am 14d1853d: am 09b15d5b: Merge "Add NonNull and Nullable annotations to...

package android.security;

import android.annotation.IntDef;

import android.annotation.NonNull;

import android.annotation.Nullable;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

     * Returns KEM KDF algorithm (e.g., {@code HKDFwithSHA256} or {@code KDF1withSHA1}) or

     * {@code null} if not specified.

     */

    @Nullable

    public String getKemKdfAlgorithm() {

        return mKemKdfAlgorithm;

    }

     * @see Cipher#getInstance(String)

     * @see #getDemCipherKeySize()

     */

    @Nullable

    public String getDemCipherTransformation() {

        return mDemCipherTransformation;

    }

     * @see Mac#getInstance(String)

     * @see #getDemMacKeySize()

     */

    @Nullable

    public String getDemMacAlgorithm() {

        return mDemMacAlgorithm;

    }

         * Sets KEM KDF algorithm. For example, {@code HKDFwithSHA256}, {@code KDF2withSHA256}, or

         * {@code KDF1withSHA1}.

         */

        public Builder setKemKdfAlgorithm(String algorithm) {

        @NonNull

        public Builder setKemKdfAlgorithm(@Nullable String algorithm) {

            mKemKdfAlgorithm = algorithm;

            return this;

        }

         *

         * @see Cipher#getInstance(String)

         */

        public Builder setDemCipherTransformation(String transformation) {

        @NonNull

        public Builder setDemCipherTransformation(@Nullable String transformation) {

            mDemCipherTransformation = transformation;

            return this;

        }

         *

         * @see #setDemCipherTransformation(String)

         */

        @NonNull

        public Builder setDemCipherKeySize(int sizeBits) {

            mDemCipherKeySize = sizeBits;

            return this;

         *

         * @see Mac#getInstance(String)

         */

        public Builder setDemMacAlgorithm(String algorithm) {

        @NonNull

        public Builder setDemMacAlgorithm(@Nullable String algorithm) {

            mDemMacAlgorithm = algorithm;

            return this;

        }

         *

         * @see #setDemCipherKeySize(int)

         */

        @NonNull

        public Builder setDemMacKeySize(int sizeBits) {

            mDemMacKeySize = sizeBits;

            return this;

        /**

         * Returns a new {@link EcIesParameterSpec} based on the current state of this builder.

         */

        @NonNull

        public EcIesParameterSpec build() {

            int demMacKeySize = (mDemMacKeySize != -1) ? mDemMacKeySize : mDemCipherKeySize;

            return new EcIesParameterSpec(

 */

package android.security;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.app.Activity;

import android.app.PendingIntent;

import android.content.ComponentName;

     * successfully installed, otherwise {@link

     * Activity#RESULT_CANCELED} will be returned.

     */

    @NonNull

    public static Intent createInstallIntent() {

        Intent intent = new Intent(ACTION_INSTALL);

        intent.setClassName(CERT_INSTALLER_PACKAGE,

     * @param alias The alias to preselect if available, or null if

     *     unavailable.

     */

    public static void choosePrivateKeyAlias(Activity activity, KeyChainAliasCallback response,

    public static void choosePrivateKeyAlias(@NonNull Activity activity,

            @NonNull KeyChainAliasCallback response,

            @KeyStoreKeyProperties.AlgorithmEnum String[] keyTypes, Principal[] issuers,

            String host, int port, String alias) {

            @Nullable String host, int port, @Nullable String alias) {

        choosePrivateKeyAlias(activity, response, keyTypes, issuers, host, port, null, alias);

    }

     * @param alias The alias to preselect if available, or null if

     *     unavailable.

     */

    public static void choosePrivateKeyAlias(Activity activity, KeyChainAliasCallback response,

    public static void choosePrivateKeyAlias(@NonNull Activity activity,

            @NonNull KeyChainAliasCallback response,

            @KeyStoreKeyProperties.AlgorithmEnum String[] keyTypes, Principal[] issuers,

            String host, int port, String url, String alias) {

            @Nullable String host, int port, @Nullable String url, @Nullable String alias) {

        /*

         * TODO currently keyTypes, issuers are unused. They are meant

         * to follow the semantics and purpose of X509KeyManager

     * returned via {@link KeyChainAliasCallback#alias}.

