diff options
| author | 2018-02-26 15:16:18 +0000 | |
|---|---|---|
| committer | 2018-02-26 15:16:18 +0000 | |
| commit | a620aa1a136ad05989153f183faa6327a42deffe (patch) | |
| tree | 3cf334538327ae96f9c8f57a2903014fd6440ce9 | |
| parent | bb5b09512ed259ab50ee5865b5822e6885ec6e4e (diff) | |
| parent | a3b994798d870244f11b56ae0bdfb870924402a8 (diff) | |
Merge "Remove account param from generateKey method"
6 files changed, 26 insertions, 22 deletions
diff --git a/api/system-current.txt b/api/system-current.txt index 6c6847e045f2..a581bab7eb4b 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -4297,6 +4297,7 @@ package android.security.keystore.recovery { public class RecoveryController { method public android.security.keystore.recovery.RecoverySession createRecoverySession(); method public byte[] generateAndStoreKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException; + method public java.security.Key generateKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException; method public java.util.List<java.lang.String> getAliases() throws android.security.keystore.recovery.InternalRecoveryServiceException; method public static android.security.keystore.recovery.RecoveryController getInstance(android.content.Context); method public int[] getPendingRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException; diff --git a/api/system-removed.txt b/api/system-removed.txt index f26f20e64bb4..58652a297bd8 100644 --- a/api/system-removed.txt +++ b/api/system-removed.txt @@ -98,6 +98,7 @@ package android.security.keystore.recovery { } public class RecoveryController { + method public deprecated java.security.Key generateKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException; method public deprecated java.util.List<java.lang.String> getAliases(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; method public deprecated android.security.keystore.recovery.KeyChainSnapshot getRecoveryData() throws android.security.keystore.recovery.InternalRecoveryServiceException; method public deprecated int getRecoveryStatus(java.lang.String, java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; diff --git a/core/java/android/security/keystore/recovery/RecoveryController.java b/core/java/android/security/keystore/recovery/RecoveryController.java index 33892387b976..0d262c97a585 100644 --- a/core/java/android/security/keystore/recovery/RecoveryController.java +++ b/core/java/android/security/keystore/recovery/RecoveryController.java @@ -462,35 +462,38 @@ public class RecoveryController { } /** - * Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable - * key store. Returns {@link javax.crypto.SecretKey}. + * @deprecated Use {@link #generateKey(String)}. + * @removed + */ + @Deprecated + public Key generateKey(@NonNull String alias, byte[] account) + throws InternalRecoveryServiceException, LockScreenRequiredException { + return generateKey(alias); + } + + /** + * Generates a recoverable key with the given {@code alias}. * - * @param alias The key alias. - * @param account The account associated with the key. * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. - * @throws LockScreenRequiredException if the user has not set a lock screen. This is required - * to generate recoverable keys, as the snapshots are encrypted using a key derived from the - * lock screen. - * @hide + * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock + * screen is required to generate recoverable keys. */ - public Key generateKey(@NonNull String alias, byte[] account) - throws InternalRecoveryServiceException, LockScreenRequiredException { - // TODO: update RecoverySession.recoverKeys + public Key generateKey(@NonNull String alias) throws InternalRecoveryServiceException, + LockScreenRequiredException { try { - String grantAlias = mBinder.generateKey(alias, account); + String grantAlias = mBinder.generateKey(alias); if (grantAlias == null) { - return null; + throw new InternalRecoveryServiceException("null grant alias"); } - Key result = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore( + return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore( mKeyStore, grantAlias, KeyStore.UID_SELF); - return result; } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (UnrecoverableKeyException e) { - throw new InternalRecoveryServiceException("Access to newly generated key failed for"); + throw new InternalRecoveryServiceException("Failed to get key from keystore", e); } catch (ServiceSpecificException e) { if (e.errorCode == ERROR_INSECURE_USER) { throw new LockScreenRequiredException(e.getMessage()); diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl index 1fc2796866eb..d3fc644c2341 100644 --- a/core/java/com/android/internal/widget/ILockSettings.aidl +++ b/core/java/com/android/internal/widget/ILockSettings.aidl @@ -67,7 +67,7 @@ interface ILockSettings { void initRecoveryService(in String rootCertificateAlias, in byte[] signedPublicKeyList); KeyChainSnapshot getKeyChainSnapshot(); byte[] generateAndStoreKey(String alias); - String generateKey(String alias, in byte[] account); + String generateKey(String alias); String getKey(String alias); void removeKey(String alias); void setSnapshotCreatedPendingIntent(in PendingIntent intent); diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index d1c40cc099ac..9e00819d4eee 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -2074,8 +2074,8 @@ public class LockSettingsService extends ILockSettings.Stub { } @Override - public String generateKey(@NonNull String alias, byte[] account) throws RemoteException { - return mRecoverableKeyStoreManager.generateKey(alias, account); + public String generateKey(@NonNull String alias) throws RemoteException { + return mRecoverableKeyStoreManager.generateKey(alias); } @Override diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java index a462cfc81f13..22e99c43f950 100644 --- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java @@ -556,7 +556,7 @@ public class RecoverableKeyStoreManager { * * @return grant alias, which caller can use to access the key. */ - public String generateKey(@NonNull String alias, byte[] account) throws RemoteException { + public String generateKey(@NonNull String alias) throws RemoteException { int uid = Binder.getCallingUid(); int userId = UserHandle.getCallingUserId(); @@ -576,8 +576,7 @@ public class RecoverableKeyStoreManager { byte[] secretKey = mRecoverableKeyGenerator.generateAndStoreKey(encryptionKey, userId, uid, alias); mApplicationKeyStorage.setSymmetricKeyEntry(userId, uid, alias, secretKey); - String grantAlias = mApplicationKeyStorage.getGrantAlias(userId, uid, alias); - return grantAlias; + return mApplicationKeyStorage.getGrantAlias(userId, uid, alias); } catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) { throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); } |