diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index 302b0bd73065c..6830a7487dbc8 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -217,42 +217,42 @@ public class Credentials { } /** - * Delete all types (private key, certificate, CA certificate) for a + * Delete all types (private key, user certificate, CA certificate) for a * particular {@code alias}. All three can exist for any given alias. - * Returns {@code true} if there was at least one of those types. + * Returns {@code true} if the alias no longer contains any types. */ public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) { return deleteAllTypesForAlias(keystore, alias, KeyStore.UID_SELF); } /** - * Delete all types (private key, certificate, CA certificate) for a + * Delete all types (private key, user certificate, CA certificate) for a * particular {@code alias}. All three can exist for any given alias. - * Returns {@code true} if there was at least one of those types. + * Returns {@code true} if the alias no longer contains any types. */ public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias, int uid) { /* * Make sure every type is deleted. There can be all three types, so * don't use a conditional here. */ - return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid) - | keystore.delete(Credentials.USER_SECRET_KEY + alias, uid) - | deleteCertificateTypesForAlias(keystore, alias, uid); + return deletePrivateKeyTypeForAlias(keystore, alias, uid) + & deleteSecretKeyTypeForAlias(keystore, alias, uid) + & deleteCertificateTypesForAlias(keystore, alias, uid); } /** - * Delete all types (private key, certificate, CA certificate) for a - * particular {@code alias}. All three can exist for any given alias. - * Returns {@code true} if there was at least one of those types. + * Delete certificate types (user certificate, CA certificate) for a + * particular {@code alias}. Both can exist for any given alias. + * Returns {@code true} if the alias no longer contains either type. */ public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) { return deleteCertificateTypesForAlias(keystore, alias, KeyStore.UID_SELF); } /** - * Delete all types (private key, certificate, CA certificate) for a - * particular {@code alias}. All three can exist for any given alias. - * Returns {@code true} if there was at least one of those types. + * Delete certificate types (user certificate, CA certificate) for a + * particular {@code alias}. Both can exist for any given alias. + * Returns {@code true} if the alias no longer contains either type. */ public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias, int uid) { /* @@ -260,12 +260,12 @@ public class Credentials { * so don't use a conditional here. */ return keystore.delete(Credentials.USER_CERTIFICATE + alias, uid) - | keystore.delete(Credentials.CA_CERTIFICATE + alias, uid); + & keystore.delete(Credentials.CA_CERTIFICATE + alias, uid); } /** * Delete private key for a particular {@code alias}. - * Returns {@code true} if an entry was was deleted. + * Returns {@code true} if the entry no longer exists. */ static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias) { return deletePrivateKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF); @@ -273,7 +273,7 @@ public class Credentials { /** * Delete private key for a particular {@code alias}. - * Returns {@code true} if an entry was was deleted. + * Returns {@code true} if the entry no longer exists. */ static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias, int uid) { return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid); @@ -281,7 +281,7 @@ public class Credentials { /** * Delete secret key for a particular {@code alias}. - * Returns {@code true} if an entry was was deleted. + * Returns {@code true} if the entry no longer exists. */ public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias) { return deleteSecretKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF); @@ -289,7 +289,7 @@ public class Credentials { /** * Delete secret key for a particular {@code alias}. - * Returns {@code true} if an entry was was deleted. + * Returns {@code true} if the entry no longer exists. */ public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias, int uid) { return keystore.delete(Credentials.USER_SECRET_KEY + alias, uid); diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 3090ac1c6180a..70e4b6ff2e590 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -183,7 +183,8 @@ public class KeyStore { public boolean delete(String key, int uid) { try { - return mBinder.del(key, uid) == NO_ERROR; + int ret = mBinder.del(key, uid); + return (ret == NO_ERROR || ret == KEY_NOT_FOUND); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java index d7d4f1c50e326..fcbb553c72144 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java @@ -765,11 +765,6 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { @Override public void engineDeleteEntry(String alias) throws KeyStoreException { - if (!engineContainsAlias(alias)) { - return; - } - // At least one entry corresponding to this alias exists in keystore - if (!Credentials.deleteAllTypesForAlias(mKeyStore, alias, mUid)) { throw new KeyStoreException("Failed to delete entry: " + alias); }