     * @throws KeyChainException if the alias was valid but there was some problem accessing it.

     */

    public static PrivateKey getPrivateKey(Context context, String alias)

    @Nullable

    public static PrivateKey getPrivateKey(@NonNull Context context, @NonNull String alias)

            throws KeyChainException, InterruptedException {

        if (alias == null) {

            throw new NullPointerException("alias == null");

     * returned via {@link KeyChainAliasCallback#alias}.

     * @throws KeyChainException if the alias was valid but there was some problem accessing it.

     */

    public static X509Certificate[] getCertificateChain(Context context, String alias)

            throws KeyChainException, InterruptedException {

    @Nullable

    public static X509Certificate[] getCertificateChain(@NonNull Context context,

            @NonNull String alias) throws KeyChainException, InterruptedException {

        if (alias == null) {

            throw new NullPointerException("alias == null");

        }

     * "RSA").

     */

    public static boolean isKeyAlgorithmSupported(

            @KeyStoreKeyProperties.AlgorithmEnum String algorithm) {

            @NonNull @KeyStoreKeyProperties.AlgorithmEnum String algorithm) {

        final String algUpper = algorithm.toUpperCase(Locale.US);

        return KeyStoreKeyProperties.Algorithm.EC.equals(algUpper)

                || KeyStoreKeyProperties.Algorithm.RSA.equals(algUpper);

     * that makes it non-exportable.

     */

    public static boolean isBoundKeyAlgorithm(

            @KeyStoreKeyProperties.AlgorithmEnum String algorithm) {

            @NonNull @KeyStoreKeyProperties.AlgorithmEnum String algorithm) {

        if (!isKeyAlgorithmSupported(algorithm)) {

            return false;

        }

    }

    /** @hide */

    public static X509Certificate toCertificate(byte[] bytes) {

    @NonNull

    public static X509Certificate toCertificate(@NonNull byte[] bytes) {

        if (bytes == null) {

            throw new IllegalArgumentException("bytes == null");

        }

     *

     * Caller should call unbindService on the result when finished.

     */

    public static KeyChainConnection bind(Context context) throws InterruptedException {

    public static KeyChainConnection bind(@NonNull Context context) throws InterruptedException {

        return bindAsUser(context, Process.myUserHandle());

    }

    /**

     * @hide

     */

    public static KeyChainConnection bindAsUser(Context context, UserHandle user)

    public static KeyChainConnection bindAsUser(@NonNull Context context, UserHandle user)

            throws InterruptedException {

        if (context == null) {

            throw new NullPointerException("context == null");

        return new KeyChainConnection(context, keyChainServiceConnection, q.take());

    }

    private static void ensureNotOnMainThread(Context context) {

    private static void ensureNotOnMainThread(@NonNull Context context) {

        Looper looper = Looper.myLooper();

        if (looper != null && looper == context.getMainLooper()) {

            throw new IllegalStateException(

 */

package android.security;

import android.annotation.Nullable;

/**

 * The KeyChainAliasCallback is the callback for {@link

 * KeyChain#choosePrivateKeyAlias}.

     * Called with the alias of the certificate chosen by the user, or

     * null if no value was chosen.

     */

    public void alias(String alias);

    public void alias(@Nullable String alias);

}

package android.security;

import android.annotation.IntRange;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.app.KeyguardManager;

import android.content.Context;

import android.text.TextUtils;

     *

     * @return instant or {@code null} if not restricted.

     */

    @Nullable

    public Date getKeyValidityStart() {

        return mKeyValidityStart;

    }

     *

     * @return instant or {@code null} if not restricted.

     */

    @Nullable

    public Date getKeyValidityForConsumptionEnd() {

        return mKeyValidityForConsumptionEnd;

    }

     *

     * @return instant or {@code null} if not restricted.

     */

    @Nullable

    public Date getKeyValidityForOriginationEnd() {

        return mKeyValidityForOriginationEnd;

    }

    /**

     * Gets the set of padding schemes with which the key can be used when encrypting/decrypting.

