Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf2147669e295384df17b50afc53a4d450b05bdd
frameworks_base/keystore/java/android/security/AndroidKeyStoreParameter.java
Kenny Root bf2147669e AndroidKeyStore: Add encrypted flag 
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.

(partial cherry pick from commit 2eeda7286f)

Bug: 8122243
Change-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e
2013-04-15 19:33:15 +00:00

126 lines
4.3 KiB
Java
Raw Blame History

/*
* Copyright (C) 2013 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security;
import android.content.Context;
import android.security.AndroidKeyPairGeneratorSpec.Builder;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.KeyStore.ProtectionParameter;
import java.security.cert.Certificate;
/**
* This provides the optional parameters that can be specified for
* {@code KeyStore} entries that work with <a href="{@docRoot}
* guide/topics/security/keystore.html">Android KeyStore facility</a>. The
* Android KeyStore facility is accessed through a
* {@link java.security.KeyStore} API using the {@code AndroidKeyStore}
* provider. The {@code context} passed in may be used to pop up some UI to ask
* the user to unlock or initialize the Android KeyStore facility.
* <p>
* Any entries placed in the {@code KeyStore} may be retrieved later. Note that
* there is only one logical instance of the {@code KeyStore} per application
* UID so apps using the {@code sharedUid} facility will also share a
* {@code KeyStore}.
* <p>
* Keys may be generated using the {@link KeyPairGenerator} facility with a
* {@link AndroidKeyPairGeneratorSpec} to specify the entry's {@code alias}. A
* self-signed X.509 certificate will be attached to generated entries, but that
* may be replaced at a later time by a certificate signed by a real Certificate
* Authority.
*
* @hide
*/
public final class AndroidKeyStoreParameter implements ProtectionParameter {
private int mFlags;
private AndroidKeyStoreParameter(int flags) {
mFlags = flags;
}
/**
* @hide
*/
public int getFlags() {
return mFlags;
}
/**
* Returns {@code true} if this parameter requires entries to be encrypted
* on the disk.
*/
public boolean isEncryptionRequired() {
return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0;
}
/**
* Builder class for {@link AndroidKeyStoreParameter} objects.
* <p>
* This will build protection parameters for use with the <a
* href="{@docRoot} guide/topics/security/keystore.html">Android KeyStore
* facility</a>.
* <p>
* This can be used to require that KeyStore entries be stored encrypted.
* <p>
* Example:
*
* <pre class="prettyprint">
* AndroidKeyStoreParameter params =
* new AndroidKeyStoreParameter.Builder(mContext).setEncryptionRequired().build();
* </pre>
*/
public final static class Builder {
private int mFlags;
/**
* Creates a new instance of the {@code Builder} with the given
* {@code context}. The {@code context} passed in may be used to pop up
* some UI to ask the user to unlock or initialize the Android KeyStore
* facility.
*/
public Builder(Context context) {
if (context == null) {
throw new NullPointerException("context == null");
}
// Context is currently not used, but will be in the future.
}
/**
* Indicates that this key must be encrypted at rest on storage. Note
* that enabling this will require that the user enable a strong lock
* screen (e.g., PIN, password) before creating or using the generated
* key is successful.
*/
public Builder setEncryptionRequired() {
mFlags |= KeyStore.FLAG_ENCRYPTED;
return this;
}
/**
* Builds the instance of the {@code AndroidKeyPairGeneratorSpec}.
*
* @throws IllegalArgumentException if a required field is missing
* @return built instance of {@code AndroidKeyPairGeneratorSpec}
*/
public AndroidKeyStoreParameter build() {
return new AndroidKeyStoreParameter(mFlags);
}
}
}
Reference in New Issue View Git Blame Copy Permalink