Loading keystore/java/android/security/KeyStore.java +0 −25 Original line number Diff line number Diff line Loading @@ -231,14 +231,6 @@ public class KeyStore { return list(prefix, UID_SELF); } public String[] saw(String prefix, int uid) { return list(prefix, uid); } public String[] saw(String prefix) { return saw(prefix, UID_SELF); } public boolean reset() { try { return mBinder.reset() == NO_ERROR; Loading Loading @@ -328,23 +320,6 @@ public class KeyStore { } } public byte[] getPubkey(String key) { try { return mBinder.get_pubkey(key); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; } } public boolean delKey(String key, int uid) { return delete(key, uid); } public boolean delKey(String key) { return delKey(key, UID_SELF); } public byte[] sign(String key, byte[] data) { try { return mBinder.sign(key, data); Loading keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +15 −1 Original line number Diff line number Diff line Loading @@ -20,6 +20,8 @@ import android.annotation.NonNull; import android.security.Credentials; import android.security.KeyPairGeneratorSpec; import android.security.KeyStore; import android.security.keymaster.ExportResult; import android.security.keymaster.KeymasterDefs; import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; import com.android.org.conscrypt.NativeConstants; Loading @@ -33,6 +35,7 @@ import java.security.KeyPairGenerator; import java.security.KeyPairGeneratorSpi; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.ProviderException; import java.security.PublicKey; import java.security.SecureRandom; import java.security.cert.CertificateEncodingException; Loading Loading @@ -153,7 +156,18 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato throw new RuntimeException("Can't get key", e); } final byte[] pubKeyBytes = mKeyStore.getPubkey(privateKeyAlias); ExportResult exportResult = mKeyStore.exportKey( privateKeyAlias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null); if (exportResult == null) { throw new KeyStoreConnectException(); } else if (exportResult.resultCode != KeyStore.NO_ERROR) { throw new ProviderException( "Failed to obtain public key in X.509 format", KeyStore.getKeyStoreException(exportResult.resultCode)); } final byte[] pubKeyBytes = exportResult.exportData; final PublicKey pubKey; try { Loading keystore/java/android/security/keystore/AndroidKeyStoreSpi.java +3 −3 Original line number Diff line number Diff line Loading @@ -685,7 +685,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { } private Set<String> getUniqueAliases() { final String[] rawAliases = mKeyStore.saw(""); final String[] rawAliases = mKeyStore.list(""); if (rawAliases == null) { return new HashSet<String>(); } Loading Loading @@ -778,7 +778,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { * equivalent to the USER_CERTIFICATE prefix for the Android keystore * convention. */ final String[] certAliases = mKeyStore.saw(Credentials.USER_CERTIFICATE); final String[] certAliases = mKeyStore.list(Credentials.USER_CERTIFICATE); if (certAliases != null) { for (String alias : certAliases) { final byte[] certBytes = mKeyStore.get(Credentials.USER_CERTIFICATE + alias); Loading @@ -799,7 +799,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { * Look at all the TrustedCertificateEntry types. Skip all the * PrivateKeyEntry we looked at above. */ final String[] caAliases = mKeyStore.saw(Credentials.CA_CERTIFICATE); final String[] caAliases = mKeyStore.list(Credentials.CA_CERTIFICATE); if (certAliases != null) { for (String alias : caAliases) { if (nonCaEntries.contains(alias)) { Loading keystore/tests/src/android/security/KeyStoreTest.java +12 −12 Original line number Diff line number Diff line Loading @@ -276,8 +276,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); } public void testSaw() throws Exception { String[] emptyResult = mKeyStore.saw(TEST_KEYNAME); public void testList() throws Exception { String[] emptyResult = mKeyStore.list(TEST_KEYNAME); assertNotNull(emptyResult); assertEquals(0, emptyResult.length); Loading @@ -285,26 +285,26 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); String[] results = mKeyStore.saw(TEST_KEYNAME); String[] results = mKeyStore.list(TEST_KEYNAME); assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), new HashSet(Arrays.asList(results))); } public void testSaw_ungrantedUid_Bluetooth() throws Exception { String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID); public void testList_ungrantedUid_Bluetooth() throws Exception { String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID); assertEquals(0, results1.length); mKeyStore.onUserPasswordChanged(TEST_PASSWD); mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID); String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID); assertEquals(0, results2.length); } public void testSaw_grantedUid_Wifi() throws Exception { String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID); public void testList_grantedUid_Wifi() throws Exception { String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID); assertNotNull(results1); assertEquals(0, results1.length); Loading @@ -312,14 +312,14 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID); String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID); assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), new HashSet(Arrays.asList(results2))); } public void testSaw_grantedUid_Vpn() throws Exception { String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID); public void testList_grantedUid_Vpn() throws Exception { String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID); assertNotNull(results1); assertEquals(0, results1.length); Loading @@ -327,7 +327,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID); String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID); assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), new HashSet(Arrays.asList(results2))); Loading keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java +8 −2 Original line number Diff line number Diff line Loading @@ -18,6 +18,9 @@ package android.security.keystore; import android.security.Credentials; import android.security.KeyPairGeneratorSpec; import android.security.KeyStore; import android.security.keymaster.ExportResult; import android.security.keymaster.KeymasterDefs; import android.test.AndroidTestCase; import java.io.ByteArrayInputStream; Loading Loading @@ -78,7 +81,7 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); assertTrue(mAndroidKeyStore.isUnlocked()); String[] aliases = mAndroidKeyStore.saw(""); String[] aliases = mAndroidKeyStore.list(""); assertNotNull(aliases); assertEquals(0, aliases.length); } Loading Loading @@ -359,7 +362,10 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias); assertNull("A list of CA certificates should not exist for the generated entry", caCerts); final byte[] pubKeyBytes = mAndroidKeyStore.getPubkey(Credentials.USER_PRIVATE_KEY + alias); ExportResult exportResult = mAndroidKeyStore.exportKey( Credentials.USER_PRIVATE_KEY + alias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null); assertEquals(KeyStore.NO_ERROR, exportResult.resultCode); final byte[] pubKeyBytes = exportResult.exportData; assertNotNull("The keystore should return the public key for the generated key", pubKeyBytes); } Loading Loading
keystore/java/android/security/KeyStore.java +0 −25 Original line number Diff line number Diff line Loading @@ -231,14 +231,6 @@ public class KeyStore { return list(prefix, UID_SELF); } public String[] saw(String prefix, int uid) { return list(prefix, uid); } public String[] saw(String prefix) { return saw(prefix, UID_SELF); } public boolean reset() { try { return mBinder.reset() == NO_ERROR; Loading Loading @@ -328,23 +320,6 @@ public class KeyStore { } } public byte[] getPubkey(String key) { try { return mBinder.get_pubkey(key); } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return null; } } public boolean delKey(String key, int uid) { return delete(key, uid); } public boolean delKey(String key) { return delKey(key, UID_SELF); } public byte[] sign(String key, byte[] data) { try { return mBinder.sign(key, data); Loading
keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +15 −1 Original line number Diff line number Diff line Loading @@ -20,6 +20,8 @@ import android.annotation.NonNull; import android.security.Credentials; import android.security.KeyPairGeneratorSpec; import android.security.KeyStore; import android.security.keymaster.ExportResult; import android.security.keymaster.KeymasterDefs; import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; import com.android.org.conscrypt.NativeConstants; Loading @@ -33,6 +35,7 @@ import java.security.KeyPairGenerator; import java.security.KeyPairGeneratorSpi; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.ProviderException; import java.security.PublicKey; import java.security.SecureRandom; import java.security.cert.CertificateEncodingException; Loading Loading @@ -153,7 +156,18 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato throw new RuntimeException("Can't get key", e); } final byte[] pubKeyBytes = mKeyStore.getPubkey(privateKeyAlias); ExportResult exportResult = mKeyStore.exportKey( privateKeyAlias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null); if (exportResult == null) { throw new KeyStoreConnectException(); } else if (exportResult.resultCode != KeyStore.NO_ERROR) { throw new ProviderException( "Failed to obtain public key in X.509 format", KeyStore.getKeyStoreException(exportResult.resultCode)); } final byte[] pubKeyBytes = exportResult.exportData; final PublicKey pubKey; try { Loading
