diff options
6 files changed, 45 insertions, 44 deletions
diff --git a/api/system-current.txt b/api/system-current.txt index c85e2d39b456..1322a39495a3 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -4353,6 +4353,7 @@ package android.security.keystore.recovery { method public byte[] getServerParams(); method public int getSnapshotVersion(); method public java.security.cert.CertPath getTrustedHardwareCertPath(); + method public deprecated byte[] getTrustedHardwarePublicKey(); method public java.util.List<android.security.keystore.recovery.WrappedApplicationKey> getWrappedApplicationKeys(); method public void writeToParcel(android.os.Parcel, int); field public static final android.os.Parcelable.Creator<android.security.keystore.recovery.KeyChainSnapshot> CREATOR; @@ -4377,18 +4378,25 @@ package android.security.keystore.recovery { public class RecoveryController { method public android.security.keystore.recovery.RecoverySession createRecoverySession(); + method public byte[] generateAndStoreKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException; + method public deprecated java.security.Key generateKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException; method public java.security.Key generateKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException; + method public deprecated java.util.List<java.lang.String> getAliases(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; method public java.util.List<java.lang.String> getAliases() throws android.security.keystore.recovery.InternalRecoveryServiceException; method public static android.security.keystore.recovery.RecoveryController getInstance(android.content.Context); method public java.security.Key getKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException, java.security.UnrecoverableKeyException; method public android.security.keystore.recovery.KeyChainSnapshot getKeyChainSnapshot() throws android.security.keystore.recovery.InternalRecoveryServiceException; + method public deprecated android.security.keystore.recovery.KeyChainSnapshot getRecoveryData() throws android.security.keystore.recovery.InternalRecoveryServiceException; method public int[] getRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException; + method public deprecated int getRecoveryStatus(java.lang.String, java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; method public int getRecoveryStatus(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; method public java.util.Map<java.lang.String, java.security.cert.X509Certificate> getRootCertificates(); method public java.security.Key importKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException; + method public deprecated void initRecoveryService(java.lang.String, byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; method public void initRecoveryService(java.lang.String, byte[], byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; method public void removeKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; method public void setRecoverySecretTypes(int[]) throws android.security.keystore.recovery.InternalRecoveryServiceException; + method public deprecated void setRecoveryStatus(java.lang.String, java.lang.String, int) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.content.pm.PackageManager.NameNotFoundException; method public void setRecoveryStatus(java.lang.String, int) throws android.security.keystore.recovery.InternalRecoveryServiceException; method public void setServerParams(byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException; method public void setSnapshotCreatedPendingIntent(android.app.PendingIntent) throws android.security.keystore.recovery.InternalRecoveryServiceException; @@ -4400,6 +4408,9 @@ package android.security.keystore.recovery { public class RecoverySession implements java.lang.AutoCloseable { method public void close(); method public java.util.Map<java.lang.String, java.security.Key> recoverKeyChainSnapshot(byte[], java.util.List<android.security.keystore.recovery.WrappedApplicationKey>) throws android.security.keystore.recovery.DecryptionFailedException, android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.SessionExpiredException; + method public deprecated java.util.Map<java.lang.String, byte[]> recoverKeys(byte[], java.util.List<android.security.keystore.recovery.WrappedApplicationKey>) throws android.security.keystore.recovery.DecryptionFailedException, android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.SessionExpiredException; + method public deprecated byte[] start(byte[], byte[], byte[], java.util.List<android.security.keystore.recovery.KeyChainProtectionParams>) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; + method public deprecated