Loading core/java/android/security/keystore/recovery/KeyChainSnapshot.java +3 −7 Original line number Diff line number Diff line Loading @@ -71,7 +71,6 @@ public final class KeyChainSnapshot implements Parcelable { private int mMaxAttempts = DEFAULT_MAX_ATTEMPTS; private long mCounterId = DEFAULT_COUNTER_ID; private byte[] mServerParams; private byte[] mPublicKey; // The raw public key bytes used private RecoveryCertPath mCertPath; // The cert path including necessary intermediate certs private List<KeyChainProtectionParams> mKeyChainProtectionParams; private List<WrappedApplicationKey> mEntryRecoveryData; Loading Loading @@ -123,7 +122,7 @@ public final class KeyChainSnapshot implements Parcelable { */ @Deprecated public @NonNull byte[] getTrustedHardwarePublicKey() { return mPublicKey; throw new UnsupportedOperationException(); } /** Loading Loading @@ -228,12 +227,11 @@ public final class KeyChainSnapshot implements Parcelable { * * @param publicKey The public key * @return This builder. * @deprecated Use {@link #setTrustedHardwareCertPath} instead. * @removed Use {@link #setTrustedHardwareCertPath} instead. */ @Deprecated public Builder setTrustedHardwarePublicKey(byte[] publicKey) { mInstance.mPublicKey = publicKey; return this; throw new UnsupportedOperationException(); } /** Loading Loading @@ -313,7 +311,6 @@ public final class KeyChainSnapshot implements Parcelable { out.writeInt(mMaxAttempts); out.writeLong(mCounterId); out.writeByteArray(mServerParams); out.writeByteArray(mPublicKey); out.writeTypedObject(mCertPath, /* no flags */ 0); } Loading @@ -328,7 +325,6 @@ public final class KeyChainSnapshot implements Parcelable { mMaxAttempts = in.readInt(); mCounterId = in.readLong(); mServerParams = in.createByteArray(); mPublicKey = in.createByteArray(); mCertPath = in.readTypedObject(RecoveryCertPath.CREATOR); } Loading core/java/android/security/keystore/recovery/RecoveryController.java +6 −16 Original line number Diff line number Diff line Loading @@ -309,17 +309,7 @@ public class RecoveryController { public void initRecoveryService( @NonNull String rootCertificateAlias, @NonNull byte[] signedPublicKeyList) throws CertificateException, InternalRecoveryServiceException { try { mBinder.initRecoveryService(rootCertificateAlias, signedPublicKeyList); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == ERROR_BAD_CERTIFICATE_FORMAT || e.errorCode == ERROR_INVALID_CERTIFICATE) { throw new CertificateException("Invalid certificate for recovery service", e); } throw wrapUnexpectedServiceSpecificException(e); } throw new UnsupportedOperationException(); } /** Loading Loading @@ -379,7 +369,7 @@ public class RecoveryController { @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public @Nullable KeyChainSnapshot getRecoveryData() throws InternalRecoveryServiceException { return getKeyChainSnapshot(); throw new UnsupportedOperationException(); } /** Loading Loading @@ -457,7 +447,7 @@ public class RecoveryController { @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public List<String> getAliases(@Nullable String packageName) throws InternalRecoveryServiceException { return getAliases(); throw new UnsupportedOperationException(); } /** Loading @@ -484,7 +474,7 @@ public class RecoveryController { public void setRecoveryStatus( @NonNull String packageName, String alias, int status) throws NameNotFoundException, InternalRecoveryServiceException { setRecoveryStatus(alias, status); throw new UnsupportedOperationException(); } /** Loading Loading @@ -518,7 +508,7 @@ public class RecoveryController { @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public int getRecoveryStatus(String packageName, String alias) throws InternalRecoveryServiceException { return getRecoveryStatus(alias); throw new UnsupportedOperationException(); } /** Loading Loading @@ -623,7 +613,7 @@ public class RecoveryController { @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public Key generateKey(@NonNull String alias, byte[] account) throws InternalRecoveryServiceException, LockScreenRequiredException { return generateKey(alias); throw new UnsupportedOperationException(); } /** Loading core/java/android/security/keystore/recovery/RecoverySession.java +3 −54 Original line number Diff line number Diff line Loading @@ -89,24 +89,7 @@ public class RecoverySession implements AutoCloseable { @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) throws CertificateException, InternalRecoveryServiceException { try { byte[] recoveryClaim = mRecoveryController.getBinder().startRecoverySession( mSessionId, verifierPublicKey, vaultParams, vaultChallenge, secrets); return recoveryClaim; } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT || e.errorCode == RecoveryController.ERROR_INVALID_CERTIFICATE) { throw new CertificateException("Invalid certificate for recovery session", e); } throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); } throw new UnsupportedOperationException(); } /** Loading @@ -121,28 +104,7 @@ public class RecoverySession implements AutoCloseable { @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) throws CertificateException, InternalRecoveryServiceException { // Wrap the CertPath in a Parcelable so it can be passed via Binder calls. RecoveryCertPath recoveryCertPath = RecoveryCertPath.createRecoveryCertPath(verifierCertPath); try { byte[] recoveryClaim = mRecoveryController.getBinder().startRecoverySessionWithCertPath( mSessionId, /*rootCertificateAlias=*/ "", // Use the default root cert recoveryCertPath, vaultParams, vaultChallenge, secrets); return recoveryClaim; } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT || e.errorCode == RecoveryController.ERROR_INVALID_CERTIFICATE) { throw new CertificateException("Invalid certificate for recovery session", e); } throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); } throw new UnsupportedOperationException(); } /** Loading Loading @@ -210,20 +172,7 @@ public class RecoverySession implements AutoCloseable { @NonNull List<WrappedApplicationKey> applicationKeys) throws SessionExpiredException, DecryptionFailedException, InternalRecoveryServiceException { try { return (Map<String, byte[]>) mRecoveryController.getBinder().recoverKeys( mSessionId, recoveryKeyBlob, applicationKeys); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == RecoveryController.ERROR_DECRYPTION_FAILED) { throw new DecryptionFailedException(e.getMessage()); } if (e.errorCode == RecoveryController.ERROR_SESSION_EXPIRED) { throw new SessionExpiredException(e.getMessage()); } throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); } throw new UnsupportedOperationException(); } /** Loading core/java/android/security/keystore/recovery/WrappedApplicationKey.java +2 −2 Original line number Diff line number Diff line Loading @@ -80,7 +80,7 @@ public final class WrappedApplicationKey implements Parcelable { */ @Deprecated public Builder setAccount(@NonNull byte[] account) { return this; throw new UnsupportedOperationException(); } /** Loading Loading @@ -139,7 +139,7 @@ public final class WrappedApplicationKey implements Parcelable { */ @Deprecated public @NonNull byte[] getAccount() { return new byte[0]; throw new UnsupportedOperationException(); } public static final Parcelable.Creator<WrappedApplicationKey> CREATOR = Loading core/java/com/android/internal/widget/ILockSettings.aidl +0 −6 Original line number Diff line number Diff line Loading @@ -57,7 +57,6 @@ interface ILockSettings { // Keystore RecoveryController methods. // {@code ServiceSpecificException} may be thrown to signal an error, which caller can // convert to {@code RecoveryManagerException}. void initRecoveryService(in String rootCertificateAlias, in byte[] signedPublicKeyList); void initRecoveryServiceWithSigFile(in String rootCertificateAlias, in byte[] recoveryServiceCertFile, in byte[] recoveryServiceSigFile); KeyChainSnapshot getKeyChainSnapshot(); Loading @@ -71,14 +70,9 @@ interface ILockSettings { Map getRecoveryStatus(); void setRecoverySecretTypes(in int[] secretTypes); int[] getRecoverySecretTypes(); byte[] startRecoverySession(in String sessionId, in byte[] verifierPublicKey, in byte[] vaultParams, in byte[] vaultChallenge, in List<KeyChainProtectionParams> secrets); byte[] startRecoverySessionWithCertPath(in String sessionId, in String rootCertificateAlias, in RecoveryCertPath verifierCertPath, in byte[] vaultParams, in byte[] vaultChallenge, in List<KeyChainProtectionParams> secrets); Map/*<String, byte[]>*/ recoverKeys(in String sessionId, in byte[] recoveryKeyBlob, in List<WrappedApplicationKey> applicationKeys); Map/*<String, String>*/ recoverKeyChainSnapshot( in String sessionId, in byte[] recoveryKeyBlob, Loading Loading
