Remove account from WrappedApplicationKey

Recovery controller will no longer be aware of accounts. It is up to the recovery agent to decide where to upload keys, and if so what accounts to use. Bug: 73811828 Test: runtest frameworks-core -p android.security.keystore.recovery Change-Id: I929076d948f4d36ba88b68cca08058a5cdde0107
author: Robert Berry <robertberry@google.com> 2018-02-25 22:19:08 +0000
committer: Robert Berry <robertberry@google.com> 2018-02-25 23:11:17 +0000
commit: 291bd32c9e547a5862d28f3a68ed2f514ccfbd86 (patch)
tree: 1b629b58148768f9a110dd938fc11e0b19d5019b
parent: 17bc6993c7bc29b5676cd61ad8daddb713c5c6f4 (diff)
4 files changed, 105 insertions, 23 deletions
diff --git a/api/system-current.txt b/api/system-current.txt
index 093222391f29..6c6847e045f2 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -4326,7 +4326,6 @@ package android.security.keystore.recovery {
 
   public final class WrappedApplicationKey implements android.os.Parcelable {
     method public int describeContents();
-    method public byte[] getAccount();
     method public java.lang.String getAlias();
     method public byte[] getEncryptedKeyMaterial();
     method public void writeToParcel(android.os.Parcel, int);
@@ -4336,7 +4335,6 @@ package android.security.keystore.recovery {
   public static class WrappedApplicationKey.Builder {
     ctor public WrappedApplicationKey.Builder();
     method public android.security.keystore.recovery.WrappedApplicationKey build();
-    method public android.security.keystore.recovery.WrappedApplicationKey.Builder setAccount(byte[]);
     method public android.security.keystore.recovery.WrappedApplicationKey.Builder setAlias(java.lang.String);
     method public android.security.keystore.recovery.WrappedApplicationKey.Builder setEncryptedKeyMaterial(byte[]);
   }
diff --git a/api/system-removed.txt b/api/system-removed.txt
index cd56c468644b..f26f20e64bb4 100644
--- a/api/system-removed.txt
+++ b/api/system-removed.txt
@@ -108,6 +108,14 @@ package android.security.keystore.recovery {
     method public deprecated byte[] start(byte[], byte[], byte[], java.util.List<android.security.keystore.recovery.KeyChainProtectionParams>) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException;
   }
 
+  public final class WrappedApplicationKey implements android.os.Parcelable {
+    method public deprecated byte[] getAccount();
+  }
+
+  public static class WrappedApplicationKey.Builder {
+    method public deprecated android.security.keystore.recovery.WrappedApplicationKey.Builder setAccount(byte[]);
+  }
+
 }
 
 package android.service.notification {
diff --git a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java
index f360bbe99ba1..df9766d84843 100644
--- a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java
+++ b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 The Android Open Source Project
+ * Copyright (C) 2018 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,6 @@ package android.security.keystore.recovery;
 
 import android.annotation.NonNull;
 import android.annotation.SystemApi;
-
 import android.os.Parcel;
 import android.os.Parcelable;
 
@@ -29,7 +28,6 @@ import com.android.internal.util.Preconditions;
  *
  * <ul>
  *   <li>Alias - Keystore alias of the key.
- *   <li>Account Recovery Agent specific account associated with the key.
  *   <li>Encrypted key material.
  * </ul>
  *
@@ -43,7 +41,6 @@ public final class WrappedApplicationKey implements Parcelable {
     private String mAlias;
     // The only supported format is AES-256 symmetric key.
     private byte[] mEncryptedKeyMaterial;
-    private byte[] mAccount;
 
     /**
      * Builder for creating {@link WrappedApplicationKey}.
@@ -63,13 +60,11 @@ public final class WrappedApplicationKey implements Parcelable {
         }
 
         /**
-         * Sets Recovery agent specific account.
-         *
-         * @param account The account.
-         * @return This builder.
+         * @deprecated AOSP does not associate keys with accounts. This may be done by system app.
+         * @removed
          */
+        @Deprecated
         public Builder setAccount(@NonNull byte[] account) {
-            mInstance.mAccount = account;
             return this;
         }
 
@@ -94,15 +89,11 @@ public final class WrappedApplicationKey implements Parcelable {
         @NonNull public WrappedApplicationKey build() {
             Preconditions.checkNotNull(mInstance.mAlias);
             Preconditions.checkNotNull(mInstance.mEncryptedKeyMaterial);
-            if (mInstance.mAccount == null) {
-                mInstance.mAccount = new byte[]{};
-            }
             return mInstance;
         }
     }
 
