Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Remove deprecated android.security.KeyStore methods." into mnc-dev

Browse Source
This commit is contained in:
Alex Klyubin
2015-06-08 18:11:15 +00:00
committed by Android (Google) Code Review
parent 2c500236f4 4350babc02
commit 266894644a
6 changed files with 45 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
keystore/java/android/security/KeyStore.java
View File

@@ -231,14 +231,6 @@ public class KeyStore {
return list(prefix, UID_SELF);
}
public String[] saw(String prefix, int uid) {
return list(prefix, uid);
}
public String[] saw(String prefix) {
return saw(prefix, UID_SELF);
}
public boolean reset() {
try {
return mBinder.reset() == NO_ERROR;
@@ -328,23 +320,6 @@ public class KeyStore {
}
}
public byte[] getPubkey(String key) {
try {
return mBinder.get_pubkey(key);
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return null;
}
}
public boolean delKey(String key, int uid) {
return delete(key, uid);
}
public boolean delKey(String key) {
return delKey(key, UID_SELF);
}
public byte[] sign(String key, byte[] data) {
try {
return mBinder.sign(key, data);

16
keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
View File

@@ -20,6 +20,8 @@ import android.annotation.NonNull;
import android.security.Credentials;
import android.security.KeyPairGeneratorSpec;
import android.security.KeyStore;
import android.security.keymaster.ExportResult;
import android.security.keymaster.KeymasterDefs;
import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;
import com.android.org.conscrypt.NativeConstants;
@@ -33,6 +35,7 @@ import java.security.KeyPairGenerator;
import java.security.KeyPairGeneratorSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
@@ -153,7 +156,18 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
throw new RuntimeException("Can't get key", e);
}
final byte[] pubKeyBytes = mKeyStore.getPubkey(privateKeyAlias);
ExportResult exportResult =
mKeyStore.exportKey(
privateKeyAlias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null);
if (exportResult == null) {
throw new KeyStoreConnectException();
} else if (exportResult.resultCode != KeyStore.NO_ERROR) {
throw new ProviderException(
"Failed to obtain public key in X.509 format",
KeyStore.getKeyStoreException(exportResult.resultCode));
}
final byte[] pubKeyBytes = exportResult.exportData;
final PublicKey pubKey;
try {

6
keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
View File

@@ -685,7 +685,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
}
private Set<String> getUniqueAliases() {
final String[] rawAliases = mKeyStore.saw("");
final String[] rawAliases = mKeyStore.list("");
if (rawAliases == null) {
return new HashSet<String>();
}
@@ -778,7 +778,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
* equivalent to the USER_CERTIFICATE prefix for the Android keystore
* convention.
*/
final String[] certAliases = mKeyStore.saw(Credentials.USER_CERTIFICATE);
final String[] certAliases = mKeyStore.list(Credentials.USER_CERTIFICATE);
if (certAliases != null) {
for (String alias : certAliases) {
final byte[] certBytes = mKeyStore.get(Credentials.USER_CERTIFICATE + alias);
@@ -799,7 +799,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
* Look at all the TrustedCertificateEntry types. Skip all the
* PrivateKeyEntry we looked at above.
*/
final String[] caAliases = mKeyStore.saw(Credentials.CA_CERTIFICATE);
final String[] caAliases = mKeyStore.list(Credentials.CA_CERTIFICATE);
if (certAliases != null) {
for (String alias : caAliases) {
if (nonCaEntries.contains(alias)) {

24
keystore/tests/src/android/security/KeyStoreTest.java
View File

@@ -276,8 +276,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
}
public void testSaw() throws Exception {
String[] emptyResult = mKeyStore.saw(TEST_KEYNAME);
public void testList() throws Exception {
String[] emptyResult = mKeyStore.list(TEST_KEYNAME);
assertNotNull(emptyResult);
assertEquals(0, emptyResult.length);
@@ -285,26 +285,26 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
String[] results = mKeyStore.saw(TEST_KEYNAME);
String[] results = mKeyStore.list(TEST_KEYNAME);
assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
new HashSet(Arrays.asList(results)));
}
public void testSaw_ungrantedUid_Bluetooth() throws Exception {
String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID);
public void testList_ungrantedUid_Bluetooth() throws Exception {
String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID);
assertEquals(0, results1.length);
mKeyStore.onUserPasswordChanged(TEST_PASSWD);
mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID);
String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID);
assertEquals(0, results2.length);
}
public void testSaw_grantedUid_Wifi() throws Exception {
String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID);
public void testList_grantedUid_Wifi() throws Exception {
String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID);
assertNotNull(results1);
assertEquals(0, results1.length);
@@ -312,14 +312,14 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED);
mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED);
String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID);
String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID);
assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
new HashSet(Arrays.asList(results2)));
}
public void testSaw_grantedUid_Vpn() throws Exception {
String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID);
public void testList_grantedUid_Vpn() throws Exception {
String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID);
assertNotNull(results1);
assertEquals(0, results1.length);
@@ -327,7 +327,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED);
mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED);
String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID);
String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID);
assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
new HashSet(Arrays.asList(results2)));

10
keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java
View File

@@ -18,6 +18,9 @@ package android.security.keystore;
import android.security.Credentials;
import android.security.KeyPairGeneratorSpec;
import android.security.KeyStore;
import android.security.keymaster.ExportResult;
import android.security.keymaster.KeymasterDefs;
import android.test.AndroidTestCase;
import java.io.ByteArrayInputStream;
@@ -78,7 +81,7 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase {
assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111"));
assertTrue(mAndroidKeyStore.isUnlocked());
String[] aliases = mAndroidKeyStore.saw("");
String[] aliases = mAndroidKeyStore.list("");
assertNotNull(aliases);
assertEquals(0, aliases.length);
}
@@ -359,7 +362,10 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase {
final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias);
assertNull("A list of CA certificates should not exist for the generated entry", caCerts);
final byte[] pubKeyBytes = mAndroidKeyStore.getPubkey(Credentials.USER_PRIVATE_KEY + alias);
ExportResult exportResult = mAndroidKeyStore.exportKey(
Credentials.USER_PRIVATE_KEY + alias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null);
assertEquals(KeyStore.NO_ERROR, exportResult.resultCode);
final byte[] pubKeyBytes = exportResult.exportData;
assertNotNull("The keystore should return the public key for the generated key",
pubKeyBytes);
}

9
keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java
View File

@@ -24,6 +24,8 @@ import com.android.org.conscrypt.OpenSSLEngine;
import android.security.Credentials;
import android.security.KeyStore;
import android.security.KeyStoreParameter;
import android.security.keymaster.ExportResult;
import android.security.keymaster.KeymasterDefs;
import android.test.AndroidTestCase;
import java.io.ByteArrayInputStream;
@@ -742,7 +744,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase {
assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111"));
assertTrue(mAndroidKeyStore.isUnlocked());
assertEquals(0, mAndroidKeyStore.saw("").length);
assertEquals(0, mAndroidKeyStore.list("").length);
}
private void assertAliases(final String[] expectedAliases) throws KeyStoreException {
@@ -1932,7 +1934,10 @@ public class AndroidKeyStoreTest extends AndroidTestCase {
throw new RuntimeException("Can't get key", e);
}
final byte[] pubKeyBytes = keyStore.getPubkey(privateKeyAlias);
ExportResult exportResult =
keyStore.exportKey(privateKeyAlias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null);
assertEquals(KeyStore.NO_ERROR, exportResult.resultCode);
final byte[] pubKeyBytes = exportResult.exportData;
final PublicKey pubKey;
try {