From a3b994798d870244f11b56ae0bdfb870924402a8 Mon Sep 17 00:00:00 2001
From: Robert Berry <robertberry@google.com>
Date: Fri, 23 Feb 2018 15:59:02 +0000
Subject: Remove account param from generateKey method

Bug: 73811828
Test: runtest frameworks-services -p
      com.android.server.locksettings.recoverablekeystore
Change-Id: If2f4174beea9cfb8c852139a7594815c377dbe7a
---
 api/system-current.txt                             |  1 +
 api/system-removed.txt                             |  1 +
 .../keystore/recovery/RecoveryController.java      | 35 ++++++++++++----------
 .../com/android/internal/widget/ILockSettings.aidl |  2 +-
 .../server/locksettings/LockSettingsService.java   |  4 +--
 .../RecoverableKeyStoreManager.java                |  5 ++--
 6 files changed, 26 insertions(+), 22 deletions(-)

diff --git a/api/system-current.txt b/api/system-current.txt
index 093222391f29..fc35a6a8e79a 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -4297,6 +4297,7 @@ package android.security.keystore.recovery {
   public class RecoveryController {
     method public android.security.keystore.recovery.RecoverySession createRecoverySession();
     method public byte[] generateAndStoreKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException;
+    method public java.security.Key generateKey(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException;
     method public java.util.List<java.lang.String> getAliases() throws android.security.keystore.recovery.InternalRecoveryServiceException;
     method public static android.security.keystore.recovery.RecoveryController getInstance(android.content.Context);
     method public int[] getPendingRecoverySecretTypes() throws android.security.keystore.recovery.InternalRecoveryServiceException;
diff --git a/api/system-removed.txt b/api/system-removed.txt
index cd56c468644b..afaae05828d1 100644
--- a/api/system-removed.txt
+++ b/api/system-removed.txt
@@ -98,6 +98,7 @@ package android.security.keystore.recovery {
   }
 
   public class RecoveryController {
+    method public deprecated java.security.Key generateKey(java.lang.String, byte[]) throws android.security.keystore.recovery.InternalRecoveryServiceException, android.security.keystore.recovery.LockScreenRequiredException;
     method public deprecated java.util.List<java.lang.String> getAliases(java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;
     method public deprecated android.security.keystore.recovery.KeyChainSnapshot getRecoveryData() throws android.security.keystore.recovery.InternalRecoveryServiceException;
     method public deprecated int getRecoveryStatus(java.lang.String, java.lang.String) throws android.security.keystore.recovery.InternalRecoveryServiceException;
diff --git a/core/java/android/security/keystore/recovery/RecoveryController.java b/core/java/android/security/keystore/recovery/RecoveryController.java
index 33892387b976..0d262c97a585 100644
--- a/core/java/android/security/keystore/recovery/RecoveryController.java
+++ b/core/java/android/security/keystore/recovery/RecoveryController.java
@@ -462,35 +462,38 @@ public class RecoveryController {
     }
 
     /**
-     * Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable
-     * key store. Returns {@link javax.crypto.SecretKey}.
+     * @deprecated Use {@link #generateKey(String)}.
+     * @removed
+     */
+    @Deprecated
+    public Key generateKey(@NonNull String alias, byte[] account)
+            throws InternalRecoveryServiceException, LockScreenRequiredException {
+        return generateKey(alias);
+    }
+
+    /**
+     * Generates a recoverable key with the given {@code alias}.
      *
-     * @param alias The key alias.
-     * @param account The account associated with the key.
      * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
      *     service.
-     * @throws LockScreenRequiredException if the user has not set a lock screen. This is required
-     *     to generate recoverable keys, as the snapshots are encrypted using a key derived from the
-     *     lock screen.
-     * @hide
+     * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock
+     *     screen is required to generate recoverable keys.
      */
-    public Key generateKey(@NonNull String alias, byte[] account)
-            throws InternalRecoveryServiceException, LockScreenRequiredException {
-        // TODO: update RecoverySession.recoverKeys
+    public Key generateKey(@NonNull String alias) throws InternalRecoveryServiceException,
+            LockScreenRequiredException {
         try {
-            String grantAlias = mBinder.generateKey(alias, account);
+            String grantAlias = mBinder.generateKey(alias);
             if (grantAlias == null) {
-                return null;
+                throw new InternalRecoveryServiceException("null grant alias");
             }
-            Key result = AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore(
+            return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore(
                     mKeyStore,
                     grantAlias,
                     KeyStore.UID_SELF);
-            return result;
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         } catch (UnrecoverableKeyException e) {
-            throw new InternalRecoveryServiceException("Access to newly generated key failed for");
+            throw new InternalRecoveryServiceException("Failed to get key from keystore", e);
         } catch (ServiceSpecificException e) {
             if (e.errorCode == ERROR_INSECURE_USER) {
                 throw new LockScreenRequiredException(e.getMessage());
diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl
index 1fc2796866eb..d3fc644c2341 100644
--- a/core/java/com/android/internal/widget/ILockSettings.aidl
+++ b/core/java/com/android/internal/widget/ILockSettings.aidl
@@ -67,7 +67,7 @@ interface ILockSettings {
     void initRecoveryService(in String rootCertificateAlias, in byte[] signedPublicKeyList);
     KeyChainSnapshot getKeyChainSnapshot();
     byte[] generateAndStoreKey(String alias);
-    String generateKey(String alias, in byte[] account);
+    String generateKey(String alias);
     String getKey(String alias);
     void removeKey(String alias);
     void setSnapshotCreatedPendingIntent(in PendingIntent intent);
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index d1c40cc099ac..9e00819d4eee 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -2074,8 +2074,8 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     @Override
-    public String generateKey(@NonNull String alias, byte[] account) throws RemoteException {
-        return mRecoverableKeyStoreManager.generateKey(alias, account);
+    public String generateKey(@NonNull String alias) throws RemoteException {
+        return mRecoverableKeyStoreManager.generateKey(alias);
     }
 
     @Override
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
index a462cfc81f13..22e99c43f950 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
@@ -556,7 +556,7 @@ public class RecoverableKeyStoreManager {
      *
      * @return grant alias, which caller can use to access the key.
      */
-    public String generateKey(@NonNull String alias, byte[] account) throws RemoteException {
+    public String generateKey(@NonNull String alias) throws RemoteException {
         int uid = Binder.getCallingUid();
         int userId = UserHandle.getCallingUserId();
 
@@ -576,8 +576,7 @@ public class RecoverableKeyStoreManager {
             byte[] secretKey =
                     mRecoverableKeyGenerator.generateAndStoreKey(encryptionKey, userId, uid, alias);
             mApplicationKeyStorage.setSymmetricKeyEntry(userId, uid, alias, secretKey);
-            String grantAlias = mApplicationKeyStorage.getGrantAlias(userId, uid, alias);
-            return grantAlias;
+            return mApplicationKeyStorage.getGrantAlias(userId, uid, alias);
         } catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) {
             throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
         }
-- 
cgit v1.2.3-59-g8ed1b