diff options
| author | Dmitry Dementyev <dementyev@google.com> | 2018-01-08 18:08:23 -0800 |
|---|---|---|
| committer | Dmitry Dementyev <dementyev@google.com> | 2018-01-23 19:42:17 -0800 |
| commit | f8ae5deba2911b7bc8441df31c0504eaaa687add (patch) | |
| tree | 5a062c75e8d303ce04d1f544565032005d8de95e /core/java | |
| parent | d2c4f7f610789e912578b16a975d41e712e15aae (diff) | |
Unhide RecoverableKeyStoreLoader API.
Bug: 66499222
Test: GTS tests under development
Change-Id: I4285beaa26bc94d92f6213a34eb1e41ad0994d7a
Diffstat (limited to 'core/java')
15 files changed, 45 insertions, 28 deletions
diff --git a/core/java/android/security/keystore/KeychainProtectionParams.java b/core/java/android/security/keystore/KeychainProtectionParams.java index a3cd431b983d..a940fdc778a9 100644 --- a/core/java/android/security/keystore/KeychainProtectionParams.java +++ b/core/java/android/security/keystore/KeychainProtectionParams.java @@ -260,9 +260,6 @@ public final class KeychainProtectionParams implements Parcelable { } }; - /** - * @hide - */ @Override public void writeToParcel(Parcel out, int flags) { out.writeInt(mUserSecretType); diff --git a/core/java/android/security/keystore/KeychainSnapshot.java b/core/java/android/security/keystore/KeychainSnapshot.java index e03dd4a62ca0..23aec25eb128 100644 --- a/core/java/android/security/keystore/KeychainSnapshot.java +++ b/core/java/android/security/keystore/KeychainSnapshot.java @@ -151,6 +151,8 @@ public final class KeychainSnapshot implements Parcelable { /** * Builder for creating {@link KeychainSnapshot}. + * + * @hide */ public static class Builder { private KeychainSnapshot mInstance = new KeychainSnapshot(); @@ -263,9 +265,6 @@ public final class KeychainSnapshot implements Parcelable { } } - /** - * @hide - */ @Override public void writeToParcel(Parcel out, int flags) { out.writeInt(mSnapshotVersion); diff --git a/core/java/android/security/keystore/recovery/BadCertificateFormatException.java b/core/java/android/security/keystore/recovery/BadCertificateFormatException.java index fda3387bb63b..e0781a520838 100644 --- a/core/java/android/security/keystore/recovery/BadCertificateFormatException.java +++ b/core/java/android/security/keystore/recovery/BadCertificateFormatException.java @@ -20,6 +20,7 @@ package android.security.keystore.recovery; * Error thrown when the recovery agent supplies an invalid X509 certificate. * * @hide + * Deprecated */ public class BadCertificateFormatException extends RecoveryControllerException { public BadCertificateFormatException(String msg) { diff --git a/core/java/android/security/keystore/recovery/DecryptionFailedException.java b/core/java/android/security/keystore/recovery/DecryptionFailedException.java index 93f033feee14..af00e053ae70 100644 --- a/core/java/android/security/keystore/recovery/DecryptionFailedException.java +++ b/core/java/android/security/keystore/recovery/DecryptionFailedException.java @@ -16,6 +16,8 @@ package android.security.keystore.recovery; +import android.annotation.SystemApi; + import java.security.GeneralSecurityException; /** @@ -24,8 +26,8 @@ import java.security.GeneralSecurityException; * * @hide */ +@SystemApi public class DecryptionFailedException extends GeneralSecurityException { - public DecryptionFailedException(String msg) { super(msg); } diff --git a/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java b/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java index 9a0322624540..218d26eb565b 100644 --- a/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java +++ b/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java @@ -16,8 +16,9 @@ package android.security.keystore.recovery; -import java.security.GeneralSecurityException; +import android.annotation.SystemApi; +import java.security.GeneralSecurityException; /** * An error thrown when something went wrong internally in the recovery service. * @@ -26,6 +27,7 @@ import java.security.GeneralSecurityException; * * @hide */ +@SystemApi public class InternalRecoveryServiceException extends GeneralSecurityException { public InternalRecoveryServiceException(String msg) { super(msg); diff --git a/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java index 7ccb909d8e27..a43952a81048 100644 --- a/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java +++ b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java @@ -18,6 +18,7 @@ package android.security.keystore.recovery; import android.annotation.IntDef; import android.annotation.NonNull; +import android.annotation.SystemApi; import android.os.Parcel; import android.os.Parcelable; @@ -47,6 +48,7 @@ import java.util.Arrays; * * @hide */ +@SystemApi public final class KeyChainProtectionParams implements Parcelable { /** @hide */ @Retention(RetentionPolicy.SOURCE) @@ -260,9 +262,6 @@ public final class KeyChainProtectionParams implements Parcelable { } }; - /** - * @hide - */ @Override public void writeToParcel(Parcel out, int flags) { out.writeInt(mUserSecretType); diff --git