Loading services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +2 −1 Original line number Diff line number Diff line Loading @@ -206,7 +206,8 @@ public class RecoverableKeyStoreManager { // Check serial number long newSerial = certXml.getSerial(); Long oldSerial = mDatabase.getRecoveryServiceCertSerial(userId, uid, rootCertificateAlias); if (oldSerial != null && oldSerial >= newSerial) { if (oldSerial != null && oldSerial >= newSerial && !mTestCertHelper.isTestOnlyCertificateAlias(rootCertificateAlias)) { if (oldSerial == newSerial) { Log.i(TAG, "The cert file serial number is the same, so skip updating."); } else { Loading services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java +8 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.security.keystore.recovery.RecoveryController; import android.text.TextUtils; import android.util.Log; import com.android.server.locksettings.recoverablekeystore.TestOnlyInsecureCertificateHelper; import com.android.server.locksettings.recoverablekeystore.WrappedKey; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.KeysEntry; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.RecoveryServiceMetadataEntry; Loading Loading @@ -62,6 +63,7 @@ public class RecoverableKeyStoreDb { private static final String CERT_PATH_ENCODING = "PkiPath"; private final RecoverableKeyStoreDbHelper mKeyStoreDbHelper; private final TestOnlyInsecureCertificateHelper mTestOnlyInsecureCertificateHelper; /** * A new instance, storing the database in the user directory of {@code context}. Loading @@ -77,6 +79,7 @@ public class RecoverableKeyStoreDb { private RecoverableKeyStoreDb(RecoverableKeyStoreDbHelper keyStoreDbHelper) { this.mKeyStoreDbHelper = keyStoreDbHelper; this.mTestOnlyInsecureCertificateHelper = new TestOnlyInsecureCertificateHelper(); } /** Loading Loading @@ -627,6 +630,7 @@ public class RecoverableKeyStoreDb { * @hide */ public long setActiveRootOfTrust(int userId, int uid, @Nullable String rootAlias) { // TODO: Call getDefaultCertificateAliasIfEmpty() here too? SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(RecoveryServiceMetadataEntry.COLUMN_NAME_ACTIVE_ROOT_OF_TRUST, rootAlias); Loading Loading @@ -988,6 +992,7 @@ public class RecoverableKeyStoreDb { * @hide */ private byte[] getBytes(int userId, int uid, String rootAlias, String key) { rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase(); String[] projection = { Loading Loading @@ -1046,6 +1051,7 @@ public class RecoverableKeyStoreDb { * @hide */ private long setBytes(int userId, int uid, String rootAlias, String key, byte[] value) { rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(key, value); Loading @@ -1072,6 +1078,7 @@ public class RecoverableKeyStoreDb { * @hide */ private Long getLong(int userId, int uid, String rootAlias, String key) { rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase(); String[] projection = { Loading Loading @@ -1131,6 +1138,7 @@ public class RecoverableKeyStoreDb { */ private long setLong(int userId, int uid, String rootAlias, String key, long value) { rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(key, value); Loading services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java +46 −0 Original line number Diff line number Diff line Loading @@ -424,6 +424,52 @@ public class RecoverableKeyStoreManagerTest { assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse(); } @Test public void initRecoveryService_alwaysUpdatesCertsWhenTestRootCertIsUsed() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); int certSerial = 3333; String testRootCertAlias = TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS; mRecoverableKeyStoreManager.initRecoveryService(testRootCertAlias, TestData.getInsecureCertXmlBytesWithEndpoint1(certSerial)); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, testRootCertAlias)).isEqualTo(certSerial); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, testRootCertAlias)).isEqualTo(TestData.getInsecureCertPathForEndpoint1()); mRecoverableKeyStoreManager.initRecoveryService(testRootCertAlias, TestData.getInsecureCertXmlBytesWithEndpoint2(certSerial - 1)); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, testRootCertAlias)).isEqualTo(certSerial - 1); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, testRootCertAlias)).isEqualTo(TestData.getInsecureCertPathForEndpoint2()); } @Test public void initRecoveryService_updatesCertsIndependentlyForDifferentRoots() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TestData.getCertXmlWithSerial(1111L)); mRecoverableKeyStoreManager.initRecoveryService( TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS, TestData.getInsecureCertXmlBytesWithEndpoint1(2222)); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, ROOT_CERTIFICATE_ALIAS)).isEqualTo(1111L); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS)).isEqualTo(2222L); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, ROOT_CERTIFICATE_ALIAS)).isEqualTo(TestData.CERT_PATH_1); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS)).isEqualTo( TestData.getInsecureCertPathForEndpoint1()); } @Test public void initRecoveryService_ignoresTheSameSerial() throws Exception { int uid = Binder.getCallingUid(); Loading services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/TestData.java +290 −0 File changed.Preview size limit exceeded, changes collapsed. Show changes Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +2 −1 Original line number Diff line number Diff