Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8d6861eb authored by Bo Zhu's avatar Bo Zhu
Browse files

Regenerate counterId when a new cert XML file is successfully imported 

Bug: 74027192
Test: adb shell am instrument -w -e package \
com.android.server.locksettings.recoverablekeystore \
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner

Change-Id: I785b49856693d00545b35759181eaa53741b87ab
parent b09f2b59

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+2 −0
Original line number Original line Diff line number Diff line
@@ -62,6 +62,7 @@ import java.security.KeyFactory; 
import java.security.KeyStoreException;

import java.security.KeyStoreException;

import java.security.NoSuchAlgorithmException;

import java.security.NoSuchAlgorithmException;

import java.security.PublicKey;

import java.security.PublicKey;

import java.security.SecureRandom;

import java.security.UnrecoverableKeyException;

import java.security.UnrecoverableKeyException;

import java.security.cert.CertPath;

import java.security.cert.CertPath;

import java.security.cert.CertificateEncodingException;

import java.security.cert.CertificateEncodingException;
@@ -221,6 +222,7 @@ public class RecoverableKeyStoreManager { 
            if (mDatabase.setRecoveryServiceCertPath(userId, uid, certPath) > 0) {

            if (mDatabase.setRecoveryServiceCertPath(userId, uid, certPath) > 0) {

                mDatabase.setRecoveryServiceCertSerial(userId, uid, newSerial);

                mDatabase.setRecoveryServiceCertSerial(userId, uid, newSerial);

                mDatabase.setShouldCreateSnapshot(userId, uid, true);

                mDatabase.setShouldCreateSnapshot(userId, uid, true);

                mDatabase.setCounterId(userId, uid, new SecureRandom().nextLong());

            }

            }

        } catch (CertificateEncodingException e) {

        } catch (CertificateEncodingException e) {

            Log.e(TAG, "Failed to encode CertPath", e);

            Log.e(TAG, "Failed to encode CertPath", e);

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java

+17 −0
Original line number Original line Diff line number Diff line
@@ -299,6 +299,23 @@ public class RecoverableKeyStoreManagerTest { 
        assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNull();

        assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNull();

    }

    }





    @Test

    public void initRecoveryService_regeneratesCounterId() throws Exception {

        int uid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();

        long certSerial = 1000L;



        Long counterId0 = mRecoverableKeyStoreDb.getCounterId(userId, uid);

        mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,

                TestData.getCertXmlWithSerial(certSerial));

        Long counterId1 = mRecoverableKeyStoreDb.getCounterId(userId, uid);

        mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS,

                TestData.getCertXmlWithSerial(certSerial + 1));

        Long counterId2 = mRecoverableKeyStoreDb.getCounterId(userId, uid);



        assertThat(!counterId1.equals(counterId0) || !counterId2.equals(counterId1)).isTrue();

    }



    @Test

    @Test

    public void initRecoveryService_throwsIfInvalidCert() throws Exception {

    public void initRecoveryService_throwsIfInvalidCert() throws Exception {

        byte[] modifiedCertXml = TestData.getCertXml();

        byte[] modifiedCertXml = TestData.getCertXml();