Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Regenerate counterId when a new cert XML file is successfully imported" into pi-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2018-03-23 08:59:47 +00:00
committed by Android (Google) Code Review
parent e47deacaab 8d6861eb77
commit 8f4fae9d84
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
View File

@@ -62,6 +62,7 @@ import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPath;
import java.security.cert.CertificateEncodingException;
@@ -221,6 +222,7 @@ public class RecoverableKeyStoreManager {
if (mDatabase.setRecoveryServiceCertPath(userId, uid, certPath) > 0) {
mDatabase.setRecoveryServiceCertSerial(userId, uid, newSerial);
mDatabase.setShouldCreateSnapshot(userId, uid, true);
mDatabase.setCounterId(userId, uid, new SecureRandom().nextLong());
}
} catch (CertificateEncodingException e) {
Log.e(TAG, "Failed to encode CertPath", e);

17
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
View File

@@ -299,6 +299,23 @@ public class RecoverableKeyStoreManagerTest {
assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNull();
}
@Test
public void initRecoveryService_regeneratesCounterId() throws Exception {
int uid = Binder.getCallingUid();
int userId = UserHandle.getCallingUserId();
long certSerial = 1000L;
Long counterId0 = mRecoverableKeyStoreDb.getCounterId(userId, uid);
mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
TestData.getCertXmlWithSerial(certSerial));
Long counterId1 = mRecoverableKeyStoreDb.getCounterId(userId, uid);
mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,
TestData.getCertXmlWithSerial(certSerial + 1));
Long counterId2 = mRecoverableKeyStoreDb.getCounterId(userId, uid);
assertThat(!counterId1.equals(counterId0) || !counterId2.equals(counterId1)).isTrue();
}
@Test
public void initRecoveryService_throwsIfInvalidCert() throws Exception {
byte[] modifiedCertXml = TestData.getCertXml();