Merge "Remove implementation of deprecated RecoveryController methods." into pi-dev (52912687) · Commits · e / os / android_frameworks_base

core/java/android/security/keystore/recovery/KeyChainSnapshot.java

+3 −7

Original line number	Diff line number	Diff line
		@@ -71,7 +71,6 @@ public final class KeyChainSnapshot implements Parcelable {
		private int mMaxAttempts = DEFAULT_MAX_ATTEMPTS;
		private long mCounterId = DEFAULT_COUNTER_ID;
		private byte[] mServerParams;
		private byte[] mPublicKey; // The raw public key bytes used
		private RecoveryCertPath mCertPath; // The cert path including necessary intermediate certs
		private List<KeyChainProtectionParams> mKeyChainProtectionParams;
		private List<WrappedApplicationKey> mEntryRecoveryData;
		@@ -123,7 +122,7 @@ public final class KeyChainSnapshot implements Parcelable {
		*/
		@Deprecated
		public @NonNull byte[] getTrustedHardwarePublicKey() {
		return mPublicKey;
		throw new UnsupportedOperationException();
		}

		/**
		@@ -228,12 +227,11 @@ public final class KeyChainSnapshot implements Parcelable {
		*
		* @param publicKey The public key
		* @return This builder.
		* @deprecated Use {@link #setTrustedHardwareCertPath} instead.
		* @removed Use {@link #setTrustedHardwareCertPath} instead.
		*/
		@Deprecated
		public Builder setTrustedHardwarePublicKey(byte[] publicKey) {
		mInstance.mPublicKey = publicKey;
		return this;
		throw new UnsupportedOperationException();
		}

		/**
		@@ -313,7 +311,6 @@ public final class KeyChainSnapshot implements Parcelable {
		out.writeInt(mMaxAttempts);
		out.writeLong(mCounterId);
		out.writeByteArray(mServerParams);
		out.writeByteArray(mPublicKey);
		out.writeTypedObject(mCertPath, /* no flags */ 0);
		}

		@@ -328,7 +325,6 @@ public final class KeyChainSnapshot implements Parcelable {
		mMaxAttempts = in.readInt();
		mCounterId = in.readLong();
		mServerParams = in.createByteArray();
		mPublicKey = in.createByteArray();
		mCertPath = in.readTypedObject(RecoveryCertPath.CREATOR);
		}

core/java/android/security/keystore/recovery/RecoveryController.java

+6 −16

Original line number	Diff line number	Diff line
		@@ -309,17 +309,7 @@ public class RecoveryController {
		public void initRecoveryService(
		@NonNull String rootCertificateAlias, @NonNull byte[] signedPublicKeyList)
		throws CertificateException, InternalRecoveryServiceException {
		try {
		mBinder.initRecoveryService(rootCertificateAlias, signedPublicKeyList);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		} catch (ServiceSpecificException e) {
		if (e.errorCode == ERROR_BAD_CERTIFICATE_FORMAT
		\|\| e.errorCode == ERROR_INVALID_CERTIFICATE) {
		throw new CertificateException("Invalid certificate for recovery service", e);
		}
		throw wrapUnexpectedServiceSpecificException(e);
		}
		throw new UnsupportedOperationException();
		}

		/**
		@@ -379,7 +369,7 @@ public class RecoveryController {
		@Deprecated
		@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
		public @Nullable KeyChainSnapshot getRecoveryData() throws InternalRecoveryServiceException {
		return getKeyChainSnapshot();
		throw new UnsupportedOperationException();
		}

		/**
		@@ -457,7 +447,7 @@ public class RecoveryController {
		@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
		public List<String> getAliases(@Nullable String packageName)
		throws InternalRecoveryServiceException {
		return getAliases();
		throw new UnsupportedOperationException();
		}

		/**
		@@ -484,7 +474,7 @@ public class RecoveryController {
		public void setRecoveryStatus(
		@NonNull String packageName, String alias, int status)
		throws NameNotFoundException, InternalRecoveryServiceException {
		setRecoveryStatus(alias, status);
		throw new UnsupportedOperationException();
		}

		/**
		@@ -518,7 +508,7 @@ public class RecoveryController {
		@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
		public int getRecoveryStatus(String packageName, String alias)
		throws InternalRecoveryServiceException {
		return getRecoveryStatus(alias);
		throw new UnsupportedOperationException();
		}

		/**
		@@ -623,7 +613,7 @@ public class RecoveryController {
		@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
		public Key generateKey(@NonNull String alias, byte[] account)
		throws InternalRecoveryServiceException, LockScreenRequiredException {
		return generateKey(alias);
		throw new UnsupportedOperationException();
		}