     */

    @NonNull

    public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {

        return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);

    }

    /**

     * Gets the set of block modes with which the key can be used.

     */

    @NonNull

    public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {

        return ArrayUtils.cloneIfNotEmpty(mBlockModes);

    }

         * {@code context} passed in may be used to pop up some UI to ask the user to unlock or

         * initialize the Android KeyStore facility.

         */

        public Builder(Context context) {

        public Builder(@NonNull Context context) {

            if (context == null) {

                throw new NullPointerException("context == null");

            }

         *

         * <p>The alias must be provided. There is no default.

         */

        public Builder setAlias(String alias) {

        @NonNull

        public Builder setAlias(@NonNull String alias) {

            if (alias == null) {

                throw new NullPointerException("alias == null");

            }

         * <p>By default, the key size will be determines based on the key algorithm. For example,

         * for {@code HmacSHA256}, the key size will default to {@code 256}.

         */

        @NonNull

        public Builder setKeySize(int keySize) {

            mKeySize = keySize;

            return this;

         *

         * @see KeyguardManager#isDeviceSecure()

         */

        @NonNull

        public Builder setEncryptionRequired() {

            mFlags |= KeyStore.FLAG_ENCRYPTED;

            return this;

         *

         * @see #setKeyValidityEnd(Date)

         */

        @NonNull

        public Builder setKeyValidityStart(Date startDate) {

            mKeyValidityStart = startDate;

            return this;

         * @see #setKeyValidityForConsumptionEnd(Date)

         * @see #setKeyValidityForOriginationEnd(Date)

         */

        @NonNull

        public Builder setKeyValidityEnd(Date endDate) {

            setKeyValidityForOriginationEnd(endDate);

            setKeyValidityForConsumptionEnd(endDate);

         *

         * @see #setKeyValidityForConsumptionEnd(Date)

         */

        @NonNull

        public Builder setKeyValidityForOriginationEnd(Date endDate) {

            mKeyValidityForOriginationEnd = endDate;

            return this;

         *

         * @see #setKeyValidityForOriginationEnd(Date)

         */

        @NonNull

        public Builder setKeyValidityForConsumptionEnd(Date endDate) {

            mKeyValidityForConsumptionEnd = endDate;

            return this;

         *

         * <p>This must be specified for all keys. There is no default.

         */

        @NonNull

        public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {

            mPurposes = purposes;

            return this;

         *

         * <p>This must be specified for keys which are used for encryption/decryption.

         */

        @NonNull

        public Builder setEncryptionPaddings(

                @KeyStoreKeyProperties.EncryptionPaddingEnum String... paddings) {

            mEncryptionPaddings = ArrayUtils.cloneIfNotEmpty(paddings);

         *

         * <p>This must be specified for encryption/decryption keys.

         */

        @NonNull

        public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {

            mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes);

            return this;

         * ciphertext.</li>

         * </ul>

         */

        @NonNull

        public Builder setRandomizedEncryptionRequired(boolean required) {

            mRandomizedEncryptionRequired = required;

            return this;

         *

         * @see #setUserAuthenticationValidityDurationSeconds(int)

         */

        @NonNull

        public Builder setUserAuthenticationRequired(boolean required) {

            mUserAuthenticationRequired = required;

            return this;

         *

         * @see #setUserAuthenticationRequired(boolean)

         */

        public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {

        @NonNull

        public Builder setUserAuthenticationValidityDurationSeconds(

                @IntRange(from = -1) int seconds) {

            mUserAuthenticationValidityDurationSeconds = seconds;

            return this;

        }

         *

         * @throws IllegalArgumentException if a required field is missing or violates a constraint.

         */

        @NonNull

        public KeyGeneratorSpec build() {

            return new KeyGeneratorSpec(mContext,

                    mKeystoreAlias,

package android.security;

import android.app.KeyguardManager;

import android.annotation.IntRange;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.content.Context;

import android.text.TextUtils;

    /**

     * Returns the key type (e.g., "EC", "RSA") specified by this parameter.

