Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add NonNull and Nullable annotations to AndroidKeyStore API.

Browse Source 
This is to enable Android Lint and Android Studio to flag nullness
issues at compile time.

Bug: 18088752
Change-Id: I21033b8fcdd989d08c89b50685e47fbb9c74acbf
This commit is contained in:
Alex Klyubin
2015-05-11 12:30:03 -07:00
parent e1176f10eb
commit 54bb1596e4
8 changed files with 175 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
keystore/java/android/security/EcIesParameterSpec.java
View File

@@ -1,6 +1,8 @@
package android.security;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.Nullable;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -127,6 +129,7 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {
* Returns KEM KDF algorithm (e.g., {@code HKDFwithSHA256} or {@code KDF1withSHA1}) or
* {@code null} if not specified.
*/
@Nullable
public String getKemKdfAlgorithm() {
return mKemKdfAlgorithm;
}
@@ -138,6 +141,7 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {
* @see Cipher#getInstance(String)
* @see #getDemCipherKeySize()
*/
@Nullable
public String getDemCipherTransformation() {
return mDemCipherTransformation;
}
@@ -158,6 +162,7 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {
* @see Mac#getInstance(String)
* @see #getDemMacKeySize()
*/
@Nullable
public String getDemMacAlgorithm() {
return mDemMacAlgorithm;
}
@@ -194,7 +199,8 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {
* Sets KEM KDF algorithm. For example, {@code HKDFwithSHA256}, {@code KDF2withSHA256}, or
* {@code KDF1withSHA1}.
*/
public Builder setKemKdfAlgorithm(String algorithm) {
@NonNull
public Builder setKemKdfAlgorithm(@Nullable String algorithm) {
mKemKdfAlgorithm = algorithm;
return this;
}
@@ -205,7 +211,8 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {
*
* @see Cipher#getInstance(String)
*/
public Builder setDemCipherTransformation(String transformation) {
@NonNull
public Builder setDemCipherTransformation(@Nullable String transformation) {
mDemCipherTransformation = transformation;
return this;
}
@@ -217,6 +224,7 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {
*
* @see #setDemCipherTransformation(String)
*/
@NonNull
public Builder setDemCipherKeySize(int sizeBits) {
mDemCipherKeySize = sizeBits;
return this;
@@ -227,7 +235,8 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {
*
* @see Mac#getInstance(String)
*/
public Builder setDemMacAlgorithm(String algorithm) {
@NonNull
public Builder setDemMacAlgorithm(@Nullable String algorithm) {
mDemMacAlgorithm = algorithm;
return this;
}
@@ -239,6 +248,7 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {
*
* @see #setDemCipherKeySize(int)
*/
@NonNull
public Builder setDemMacKeySize(int sizeBits) {
mDemMacKeySize = sizeBits;
return this;
@@ -247,6 +257,7 @@ public class EcIesParameterSpec implements AlgorithmParameterSpec {
/**
* Returns a new {@link EcIesParameterSpec} based on the current state of this builder.
*/
@NonNull
public EcIesParameterSpec build() {
int demMacKeySize = (mDemMacKeySize != -1) ? mDemMacKeySize : mDemCipherKeySize;
return new EcIesParameterSpec(

