Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b152a8c4 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "Don't allow using raw public keys to init recovery service any more" into pi-dev

parents bf087747 c98c8436

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+1 −7
Original line number Diff line number Diff line
@@ -198,15 +198,9 @@ public class RecoverableKeyStoreManager { 
        try {

            certXml = CertXml.parse(recoveryServiceCertFile);

        } catch (CertParsingException e) {

            // TODO: Do not use raw key bytes anymore once the other components are updated

            Log.d(TAG, "Failed to parse the input as a cert file: " + HexDump.toHexString(

                    recoveryServiceCertFile));

            PublicKey publicKey = parseEcPublicKey(recoveryServiceCertFile);

            if (mDatabase.setRecoveryServicePublicKey(userId, uid, publicKey) > 0) {

                mDatabase.setShouldCreateSnapshot(userId, uid, true);

            }

            Log.d(TAG, "Successfully set the input as the raw public key");

            return;

            throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, e.getMessage());

        }



        // Check serial number

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java

+10 −4
Original line number Diff line number Diff line
@@ -440,19 +440,25 @@ public class RecoverableKeyStoreManagerTest { 
    }



    @Test

    public void initRecoveryService_succeedsWithRawPublicKey() throws Exception {

    public void initRecoveryService_throwsIfRawPublicKey() throws Exception {

        int uid = Binder.getCallingUid();

        int userId = UserHandle.getCallingUserId();

        mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);



        mRecoverableKeyStoreManager.initRecoveryService(ROOT_CERTIFICATE_ALIAS, TEST_PUBLIC_KEY);

        try {

            mRecoverableKeyStoreManager

                    .initRecoveryService(ROOT_CERTIFICATE_ALIAS, TEST_PUBLIC_KEY);

            fail("should have thrown");

        } catch (ServiceSpecificException e) {

            assertThat(e.errorCode).isEqualTo(ERROR_BAD_CERTIFICATE_FORMAT);

        }



        assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();

        assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isFalse();

        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertPath(userId, uid,

                DEFAULT_ROOT_CERT_ALIAS)).isNull();

        assertThat(mRecoverableKeyStoreDb.getRecoveryServiceCertSerial(userId, uid,

                DEFAULT_ROOT_CERT_ALIAS)).isNull();

        assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNotNull();

        assertThat(mRecoverableKeyStoreDb.getRecoveryServicePublicKey(userId, uid)).isNull();

    }



    @Test