Loading services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +2 −0 Original line number Diff line number Diff line Loading @@ -62,6 +62,7 @@ import java.security.KeyFactory; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.SecureRandom; import java.security.UnrecoverableKeyException; import java.security.cert.CertPath; import java.security.cert.CertificateEncodingException; Loading Loading @@ -221,6 +222,7 @@ public class RecoverableKeyStoreManager { if (mDatabase.setRecoveryServiceCertPath(userId, uid, certPath) > 0) { mDatabase.setRecoveryServiceCertSerial(userId, uid, newSerial); mDatabase.setShouldCreateSnapshot(userId, uid, true); mDatabase.setCounterId(userId, uid, new SecureRandom().nextLong()); } } catch (CertificateEncodingException e) { Log.e(TAG, "Failed to encode CertPath", e); Loading services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java +17 −0 Original line number Diff line number Diff line Loading @@ -299,6 +299,23 @@ public class RecoverableKeyStoreManagerTest { assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNull(); } @Test public void initRecoveryService_regeneratesCounterId() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); long certSerial = 1000L; Long counterId0 = mRecoverableKeyStoreDb.getCounterId(userId, uid); mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TestData.getCertXmlWithSerial(certSerial)); Long counterId1 = mRecoverableKeyStoreDb.getCounterId(userId, uid); mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TestData.getCertXmlWithSerial(certSerial + 1)); Long counterId2 = mRecoverableKeyStoreDb.getCounterId(userId, uid); assertThat(!counterId1.equals(counterId0) || !counterId2.equals(counterId1)).isTrue(); } @Test public void initRecoveryService_throwsIfInvalidCert() throws Exception { byte[] modifiedCertXml = TestData.getCertXml(); Loading Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +2 −0 Original line number Diff line number Diff line Loading @@ -62,6 +62,7 @@ import java.security.KeyFactory; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.SecureRandom; import java.security.UnrecoverableKeyException; import java.security.cert.CertPath; import java.security.cert.CertificateEncodingException; Loading Loading @@ -221,6 +222,7 @@ public class RecoverableKeyStoreManager { if (mDatabase.setRecoveryServiceCertPath(userId, uid, certPath) > 0) { mDatabase.setRecoveryServiceCertSerial(userId, uid, newSerial); mDatabase.setShouldCreateSnapshot(userId, uid, true); mDatabase.setCounterId(userId, uid, new SecureRandom().nextLong()); } } catch (CertificateEncodingException e) { Log.e(TAG, "Failed to encode CertPath", e); Loading
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java +17 −0 Original line number Diff line number Diff line Loading @@ -299,6 +299,23 @@ public class RecoverableKeyStoreManagerTest { assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNull(); } @Test public void initRecoveryService_regeneratesCounterId() throws Exception { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); long certSerial = 1000L; Long counterId0 = mRecoverableKeyStoreDb.getCounterId(userId, uid); mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TestData.getCertXmlWithSerial(certSerial)); Long counterId1 = mRecoverableKeyStoreDb.getCounterId(userId, uid); mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TestData.getCertXmlWithSerial(certSerial + 1)); Long counterId2 = mRecoverableKeyStoreDb.getCounterId(userId, uid); assertThat(!counterId1.equals(counterId0) || !counterId2.equals(counterId1)).isTrue(); } @Test public void initRecoveryService_throwsIfInvalidCert() throws Exception { byte[] modifiedCertXml = TestData.getCertXml(); Loading