byte[] start(java.security.cert.CertPath, byte[], byte[], java.util.List<android.security.keystore.recovery.KeyChainProtectionParams>) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; method public byte[] start(java.lang.String, java.security.cert.CertPath, byte[], byte[], java.util.List<android.security.keystore.recovery.KeyChainProtectionParams>) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; } @@ -4409,6 +4420,7 @@ package android.security.keystore.recovery { public final class WrappedApplicationKey implements android.os.Parcelable { method public int describeContents(); + method public deprecated byte[] getAccount(); method public java.lang.String getAlias(); method public byte[] getEncryptedKeyMaterial(); method public void writeToParcel(android.os.Parcel, int); @@ -4418,6 +4430,7 @@ package android.security.keystore.recovery { public static class WrappedApplicationKey.Builder { ctor public WrappedApplicationKey.Builder(); method public android.security.keystore.recovery.WrappedApplicationKey build(); + method public deprecated android.security.keystore.recovery.WrappedApplicationKey.Builder setAccount(byte[]); method public android.security.keystore.recovery.WrappedApplicationKey.Builder setAlias(java.lang.String); method public android.security.keystore.recovery.WrappedApplicationKey.Builder setEncryptedKeyMaterial(byte[]); } diff --git a/api/system-removed.txt b/api/system-removed.txt index 7cf12ef3c595..48f43e0880da 100644 --- a/api/system-removed.txt +++ b/api/system-removed.txt @@ -91,37 +91,6 @@ package android.os { } -package android.security.keystore.recovery { - - public final class KeyChainSnapshot implements android.os.Parcelable { - method public deprecated byte[] getTrustedHardwarePublicKey(); - } - - public class RecoveryController { - method public deprecated java.security.Key generateKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException; - method public deprecated java.util.List<java.lang.String> getAliases(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; - method public deprecated android.security.keystore.recovery.KeyChainSnapshot getRecoveryData() throws android.security.keystore.recovery.InternalRecoveryServiceException; - method public deprecated int getRecoveryStatus(java.lang.String, java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException; - method public deprecated void initRecoveryService(java.lang.String, byte[]) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; - method public deprecated void setRecoveryStatus(java.lang.String, java.lang.String, int) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.content.pm.PackageManager.NameNotFoundException; - } - - public class RecoverySession implements java.lang.AutoCloseable { - method public deprecated java.util.Map<java.lang.String, byte[]> recoverKeys(byte[], java.util.List<android.security.keystore.recovery.WrappedApplicationKey>) throws android.security.keystore.recovery.DecryptionFailedException, android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.SessionExpiredException; - method public deprecated byte[] start(byte[], byte[], byte[], java.util.List<android.security.keystore.recovery.KeyChainProtectionParams>) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; - method public deprecated byte[] start(java.security.cert.CertPath, byte[], byte[], java.util.List<android.security.keystore.recovery.KeyChainProtectionParams>) throws java.security.cert.CertificateException, android.security.keystore.recovery.InternalRecoveryServiceException; - } - - public final class WrappedApplicationKey implements android.os.Parcelable { - method public deprecated byte[] getAccount(); - } - - public static class WrappedApplicationKey.Builder { - method public deprecated android.security.keystore.recovery.WrappedApplicationKey.Builder setAccount(byte[]); - } - -} - package android.service.notification { public abstract class NotificationListenerService extends android.app.Service { diff --git a/core/java/android/security/keystore/recovery/KeyChainSnapshot.java b/core/java/android/security/keystore/recovery/KeyChainSnapshot.java index 73a6a749d31c..9334aa99c86c 100644 --- a/core/java/android/security/keystore/recovery/KeyChainSnapshot.java +++ b/core/java/android/security/keystore/recovery/KeyChainSnapshot.java @@ -118,7 +118,7 @@ public final class KeyChainSnapshot implements Parcelable { * * See implementation for binary key format. * - * @removed Use {@link #getTrustedHardwareCertPath} instead. + * @deprecated Use {@link #getTrustedHardwareCertPath} instead. */ @Deprecated public @NonNull byte[] getTrustedHardwarePublicKey() { @@ -227,7 +227,7 @@ public final class KeyChainSnapshot implements Parcelable { * * @param publicKey The public key * @return This builder. - * @removed Use {@link #setTrustedHardwareCertPath} instead. + * @deprecated