Loading keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java +26 −12 Original line number Diff line number Diff line Loading @@ -296,8 +296,15 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { int flags = 0; String keyAliasInKeystore = Credentials.USER_SECRET_KEY + spec.getKeystoreAlias(); KeyCharacteristics resultingKeyCharacteristics = new KeyCharacteristics(); boolean success = false; try { Credentials.deleteAllTypesForAlias(mKeyStore, spec.getKeystoreAlias()); int errorCode = mKeyStore.generateKey( keyAliasInKeystore, args, additionalEntropy, flags, resultingKeyCharacteristics); keyAliasInKeystore, args, additionalEntropy, flags, resultingKeyCharacteristics); if (errorCode != KeyStore.NO_ERROR) { throw new ProviderException( "Keystore operation failed", KeyStore.getKeyStoreException(errorCode)); Loading @@ -309,6 +316,13 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { } catch (IllegalArgumentException e) { throw new ProviderException("Failed to obtain JCA secret key algorithm name", e); } return new AndroidKeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmJCA); SecretKey result = new AndroidKeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmJCA); success = true; return result; } finally { if (!success) { Credentials.deleteAllTypesForAlias(mKeyStore, spec.getKeystoreAlias()); } } } } keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +47 −45 Original line number Diff line number Diff line Loading @@ -121,7 +121,6 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato public KeyPair generateKeyPair() { if (mKeyStore == null || mSpec == null) { throw new IllegalStateException("Not initialized"); } final int flags = (mEncryptionAtRestRequired) ? KeyStore.FLAG_ENCRYPTED : 0; Loading @@ -134,19 +133,18 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato final String alias = mSpec.getKeystoreAlias(); Credentials.deleteAllTypesForAlias(mKeyStore, alias); byte[][] args = getArgsForKeyType(mKeyType, mSpec.getAlgorithmParameterSpec()); final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias; boolean success = false; try { Credentials.deleteAllTypesForAlias(mKeyStore, alias); if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, mKeyType, mKeySize, flags, args)) { throw new IllegalStateException("could not generate key in keystore"); } Credentials.deleteSecretKeyTypeForAlias(mKeyStore, alias); final PrivateKey privKey; final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore"); try { Loading @@ -171,7 +169,6 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato try { cert = generateCertificate(privKey, pubKey); } catch (Exception e) { Credentials.deleteAllTypesForAlias(mKeyStore, alias); throw new IllegalStateException("Can't generate certificate", e); } Loading @@ -179,17 +176,22 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato try { certBytes = cert.getEncoded(); } catch (CertificateEncodingException e) { Credentials.deleteAllTypesForAlias(mKeyStore, alias); throw new IllegalStateException("Can't get encoding of certificate", e); } if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, certBytes, KeyStore.UID_SELF, flags)) { Credentials.deleteAllTypesForAlias(mKeyStore, alias); throw new IllegalStateException("Can't store certificate in AndroidKeyStore"); } return new KeyPair(pubKey, privKey); KeyPair result = new KeyPair(pubKey, privKey); success = true; return result; } finally { if (!success) { Credentials.deleteAllTypesForAlias(mKeyStore, alias); } } } @SuppressWarnings("deprecation") Loading Loading
keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java +26 −12 Original line number Diff line number Diff line Loading @@ -296,8 +296,15 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { int flags = 0; String keyAliasInKeystore = Credentials.USER_SECRET_KEY + spec.getKeystoreAlias(); KeyCharacteristics resultingKeyCharacteristics = new KeyCharacteristics(); boolean success = false; try { Credentials.deleteAllTypesForAlias(mKeyStore, spec.getKeystoreAlias()); int errorCode = mKeyStore.generateKey( keyAliasInKeystore, args, additionalEntropy, flags, resultingKeyCharacteristics); keyAliasInKeystore, args, additionalEntropy, flags, resultingKeyCharacteristics); if (errorCode != KeyStore.NO_ERROR) { throw new ProviderException( "Keystore operation failed", KeyStore.getKeyStoreException(errorCode)); Loading @@ -309,6 +316,13 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { } catch (IllegalArgumentException e) { throw new ProviderException("Failed to obtain JCA secret key algorithm name", e); } return new AndroidKeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmJCA); SecretKey result = new AndroidKeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmJCA); success = true; return result; } finally { if (!success) { Credentials.deleteAllTypesForAlias(mKeyStore, spec.getKeystoreAlias()); } } } }
keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +47 −45 Original line number Diff line number Diff line Loading @@ -121,7 +121,6 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato public KeyPair generateKeyPair() { if (mKeyStore == null || mSpec == null) { throw new IllegalStateException("Not initialized"); } final int flags = (mEncryptionAtRestRequired) ? KeyStore.FLAG_ENCRYPTED : 0; Loading @@ -134,19 +133,18 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato final String alias = mSpec.getKeystoreAlias(); Credentials.deleteAllTypesForAlias(mKeyStore, alias); byte[][] args = getArgsForKeyType(mKeyType, mSpec.getAlgorithmParameterSpec()); final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias; boolean success = false; try { Credentials.deleteAllTypesForAlias(mKeyStore, alias); if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, mKeyType, mKeySize, flags, args)) { throw new IllegalStateException("could not generate key in keystore"); } Credentials.deleteSecretKeyTypeForAlias(mKeyStore, alias); final PrivateKey privKey; final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore"); try { Loading @@ -171,7 +169,6 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato try { cert = generateCertificate(privKey, pubKey); } catch (Exception e) { Credentials.deleteAllTypesForAlias(mKeyStore, alias); throw new IllegalStateException("Can't generate certificate", e); } Loading @@ -179,17 +176,22 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato try { certBytes = cert.getEncoded(); } catch (CertificateEncodingException e) { Credentials.deleteAllTypesForAlias(mKeyStore, alias); throw new IllegalStateException("Can't get encoding of certificate", e); } if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, certBytes, KeyStore.UID_SELF, flags)) { Credentials.deleteAllTypesForAlias(mKeyStore, alias); throw new IllegalStateException("Can't store certificate in AndroidKeyStore"); } return new KeyPair(pubKey, privKey); KeyPair result = new KeyPair(pubKey, privKey); success = true; return result; } finally { if (!success) { Credentials.deleteAllTypesForAlias(mKeyStore, alias); } } } @SuppressWarnings("deprecation") Loading