keystore/java/android/security/keystore/AndroidKeyStoreSpi.java +3 −3 Original line number Diff line number Diff line Loading @@ -685,7 +685,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { } private Set<String> getUniqueAliases() { final String[] rawAliases = mKeyStore.saw(""); final String[] rawAliases = mKeyStore.list(""); if (rawAliases == null) { return new HashSet<String>(); } Loading Loading @@ -778,7 +778,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { * equivalent to the USER_CERTIFICATE prefix for the Android keystore * convention. */ final String[] certAliases = mKeyStore.saw(Credentials.USER_CERTIFICATE); final String[] certAliases = mKeyStore.list(Credentials.USER_CERTIFICATE); if (certAliases != null) { for (String alias : certAliases) { final byte[] certBytes = mKeyStore.get(Credentials.USER_CERTIFICATE + alias); Loading @@ -799,7 +799,7 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { * Look at all the TrustedCertificateEntry types. Skip all the * PrivateKeyEntry we looked at above. */ final String[] caAliases = mKeyStore.saw(Credentials.CA_CERTIFICATE); final String[] caAliases = mKeyStore.list(Credentials.CA_CERTIFICATE); if (certAliases != null) { for (String alias : caAliases) { if (nonCaEntries.contains(alias)) { Loading
keystore/tests/src/android/security/KeyStoreTest.java +12 −12 Original line number Diff line number Diff line Loading @@ -276,8 +276,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); } public void testSaw() throws Exception { String[] emptyResult = mKeyStore.saw(TEST_KEYNAME); public void testList() throws Exception { String[] emptyResult = mKeyStore.list(TEST_KEYNAME); assertNotNull(emptyResult); assertEquals(0, emptyResult.length); Loading @@ -285,26 +285,26 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); String[] results = mKeyStore.saw(TEST_KEYNAME); String[] results = mKeyStore.list(TEST_KEYNAME); assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), new HashSet(Arrays.asList(results))); } public void testSaw_ungrantedUid_Bluetooth() throws Exception { String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID); public void testList_ungrantedUid_Bluetooth() throws Exception { String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID); assertEquals(0, results1.length); mKeyStore.onUserPasswordChanged(TEST_PASSWD); mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID); String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID); assertEquals(0, results2.length); } public void testSaw_grantedUid_Wifi() throws Exception { String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID); public void testList_grantedUid_Wifi() throws Exception { String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID); assertNotNull(results1); assertEquals(0, results1.length); Loading @@ -312,14 +312,14 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID); String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID); assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), new HashSet(Arrays.asList(results2))); } public void testSaw_grantedUid_Vpn() throws Exception { String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID); public void testList_grantedUid_Vpn() throws Exception { String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID); assertNotNull(results1); assertEquals(0, results1.length); Loading @@ -327,7 +327,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID); String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID); assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), new HashSet(Arrays.asList(results2))); Loading
keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java +8 −2 Original line number Diff line number Diff line Loading @@ -18,6 +18,9 @@ package android.security.keystore; import android.security.Credentials; import android.security.KeyPairGeneratorSpec; import android.security.KeyStore; import android.security.keymaster.ExportResult; import android.security.keymaster.KeymasterDefs; import android.test.AndroidTestCase; import java.io.ByteArrayInputStream; Loading Loading @@ -78,7 +81,7 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111")); assertTrue(mAndroidKeyStore.isUnlocked()); String[] aliases = mAndroidKeyStore.saw(""); String[] aliases = mAndroidKeyStore.list(""); assertNotNull(aliases); assertEquals(0, aliases.length); } Loading Loading @@ -359,7 +362,10 @@ public class AndroidKeyPairGeneratorTest extends AndroidTestCase { final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias); assertNull("A list of CA certificates should not exist for the generated entry", caCerts); final byte[] pubKeyBytes = mAndroidKeyStore.getPubkey(Credentials.USER_PRIVATE_KEY + alias); ExportResult exportResult = mAndroidKeyStore.exportKey( Credentials.USER_PRIVATE_KEY + alias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null); assertEquals(KeyStore.NO_ERROR, exportResult.resultCode); final byte[] pubKeyBytes = exportResult.exportData; assertNotNull("The keystore should return the public key for the generated key", pubKeyBytes); } Loading