34
keystore/java/android/security/KeyChain.java
View File

@@ -15,6 +15,8 @@
*/
package android.security;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.app.Activity;
import android.app.PendingIntent;
import android.content.ComponentName;
@@ -217,6 +219,7 @@ public final class KeyChain {
* successfully installed, otherwise {@link
* Activity#RESULT_CANCELED} will be returned.
*/
@NonNull
public static Intent createInstallIntent() {
Intent intent = new Intent(ACTION_INSTALL);
intent.setClassName(CERT_INSTALLER_PACKAGE,
@@ -261,9 +264,10 @@ public final class KeyChain {
* @param alias The alias to preselect if available, or null if
* unavailable.
*/
public static void choosePrivateKeyAlias(Activity activity, KeyChainAliasCallback response,
public static void choosePrivateKeyAlias(@NonNull Activity activity,
@NonNull KeyChainAliasCallback response,
@KeyStoreKeyProperties.AlgorithmEnum String[] keyTypes, Principal[] issuers,
String host, int port, String alias) {
@Nullable String host, int port, @Nullable String alias) {
choosePrivateKeyAlias(activity, response, keyTypes, issuers, host, port, null, alias);
}
@@ -306,9 +310,10 @@ public final class KeyChain {
* @param alias The alias to preselect if available, or null if
* unavailable.
*/
public static void choosePrivateKeyAlias(Activity activity, KeyChainAliasCallback response,
public static void choosePrivateKeyAlias(@NonNull Activity activity,
@NonNull KeyChainAliasCallback response,
@KeyStoreKeyProperties.AlgorithmEnum String[] keyTypes, Principal[] issuers,
String host, int port, String url, String alias) {
@Nullable String host, int port, @Nullable String url, @Nullable String alias) {
/*
* TODO currently keyTypes, issuers are unused. They are meant
* to follow the semantics and purpose of X509KeyManager
@@ -361,7 +366,8 @@ public final class KeyChain {
* returned via {@link KeyChainAliasCallback#alias}.
* @throws KeyChainException if the alias was valid but there was some problem accessing it.
*/
public static PrivateKey getPrivateKey(Context context, String alias)
@Nullable
public static PrivateKey getPrivateKey(@NonNull Context context, @NonNull String alias)
throws KeyChainException, InterruptedException {
if (alias == null) {
throw new NullPointerException("alias == null");
@@ -396,8 +402,9 @@ public final class KeyChain {
* returned via {@link KeyChainAliasCallback#alias}.
* @throws KeyChainException if the alias was valid but there was some problem accessing it.
*/
public static X509Certificate[] getCertificateChain(Context context, String alias)
throws KeyChainException, InterruptedException {
@Nullable
public static X509Certificate[] getCertificateChain(@NonNull Context context,
@NonNull String alias) throws KeyChainException, InterruptedException {
if (alias == null) {
throw new NullPointerException("alias == null");
}
@@ -432,7 +439,7 @@ public final class KeyChain {
* "RSA").
*/
public static boolean isKeyAlgorithmSupported(
@KeyStoreKeyProperties.AlgorithmEnum String algorithm) {
@NonNull @KeyStoreKeyProperties.AlgorithmEnum String algorithm) {
final String algUpper = algorithm.toUpperCase(Locale.US);
return KeyStoreKeyProperties.Algorithm.EC.equals(algUpper)
|| KeyStoreKeyProperties.Algorithm.RSA.equals(algUpper);
@@ -446,7 +453,7 @@ public final class KeyChain {
* that makes it non-exportable.
*/
public static boolean isBoundKeyAlgorithm(
@KeyStoreKeyProperties.AlgorithmEnum String algorithm) {
@NonNull @KeyStoreKeyProperties.AlgorithmEnum String algorithm) {
if (!isKeyAlgorithmSupported(algorithm)) {
return false;
}
@@ -455,7 +462,8 @@ public final class KeyChain {
}
/** @hide */
public static X509Certificate toCertificate(byte[] bytes) {
@NonNull
public static X509Certificate toCertificate(@NonNull byte[] bytes) {
if (bytes == null) {
throw new IllegalArgumentException("bytes == null");
}
@@ -496,14 +504,14 @@ public final class KeyChain {
*
* Caller should call unbindService on the result when finished.
*/
public static KeyChainConnection bind(Context context) throws InterruptedException {
public static KeyChainConnection bind(@NonNull Context context) throws InterruptedException {
return bindAsUser(context, Process.myUserHandle());
}
/**
* @hide
*/
public static KeyChainConnection bindAsUser(Context context, UserHandle user)
public static KeyChainConnection bindAsUser(@NonNull Context context, UserHandle user)
throws InterruptedException {
if (context == null) {
throw new NullPointerException("context == null");
@@ -537,7 +545,7 @@ public final class KeyChain {
return new KeyChainConnection(context, keyChainServiceConnection, q.take());
}
private static void ensureNotOnMainThread(Context context) {
private static void ensureNotOnMainThread(@NonNull Context context) {
Looper looper = Looper.myLooper();
if (looper != null && looper == context.getMainLooper()) {
throw new IllegalStateException(

4
keystore/java/android/security/KeyChainAliasCallback.java
View File

@@ -15,6 +15,8 @@
*/
package android.security;
import android.annotation.Nullable;
/**
* The KeyChainAliasCallback is the callback for {@link
* KeyChain#choosePrivateKeyAlias}.
@@ -25,5 +27,5 @@ public interface KeyChainAliasCallback {
* Called with the alias of the certificate chosen by the user, or
* null if no value was chosen.
*/
public void alias(String alias);
public void alias(@Nullable String alias);
}

