Merge "Remove account param from generateKey method"

2018-02-26 15:16:18 +00:00
parent bb5b09512e a3b994798d
commit a620aa1a13
6 changed files with 27 additions and 23 deletions
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -4297,6 +4297,7 @@ package android.security.keystore.recovery {
  public class RecoveryController {
    method public android.security.keystore.recovery.RecoverySession createRecoverySession();
    method public byte[] generateAndStoreKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException;
+    method public java.security.Key generateKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException;
    method public java.util.List<java.lang.String> getAliases() throws android.security.keystore.recovery.InternalRecoveryServiceException;
    method public static android.security.keystore.recovery.RecoveryController getInstance(android.content.Context);
    method public int[] getPendingRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException;
--- a/api/system-removed.txt
+++ b/api/system-removed.txt
@@ -98,6 +98,7 @@ package android.security.keystore.recovery {
  }

  public class RecoveryController {
+    method public deprecated java.security.Key generateKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException;
    method public deprecated java.util.List<java.lang.String> getAliases(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;
    method public deprecated android.security.keystore.recovery.KeyChainSnapshot getRecoveryData() throws android.security.keystore.recovery.InternalRecoveryServiceException;
    method public deprecated int getRecoveryStatus(java.lang.String, java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;
--- a/core/java/android/security/keystore/recovery/RecoveryController.java
+++ b/core/java/android/security/keystore/recovery/RecoveryController.java
@@ -462,35 +462,38 @@ public class RecoveryController {
    }

    /**
-     * Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable
-     * key store. Returns {@link javax.crypto.SecretKey}.
-     *
-     * @param alias The key alias.
-     * @param account The account associated with the key.
-     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
-     *     service.
-     * @throws LockScreenRequiredException if the user has not set a lock screen. This is required
-     *     to generate recoverable keys, as the snapshots are encrypted using a key derived from the
-     *     lock screen.
-     * @hide
+     * @deprecated Use {@link #generateKey(String)}.
+     * @removed
     */
+    @Deprecated
    public Key generateKey(@NonNull String alias, byte[] account)
            throws InternalRecoveryServiceException, LockScreenRequiredException {
-        // TODO: update RecoverySession.recoverKeys
+        return generateKey(alias);
+    }
+
+    /**
+     * Generates a recoverable key with the given {@code alias}.
+     *
+     * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
+     *     service.
+     * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock
+     *     screen is required to generate recoverable keys.
+     */
+    public Key generateKey(@NonNull String alias) throws InternalRecoveryServiceException,
+            LockScreenRequiredException {
        try {
-            String grantAlias = mBinder.generateKey(alias, account);
+            String grantAlias = mBinder.generateKey(alias);
            if (grantAlias == null) {
-                return null;
+                throw new InternalRecoveryServiceException("null grant alias");
            }
-            Key result = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore(
+            return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore(
                    mKeyStore,
                    grantAlias,
                    KeyStore.UID_SELF);
-            return result;
        } catch (RemoteException e) {
            throw e.rethrowFromSystemServer();
        } catch (UnrecoverableKeyException e) {
-            throw new InternalRecoveryServiceException("Access to newly generated key failed for");
+            throw new InternalRecoveryServiceException("Failed to get key from keystore", e);
        } catch (ServiceSpecificException e) {
            if (e.errorCode == ERROR_INSECURE_USER) {
                throw new LockScreenRequiredException(e.getMessage());
--- a/core/java/com/android/internal/widget/ILockSettings.aidl
+++ b/core/java/com/android/internal/widget/ILockSettings.aidl
@@ -67,7 +67,7 @@ interface ILockSettings {
    void initRecoveryService(in String rootCertificateAlias, in byte[] signedPublicKeyList);
    KeyChainSnapshot getKeyChainSnapshot();
    byte[] generateAndStoreKey(String alias);
-    String generateKey(String alias, in byte[] account);
+    String generateKey(String alias);
    String getKey(String alias);
    void removeKey(String alias);
    void setSnapshotCreatedPendingIntent(in PendingIntent intent);
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -2074,8 +2074,8 @@ public class LockSettingsService extends ILockSettings.Stub {
    }

    @Override
-    public String generateKey(@NonNull String alias, byte[] account) throws RemoteException {
-        return mRecoverableKeyStoreManager.generateKey(alias, account);
+    public String generateKey(@NonNull String alias) throws RemoteException {
+        return mRecoverableKeyStoreManager.generateKey(alias);
    }

    @Override
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
@@ -556,7 +556,7 @@ public class RecoverableKeyStoreManager {
     *
     * @return grant alias, which caller can use to access the key.
     */
-    public String generateKey(@NonNull String alias, byte[] account) throws RemoteException {
+    public String generateKey(@NonNull String alias) throws RemoteException {
        int uid = Binder.getCallingUid();
        int userId = UserHandle.getCallingUserId();

@@ -576,8 +576,7 @@ public class RecoverableKeyStoreManager {
            byte[] secretKey =
                    mRecoverableKeyGenerator.generateAndStoreKey(encryptionKey, userId, uid, alias);
            mApplicationKeyStorage.setSymmetricKeyEntry(userId, uid, alias, secretKey);
-            String grantAlias = mApplicationKeyStorage.getGrantAlias(userId, uid, alias);
-            return grantAlias;
+            return mApplicationKeyStorage.getGrantAlias(userId, uid, alias);
        } catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) {
            throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
        }