     */

    @Nullable

    public @KeyStoreKeyProperties.AlgorithmEnum String getKeyType() {

        return mKeyType;

    }

     * Returns the {@link AlgorithmParameterSpec} that will be used for creation

     * of the key pair.

     */

    @NonNull

    public AlgorithmParameterSpec getAlgorithmParameterSpec() {

        return mSpec;

    }

     * Gets the subject distinguished name to be used on the X.509 certificate

     * that will be put in the {@link java.security.KeyStore}.

     */

    @NonNull

    public X500Principal getSubjectDN() {

        return mSubjectDN;

    }

     * Gets the serial number to be used on the X.509 certificate that will be

     * put in the {@link java.security.KeyStore}.

     */

    @NonNull

    public BigInteger getSerialNumber() {

        return mSerialNumber;

    }

     * Gets the start date to be used on the X.509 certificate that will be put

     * in the {@link java.security.KeyStore}.

     */

    @NonNull

    public Date getStartDate() {

        return mStartDate;

    }

     * Gets the end date to be used on the X.509 certificate that will be put in

     * the {@link java.security.KeyStore}.

     */

    @NonNull

    public Date getEndDate() {

        return mEndDate;

    }

     *

     * @return instant or {@code null} if not restricted.

     */

    @Nullable

    public Date getKeyValidityStart() {

        return mKeyValidityStart;

    }

     *

     * @return instant or {@code null} if not restricted.

     */

    @Nullable

    public Date getKeyValidityForConsumptionEnd() {

        return mKeyValidityForConsumptionEnd;

    }

     *

     * @return instant or {@code null} if not restricted.

     */

    @Nullable

    public Date getKeyValidityForOriginationEnd() {

        return mKeyValidityForOriginationEnd;

    }

    /**

     * Gets the set of digest algorithms with which the key can be used.

     */

    @NonNull

    public @KeyStoreKeyProperties.DigestEnum String[] getDigests() {

        return ArrayUtils.cloneIfNotEmpty(mDigests);

    }

    /**

     * Gets the set of padding schemes with which the key can be used when encrypting/decrypting.

     */

    @NonNull

    public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {

        return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);

    }

    /**

     * Gets the set of padding schemes with which the key can be used when signing/verifying.

     */

    @NonNull

    public @KeyStoreKeyProperties.SignaturePaddingEnum String[] getSignaturePaddings() {

        return ArrayUtils.cloneIfNotEmpty(mSignaturePaddings);

    }

    /**

     * Gets the set of block modes with which the key can be used.

     */

    @NonNull

    public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {

        return ArrayUtils.cloneIfNotEmpty(mBlockModes);

    }

         * some UI to ask the user to unlock or initialize the Android KeyStore

         * facility.

         */

        public Builder(Context context) {

        public Builder(@NonNull Context context) {

            if (context == null) {

                throw new NullPointerException("context == null");

            }

         * {@link java.security.KeyStore} instance using the

         * {@code AndroidKeyStore} provider.

         */

        public Builder setAlias(String alias) {

        @NonNull

        public Builder setAlias(@NonNull String alias) {

            if (alias == null) {

                throw new NullPointerException("alias == null");

            }

        /**

         * Sets the key type (e.g., EC, RSA) of the keypair to be created.

         */

        public Builder setKeyType(@KeyStoreKeyProperties.AlgorithmEnum String keyType)

        @NonNull

        public Builder setKeyType(@NonNull @KeyStoreKeyProperties.AlgorithmEnum String keyType)

                throws NoSuchAlgorithmException {

            if (keyType == null) {

                throw new NullPointerException("keyType == null");

         * key type of RSA this will set the modulus size and for a key type of

         * EC it will select a curve with a matching field size.

         */

        @NonNull

        public Builder setKeySize(int keySize) {

            if (keySize < 0) {

                throw new IllegalArgumentException("keySize < 0");

         * Sets the algorithm-specific key generation parameters. For example, for RSA keys

         * this may be an instance of {@link java.security.spec.RSAKeyGenParameterSpec}.