29
keystore/java/android/security/KeyGeneratorSpec.java
View File

@@ -16,6 +16,9 @@
package android.security;
import android.annotation.IntRange;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.app.KeyguardManager;
import android.content.Context;
import android.text.TextUtils;
@@ -163,6 +166,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityStart() {
return mKeyValidityStart;
}
@@ -172,6 +176,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityForConsumptionEnd() {
return mKeyValidityForConsumptionEnd;
}
@@ -181,6 +186,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityForOriginationEnd() {
return mKeyValidityForOriginationEnd;
}
@@ -195,6 +201,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
/**
* Gets the set of padding schemes with which the key can be used when encrypting/decrypting.
*/
@NonNull
public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {
return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);
}
@@ -202,6 +209,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
/**
* Gets the set of block modes with which the key can be used.
*/
@NonNull
public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {
return ArrayUtils.cloneIfNotEmpty(mBlockModes);
}
@@ -269,7 +277,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
* {@code context} passed in may be used to pop up some UI to ask the user to unlock or
* initialize the Android KeyStore facility.
*/
public Builder(Context context) {
public Builder(@NonNull Context context) {
if (context == null) {
throw new NullPointerException("context == null");
}
@@ -282,7 +290,8 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>The alias must be provided. There is no default.
*/
public Builder setAlias(String alias) {
@NonNull
public Builder setAlias(@NonNull String alias) {
if (alias == null) {
throw new NullPointerException("alias == null");
}
@@ -296,6 +305,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
* <p>By default, the key size will be determines based on the key algorithm. For example,
* for {@code HmacSHA256}, the key size will default to {@code 256}.
*/
@NonNull
public Builder setKeySize(int keySize) {
mKeySize = keySize;
return this;
@@ -313,6 +323,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @see KeyguardManager#isDeviceSecure()
*/
@NonNull
public Builder setEncryptionRequired() {
mFlags |= KeyStore.FLAG_ENCRYPTED;
return this;
@@ -325,6 +336,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setKeyValidityEnd(Date)
*/
@NonNull
public Builder setKeyValidityStart(Date startDate) {
mKeyValidityStart = startDate;
return this;
@@ -339,6 +351,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
* @see #setKeyValidityForConsumptionEnd(Date)
* @see #setKeyValidityForOriginationEnd(Date)
*/
@NonNull
public Builder setKeyValidityEnd(Date endDate) {
setKeyValidityForOriginationEnd(endDate);
setKeyValidityForConsumptionEnd(endDate);
@@ -352,6 +365,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setKeyValidityForConsumptionEnd(Date)
*/
@NonNull
public Builder setKeyValidityForOriginationEnd(Date endDate) {
mKeyValidityForOriginationEnd = endDate;
return this;
@@ -365,6 +379,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setKeyValidityForOriginationEnd(Date)
*/
@NonNull
public Builder setKeyValidityForConsumptionEnd(Date endDate) {
mKeyValidityForConsumptionEnd = endDate;
return this;
@@ -375,6 +390,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>This must be specified for all keys. There is no default.
*/
@NonNull
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
mPurposes = purposes;
return this;
@@ -387,6 +403,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>This must be specified for keys which are used for encryption/decryption.
*/
@NonNull
public Builder setEncryptionPaddings(
@KeyStoreKeyProperties.EncryptionPaddingEnum String... paddings) {
mEncryptionPaddings = ArrayUtils.cloneIfNotEmpty(paddings);
@@ -399,6 +416,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>This must be specified for encryption/decryption keys.
*/
@NonNull
public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {
mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes);
return this;
@@ -436,6 +454,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
* ciphertext.</li>
* </ul>
*/
@NonNull
public Builder setRandomizedEncryptionRequired(boolean required) {
mRandomizedEncryptionRequired = required;
return this;
@@ -456,6 +475,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
*/
@NonNull
public Builder setUserAuthenticationRequired(boolean required) {
mUserAuthenticationRequired = required;
return this;
@@ -472,7 +492,9 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setUserAuthenticationRequired(boolean)
*/
public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
@NonNull
public Builder setUserAuthenticationValidityDurationSeconds(
@IntRange(from = -1) int seconds) {
mUserAuthenticationValidityDurationSeconds = seconds;
return this;
}
@@ -482,6 +504,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* @throws IllegalArgumentException if a required field is missing or violates a constraint.
*/
@NonNull
public KeyGeneratorSpec build() {
return new KeyGeneratorSpec(mContext,
mKeystoreAlias,