core/java/android/security/keystore/recovery/KeyChainSnapshot.java +3 −7 Original line number Diff line number Diff line Loading @@ -71,7 +71,6 @@ public final class KeyChainSnapshot implements Parcelable { private int mMaxAttempts = DEFAULT_MAX_ATTEMPTS; private long mCounterId = DEFAULT_COUNTER_ID; private byte[] mServerParams; private byte[] mPublicKey; // The raw public key bytes used private RecoveryCertPath mCertPath; // The cert path including necessary intermediate certs private List<KeyChainProtectionParams> mKeyChainProtectionParams; private List<WrappedApplicationKey> mEntryRecoveryData; Loading Loading @@ -123,7 +122,7 @@ public final class KeyChainSnapshot implements Parcelable { */ @Deprecated public @NonNull byte[] getTrustedHardwarePublicKey() { return mPublicKey; throw new UnsupportedOperationException(); } /** Loading Loading @@ -228,12 +227,11 @@ public final class KeyChainSnapshot implements Parcelable { * * @param publicKey The public key * @return This builder. * @deprecated Use {@link #setTrustedHardwareCertPath} instead. * @removed Use {@link #setTrustedHardwareCertPath} instead. */ @Deprecated public Builder setTrustedHardwarePublicKey(byte[] publicKey) { mInstance.mPublicKey = publicKey; return this; throw new UnsupportedOperationException(); } /** Loading Loading @@ -313,7 +311,6 @@ public final class KeyChainSnapshot implements Parcelable { out.writeInt(mMaxAttempts); out.writeLong(mCounterId); out.writeByteArray(mServerParams); out.writeByteArray(mPublicKey); out.writeTypedObject(mCertPath, /* no flags */ 0); } Loading @@ -328,7 +325,6 @@ public final class KeyChainSnapshot implements Parcelable { mMaxAttempts = in.readInt(); mCounterId = in.readLong(); mServerParams = in.createByteArray(); mPublicKey = in.createByteArray(); mCertPath = in.readTypedObject(RecoveryCertPath.CREATOR); } Loading
core/java/android/security/keystore/recovery/RecoveryController.java +6 −16 Original line number Diff line number Diff line Loading @@ -309,17 +309,7 @@ public class RecoveryController { public void initRecoveryService( @NonNull String rootCertificateAlias, @NonNull byte[] signedPublicKeyList) throws CertificateException, InternalRecoveryServiceException { try { mBinder.initRecoveryService(rootCertificateAlias, signedPublicKeyList); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == ERROR_BAD_CERTIFICATE_FORMAT || e.errorCode == ERROR_INVALID_CERTIFICATE) { throw new CertificateException("Invalid certificate for recovery service", e); } throw wrapUnexpectedServiceSpecificException(e); } throw new UnsupportedOperationException(); } /** Loading Loading @@ -379,7 +369,7 @@ public class RecoveryController { @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public @Nullable KeyChainSnapshot getRecoveryData() throws InternalRecoveryServiceException { return getKeyChainSnapshot(); throw new UnsupportedOperationException(); } /** Loading Loading @@ -457,7 +447,7 @@ public class RecoveryController { @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public List<String> getAliases(@Nullable String packageName) throws InternalRecoveryServiceException { return getAliases(); throw new UnsupportedOperationException(); } /** Loading @@ -484,7 +474,7 @@ public class RecoveryController { public void setRecoveryStatus( @NonNull String packageName, String alias, int status) throws NameNotFoundException, InternalRecoveryServiceException { setRecoveryStatus(alias, status); throw new UnsupportedOperationException(); } /** Loading Loading @@ -518,7 +508,7 @@ public class RecoveryController { @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public int getRecoveryStatus(String packageName, String alias) throws InternalRecoveryServiceException { return getRecoveryStatus(alias); throw new UnsupportedOperationException(); } /** Loading Loading @@ -623,7 +613,7 @@ public class RecoveryController { @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public Key generateKey(@NonNull String alias, byte[] account) throws InternalRecoveryServiceException, LockScreenRequiredException { return generateKey(alias); throw new UnsupportedOperationException(); } /** Loading
