Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2ed9b9b2 authored by Janis Danisevskis's avatar Janis Danisevskis
Browse files

Keystore 2.0 SPI: Make Recoverable keystore tolerate the Keystore 2.0 SPI 

This patch adds support for using the Legacy Keystore provider when the
Keystore 2.0 provider is installed. This is the first step
towards the transition to Keystore 2.0.

Installation of the new provider can be triggered by setting the
platform property ro.android.security.keystore2.enable=true.

Bug: 171305545
Test: None
Change-Id: I3825f40558b4c25cb64caa25c0029cea76333c44
parent a637f277

services/core/java/com/android/server/locksettings/recoverablekeystore/KeyStoreProxyImpl.java

+19 −4
Original line number Diff line number Diff line
@@ -16,23 +16,38 @@ 


package com.android.server.locksettings.recoverablekeystore;



import android.security.keystore2.AndroidKeyStoreProvider;



import java.io.IOException;

import java.security.cert.CertificateException;

import java.security.Key;

import java.security.KeyStore;

import java.security.KeyStoreException;

import java.security.NoSuchAlgorithmException;

import java.security.NoSuchAlgorithmException;

import java.security.UnrecoverableKeyException;

import java.security.cert.CertificateException;



/**

 * Implementation of {@link KeyStoreProxy} that delegates all method calls to the {@link KeyStore}.

 */

public class KeyStoreProxyImpl implements KeyStoreProxy {



    private static final String ANDROID_KEY_STORE_PROVIDER = "AndroidKeyStore";

    private final KeyStore mKeyStore;



    /**

     * TODO This function redirects keystore access to the legacy keystore during a transitional

     *      phase during which not all calling code has been adjusted to use Keystore 2.0.

     *      This can be reverted to a constant of "AndroidKeyStore" when b/171305684 is complete.

     *      The specific bug for this component is b/171305545.

     */

    static String androidKeystoreProviderName() {

        if (AndroidKeyStoreProvider.isInstalled()) {

            return "AndroidKeyStoreLegacy";

        } else {

            return "AndroidKeyStore";

        }



    }



    /**

     * A new instance, delegating to {@code keyStore}.

     */
@@ -69,7 +84,7 @@ public class KeyStoreProxyImpl implements KeyStoreProxy { 
     * @throws KeyStoreException if there was a problem getting or initializing the key store.

     */

    public static KeyStore getAndLoadAndroidKeyStore() throws KeyStoreException {

        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER);

        KeyStore keyStore = KeyStore.getInstance(androidKeystoreProviderName());

        try {

            keyStore.load(/*param=*/ null);

        } catch (CertificateException | IOException | NoSuchAlgorithmException e) {

services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java

+1 −3
Original line number Diff line number Diff line
@@ -86,8 +86,6 @@ public class PlatformKeyManager { 
    private final KeyStoreProxy mKeyStore;

    private final RecoverableKeyStoreDb mDatabase;



    private static final String ANDROID_KEY_STORE_PROVIDER = "AndroidKeyStore";



    /**

     * A new instance operating on behalf of {@code userId}, storing its prefs in the location

     * defined by {@code context}.
@@ -486,7 +484,7 @@ public class PlatformKeyManager { 
     * @throws KeyStoreException if there was a problem getting or initializing the key store.

     */

    private static KeyStore getAndLoadAndroidKeyStore() throws KeyStoreException {

        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_PROVIDER);

        KeyStore keyStore = KeyStore.getInstance(KeyStoreProxyImpl.androidKeystoreProviderName());

        try {

            keyStore.load(/*param=*/ null);

        } catch (CertificateException | IOException | NoSuchAlgorithmException e) {