56
keystore/java/android/security/KeyPairGeneratorSpec.java
View File

@@ -17,6 +17,9 @@
package android.security;
import android.app.KeyguardManager;
import android.annotation.IntRange;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.content.Context;
import android.text.TextUtils;
@@ -286,6 +289,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
/**
* Returns the key type (e.g., "EC", "RSA") specified by this parameter.
*/
@Nullable
public @KeyStoreKeyProperties.AlgorithmEnum String getKeyType() {
return mKeyType;
}
@@ -303,6 +307,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* Returns the {@link AlgorithmParameterSpec} that will be used for creation
* of the key pair.
*/
@NonNull
public AlgorithmParameterSpec getAlgorithmParameterSpec() {
return mSpec;
}
@@ -311,6 +316,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* Gets the subject distinguished name to be used on the X.509 certificate
* that will be put in the {@link java.security.KeyStore}.
*/
@NonNull
public X500Principal getSubjectDN() {
return mSubjectDN;
}
@@ -319,6 +325,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* Gets the serial number to be used on the X.509 certificate that will be
* put in the {@link java.security.KeyStore}.
*/
@NonNull
public BigInteger getSerialNumber() {
return mSerialNumber;
}
@@ -327,6 +334,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* Gets the start date to be used on the X.509 certificate that will be put
* in the {@link java.security.KeyStore}.
*/
@NonNull
public Date getStartDate() {
return mStartDate;
}
@@ -335,6 +343,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* Gets the end date to be used on the X.509 certificate that will be put in
* the {@link java.security.KeyStore}.
*/
@NonNull
public Date getEndDate() {
return mEndDate;
}
@@ -359,6 +368,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityStart() {
return mKeyValidityStart;
}
@@ -369,6 +379,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityForConsumptionEnd() {
return mKeyValidityForConsumptionEnd;
}
@@ -378,6 +389,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityForOriginationEnd() {
return mKeyValidityForOriginationEnd;
}
@@ -392,6 +404,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
/**
* Gets the set of digest algorithms with which the key can be used.
*/
@NonNull
public @KeyStoreKeyProperties.DigestEnum String[] getDigests() {
return ArrayUtils.cloneIfNotEmpty(mDigests);
}
@@ -399,6 +412,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
/**
* Gets the set of padding schemes with which the key can be used when encrypting/decrypting.
*/
@NonNull
public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {
return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);
}
@@ -406,6 +420,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
/**
* Gets the set of padding schemes with which the key can be used when signing/verifying.
*/
@NonNull
public @KeyStoreKeyProperties.SignaturePaddingEnum String[] getSignaturePaddings() {
return ArrayUtils.cloneIfNotEmpty(mSignaturePaddings);
}
@@ -413,6 +428,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
/**
* Gets the set of block modes with which the key can be used.
*/
@NonNull
public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {
return ArrayUtils.cloneIfNotEmpty(mBlockModes);
}
@@ -528,7 +544,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* some UI to ask the user to unlock or initialize the Android KeyStore
* facility.
*/
public Builder(Context context) {
public Builder(@NonNull Context context) {
if (context == null) {
throw new NullPointerException("context == null");
}
@@ -540,7 +556,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* {@link java.security.KeyStore} instance using the
* {@code AndroidKeyStore} provider.
*/
public Builder setAlias(String alias) {
@NonNull
public Builder setAlias(@NonNull String alias) {
if (alias == null) {
throw new NullPointerException("alias == null");
}
@@ -551,7 +568,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
/**
* Sets the key type (e.g., EC, RSA) of the keypair to be created.
*/
public Builder setKeyType(@KeyStoreKeyProperties.AlgorithmEnum String keyType)
@NonNull
public Builder setKeyType(@NonNull @KeyStoreKeyProperties.AlgorithmEnum String keyType)
throws NoSuchAlgorithmException {
if (keyType == null) {
throw new NullPointerException("keyType == null");
@@ -569,6 +587,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* key type of RSA this will set the modulus size and for a key type of
* EC it will select a curve with a matching field size.
*/
@NonNull
public Builder setKeySize(int keySize) {
if (keySize < 0) {
throw new IllegalArgumentException("keySize < 0");
@@ -581,7 +600,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* Sets the algorithm-specific key generation parameters. For example, for RSA keys
* this may be an instance of {@link java.security.spec.RSAKeyGenParameterSpec}.
*/
public Builder setAlgorithmParameterSpec(AlgorithmParameterSpec spec) {
public Builder setAlgorithmParameterSpec(@NonNull AlgorithmParameterSpec spec) {
if (spec == null) {
throw new NullPointerException("spec == null");