line Loading @@ -206,7 +206,8 @@ public class RecoverableKeyStoreManager { // Check serial number long newSerial = certXml.getSerial(); Long oldSerial = mDatabase.getRecoveryServiceCertSerial(userId, uid, rootCertificateAlias); if (oldSerial != null && oldSerial >= newSerial) { if (oldSerial != null && oldSerial >= newSerial && !mTestCertHelper.isTestOnlyCertificateAlias(rootCertificateAlias)) { if (oldSerial == newSerial) { Log.i(TAG, "The cert file serial number is the same, so skip updating."); } else { Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java +8 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import android.security.keystore.recovery.RecoveryController; import android.text.TextUtils; import android.util.Log; import com.android.server.locksettings.recoverablekeystore.TestOnlyInsecureCertificateHelper; import com.android.server.locksettings.recoverablekeystore.WrappedKey; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.KeysEntry; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.RecoveryServiceMetadataEntry; Loading Loading @@ -62,6 +63,7 @@ public class RecoverableKeyStoreDb { private static final String CERT_PATH_ENCODING = "PkiPath"; private final RecoverableKeyStoreDbHelper mKeyStoreDbHelper; private final TestOnlyInsecureCertificateHelper mTestOnlyInsecureCertificateHelper; /** * A new instance, storing the database in the user directory of {@code context}. Loading @@ -77,6 +79,7 @@ public class RecoverableKeyStoreDb { private RecoverableKeyStoreDb(RecoverableKeyStoreDbHelper keyStoreDbHelper) { this.mKeyStoreDbHelper = keyStoreDbHelper; this.mTestOnlyInsecureCertificateHelper = new TestOnlyInsecureCertificateHelper(); } /** Loading Loading @@ -627,6 +630,7 @@ public class RecoverableKeyStoreDb { * @hide */ public long setActiveRootOfTrust(int userId, int uid, @Nullable String rootAlias) { // TODO: Call getDefaultCertificateAliasIfEmpty() here too? SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(RecoveryServiceMetadataEntry.COLUMN_NAME_ACTIVE_ROOT_OF_TRUST, rootAlias); Loading Loading @@ -988,6 +992,7 @@ public class RecoverableKeyStoreDb { * @hide */ private byte[] getBytes(int userId, int uid, String rootAlias, String key) { rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase(); String[] projection = { Loading Loading @@ -1046,6 +1051,7 @@ public class RecoverableKeyStoreDb { * @hide */ private long setBytes(int userId, int uid, String rootAlias, String key, byte[] value) { rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(key, value); Loading @@ -1072,6 +1078,7 @@ public class RecoverableKeyStoreDb { * @hide */ private Long getLong(int userId, int uid, String rootAlias, String key) { rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase(); String[] projection = { Loading Loading @@ -1131,6 +1138,7 @@ public class RecoverableKeyStoreDb { */ private long setLong(int userId, int uid, String rootAlias, String key, long value) { rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias); SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase(); ContentValues values = new ContentValues(); values.put(key, value); Loading
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java +46 −0 Original line number Diff line number Diff line Loading @@ -424,6 +424,52 @@ public class RecoverableKeyStoreManagerTest { assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse(); } @Test public void initRecoveryService_alwaysUpdatesCertsWhenTestRootCertIsUsed() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); int certSerial = 3333; String testRootCertAlias = TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS; mRecoverableKeyStoreManager.initRecoveryService(testRootCertAlias, TestData.getInsecureCertXmlBytesWithEndpoint1(certSerial)); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, testRootCertAlias)).isEqualTo(certSerial); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, testRootCertAlias)).isEqualTo(TestData.getInsecureCertPathForEndpoint1()); mRecoverableKeyStoreManager.initRecoveryService(testRootCertAlias, TestData.getInsecureCertXmlBytesWithEndpoint2(certSerial - 1)); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, testRootCertAlias)).isEqualTo(certSerial - 1); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, testRootCertAlias)).isEqualTo(TestData.getInsecureCertPathForEndpoint2()); } @Test public void initRecoveryService_updatesCertsIndependentlyForDifferentRoots() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TestData.getCertXmlWithSerial(1111L)); mRecoverableKeyStoreManager.initRecoveryService( TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS, TestData.getInsecureCertXmlBytesWithEndpoint1(2222)); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, ROOT_CERTIFICATE_ALIAS)).isEqualTo(1111L); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid, TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS)).isEqualTo(2222L); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, ROOT_CERTIFICATE_ALIAS)).isEqualTo(TestData.CERT_PATH_1); assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid, TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS)).isEqualTo( TestData.getInsecureCertPathForEndpoint1()); } @Test public void initRecoveryService_ignoresTheSameSerial() throws Exception { int uid = Binder.getCallingUid(); Loading
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/TestData.java +290 −0 File changed.Preview size limit exceeded, changes collapsed. Show changes
