Merge "Keystore 2.0: Add @IntDef for Keystore namespaces." am: faabd1a8

    private static final Date DEFAULT_CERT_NOT_AFTER = new Date(2461449600000L); // Jan 1 2048

    private static final Date DEFAULT_CERT_NOT_AFTER = new Date(2461449600000L); // Jan 1 2048

    private final String mKeystoreAlias;

    private final String mKeystoreAlias;

    private final int mNamespace;

    private final @KeyProperties.Namespace int mNamespace;

    private final int mKeySize;

    private final int mKeySize;

    private final AlgorithmParameterSpec mSpec;

    private final AlgorithmParameterSpec mSpec;

    private final X500Principal mCertificateSubject;

    private final X500Principal mCertificateSubject;

     */

     */

    public KeyGenParameterSpec(

    public KeyGenParameterSpec(

            String keyStoreAlias,

            String keyStoreAlias,

            int namespace,

            @KeyProperties.Namespace int namespace,

            int keySize,

            int keySize,

            AlgorithmParameterSpec spec,

            AlgorithmParameterSpec spec,

            X500Principal certificateSubject,

            X500Principal certificateSubject,

     * @hide

     * @hide

     */

     */

    @SystemApi

    @SystemApi

    public int getNamespace() {

    public @KeyProperties.Namespace int getNamespace() {

        return mNamespace;

        return mNamespace;

    }

    }

        private final String mKeystoreAlias;

        private final String mKeystoreAlias;

        private @KeyProperties.PurposeEnum int mPurposes;

        private @KeyProperties.PurposeEnum int mPurposes;

        private int mNamespace = KeyProperties.NAMESPACE_APPLICATION;

        private @KeyProperties.Namespace int mNamespace = KeyProperties.NAMESPACE_APPLICATION;

        private int mKeySize = -1;

        private int mKeySize = -1;

        private AlgorithmParameterSpec mSpec;

        private AlgorithmParameterSpec mSpec;

        private X500Principal mCertificateSubject;

        private X500Principal mCertificateSubject;

         */

         */

        @SystemApi

        @SystemApi

        @NonNull

        @NonNull

        public Builder setNamespace(int namespace) {

        public Builder setNamespace(@KeyProperties.Namespace int namespace) {

            mNamespace = namespace;

            mNamespace = namespace;

            return this;

            return this;

        }

        }

        }

        }

    }

    }

    /**

     * Namespaces provide system developers and vendors with a way to use keystore without

     * requiring an applications uid. Namespaces can be configured using SEPolicy.

     * See <a href="https://source.android.com/security/keystore#access-control">

     *     Keystore 2.0 access-control</a>

     * {@See KeyGenParameterSpec.Builder#setNamespace}

     * {@See android.security.keystore2.AndroidKeyStoreLoadStoreParameter}

     * @hide

     */

    @Retention(RetentionPolicy.SOURCE)

    @IntDef(prefix = { "NAMESPACE_" }, value = {

            NAMESPACE_APPLICATION,

            NAMESPACE_WIFI,

    })

    public @interface Namespace {}

    /**

    /**

     * This value indicates the implicit keystore namespace of the calling application.

     * This value indicates the implicit keystore namespace of the calling application.

     * It is used by default. Only select system components can choose a different namespace

     * It is used by default. Only select system components can choose a different namespace

     * For legacy support, translate namespaces into known UIDs.

     * For legacy support, translate namespaces into known UIDs.

     * @hide

     * @hide

     */

     */

    public static int namespaceToLegacyUid(int namespace) {

    public static int namespaceToLegacyUid(@Namespace int namespace) {

        switch (namespace) {

        switch (namespace) {

            case NAMESPACE_APPLICATION:

            case NAMESPACE_APPLICATION:

                return KeyStore.UID_SELF;

                return KeyStore.UID_SELF;

            case NAMESPACE_WIFI:

            case NAMESPACE_WIFI:

                return Process.WIFI_UID;

                return Process.WIFI_UID;

            // TODO Translate WIFI and VPN UIDs once the namespaces are defined.

            //  b/171305388 and b/171305607

            default:

            default:

                throw new IllegalArgumentException("No UID corresponding to namespace "

                throw new IllegalArgumentException("No UID corresponding to namespace "

                        + namespace);

                        + namespace);

     * For legacy support, translate namespaces into known UIDs.

     * For legacy support, translate namespaces into known UIDs.

     * @hide

     * @hide

     */

     */

    public static int legacyUidToNamespace(int uid) {

    public static @Namespace int legacyUidToNamespace(int uid) {

        switch (uid) {

        switch (uid) {

            case KeyStore.UID_SELF:

            case KeyStore.UID_SELF:

                return NAMESPACE_APPLICATION;

                return NAMESPACE_APPLICATION;

            case Process.WIFI_UID:

            case Process.WIFI_UID:

                return NAMESPACE_WIFI;

                return NAMESPACE_WIFI;

            // TODO Translate WIFI and VPN UIDs once the namespaces are defined.

            //  b/171305388 and b/171305607

            default:

            default:

                throw new IllegalArgumentException("No namespace corresponding to uid "

                throw new IllegalArgumentException("No namespace corresponding to uid "

                        + uid);

                        + uid);

package android.security.keystore2;

package android.security.keystore2;

import android.security.keystore.KeyProperties;

import java.security.KeyStore;

import java.security.KeyStore;

import java.security.KeyStore.ProtectionParameter;

import java.security.KeyStore.ProtectionParameter;

 */

 */

public class AndroidKeyStoreLoadStoreParameter implements KeyStore.LoadStoreParameter {

public class AndroidKeyStoreLoadStoreParameter implements KeyStore.LoadStoreParameter {

    private final int mNamespace;

    private final @KeyProperties.Namespace int mNamespace;

    public AndroidKeyStoreLoadStoreParameter(int namespace) {

    public AndroidKeyStoreLoadStoreParameter(@KeyProperties.Namespace int namespace) {

        mNamespace = namespace;

        mNamespace = namespace;

    }

    }

        return null;

        return null;

    }

    }

    int getNamespace() {

    @KeyProperties.Namespace int getNamespace() {

        return mNamespace;

        return mNamespace;

    }

    }

}

}

    public static final String NAME = "AndroidKeyStore";

    public static final String NAME = "AndroidKeyStore";

    private KeyStore2 mKeyStore;

    private KeyStore2 mKeyStore;

    private int mNamespace = KeyProperties.NAMESPACE_APPLICATION;

    private @KeyProperties.Namespace int mNamespace = KeyProperties.NAMESPACE_APPLICATION;

    @Override

    @Override

    public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException,

    public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException,

    @Override

    @Override

    public void engineLoad(LoadStoreParameter param) throws IOException,

    public void engineLoad(LoadStoreParameter param) throws IOException,

            NoSuchAlgorithmException, CertificateException {

            NoSuchAlgorithmException, CertificateException {

        int namespace = KeyProperties.NAMESPACE_APPLICATION;

        @KeyProperties.Namespace int namespace = KeyProperties.NAMESPACE_APPLICATION;

        if (param != null) {

        if (param != null) {

            if (param instanceof AndroidKeyStoreLoadStoreParameter) {

            if (param instanceof AndroidKeyStoreLoadStoreParameter) {

                namespace = ((AndroidKeyStoreLoadStoreParameter) param).getNamespace();

                namespace = ((AndroidKeyStoreLoadStoreParameter) param).getNamespace();