}
@@ -597,7 +616,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1 LOLLIPOP_MR1} and older platforms. On
* newer platforms the subject defaults to {@code CN=fake} if not specified.
*/
public Builder setSubject(X500Principal subject) {
@NonNull
public Builder setSubject(@NonNull X500Principal subject) {
if (subject == null) {
throw new NullPointerException("subject == null");
}
@@ -613,7 +633,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1 LOLLIPOP_MR1} and older platforms. On
* newer platforms the serial number defaults to {@code 1} if not specified.
*/
public Builder setSerialNumber(BigInteger serialNumber) {
@NonNull
public Builder setSerialNumber(@NonNull BigInteger serialNumber) {
if (serialNumber == null) {
throw new NullPointerException("serialNumber == null");
}
@@ -629,7 +650,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1 LOLLIPOP_MR1} and older platforms. On
* newer platforms the date defaults to {@code Jan 1 1970} if not specified.
*/
public Builder setStartDate(Date startDate) {
@NonNull
public Builder setStartDate(@NonNull Date startDate) {
if (startDate == null) {
throw new NullPointerException("startDate == null");
}
@@ -645,7 +667,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1 LOLLIPOP_MR1} and older platforms. On
* newer platforms the date defaults to {@code Jan 1 2048} if not specified.
*/
public Builder setEndDate(Date endDate) {
@NonNull
public Builder setEndDate(@NonNull Date endDate) {
if (endDate == null) {
throw new NullPointerException("endDate == null");
}
@@ -665,6 +688,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* @see KeyguardManager#isDeviceSecure()
*/
@NonNull
public Builder setEncryptionRequired() {
mFlags |= KeyStore.FLAG_ENCRYPTED;
return this;
@@ -679,6 +703,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setKeyValidityEnd(Date)
*/
@NonNull
public Builder setKeyValidityStart(Date startDate) {
mKeyValidityStart = startDate;
return this;
@@ -695,6 +720,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* @see #setKeyValidityForConsumptionEnd(Date)
* @see #setKeyValidityForOriginationEnd(Date)
*/
@NonNull
public Builder setKeyValidityEnd(Date endDate) {
setKeyValidityForOriginationEnd(endDate);
setKeyValidityForConsumptionEnd(endDate);
@@ -710,6 +736,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setKeyValidityForConsumptionEnd(Date)
*/
@NonNull
public Builder setKeyValidityForOriginationEnd(Date endDate) {
mKeyValidityForOriginationEnd = endDate;
return this;
@@ -725,6 +752,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setKeyValidityForOriginationEnd(Date)
*/
@NonNull
public Builder setKeyValidityForConsumptionEnd(Date endDate) {
mKeyValidityForConsumptionEnd = endDate;
return this;
@@ -743,6 +771,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p><b>NOTE: This has currently no effect.
*/
@NonNull
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
mPurposes = purposes;
return this;
@@ -756,6 +785,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p><b>NOTE: This has currently no effect.
*/
@NonNull
public Builder setDigests(@KeyStoreKeyProperties.DigestEnum String... digests) {
mDigests = ArrayUtils.cloneIfNotEmpty(digests);
return this;
@@ -770,6 +800,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p><b>NOTE: This has currently no effect.
*/
@NonNull
public Builder setEncryptionPaddings(
@KeyStoreKeyProperties.EncryptionPaddingEnum String... paddings) {
mEncryptionPaddings = ArrayUtils.cloneIfNotEmpty(paddings);
@@ -785,6 +816,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p><b>NOTE: This has currently no effect.
*/
@NonNull
public Builder setSignaturePaddings(
@KeyStoreKeyProperties.SignaturePaddingEnum String... paddings) {
mSignaturePaddings = ArrayUtils.cloneIfNotEmpty(paddings);
@@ -799,6 +831,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p><b>NOTE: This has currently no effect.
*/
@NonNull
public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {
mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes);
return this;
@@ -826,6 +859,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p><b>NOTE: This has currently no effect.
*/
@NonNull
public Builder setRandomizedEncryptionRequired(boolean required) {
mRandomizedEncryptionRequired = required;
return this;
@@ -851,6 +885,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
*/
@NonNull
public Builder setUserAuthenticationRequired(boolean required) {
mUserAuthenticationRequired = required;
return this;
@@ -872,7 +907,9 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* @see #setUserAuthenticationRequired(boolean)
*/
public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
@NonNull
public Builder setUserAuthenticationValidityDurationSeconds(
@IntRange(from = -1) int seconds) {
mUserAuthenticationValidityDurationSeconds = seconds;
return this;
}
@@ -883,6 +920,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* @throws IllegalArgumentException if a required field is missing
* @return built instance of {@code KeyPairGeneratorSpec}
*/
@NonNull
public KeyPairGeneratorSpec build() {
return new KeyPairGeneratorSpec(mContext,
mKeystoreAlias,

