Loading services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java +11 −7 Original line number Diff line number Diff line Loading @@ -115,16 +115,12 @@ public class PlatformKeyManager { /** * Returns the current generation ID of the platform key. This increments whenever a platform * key has to be replaced. (e.g., because the user has removed and then re-added their lock * screen). * screen). Returns -1 if no key has been generated yet. * * @hide */ public int getGenerationId() { int generationId = mDatabase.getPlatformKeyGenerationId(mUserId); if (generationId == -1) { return 1; } return generationId; return mDatabase.getPlatformKeyGenerationId(mUserId); } /** Loading Loading @@ -207,14 +203,22 @@ public class PlatformKeyManager { Locale.US, "Platform key generation %d exists already.", generationId)); return; } if (generationId == 1) { if (generationId == -1) { Log.i(TAG, "Generating initial platform ID."); } else { Log.w(TAG, String.format(Locale.US, "Platform generation ID was %d but no " + "entry was present in AndroidKeyStore. Generating fresh key.", generationId)); } if (generationId == -1) { generationId = 1; } else { // Had to generate a fresh key, bump the generation id generationId++; } generateAndLoadKey(generationId); mDatabase.setPlatformKeyGenerationId(mUserId, generationId); } /** Loading services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +0 −1 Original line number Diff line number Diff line Loading @@ -216,7 +216,6 @@ public class RecoverableKeyStoreManager { // Any application should be able to check status for its own keys. // If caller is a recovery agent it can check statuses for other packages, but // only for recoverable keys it manages. checkRecoverKeyStorePermission(); return mDatabase.getStatusForAllKeys(Binder.getCallingUid()); } Loading services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/PlatformKeyManagerTest.java +41 −0 Original line number Diff line number Diff line Loading @@ -204,6 +204,14 @@ public class PlatformKeyManagerTest { ((KeyStore.SecretKeyEntry) entries.get(1)).getSecretKey().getEncoded()); } @Test public void init_savesGenerationIdToDatabase() throws Exception { mPlatformKeyManager.init(); assertEquals(1, mRecoverableKeyStoreDb.getPlatformKeyGenerationId(USER_ID_FIXTURE)); } @Test public void init_setsGenerationIdTo1() throws Exception { mPlatformKeyManager.init(); Loading @@ -211,8 +219,39 @@ public class PlatformKeyManagerTest { assertEquals(1, mPlatformKeyManager.getGenerationId()); } @Test public void init_incrementsGenerationIdIfKeyIsUnavailable() throws Exception { mPlatformKeyManager.init(); mPlatformKeyManager.init(); assertEquals(2, mPlatformKeyManager.getGenerationId()); } @Test public void init_doesNotIncrementGenerationIdIfKeyAvailable() throws Exception { mPlatformKeyManager.init(); when(mKeyStoreProxy .containsAlias("com.android.server.locksettings.recoverablekeystore/" + "platform/42/1/decrypt")).thenReturn(true); when(mKeyStoreProxy .containsAlias("com.android.server.locksettings.recoverablekeystore/" + "platform/42/1/encrypt")).thenReturn(true); mPlatformKeyManager.init(); assertEquals(1, mPlatformKeyManager.getGenerationId()); } @Test public void getGenerationId_returnsMinusOneIfNotInitialized() throws Exception { assertEquals(-1, mPlatformKeyManager.getGenerationId()); } @Test public void getDecryptKey_getsDecryptKeyWithCorrectAlias() throws Exception { mPlatformKeyManager.init(); mPlatformKeyManager.getDecryptKey(); verify(mKeyStoreProxy).getKey( Loading @@ -222,6 +261,8 @@ public class PlatformKeyManagerTest { @Test public void getEncryptKey_getsDecryptKeyWithCorrectAlias() throws Exception { mPlatformKeyManager.init(); mPlatformKeyManager.getEncryptKey(); verify(mKeyStoreProxy).getKey( Loading Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java +11 −7 Original line number Diff line number Diff line Loading @@ -115,16 +115,12 @@ public class PlatformKeyManager { /** * Returns the current generation ID of the platform key. This increments whenever a platform * key has to be replaced. (e.g., because the user has removed and then re-added their lock * screen). * screen). Returns -1 if no key has been generated yet. * * @hide */ public int getGenerationId() { int generationId = mDatabase.getPlatformKeyGenerationId(mUserId); if (generationId == -1) { return 1; } return generationId; return mDatabase.getPlatformKeyGenerationId(mUserId); } /** Loading Loading @@ -207,14 +203,22 @@ public class PlatformKeyManager { Locale.US, "Platform key generation %d exists already.", generationId)); return; } if (generationId == 1) { if (generationId == -1) { Log.i(TAG, "Generating initial platform ID."); } else { Log.w(TAG, String.format(Locale.US, "Platform generation ID was %d but no " + "entry was present in AndroidKeyStore. Generating fresh key.", generationId)); } if (generationId == -1) { generationId = 1; } else { // Had to generate a fresh key, bump the generation id generationId++; } generateAndLoadKey(generationId); mDatabase.setPlatformKeyGenerationId(mUserId, generationId); } /** Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +0 −1 Original line number Diff line number Diff line Loading @@ -216,7 +216,6 @@ public class RecoverableKeyStoreManager { // Any application should be able to check status for its own keys. // If caller is a recovery agent it can check statuses for other packages, but // only for recoverable keys it manages. checkRecoverKeyStorePermission(); return mDatabase.getStatusForAllKeys(Binder.getCallingUid()); } Loading
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/PlatformKeyManagerTest.java +41 −0 Original line number Diff line number Diff line Loading @@ -204,6 +204,14 @@ public class PlatformKeyManagerTest { ((KeyStore.SecretKeyEntry) entries.get(1)).getSecretKey().getEncoded()); } @Test public void init_savesGenerationIdToDatabase() throws Exception { mPlatformKeyManager.init(); assertEquals(1, mRecoverableKeyStoreDb.getPlatformKeyGenerationId(USER_ID_FIXTURE)); } @Test public void init_setsGenerationIdTo1() throws Exception { mPlatformKeyManager.init(); Loading @@ -211,8 +219,39 @@ public class PlatformKeyManagerTest { assertEquals(1, mPlatformKeyManager.getGenerationId()); } @Test public void init_incrementsGenerationIdIfKeyIsUnavailable() throws Exception { mPlatformKeyManager.init(); mPlatformKeyManager.init(); assertEquals(2, mPlatformKeyManager.getGenerationId()); } @Test public void init_doesNotIncrementGenerationIdIfKeyAvailable() throws Exception { mPlatformKeyManager.init(); when(mKeyStoreProxy .containsAlias("com.android.server.locksettings.recoverablekeystore/" + "platform/42/1/decrypt")).thenReturn(true); when(mKeyStoreProxy .containsAlias("com.android.server.locksettings.recoverablekeystore/" + "platform/42/1/encrypt")).thenReturn(true); mPlatformKeyManager.init(); assertEquals(1, mPlatformKeyManager.getGenerationId()); } @Test public void getGenerationId_returnsMinusOneIfNotInitialized() throws Exception { assertEquals(-1, mPlatformKeyManager.getGenerationId()); } @Test public void getDecryptKey_getsDecryptKeyWithCorrectAlias() throws Exception { mPlatformKeyManager.init(); mPlatformKeyManager.getDecryptKey(); verify(mKeyStoreProxy).getKey( Loading @@ -222,6 +261,8 @@ public class PlatformKeyManagerTest { @Test public void getEncryptKey_getsDecryptKeyWithCorrectAlias() throws Exception { mPlatformKeyManager.init(); mPlatformKeyManager.getEncryptKey(); verify(mKeyStoreProxy).getKey( Loading
