Merge "Harden and clean up KeyGenParameterSpec." into mnc-dev

 * <p>NOTE: The key material of the generated symmetric and private keys is not accessible. The key

 * material of the public keys is accessible.

 *

 * <p>Instances of this class are immutable.

 *

 * <p><h3>Example: Asymmetric key pair</h3>

 * The following example illustrates how to generate an EC key pair in the Android KeyStore system

 * under alias {@code key1} authorized to be used only for signing using SHA-256, SHA-384,

 *         KeyProperties.KEY_ALGORITHM_EC,

 *         "AndroidKeyStore");

 * keyPairGenerator.initialize(

 *         new KeyGenParameterSpec.Builder("key1",

 *         new KeyGenParameterSpec.Builder(

 *                 "key1",

 *                 KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)

 *                 .setDigests(KeyProperties.DIGEST_SHA256

 *                         | KeyProperties.DIGEST_SHA384

 *                         | KeyProperties.DIGEST_SHA512)

 *                 .setDigests(KeyProperties.DIGEST_SHA256,

 *                         KeyProperties.DIGEST_SHA384,

 *                         KeyProperties.DIGEST_SHA512)

 *                 // Only permit this key to be used if the user authenticated

 *                 // within the last five minutes.

 *                 .setUserAuthenticationRequired(true)

 *

 * <p><h3>Example: Symmetric key</h3>

 * The following example illustrates how to generate an AES key in the Android KeyStore system under

 * alias {@code key2} authorized to be used only for encryption/decryption in CTR mode.

 * alias {@code key2} authorized to be used only for encryption/decryption in CBC mode.

 * <pre> {@code

 * KeyGenerator keyGenerator = KeyGenerator.getInstance(

 *         KeyProperties.KEY_ALGORITHM_HMAC_SHA256,

 *         KeyProperties.KEY_ALGORITHM_AES,

 *         "AndroidKeyStore");

 * keyGenerator.initialize(

 *         new KeyGenParameterSpec.Builder("key2",

 *                 KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)

 *                 .setBlockModes(KeyProperties.BLOCK_MODE_CTR)

 *                 .setBlockModes(KeyProperties.BLOCK_MODE_CBC)

 *                 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)

 *                 .build());

 * SecretKey key = keyGenerator.generateKey();

            int userAuthenticationValidityDurationSeconds) {

        if (TextUtils.isEmpty(keyStoreAlias)) {

            throw new IllegalArgumentException("keyStoreAlias must not be empty");

        } else if ((userAuthenticationValidityDurationSeconds < 0)

                && (userAuthenticationValidityDurationSeconds != -1)) {

            throw new IllegalArgumentException(

                    "userAuthenticationValidityDurationSeconds must not be negative");

        }

        if (certificateSubject == null) {

        mSpec = spec;

        mCertificateSubject = certificateSubject;

        mCertificateSerialNumber = certificateSerialNumber;

        mCertificateNotBefore = certificateNotBefore;

        mCertificateNotAfter = certificateNotAfter;

        mKeyValidityStart = keyValidityStart;

        mKeyValidityForOriginationEnd = keyValidityForOriginationEnd;

        mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd;

        mCertificateNotBefore = Utils.cloneIfNotNull(certificateNotBefore);

        mCertificateNotAfter = Utils.cloneIfNotNull(certificateNotAfter);

        mKeyValidityStart = Utils.cloneIfNotNull(keyValidityStart);

        mKeyValidityForOriginationEnd = Utils.cloneIfNotNull(keyValidityForOriginationEnd);

        mKeyValidityForConsumptionEnd = Utils.cloneIfNotNull(keyValidityForConsumptionEnd);

        mPurposes = purposes;

        mDigests = ArrayUtils.cloneIfNotEmpty(digests);

        mEncryptionPaddings =

     * Returns the alias that will be used in the {@code java.security.KeyStore}

     * in conjunction with the {@code AndroidKeyStore}.

     */

    @NonNull

    public String getKeystoreAlias() {

        return mKeystoreAlias;

    }

    }

    /**

     * Returns the {@link AlgorithmParameterSpec} that will be used for creation

     * of the key pair.

     * Returns the key algorithm-specific {@link AlgorithmParameterSpec} that will be used for

     * creation of the key or {@code null} if algorithm-specific defaults should be used.