		/**

core/java/android/security/keystore/recovery/RecoverySession.java

+3 −54

Original line number	Diff line number	Diff line
		@@ -89,24 +89,7 @@ public class RecoverySession implements AutoCloseable {
		@NonNull byte[] vaultChallenge,
		@NonNull List<KeyChainProtectionParams> secrets)
		throws CertificateException, InternalRecoveryServiceException {
		try {
		byte[] recoveryClaim =
		mRecoveryController.getBinder().startRecoverySession(
		mSessionId,
		verifierPublicKey,
		vaultParams,
		vaultChallenge,
		secrets);
		return recoveryClaim;
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		} catch (ServiceSpecificException e) {
		if (e.errorCode == RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT
		\|\| e.errorCode == RecoveryController.ERROR_INVALID_CERTIFICATE) {
		throw new CertificateException("Invalid certificate for recovery session", e);
		}
		throw mRecoveryController.wrapUnexpectedServiceSpecificException(e);
		}
		throw new UnsupportedOperationException();
		}

		/**
		@@ -121,28 +104,7 @@ public class RecoverySession implements AutoCloseable {
		@NonNull byte[] vaultChallenge,
		@NonNull List<KeyChainProtectionParams> secrets)
		throws CertificateException, InternalRecoveryServiceException {
		// Wrap the CertPath in a Parcelable so it can be passed via Binder calls.
		RecoveryCertPath recoveryCertPath =
		RecoveryCertPath.createRecoveryCertPath(verifierCertPath);
		try {
		byte[] recoveryClaim =
		mRecoveryController.getBinder().startRecoverySessionWithCertPath(
		mSessionId,
		/rootCertificateAlias=/ "", // Use the default root cert
		recoveryCertPath,
		vaultParams,
		vaultChallenge,
		secrets);
		return recoveryClaim;
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		} catch (ServiceSpecificException e) {
		if (e.errorCode == RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT
		\|\| e.errorCode == RecoveryController.ERROR_INVALID_CERTIFICATE) {
		throw new CertificateException("Invalid certificate for recovery session", e);
		}
		throw mRecoveryController.wrapUnexpectedServiceSpecificException(e);
		}
		throw new UnsupportedOperationException();
		}

		/**
		@@ -210,20 +172,7 @@ public class RecoverySession implements AutoCloseable {
		@NonNull List<WrappedApplicationKey> applicationKeys)
		throws SessionExpiredException, DecryptionFailedException,
		InternalRecoveryServiceException {
		try {
		return (Map<String, byte[]>) mRecoveryController.getBinder().recoverKeys(
		mSessionId, recoveryKeyBlob, applicationKeys);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		} catch (ServiceSpecificException e) {
		if (e.errorCode == RecoveryController.ERROR_DECRYPTION_FAILED) {
		throw new DecryptionFailedException(e.getMessage());
		}
		if (e.errorCode == RecoveryController.ERROR_SESSION_EXPIRED) {
		throw new SessionExpiredException(e.getMessage());
		}
		throw mRecoveryController.wrapUnexpectedServiceSpecificException(e);
		}
		throw new UnsupportedOperationException();
		}

		/**

core/java/android/security/keystore/recovery/WrappedApplicationKey.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -80,7 +80,7 @@ public final class WrappedApplicationKey implements Parcelable {
		*/
		@Deprecated
		public Builder setAccount(@NonNull byte[] account) {
		return this;
		throw new UnsupportedOperationException();
		}

		/**
		@@ -139,7 +139,7 @@ public final class WrappedApplicationKey implements Parcelable {
		*/
		@Deprecated
		public @NonNull byte[] getAccount() {
		return new byte[0];
		throw new UnsupportedOperationException();
		}

		public static final Parcelable.Creator<WrappedApplicationKey> CREATOR =

core/java/com/android/internal/widget/ILockSettings.aidl

+0 −6

Original line number	Diff line number	Diff line
		@@ -57,7 +57,6 @@ interface ILockSettings {
		// Keystore RecoveryController methods.
		// {@code ServiceSpecificException} may be thrown to signal an error, which caller can
		// convert to {@code RecoveryManagerException}.
		void initRecoveryService(in String rootCertificateAlias, in byte[] signedPublicKeyList);
		void initRecoveryServiceWithSigFile(in String rootCertificateAlias,
		in byte[] recoveryServiceCertFile, in byte[] recoveryServiceSigFile);
		KeyChainSnapshot getKeyChainSnapshot();
		@@ -71,14 +70,9 @@ interface ILockSettings {
		Map getRecoveryStatus();
		void setRecoverySecretTypes(in int[] secretTypes);
		int[] getRecoverySecretTypes();
		byte[] startRecoverySession(in String sessionId,
		in byte[] verifierPublicKey, in byte[] vaultParams, in byte[] vaultChallenge,
		in List<KeyChainProtectionParams> secrets);
		byte[] startRecoverySessionWithCertPath(in String sessionId, in String rootCertificateAlias,
		in RecoveryCertPath verifierCertPath, in byte[] vaultParams, in byte[] vaultChallenge,
		in List<KeyChainProtectionParams> secrets);
		Map/<String, byte[]>/ recoverKeys(in String sessionId, in byte[] recoveryKeyBlob,
		in List<WrappedApplicationKey> applicationKeys);
		Map/<String, String>/ recoverKeyChainSnapshot(
		in String sessionId,
		in byte[] recoveryKeyBlob,