a/core/java/android/security/keystore/recovery/KeyChainSnapshot.java b/core/java/android/security/keystore/recovery/KeyChainSnapshot.java index 9639bb5e5370..df535ed9d3ef 100644 --- a/core/java/android/security/keystore/recovery/KeyChainSnapshot.java +++ b/core/java/android/security/keystore/recovery/KeyChainSnapshot.java @@ -17,6 +17,7 @@ package android.security.keystore.recovery; import android.annotation.NonNull; +import android.annotation.SystemApi; import android.os.Parcel; import android.os.Parcelable; @@ -42,6 +43,7 @@ import java.util.List; * * @hide */ +@SystemApi public final class KeyChainSnapshot implements Parcelable { private static final int DEFAULT_MAX_ATTEMPTS = 10; private static final long DEFAULT_COUNTER_ID = 1L; @@ -151,10 +153,10 @@ public final class KeyChainSnapshot implements Parcelable { /** * Builder for creating {@link KeyChainSnapshot}. + * @hide */ public static class Builder { - private KeyChainSnapshot - mInstance = new KeyChainSnapshot(); + private KeyChainSnapshot mInstance = new KeyChainSnapshot(); /** * Snapshot version for given account. @@ -264,9 +266,6 @@ public final class KeyChainSnapshot implements Parcelable { } } - /** - * @hide - */ @Override public void writeToParcel(Parcel out, int flags) { out.writeInt(mSnapshotVersion); diff --git a/core/java/android/security/keystore/recovery/KeyDerivationParams.java b/core/java/android/security/keystore/recovery/KeyDerivationParams.java index 20631b0f50f6..fc909a0aac9e 100644 --- a/core/java/android/security/keystore/recovery/KeyDerivationParams.java +++ b/core/java/android/security/keystore/recovery/KeyDerivationParams.java @@ -18,9 +18,11 @@ package android.security.keystore.recovery; import android.annotation.IntDef; import android.annotation.NonNull; +import android.annotation.SystemApi; import android.os.Parcel; import android.os.Parcelable; + import com.android.internal.util.Preconditions; import java.lang.annotation.Retention; @@ -32,6 +34,7 @@ import java.lang.annotation.RetentionPolicy; * * @hide */ +@SystemApi public final class KeyDerivationParams implements Parcelable { private final int mAlgorithm; private byte[] mSalt; @@ -61,6 +64,9 @@ public final class KeyDerivationParams implements Parcelable { return new KeyDerivationParams(ALGORITHM_SHA256, salt); } + /** + * @hide + */ // TODO: Make private once legacy API is removed public KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) { mAlgorithm = algorithm; @@ -92,9 +98,6 @@ public final class KeyDerivationParams implements Parcelable { } }; - /** - * @hide - */ @Override public void writeToParcel(Parcel out, int flags) { out.writeInt(mAlgorithm); diff --git a/core/java/android/security/keystore/recovery/LockScreenRequiredException.java b/core/java/android/security/keystore/recovery/LockScreenRequiredException.java index acf893b2aeb3..0062d290d698 100644 --- a/core/java/android/security/keystore/recovery/LockScreenRequiredException.java +++ b/core/java/android/security/keystore/recovery/LockScreenRequiredException.java @@ -16,6 +16,8 @@ package android.security.keystore.recovery; +import android.annotation.SystemApi; + import java.security.GeneralSecurityException; /** @@ -25,6 +27,7 @@ import java.security.GeneralSecurityException; * * @hide */ +@SystemApi public class LockScreenRequiredException extends GeneralSecurityException { public LockScreenRequiredException(String msg) { super(msg); diff --git a/core/java/android/security/keystore/recovery/RecoveryClaim.java b/core/java/android/security/keystore/recovery/RecoveryClaim.java index 11385d883a77..45c6b4ff6758 100644 --- a/core/java/android/security/keystore/recovery/RecoveryClaim.java +++ b/core/java/android/security/keystore/recovery/RecoveryClaim.java @@ -20,6 +20,7 @@ package android.security.keystore.recovery; * An attempt to recover a keychain protected by remote secure hardware. * * @hide + * Deprecated */ public class RecoveryClaim { diff --git a/core/java/android/security/keystore/recovery/RecoveryController.java b/core/java/android/security/keystore/recovery/RecoveryController.java index 20873171dc41..71a36f19a360 100644 --- a/core/java/android/security/keystore/recovery/RecoveryController.java +++ b/core/java/android/security/keystore/recovery/RecoveryController.java @@ -19,6 +19,7 @@ package android.security.keystore.recovery; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.RequiresPermission; +import android.annotation.SystemApi; import android.app.PendingIntent; import android.content.Context; import android.content.pm.PackageManager.NameNotFoundException; @@ -52,6 +53,7 @@ import java.util.Map; * * @hide */ +@SystemApi public class RecoveryController { private static final String TAG = "RecoveryController"; @@ -236,12 +238,13 @@ public class RecoveryController { /** * Gets aliases of recoverable keys for the application. + * * @param packageName which recoverable keys' aliases will be returned. * * @return {@code List} of all aliases. */ public List<String> getAliases(@Nullable String