Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1ea4a5ba authored by Kenny Root's avatar Kenny Root Committed by Android (Google) Code Review
Browse files

Merge "Add API to query KeyChain algorithm support" into jb-mr2-dev

parents c29f6d4a bf556ac6
Loading
Loading
Loading
Loading
+2 −0
Original line number Diff line number Diff line
@@ -20756,6 +20756,8 @@ package android.security {
    method public static android.content.Intent createInstallIntent();
    method public static java.security.cert.X509Certificate[] getCertificateChain(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
    method public static java.security.PrivateKey getPrivateKey(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
    method public static boolean isBoundKeyType(java.lang.String);
    method public static boolean isKeyTypeSupported(java.lang.String);
    field public static final java.lang.String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED";
    field public static final java.lang.String EXTRA_CERTIFICATE = "CERT";
    field public static final java.lang.String EXTRA_NAME = "name";
+24 −0
Original line number Diff line number Diff line
@@ -356,6 +356,30 @@ public final class KeyChain {
        }
    }

    /**
     * Returns {@code true} if the current device's {@code KeyChain} supports a
     * specific {@code PrivateKey} type indicated by {@code algorithm} (e.g.,
     * "RSA").
     */
    public static boolean isKeyTypeSupported(String algorithm) {
        return "RSA".equals(algorithm);
    }

    /**
     * Returns {@code true} if the current device's {@code KeyChain} binds any
     * {@code PrivateKey} of the given {@code algorithm} to the device once
     * imported or generated. This can be used to tell if there is special
     * hardware support that can be used to bind keys to the device in a way
     * that makes it non-exportable.
     */
    public static boolean isBoundKeyType(String algorithm) {
        if (!isKeyTypeSupported(algorithm)) {
            return false;
        }

        return KeyStore.getInstance().isHardwareBacked();
    }

    private static X509Certificate toCertificate(byte[] bytes) {
        if (bytes == null) {
            throw new IllegalArgumentException("bytes == null");