39
keystore/java/android/security/KeyStoreKeyProperties.java
View File

@@ -17,6 +17,8 @@
package android.security;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.StringDef;
import android.security.keymaster.KeymasterDefs;
@@ -111,6 +113,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
@NonNull
public static int[] allToKeymaster(@PurposeEnum int purposes) {
int[] result = getSetFlags(purposes);
for (int i = 0; i < result.length; i++) {
@@ -122,7 +125,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
public static @PurposeEnum int allFromKeymaster(Collection<Integer> purposes) {
public static @PurposeEnum int allFromKeymaster(@NonNull Collection<Integer> purposes) {
@PurposeEnum int result = 0;
for (int keymasterPurpose : purposes) {
result |= fromKeymaster(keymasterPurpose);
@@ -182,7 +185,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static int toKeymasterSecretKeyAlgorithm(@AlgorithmEnum String algorithm) {
static int toKeymasterSecretKeyAlgorithm(@NonNull @AlgorithmEnum String algorithm) {
if (AES.equalsIgnoreCase(algorithm)) {
return KeymasterDefs.KM_ALGORITHM_AES;
} else if (algorithm.toUpperCase(Locale.US).startsWith("HMAC")) {
@@ -196,6 +199,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
@NonNull
static @AlgorithmEnum String fromKeymasterSecretKeyAlgorithm(
int keymasterAlgorithm, int keymasterDigest) {
switch (keymasterAlgorithm) {
@@ -232,7 +236,7 @@ public abstract class KeyStoreKeyProperties {
*
* @return keymaster digest or {@code -1} if the algorithm does not involve a digest.
*/
static int toKeymasterDigest(@AlgorithmEnum String algorithm) {
static int toKeymasterDigest(@NonNull @AlgorithmEnum String algorithm) {
String algorithmUpper = algorithm.toUpperCase(Locale.US);
if (algorithmUpper.startsWith("HMAC")) {
String digestUpper = algorithmUpper.substring("HMAC".length());
@@ -287,7 +291,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static int toKeymaster(@BlockModeEnum String blockMode) {
static int toKeymaster(@NonNull @BlockModeEnum String blockMode) {
if (ECB.equalsIgnoreCase(blockMode)) {
return KeymasterDefs.KM_MODE_ECB;
} else if (CBC.equalsIgnoreCase(blockMode)) {
@@ -304,6 +308,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
@NonNull
static @BlockModeEnum String fromKeymaster(int blockMode) {
switch (blockMode) {
case KeymasterDefs.KM_MODE_ECB:
@@ -322,7 +327,8 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static @BlockModeEnum String[] allFromKeymaster(Collection<Integer> blockModes) {
@NonNull
static @BlockModeEnum String[] allFromKeymaster(@NonNull Collection<Integer> blockModes) {
if ((blockModes == null) || (blockModes.isEmpty())) {
return EmptyArray.STRING;
}
@@ -338,7 +344,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static int[] allToKeymaster(@BlockModeEnum String[] blockModes) {
static int[] allToKeymaster(@Nullable @BlockModeEnum String[] blockModes) {
if ((blockModes == null) || (blockModes.length == 0)) {
return EmptyArray.INT;
}
@@ -388,7 +394,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static int toKeymaster(@EncryptionPaddingEnum String padding) {
static int toKeymaster(@NonNull @EncryptionPaddingEnum String padding) {
if (NONE.equalsIgnoreCase(padding)) {
return KeymasterDefs.KM_PAD_NONE;
} else if (PKCS7.equalsIgnoreCase(padding)) {
@@ -406,6 +412,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
@NonNull
static @EncryptionPaddingEnum String fromKeymaster(int padding) {
switch (padding) {
case KeymasterDefs.KM_PAD_NONE:
@@ -425,7 +432,8 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static int[] allToKeymaster(@EncryptionPaddingEnum String[] paddings) {
@NonNull
static int[] allToKeymaster(@Nullable @EncryptionPaddingEnum String[] paddings) {
if ((paddings == null) || (paddings.length == 0)) {
return EmptyArray.INT;
}
@@ -463,7 +471,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static int toKeymaster(@SignaturePaddingEnum String padding) {
static int toKeymaster(@NonNull @SignaturePaddingEnum String padding) {
switch (padding.toUpperCase(Locale.US)) {
case RSA_PKCS1:
return KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN;
@@ -478,6 +486,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
@NonNull
static @SignaturePaddingEnum String fromKeymaster(int padding) {
switch (padding) {
case KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN:
@@ -492,7 +501,8 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static int[] allToKeymaster(@SignaturePaddingEnum String[] paddings) {
@NonNull
static int[] allToKeymaster(@Nullable @SignaturePaddingEnum String[] paddings) {
if ((paddings == null) || (paddings.length == 0)) {
return EmptyArray.INT;
}
@@ -561,7 +571,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static int toKeymaster(@DigestEnum String digest) {
static int toKeymaster(@NonNull @DigestEnum String digest) {
switch (digest.toUpperCase(Locale.US)) {
case SHA1:
return KeymasterDefs.KM_DIGEST_SHA1;
@@ -585,6 +595,7 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
@NonNull
static @DigestEnum String fromKeymaster(int digest) {
switch (digest) {
case KeymasterDefs.KM_DIGEST_NONE:
@@ -609,7 +620,8 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static @DigestEnum String[] allFromKeymaster(Collection<Integer> digests) {
@NonNull
static @DigestEnum String[] allFromKeymaster(@NonNull Collection<Integer> digests) {
if (digests.isEmpty()) {
return EmptyArray.STRING;
}
@@ -625,7 +637,8 @@ public abstract class KeyStoreKeyProperties {
/**
* @hide
*/
static int[] allToKeymaster(@DigestEnum String[] digests) {
@NonNull
static int[] allToKeymaster(@Nullable @DigestEnum String[] digests) {
if ((digests == null) || (digests.length == 0)) {
return EmptyArray.INT;
}

