package com.android.server;

import com.samsung.android.service.activationteeservice.ActivationTeeCertificates;
import com.samsung.android.service.activationteeservice.ActivationTeeCredentials;
import com.samsung.android.service.activationteeservice.ActivationTeeException;

public class ActivationTeeService {
    static {
        System.loadLibrary("activation-jni");
    }

    /**
     * Generates RSA session keypair. Stores RSA session private key and
     * returns x.509 certificate chain: DRK certificate and session RSA certificate
     * issued by DRK.
     *
     * @return object, containing x.509 DRK certificate and RSA session keypair
     * @throws ActivationTeeException
     */
    public native ActivationTeeCertificates generateSessionCertificate() throws ActivationTeeException;

    /**
     * Stores AES key of server encrypted with RSA session public key
     * (@see generateSessionCertificate).
     *
     * @param encryptedKey
     *            encrypted AES key (received from server)
     *            that will be used to generate activation credentials
     *
     * @throws ActivationTeeException
     */
    public native void storeServerKey(byte[] encryptedKey) throws ActivationTeeException;

    /**
     * Generates activation credentials using device unique data (like IMEI).
     * Activation credentials are encrypted with AES-GCM by previously stored AES key
     * (@see storeServerKey).
     *
     * @param dataBlock
     *            byte array, containing device unique data to be encrypted.
     * @return activation credentials containing IV, TAG and encrypted data.
     *
     * @throws ActivationTeeException
     */
    public native ActivationTeeCredentials generateCredentials(byte[] input)
            throws ActivationTeeException;
}