Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4c7cc360 authored by Bo Zhu's avatar Bo Zhu Committed by android-build-merger
Browse files

Merge "Skip the cert xml serial number check if the test root cert is in use" into pi-dev 

am: 3cd574ce

Change-Id: I01e101f36dba43b062bb3134ed171e1eff358d24
parents 73af74db 3cd574ce

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+2 −1
Original line number Diff line number Diff line
@@ -206,7 +206,8 @@ public class RecoverableKeyStoreManager { 
        // Check serial number

        long newSerial = certXml.getSerial();

        Long oldSerial = mDatabase.getRecoveryServiceCertSerial(userId, uid, rootCertificateAlias);

        if (oldSerial != null && oldSerial >= newSerial) {

        if (oldSerial != null && oldSerial >= newSerial

                && !mTestCertHelper.isTestOnlyCertificateAlias(rootCertificateAlias)) {

            if (oldSerial == newSerial) {

                Log.i(TAG, "The cert file serial number is the same, so skip updating.");

            } else {

services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java

+8 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ import android.security.keystore.recovery.RecoveryController; 
import android.text.TextUtils;

import android.util.Log;



import com.android.server.locksettings.recoverablekeystore.TestOnlyInsecureCertificateHelper;

import com.android.server.locksettings.recoverablekeystore.WrappedKey;

import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.KeysEntry;

import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.RecoveryServiceMetadataEntry;
@@ -62,6 +63,7 @@ public class RecoverableKeyStoreDb { 
    private static final String CERT_PATH_ENCODING = "PkiPath";



    private final RecoverableKeyStoreDbHelper mKeyStoreDbHelper;

    private final TestOnlyInsecureCertificateHelper mTestOnlyInsecureCertificateHelper;



    /**

     * A new instance, storing the database in the user directory of {@code context}.
@@ -77,6 +79,7 @@ public class RecoverableKeyStoreDb { 


    private RecoverableKeyStoreDb(RecoverableKeyStoreDbHelper keyStoreDbHelper) {

        this.mKeyStoreDbHelper = keyStoreDbHelper;

        this.mTestOnlyInsecureCertificateHelper = new TestOnlyInsecureCertificateHelper();

    }



    /**
@@ -627,6 +630,7 @@ public class RecoverableKeyStoreDb { 
     * @hide

     */

    public long setActiveRootOfTrust(int userId, int uid, @Nullable String rootAlias) {

        // TODO: Call getDefaultCertificateAliasIfEmpty() here too?

        SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase();

        ContentValues values = new ContentValues();

        values.put(RecoveryServiceMetadataEntry.COLUMN_NAME_ACTIVE_ROOT_OF_TRUST, rootAlias);
@@ -988,6 +992,7 @@ public class RecoverableKeyStoreDb { 
     * @hide

     */

    private byte[] getBytes(int userId, int uid, String rootAlias, String key) {

        rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias);

        SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase();



        String[] projection = {
@@ -1046,6 +1051,7 @@ public class RecoverableKeyStoreDb { 
     * @hide

     */

    private long setBytes(int userId, int uid, String rootAlias, String key, byte[] value) {

        rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias);

        SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase();

        ContentValues values = new ContentValues();

        values.put(key, value);
@@ -1072,6 +1078,7 @@ public class RecoverableKeyStoreDb { 
     * @hide

     */

    private Long getLong(int userId, int uid, String rootAlias, String key) {

        rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias);

        SQLiteDatabase db = mKeyStoreDbHelper.getReadableDatabase();



        String[] projection = {
@@ -1131,6 +1138,7 @@ public class RecoverableKeyStoreDb { 
     */



    private long setLong(int userId, int uid, String rootAlias, String key, long value) {

        rootAlias = mTestOnlyInsecureCertificateHelper.getDefaultCertificateAliasIfEmpty(rootAlias);

        SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase();

        ContentValues values = new ContentValues();

        values.put(key, value);

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java

+46 −0
Original line number Diff line number Diff line
@@ -424,6 +424,52 @@ public class RecoverableKeyStoreManagerTest { 
        assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();

    }



    @Test

    public void initRecoveryService_alwaysUpdatesCertsWhenTestRootCertIsUsed() throws Exception {

        int uid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();

        int certSerial = 3333;



        String testRootCertAlias = TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS;



        mRecoverableKeyStoreManager.initRecoveryService(testRootCertAlias,

                TestData.getInsecureCertXmlBytesWithEndpoint1(certSerial));

        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid,

                testRootCertAlias)).isEqualTo(certSerial);

        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid,

                testRootCertAlias)).isEqualTo(TestData.getInsecureCertPathForEndpoint1());



        mRecoverableKeyStoreManager.initRecoveryService(testRootCertAlias,

                TestData.getInsecureCertXmlBytesWithEndpoint2(certSerial - 1));

        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid,

                testRootCertAlias)).isEqualTo(certSerial - 1);

        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid,

                testRootCertAlias)).isEqualTo(TestData.getInsecureCertPathForEndpoint2());

    }



    @Test

    public void initRecoveryService_updatesCertsIndependentlyForDifferentRoots() throws Exception {

        int uid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();



        mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,

                TestData.getCertXmlWithSerial(1111L));

        mRecoverableKeyStoreManager.initRecoveryService(

                TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS,

                TestData.getInsecureCertXmlBytesWithEndpoint1(2222));



        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid,

                ROOT_CERTIFICATE_ALIAS)).isEqualTo(1111L);

        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid,

                TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS)).isEqualTo(2222L);



        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid,

                ROOT_CERTIFICATE_ALIAS)).isEqualTo(TestData.CERT_PATH_1);

        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid,

                TrustedRootCertificates.TEST_ONLY_INSECURE_CERTIFICATE_ALIAS)).isEqualTo(

                        TestData.getInsecureCertPathForEndpoint1());

    }



    @Test

    public void initRecoveryService_ignoresTheSameSerial() throws Exception {

        int uid = Binder.getCallingUid();

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/TestData.java

+290 −0

File changed.

Preview size limit exceeded, changes collapsed.