Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1b20abc7 authored by Bo Zhu's avatar Bo Zhu Committed by android-build-merger
Browse files

Merge "Regenerate counterId when a new cert XML file is successfully imported"... 

Merge "Regenerate counterId when a new cert XML file is successfully imported" into pi-dev am: 8f4fae9d
am: 6ad1f058

Change-Id: Ia708a585683177252dfe64b4239e5fd1173dabf9
parents e73ab594 6ad1f058

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+2 −0
Original line number Diff line number Diff line
@@ -62,6 +62,7 @@ import java.security.KeyFactory; 
import java.security.KeyStoreException;

import java.security.NoSuchAlgorithmException;

import java.security.PublicKey;

import java.security.SecureRandom;

import java.security.UnrecoverableKeyException;

import java.security.cert.CertPath;

import java.security.cert.CertificateEncodingException;
@@ -221,6 +222,7 @@ public class RecoverableKeyStoreManager { 
            if (mDatabase.setRecoveryServiceCertPath(userId, uid, certPath) > 0) {

                mDatabase.setRecoveryServiceCertSerial(userId, uid, newSerial);

                mDatabase.setShouldCreateSnapshot(userId, uid, true);

                mDatabase.setCounterId(userId, uid, new SecureRandom().nextLong());

            }

        } catch (CertificateEncodingException e) {

            Log.e(TAG, "Failed to encode CertPath", e);

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java

+17 −0
Original line number Diff line number Diff line
@@ -299,6 +299,23 @@ public class RecoverableKeyStoreManagerTest { 
        assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNull();

    }



    @Test

    public void initRecoveryService_regeneratesCounterId() throws Exception {

        int uid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();

        long certSerial = 1000L;



        Long counterId0 = mRecoverableKeyStoreDb.getCounterId(userId, uid);

        mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,

                TestData.getCertXmlWithSerial(certSerial));

        Long counterId1 = mRecoverableKeyStoreDb.getCounterId(userId, uid);

        mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,

                TestData.getCertXmlWithSerial(certSerial + 1));

        Long counterId2 = mRecoverableKeyStoreDb.getCounterId(userId, uid);



        assertThat(!counterId1.equals(counterId0) || !counterId2.equals(counterId1)).isTrue();

    }



    @Test

    public void initRecoveryService_throwsIfInvalidCert() throws Exception {

        byte[] modifiedCertXml = TestData.getCertXml();