10
keystore/java/android/security/KeyStoreKeySpec.java
View File

@@ -16,6 +16,9 @@
package android.security;
import android.annotation.NonNull;
import android.annotation.Nullable;
import java.security.PrivateKey;
import java.security.spec.KeySpec;
import java.util.Date;
@@ -150,6 +153,7 @@ public class KeyStoreKeySpec implements KeySpec {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityStart() {
return mKeyValidityStart;
}
@@ -159,6 +163,7 @@ public class KeyStoreKeySpec implements KeySpec {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityForConsumptionEnd() {
return mKeyValidityForConsumptionEnd;
}
@@ -168,6 +173,7 @@ public class KeyStoreKeySpec implements KeySpec {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityForOriginationEnd() {
return mKeyValidityForOriginationEnd;
}
@@ -182,6 +188,7 @@ public class KeyStoreKeySpec implements KeySpec {
/**
* Gets the set of block modes with which the key can be used.
*/
@NonNull
public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {
return ArrayUtils.cloneIfNotEmpty(mBlockModes);
}
@@ -189,6 +196,7 @@ public class KeyStoreKeySpec implements KeySpec {
/**
* Gets the set of padding modes with which the key can be used when encrypting/decrypting.
*/
@NonNull
public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {
return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);
}
@@ -196,6 +204,7 @@ public class KeyStoreKeySpec implements KeySpec {
/**
* Gets the set of padding modes with which the key can be used when signing/verifying.
*/
@NonNull
public @KeyStoreKeyProperties.SignaturePaddingEnum String[] getSignaturePaddings() {
return ArrayUtils.cloneIfNotEmpty(mSignaturePaddings);
}
@@ -203,6 +212,7 @@ public class KeyStoreKeySpec implements KeySpec {
/**
* Gets the set of digest algorithms with which the key can be used.
*/
@NonNull
public @KeyStoreKeyProperties.DigestEnum String[] getDigests() {
return ArrayUtils.cloneIfNotEmpty(mDigests);
}