core/java/android/security/keystore/recovery/RecoverySession.java +3 −54 Original line number Diff line number Diff line Loading @@ -89,24 +89,7 @@ public class RecoverySession implements AutoCloseable { @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) throws CertificateException, InternalRecoveryServiceException { try { byte[] recoveryClaim = mRecoveryController.getBinder().startRecoverySession( mSessionId, verifierPublicKey, vaultParams, vaultChallenge, secrets); return recoveryClaim; } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT || e.errorCode == RecoveryController.ERROR_INVALID_CERTIFICATE) { throw new CertificateException("Invalid certificate for recovery session", e); } throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); } throw new UnsupportedOperationException(); } /** Loading @@ -121,28 +104,7 @@ public class RecoverySession implements AutoCloseable { @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) throws CertificateException, InternalRecoveryServiceException { // Wrap the CertPath in a Parcelable so it can be passed via Binder calls. RecoveryCertPath recoveryCertPath = RecoveryCertPath.createRecoveryCertPath(verifierCertPath); try { byte[] recoveryClaim = mRecoveryController.getBinder().startRecoverySessionWithCertPath( mSessionId, /*rootCertificateAlias=*/ "", // Use the default root cert recoveryCertPath, vaultParams, vaultChallenge, secrets); return recoveryClaim; } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT || e.errorCode == RecoveryController.ERROR_INVALID_CERTIFICATE) { throw new CertificateException("Invalid certificate for recovery session", e); } throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); } throw new UnsupportedOperationException(); } /** Loading Loading @@ -210,20 +172,7 @@ public class RecoverySession implements AutoCloseable { @NonNull List<WrappedApplicationKey> applicationKeys) throws SessionExpiredException, DecryptionFailedException, InternalRecoveryServiceException { try { return (Map<String, byte[]>) mRecoveryController.getBinder().recoverKeys( mSessionId, recoveryKeyBlob, applicationKeys); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == RecoveryController.ERROR_DECRYPTION_FAILED) { throw new DecryptionFailedException(e.getMessage()); } if (e.errorCode == RecoveryController.ERROR_SESSION_EXPIRED) { throw new SessionExpiredException(e.getMessage()); } throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); } throw new UnsupportedOperationException(); } /** Loading
core/java/android/security/keystore/recovery/WrappedApplicationKey.java +2 −2 Original line number Diff line number Diff line Loading @@ -80,7 +80,7 @@ public final class WrappedApplicationKey implements Parcelable { */ @Deprecated public Builder setAccount(@NonNull byte[] account) { return this; throw new UnsupportedOperationException(); } /** Loading Loading @@ -139,7 +139,7 @@ public final class WrappedApplicationKey implements Parcelable { */ @Deprecated public @NonNull byte[] getAccount() { return new byte[0]; throw new UnsupportedOperationException(); } public static final Parcelable.Creator<WrappedApplicationKey> CREATOR = Loading
core/java/com/android/internal/widget/ILockSettings.aidl +0 −6 Original line number Diff line number Diff line Loading @@ -57,7 +57,6 @@ interface ILockSettings { // Keystore RecoveryController methods. // {@code ServiceSpecificException} may be thrown to signal an error, which caller can // convert to {@code RecoveryManagerException}. void initRecoveryService(in String rootCertificateAlias, in byte[] signedPublicKeyList); void initRecoveryServiceWithSigFile(in String rootCertificateAlias, in byte[] recoveryServiceCertFile, in byte[] recoveryServiceSigFile); KeyChainSnapshot getKeyChainSnapshot(); Loading @@ -71,14 +70,9 @@ interface ILockSettings { Map getRecoveryStatus(); void setRecoverySecretTypes(in int[] secretTypes); int[] getRecoverySecretTypes(); byte[] startRecoverySession(in String sessionId, in byte[] verifierPublicKey, in byte[] vaultParams, in byte[] vaultChallenge, in List<KeyChainProtectionParams> secrets); byte[] startRecoverySessionWithCertPath(in String sessionId, in String rootCertificateAlias, in RecoveryCertPath verifierCertPath, in byte[] vaultParams, in byte[] vaultChallenge, in List<KeyChainProtectionParams> secrets); Map/*<String, byte[]>*/ recoverKeys(in String sessionId, in byte[] recoveryKeyBlob, in List<WrappedApplicationKey> applicationKeys); Map/*<String, String>*/ recoverKeyChainSnapshot( in String sessionId, in byte[] recoveryKeyBlob, Loading