     */

    @NonNull

    @Nullable

    public AlgorithmParameterSpec getAlgorithmParameterSpec() {

        return mSpec;

    }

     */

    @NonNull

    public Date getCertificateNotBefore() {

        return mCertificateNotBefore;

        return Utils.cloneIfNotNull(mCertificateNotBefore);

    }

    /**

     */

    @NonNull

    public Date getCertificateNotAfter() {

        return mCertificateNotAfter;

        return Utils.cloneIfNotNull(mCertificateNotAfter);

    }

    /**

     */

    @Nullable

    public Date getKeyValidityStart() {

        return mKeyValidityStart;

        return Utils.cloneIfNotNull(mKeyValidityStart);

    }

    /**

     */

    @Nullable

    public Date getKeyValidityForConsumptionEnd() {

        return mKeyValidityForConsumptionEnd;

        return Utils.cloneIfNotNull(mKeyValidityForConsumptionEnd);

    }

    /**

     */

    @Nullable

    public Date getKeyValidityForOriginationEnd() {

        return mKeyValidityForOriginationEnd;

        return Utils.cloneIfNotNull(mKeyValidityForOriginationEnd);

    }

    /**

         * Creates a new instance of the {@code Builder}.

         *

         * @param keystoreAlias alias of the entry in which the generated key will appear in

         *        Android KeyStore.

         *        Android KeyStore. Must not be empty.

         * @param purposes set of purposes (e.g., encrypt, decrypt, sign) for which the key can be

         *        used. Attempts to use the key for any other purpose will be rejected.

         *

        public Builder(@NonNull String keystoreAlias, @KeyProperties.PurposeEnum int purposes) {

            if (keystoreAlias == null) {

                throw new NullPointerException("keystoreAlias == null");

            } else if (keystoreAlias.isEmpty()) {

                throw new IllegalArgumentException("keystoreAlias must not be empty");

            }

            mKeystoreAlias = keystoreAlias;

            mPurposes = purposes;

        /**

         * Sets the algorithm-specific key generation parameters. For example, for RSA keys this may

         * be an instance of {@link java.security.spec.RSAKeyGenParameterSpec}.

         * be an instance of {@link java.security.spec.RSAKeyGenParameterSpec} whereas for EC keys

         * this may be an instance of {@link java.security.spec.ECGenParameterSpec}.

         *

         * <p>These key generation parameters must match other explicitly set parameters (if any),

         * such as key size.

         */

        public Builder setAlgorithmParameterSpec(@NonNull AlgorithmParameterSpec spec) {

            if (spec == null) {

            if (date == null) {

                throw new NullPointerException("date == null");

            }

            mCertificateNotBefore = date;

            mCertificateNotBefore = Utils.cloneIfNotNull(date);

            return this;

        }

            if (date == null) {

                throw new NullPointerException("date == null");

            }

            mCertificateNotAfter = date;

            mCertificateNotAfter = Utils.cloneIfNotNull(date);

            return this;

        }

         */

        @NonNull

        public Builder setKeyValidityStart(Date startDate) {

            mKeyValidityStart = startDate;

            mKeyValidityStart = Utils.cloneIfNotNull(startDate);

            return this;

        }

         */

        @NonNull

        public Builder setKeyValidityForOriginationEnd(Date endDate) {

            mKeyValidityForOriginationEnd = endDate;

            mKeyValidityForOriginationEnd = Utils.cloneIfNotNull(endDate);

            return this;

        }

         */

        @NonNull

        public Builder setKeyValidityForConsumptionEnd(Date endDate) {

            mKeyValidityForConsumptionEnd = endDate;

            mKeyValidityForConsumptionEnd = Utils.cloneIfNotNull(endDate);

            return this;

        }

        @NonNull

        public Builder setUserAuthenticationValidityDurationSeconds(

                @IntRange(from = -1) int seconds) {

            if (seconds < -1) {

                throw new IllegalArgumentException("seconds must be -1 or larger");

            }

            mUserAuthenticationValidityDurationSeconds = seconds;

            return this;

        }

        /**

         * Builds an instance of {@code KeyGenParameterSpec}.

         *

         * @throws IllegalArgumentException if a required field is missing

         */

        @NonNull

        public KeyGenParameterSpec build() {

/*

 * Copyright (C) 2015 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.security.keystore;

import java.util.Date;

/**

 * Assorted utility methods.

 *

 * @hide

 */

abstract class Utils {

    private Utils() {}

    static Date cloneIfNotNull(Date value) {

        return (value != null) ? (Date) value.clone() : null;

    }

}