         */

        public Builder setAlgorithmParameterSpec(AlgorithmParameterSpec spec) {

        public Builder setAlgorithmParameterSpec(@NonNull AlgorithmParameterSpec spec) {

            if (spec == null) {

                throw new NullPointerException("spec == null");

            }

         * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1 LOLLIPOP_MR1} and older platforms. On

         * newer platforms the subject defaults to {@code CN=fake} if not specified.

         */

        public Builder setSubject(X500Principal subject) {

        @NonNull

        public Builder setSubject(@NonNull X500Principal subject) {

            if (subject == null) {

                throw new NullPointerException("subject == null");

            }

         * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1 LOLLIPOP_MR1} and older platforms. On

         * newer platforms the serial number defaults to {@code 1} if not specified.

         */

        public Builder setSerialNumber(BigInteger serialNumber) {

        @NonNull

        public Builder setSerialNumber(@NonNull BigInteger serialNumber) {

            if (serialNumber == null) {

                throw new NullPointerException("serialNumber == null");

            }

         * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1 LOLLIPOP_MR1} and older platforms. On

         * newer platforms the date defaults to {@code Jan 1 1970} if not specified.

         */

        public Builder setStartDate(Date startDate) {

        @NonNull

        public Builder setStartDate(@NonNull Date startDate) {

            if (startDate == null) {

                throw new NullPointerException("startDate == null");

            }

         * {@link android.os.Build.VERSION_CODES#LOLLIPOP_MR1 LOLLIPOP_MR1} and older platforms. On

         * newer platforms the date defaults to {@code Jan 1 2048} if not specified.

         */

        public Builder setEndDate(Date endDate) {

        @NonNull

        public Builder setEndDate(@NonNull Date endDate) {

            if (endDate == null) {

                throw new NullPointerException("endDate == null");

            }

         *

         * @see KeyguardManager#isDeviceSecure()

         */

        @NonNull

        public Builder setEncryptionRequired() {

            mFlags |= KeyStore.FLAG_ENCRYPTED;

            return this;

         *

         * @see #setKeyValidityEnd(Date)

         */

        @NonNull

        public Builder setKeyValidityStart(Date startDate) {

            mKeyValidityStart = startDate;

            return this;

         * @see #setKeyValidityForConsumptionEnd(Date)

         * @see #setKeyValidityForOriginationEnd(Date)

         */

        @NonNull

        public Builder setKeyValidityEnd(Date endDate) {

            setKeyValidityForOriginationEnd(endDate);

            setKeyValidityForConsumptionEnd(endDate);

         *

         * @see #setKeyValidityForConsumptionEnd(Date)

         */

        @NonNull

        public Builder setKeyValidityForOriginationEnd(Date endDate) {

            mKeyValidityForOriginationEnd = endDate;

            return this;

         *

         * @see #setKeyValidityForOriginationEnd(Date)

         */

        @NonNull

        public Builder setKeyValidityForConsumptionEnd(Date endDate) {

            mKeyValidityForConsumptionEnd = endDate;

            return this;

         *

         * <p><b>NOTE: This has currently no effect.

         */

        @NonNull

        public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {

            mPurposes = purposes;

            return this;

         *

         * <p><b>NOTE: This has currently no effect.

         */

        @NonNull

        public Builder setDigests(@KeyStoreKeyProperties.DigestEnum String... digests) {

            mDigests = ArrayUtils.cloneIfNotEmpty(digests);

            return this;

         *

         * <p><b>NOTE: This has currently no effect.

         */

        @NonNull

        public Builder setEncryptionPaddings(

                @KeyStoreKeyProperties.EncryptionPaddingEnum String... paddings) {

            mEncryptionPaddings = ArrayUtils.cloneIfNotEmpty(paddings);

         *

         * <p><b>NOTE: This has currently no effect.

         */

        @NonNull

        public Builder setSignaturePaddings(

                @KeyStoreKeyProperties.SignaturePaddingEnum String... paddings) {

            mSignaturePaddings = ArrayUtils.cloneIfNotEmpty(paddings);

         *

         * <p><b>NOTE: This has currently no effect.

         */

        @NonNull

        public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {

            mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes);

            return this;

         *