Use {@link #setTrustedHardwareCertPath} instead. */ @Deprecated public Builder setTrustedHardwarePublicKey(byte[] publicKey) { diff --git a/core/java/android/security/keystore/recovery/RecoveryController.java b/core/java/android/security/keystore/recovery/RecoveryController.java index 1105565eaf74..ab3ed915ed5f 100644 --- a/core/java/android/security/keystore/recovery/RecoveryController.java +++ b/core/java/android/security/keystore/recovery/RecoveryController.java @@ -278,7 +278,7 @@ public class RecoveryController { } /** - * @removed Use {@link #initRecoveryService(String, byte[], byte[])} instead. + * @deprecated Use {@link #initRecoveryService(String, byte[], byte[])} instead. */ @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @@ -335,7 +335,7 @@ public class RecoveryController { } /** - * @removed Use {@link #getKeyChainSnapshot()} + * @deprecated Use {@link #getKeyChainSnapshot()} */ @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @@ -411,7 +411,7 @@ public class RecoveryController { } /** - * @removed Use {@link #getAliases()}. + * @deprecated Use {@link #getAliases()}. */ @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @@ -436,7 +436,7 @@ public class RecoveryController { } /** - * @removed Use {@link #setRecoveryStatus(String, int)} + * @deprecated Use {@link #setRecoveryStatus(String, int)} */ @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @@ -470,7 +470,7 @@ public class RecoveryController { } /** - * @removed Use {@link #getRecoveryStatus(String)}. + * @deprecated Use {@link #getRecoveryStatus(String)}. */ @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @@ -552,7 +552,26 @@ public class RecoveryController { } /** - * @removed Use {@link #generateKey(String)}. + * Deprecated. + * Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable + * key store. Returns the raw material of the key. + * + * @param alias The key alias. + * @param account The account associated with the key + * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery + * service. + * @throws LockScreenRequiredException if the user has not set a lock screen. This is required + * to generate recoverable keys, as the snapshots are encrypted using a key derived from the + * lock screen. + */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) + public byte[] generateAndStoreKey(@NonNull String alias, byte[] account) + throws InternalRecoveryServiceException, LockScreenRequiredException { + throw new UnsupportedOperationException("Operation is not supported, use generateKey"); + } + + /** + * @deprecated Use {@link #generateKey(String)}. */ @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) diff --git a/core/java/android/security/keystore/recovery/RecoverySession.java b/core/java/android/security/keystore/recovery/RecoverySession.java index 87dc6b477eda..835338940905 100644 --- a/core/java/android/security/keystore/recovery/RecoverySession.java +++ b/core/java/android/security/keystore/recovery/RecoverySession.java @@ -78,7 +78,7 @@ public class RecoverySession implements AutoCloseable { } /** - * @removed Use {@link #start(String, CertPath, byte[], byte[], List)} instead. + * @deprecated Use {@link #start(String, CertPath, byte[], byte[], List)} instead. */ @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @@ -109,7 +109,7 @@ public class RecoverySession implements AutoCloseable { } /** - * @removed Use {@link #start(String, CertPath, byte[], byte[], List)} instead. + * @deprecated Use {@link #start(String, CertPath, byte[], byte[], List)} instead. */ @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @@ -198,7 +198,7 @@ public class RecoverySession implements AutoCloseable { } /** - * @removed Use {@link #recoverKeyChainSnapshot(byte[], List)} instead. + * @deprecated Use {@link #recoverKeyChainSnapshot(byte[], List)} instead. */ @Deprecated @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) diff --git a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java index 86419d8e4616..32952db7037d 100644 --- a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java +++ b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java @@ -75,7 +75,7 @@ public final class WrappedApplicationKey implements Parcelable { } /** - * @removed AOSP does not associate keys with accounts. This may be done by system app. + * @deprecated AOSP does not associate keys with accounts. This may be done by system app. */ @Deprecated public Builder setAccount(@NonNull byte[] account) { @@ -133,7 +133,7 @@ public final class WrappedApplicationKey implements Parcelable { } /** - * @removed AOSP does not associate keys with accounts. This may be done by system app. + * @deprecated AOSP does not associate keys with accounts. This may be done by system app. */ @Deprecated public @NonNull byte[] getAccount() { |