30
keystore/java/android/security/KeyStoreParameter.java
View File

@@ -16,6 +16,9 @@
package android.security;
import android.annotation.IntRange;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.app.KeyguardManager;
import android.content.Context;
@@ -182,6 +185,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityStart() {
return mKeyValidityStart;
}
@@ -191,6 +195,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityForConsumptionEnd() {
return mKeyValidityForConsumptionEnd;
}
@@ -200,6 +205,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @return instant or {@code null} if not restricted.
*/
@Nullable
public Date getKeyValidityForOriginationEnd() {
return mKeyValidityForOriginationEnd;
}
@@ -214,6 +220,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
/**
* Gets the set of padding schemes with which the key can be used when encrypting/decrypting.
*/
@NonNull
public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {
return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);
}
@@ -222,6 +229,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
* Gets the set of padding schemes with which the key can be used when signing or verifying
* signatures.
*/
@NonNull
public @KeyStoreKeyProperties.SignaturePaddingEnum String[] getSignaturePaddings() {
return ArrayUtils.cloneIfNotEmpty(mSignaturePaddings);
}
@@ -233,6 +241,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @see #isDigestsSpecified()
*/
@NonNull
public @KeyStoreKeyProperties.DigestEnum String[] getDigests() {
if (mDigests == null) {
throw new IllegalStateException("Digests not specified");
@@ -246,6 +255,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @see #getDigests()
*/
@NonNull
public boolean isDigestsSpecified() {
return mDigests != null;
}
@@ -253,6 +263,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
/**
* Gets the set of block modes with which the key can be used.
*/
@NonNull
public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {
return ArrayUtils.cloneIfNotEmpty(mBlockModes);
}
@@ -330,7 +341,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
* some UI to ask the user to unlock or initialize the Android KeyStore
* facility.
*/
public Builder(Context context) {
public Builder(@NonNull Context context) {
if (context == null) {
throw new NullPointerException("context == null");
}
@@ -350,6 +361,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @see KeyguardManager#isDeviceSecure()
*/
@NonNull
public Builder setEncryptionRequired(boolean required) {
if (required) {
mFlags |= KeyStore.FLAG_ENCRYPTED;
@@ -368,6 +380,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @see #setKeyValidityEnd(Date)
*/
@NonNull
public Builder setKeyValidityStart(Date startDate) {
mKeyValidityStart = startDate;
return this;
@@ -384,6 +397,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
* @see #setKeyValidityForConsumptionEnd(Date)
* @see #setKeyValidityForOriginationEnd(Date)
*/
@NonNull
public Builder setKeyValidityEnd(Date endDate) {
setKeyValidityForOriginationEnd(endDate);
setKeyValidityForConsumptionEnd(endDate);
@@ -399,6 +413,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @see #setKeyValidityForConsumptionEnd(Date)
*/
@NonNull
public Builder setKeyValidityForOriginationEnd(Date endDate) {
mKeyValidityForOriginationEnd = endDate;
return this;
@@ -414,6 +429,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @see #setKeyValidityForOriginationEnd(Date)
*/
@NonNull
public Builder setKeyValidityForConsumptionEnd(Date endDate) {
mKeyValidityForConsumptionEnd = endDate;
return this;
@@ -426,6 +442,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
@NonNull
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
mPurposes = purposes;
return this;
@@ -440,6 +457,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
@NonNull
public Builder setEncryptionPaddings(
@KeyStoreKeyProperties.EncryptionPaddingEnum String... paddings) {
mEncryptionPaddings = ArrayUtils.cloneIfNotEmpty(paddings);
@@ -455,6 +473,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
@NonNull
public Builder setSignaturePaddings(
@KeyStoreKeyProperties.SignaturePaddingEnum String... paddings) {
mSignaturePaddings = ArrayUtils.cloneIfNotEmpty(paddings);
@@ -471,6 +490,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
@NonNull
public Builder setDigests(@KeyStoreKeyProperties.DigestEnum String... digests) {
mDigests = ArrayUtils.cloneIfNotEmpty(digests);
return this;
@@ -484,6 +504,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
@NonNull
public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {
mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes);
return this;
@@ -525,6 +546,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
@NonNull
public Builder setRandomizedEncryptionRequired(boolean required) {
mRandomizedEncryptionRequired = required;
return this;
@@ -547,6 +569,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
*/
@NonNull
public Builder setUserAuthenticationRequired(boolean required) {
mUserAuthenticationRequired = required;
return this;
@@ -565,7 +588,9 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* @see #setUserAuthenticationRequired(boolean)
*/
public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
@NonNull
public Builder setUserAuthenticationValidityDurationSeconds(
@IntRange(from = -1) int seconds) {
mUserAuthenticationValidityDurationSeconds = seconds;
return this;
}
@@ -576,6 +601,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
* @throws IllegalArgumentException if a required field is missing
* @return built instance of {@code KeyStoreParameter}
*/
@NonNull
public KeyStoreParameter build() {
return new KeyStoreParameter(
mContext,