packageName) - throws RemoteException, InternalRecoveryServiceException { + throws InternalRecoveryServiceException { try { // TODO: update aidl Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(packageName); @@ -400,8 +403,8 @@ public class RecoveryController { } /** - * Generates a key called {@code alias} and loads it into the recoverable key store. Returns the - * raw material of the key. + * Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable + * key store. Returns the raw material of the key. * * @param alias The key alias. * @param account The account associated with the key diff --git a/core/java/android/security/keystore/recovery/RecoveryControllerException.java b/core/java/android/security/keystore/recovery/RecoveryControllerException.java index 0fb7c07edd5b..2733acabbeb6 100644 --- a/core/java/android/security/keystore/recovery/RecoveryControllerException.java +++ b/core/java/android/security/keystore/recovery/RecoveryControllerException.java @@ -22,6 +22,7 @@ import java.security.GeneralSecurityException; * Base exception for errors thrown by {@link RecoveryController}. * * @hide + * Deprecated */ public abstract class RecoveryControllerException extends GeneralSecurityException { RecoveryControllerException() { } diff --git a/core/java/android/security/keystore/recovery/RecoverySession.java b/core/java/android/security/keystore/recovery/RecoverySession.java index 11bea962d4b4..4db5d6e0ff15 100644 --- a/core/java/android/security/keystore/recovery/RecoverySession.java +++ b/core/java/android/security/keystore/recovery/RecoverySession.java @@ -17,6 +17,8 @@ package android.security.keystore.recovery; import android.annotation.NonNull; +import android.annotation.RequiresPermission; +import android.annotation.SystemApi; import android.os.RemoteException; import android.os.ServiceSpecificException; import android.util.Log; @@ -32,6 +34,7 @@ import java.util.Map; * * @hide */ +@SystemApi public class RecoverySession implements AutoCloseable { private static final String TAG = "RecoverySession"; @@ -48,6 +51,7 @@ public class RecoverySession implements AutoCloseable { /** * A new session, started by {@code recoveryManager}. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) static RecoverySession newInstance(RecoveryController recoveryController) { return new RecoverySession(recoveryController, newSessionId()); } @@ -88,6 +92,7 @@ public class RecoverySession implements AutoCloseable { * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @NonNull public byte[] start( @NonNull byte[] verifierPublicKey, @NonNull byte[] vaultParams, @@ -125,6 +130,7 @@ public class RecoverySession implements AutoCloseable { * @throws DecryptionFailedException if unable to decrypt the snapshot. * @throws InternalRecoveryServiceException if an error occurs internal to the recovery service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public Map<String, byte[]> recoverKeys( @NonNull byte[] recoveryKeyBlob, @NonNull List<WrappedApplicationKey> applicationKeys) @@ -158,9 +164,8 @@ public class RecoverySession implements AutoCloseable { /** * Deletes all data associated with {@code session}. Should not be invoked directly but via * {@link RecoverySession#close()}. - * - * @hide */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) @Override public void close() { try { diff --git a/core/java/android/security/keystore/recovery/SessionExpiredException.java b/core/java/android/security/keystore/recovery/SessionExpiredException.java index abee62e24a09..8c18e4191a39 100644 --- a/core/java/android/security/keystore/recovery/SessionExpiredException.java +++ b/core/java/android/security/keystore/recovery/SessionExpiredException.java @@ -16,14 +16,16 @@ package android.security.keystore.recovery; -import java.security.GeneralSecurityException; +import android.annotation.SystemApi; +import java.security.GeneralSecurityException; /** * Error thrown when attempting to use a {@link RecoverySession} that has since expired. * * @hide */ +@SystemApi public class SessionExpiredException extends GeneralSecurityException { public SessionExpiredException(String msg) { super(msg); diff --git a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java index 27191375a7f2..f360bbe99ba1 100644 --- a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java +++ b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java @@ -17,6 +17,8 @@ package android.security.keystore.recovery; import android.annotation.NonNull; +import android.annotation.SystemApi; + import android.os.Parcel; import android.os.Parcelable; @@ -36,6 +38,7 @@ import com.android.internal.util.Preconditions; * * @hide */ +@SystemApi public final class WrappedApplicationKey implements Parcelable { private String mAlias; // The only supported format is AES-256 symmetric key. @@ -143,9 +146,6 @@ public final class WrappedApplicationKey implements Parcelable { } }; - /** - * @hide - */ @Override public void writeToParcel(Parcel out, int flags) { out.writeString(mAlias); |