE} for known

     * feature versions.

     *

     * @param authenticationKey The dynamic authentication key for which certification and

     *                          associated static

     *                          authentication data is being provided.

     * Get the number of times the dynamic authentication keys have been used.

     *

     * @return int array of dynamic authentication key usage counts.

     * @deprecated Use {@link #getAuthenticationKeyMetadata()} instead.

     */

    @Deprecated

    public @NonNull abstract int[] getAuthenticationDataUsageCount();

    /**

    public @NonNull byte[] update(@NonNull PersonalizationData personalizationData) {

        throw new UnsupportedOperationException();

    }

    /**

     * Sets the number of dynamic authentication keys the {@code IdentityCredential} will maintain,

     * the number of times each should be used, and the minimum amount of time it's valid for.

     *

     * <p>The Identity Credential system will select the least-used dynamic authentication key each

     * time {@link #getEntries(byte[], Map, byte[], byte[])} is called. Identity Credentials

     * for which this method has not been called behave as though it had been called wit

     * {@code keyCount} 0, {@code maxUsesPerKey} 1, and {@code minValidTimeMillis} 0.

     *

     * <p>Applications can use {@link #getAuthenticationKeyMetadata()} to get a picture of the

     * usage andtime left of each configured authentication key. This can be used to determine

     * how urgent it is recertify new authentication keys via the

     * {@link #getAuthKeysNeedingCertification()} method.

     *

     * @param keyCount      The number of active, certified dynamic authentication keys the

     *                      {@code IdentityCredential} will try to keep available. This value

     *                      must be non-negative.

     * @param maxUsesPerKey The maximum number of times each of the keys will be used before it's

     *                      eligible for replacement. This value must be greater than zero.

     * @param minValidTimeMillis If a key has less time left than this value it will be eliglible

     *                           for replacement. This value must be non-negative.

     */

    public void setAvailableAuthenticationKeys(

            @IntRange(from = 0) int keyCount,

            @IntRange(from = 1) int maxUsesPerKey,

            @IntRange(from = 0) long minValidTimeMillis) {

        throw new UnsupportedOperationException();

    }

    /**

     * Get information about dynamic authentication keys.

     *

     * <p>The returned list may have <code>null</code> values if certification for the dynamic

     * authentication key is pending.

     *

     * <p>The list is always <code>keyCount</code> elements long.

     *

     * @return list of authentication key metadata objects.

     */

    public @NonNull List<AuthenticationKeyMetadata> getAuthenticationKeyMetadata() {

        throw new UnsupportedOperationException();

    }

}