Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25284387 authored by Janis Danisevskis's avatar Janis Danisevskis
Browse files

Keystore 2.0: Deprecate Credential prefixes. 

Keystore 2.0 will no longer support free form blobs. Certificates and
certificate chains will have types fields associated with an alias.
Other free form blobs will need to be migrated to a different key value
store.

Bug: 171305684
Test: None
Change-Id: I93270f0086329229dc36c2b14c88f229351e6560
parent ff062f6e

keystore/java/android/security/Credentials.java

+35 −7
Original line number Diff line number Diff line
@@ -48,18 +48,38 @@ public class Credentials { 


    public static final String INSTALL_AS_USER_ACTION = "android.credentials.INSTALL_AS_USER";



    /** Key prefix for CA certificates. */

    /**

     * Key prefix for CA certificates.

     *

     * @deprecated Keystore no longer supports unstructured blobs. Public certificates are

     *             stored in typed slots associated with a given alias.

     */

    @Deprecated

    public static final String CA_CERTIFICATE = "CACERT_";



    /** Key prefix for user certificates. */

    /**

     * Key prefix for user certificates.

     *

     * @deprecated Keystore no longer supports unstructured blobs. Public certificates are

     *             stored in typed slots associated with a given alias.

     */

    @Deprecated

    public static final String USER_CERTIFICATE = "USRCERT_";



    /** Key prefix for user private and secret keys. */

    /**

     * Key prefix for user private and secret keys.

     *

     * @deprecated Keystore no longer uses alias prefixes to discriminate between entry types.

     */

    @Deprecated

    public static final String USER_PRIVATE_KEY = "USRPKEY_";



    /** Key prefix for user secret keys.

    /**

     * Key prefix for user secret keys.

     *

     * @deprecated use {@code USER_PRIVATE_KEY} for this category instead.

     */

    @Deprecated

    public static final String USER_SECRET_KEY = "USRSKEY_";



    /** Key prefix for VPN. */
@@ -71,7 +91,13 @@ public class Credentials { 
    /** Key prefix for WIFI. */

    public static final String WIFI = "WIFI_";



    /** Key prefix for App Source certificates. */

    /**

     * Key prefix for App Source certificates.

     *

     * @deprecated This was intended for FS-verity but never used. FS-verity is not

     *             going to use this constant moving forward.

     */

    @Deprecated

    public static final String APP_SOURCE_CERTIFICATE = "FSV_";



    /** Key containing suffix of lockdown VPN profile. */
@@ -149,6 +175,7 @@ public class Credentials { 
        pw.close();

        return bao.toByteArray();

    }



    /**

     * Convert objects from PEM format, which is used for

     * CA_CERTIFICATE and USER_CERTIFICATE entries.
@@ -166,7 +193,8 @@ public class Credentials { 
            PemObject o;

            while ((o = pr.readPemObject()) != null) {

                if (o.getType().equals("CERTIFICATE")) {

                    Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));

                    Certificate c = cf.generateCertificate(

                            new ByteArrayInputStream(o.getContent()));

                    result.add((X509Certificate) c);

                } else {

                    throw new IllegalArgumentException("Unknown type " + o.getType());