-    private WrappedApplicationKey() {
-    }
+    private WrappedApplicationKey() { }
 
     /**
      * Deprecated - consider using Builder.
@@ -127,12 +118,13 @@ public final class WrappedApplicationKey implements Parcelable {
         return mEncryptedKeyMaterial;
     }
 
-    /** Account, default value is empty array */
+    /**
+     * @deprecated AOSP does not associate keys with accounts. This may be done by system app.
+     * @removed
+     */
+    @Deprecated
     public @NonNull byte[] getAccount() {
-        if (mAccount == null) {
-            return new byte[]{};
-        }
-        return mAccount;
+        return new byte[0];
     }
 
     public static final Parcelable.Creator<WrappedApplicationKey> CREATOR =
@@ -150,7 +142,6 @@ public final class WrappedApplicationKey implements Parcelable {
     public void writeToParcel(Parcel out, int flags) {
         out.writeString(mAlias);
         out.writeByteArray(mEncryptedKeyMaterial);
-        out.writeByteArray(mAccount);
     }
 
     /**
@@ -159,7 +150,6 @@ public final class WrappedApplicationKey implements Parcelable {
     protected WrappedApplicationKey(Parcel in) {
         mAlias = in.readString();
         mEncryptedKeyMaterial = in.createByteArray();
-        mAccount = in.createByteArray();
     }
 
     @Override
diff --git a/core/tests/coretests/src/android/security/keystore/recovery/WrappedApplicationKeyTest.java b/core/tests/coretests/src/android/security/keystore/recovery/WrappedApplicationKeyTest.java
new file mode 100644
index 000000000000..15afbddf6f02
--- /dev/null
+++ b/core/tests/coretests/src/android/security/keystore/recovery/WrappedApplicationKeyTest.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.keystore.recovery;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
+import android.os.Parcel;
+import android.support.test.filters.SmallTest;
+import android.support.test.runner.AndroidJUnit4;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+@SmallTest
+public class WrappedApplicationKeyTest {
+
+    private static final String ALIAS = "karlin";
+    private static final byte[] KEY_MATERIAL = new byte[] { 0, 1, 2, 3, 4 };
+
+    private Parcel mParcel;
+
+    @Before
+    public void setUp() {
+        mParcel = Parcel.obtain();
+    }
+
+    @After
+    public void tearDown() {
+        mParcel.recycle();
+    }
+
+    @Test
+    public void build_setsAlias() {
+        assertEquals(ALIAS, buildTestKey().getAlias());
+    }
+
+    @Test
+    public void build_setsEncryptedKeyMaterial() {
+        assertArrayEquals(KEY_MATERIAL, buildTestKey().getEncryptedKeyMaterial());
+    }
+
+    @Test
+    public void writeToParcel_writesAliasToParcel() {
+        buildTestKey().writeToParcel(mParcel, /*flags=*/ 0);
+
+        mParcel.setDataPosition(0);
+        WrappedApplicationKey readFromParcel =
+                WrappedApplicationKey.CREATOR.createFromParcel(mParcel);
+        assertEquals(ALIAS, readFromParcel.getAlias());
+    }
+
+    @Test
+    public void writeToParcel_writesKeyMaterial() {
+        buildTestKey().writeToParcel(mParcel, /*flags=*/ 0);
+
+        mParcel.setDataPosition(0);
+        WrappedApplicationKey readFromParcel =
+                WrappedApplicationKey.CREATOR.createFromParcel(mParcel);
+        assertArrayEquals(KEY_MATERIAL, readFromParcel.getEncryptedKeyMaterial());
+    }
+
+    private WrappedApplicationKey buildTestKey() {
+        return new WrappedApplicationKey.Builder()
+                .setAlias(ALIAS)
+                .setEncryptedKeyMaterial(KEY_MATERIAL)
+                .build();
+    }
+}
author	Robert Berry <robertberry@google.com>	2018-02-25 22:19:08 +0000
committer	Robert Berry <robertberry@google.com>	2018-02-25 23:11:17 +0000
commit	291bd32c9e547a5862d28f3a68ed2f514ccfbd86 (patch)
tree	1b629b58148768f9a110dd938fc11e0b19d5019b
parent	17bc6993c7bc29b5676cd61ad8daddb713c5c6f4 (diff)