Merge "Remove deprecated android.security.KeyStore methods." into mnc-dev
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 1a05104..367257a 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -231,14 +231,6 @@
return list(prefix, UID_SELF);
}
- public String[] saw(String prefix, int uid) {
- return list(prefix, uid);
- }
-
- public String[] saw(String prefix) {
- return saw(prefix, UID_SELF);
- }
-
public boolean reset() {
try {
return mBinder.reset() == NO_ERROR;
@@ -328,23 +320,6 @@
}
}
- public byte[] getPubkey(String key) {
- try {
- return mBinder.get_pubkey(key);
- } catch (RemoteException e) {
- Log.w(TAG, "Cannot connect to keystore", e);
- return null;
- }
- }
-
- public boolean delKey(String key, int uid) {
- return delete(key, uid);
- }
-
- public boolean delKey(String key) {
- return delKey(key, UID_SELF);
- }
-
public byte[] sign(String key, byte[] data) {
try {
return mBinder.sign(key, data);
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
index 7b5ca3a..c5ea0f7 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -20,6 +20,8 @@
import android.security.Credentials;
import android.security.KeyPairGeneratorSpec;
import android.security.KeyStore;
+import android.security.keymaster.ExportResult;
+import android.security.keymaster.KeymasterDefs;
import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;
import com.android.org.conscrypt.NativeConstants;
@@ -33,6 +35,7 @@
import java.security.KeyPairGeneratorSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
+import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
@@ -153,7 +156,18 @@
throw new RuntimeException("Can't get key", e);
}
- final byte[] pubKeyBytes = mKeyStore.getPubkey(privateKeyAlias);
+ ExportResult exportResult =
+ mKeyStore.exportKey(
+ privateKeyAlias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null);
+ if (exportResult == null) {
+ throw new KeyStoreConnectException();
+ } else if (exportResult.resultCode != KeyStore.NO_ERROR) {
+ throw new ProviderException(
+ "Failed to obtain public key in X.509 format",
+ KeyStore.getKeyStoreException(exportResult.resultCode));
+ }
+ final byte[] pubKeyBytes = exportResult.exportData;
+
final PublicKey pubKey;
try {
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
index 05ddef6..7c9c0cf 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
@@ -685,7 +685,7 @@
}
private Set<String> getUniqueAliases() {
- final String[] rawAliases = mKeyStore.saw("");
+ final String[] rawAliases = mKeyStore.list("");
if (rawAliases == null) {
return new HashSet<String>();
}
@@ -778,7 +778,7 @@
* equivalent to the USER_CERTIFICATE prefix for the Android keystore
* convention.
*/
- final String[] certAliases = mKeyStore.saw(Credentials.USER_CERTIFICATE);
+ final String[] certAliases = mKeyStore.list(Credentials.USER_CERTIFICATE);
if (certAliases != null) {
for (String alias : certAliases) {
final byte[] certBytes = mKeyStore.get(Credentials.USER_CERTIFICATE + alias);
@@ -799,7 +799,7 @@
* Look at all the TrustedCertificateEntry types. Skip all the
* PrivateKeyEntry we looked at above.
*/
- final String[] caAliases = mKeyStore.saw(Credentials.CA_CERTIFICATE);
+ final String[] caAliases = mKeyStore.list(Credentials.CA_CERTIFICATE);
if (certAliases != null) {
for (String alias : caAliases) {
if (nonCaEntries.contains(alias)) {
diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java
index e048ec9..44fb826 100644
--- a/keystore/tests/src/android/security/KeyStoreTest.java
+++ b/keystore/tests/src/android/security/KeyStoreTest.java
@@ -276,8 +276,8 @@
assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));
}
- public void testSaw() throws Exception {
- String[] emptyResult = mKeyStore.saw(TEST_KEYNAME);
+ public void testList() throws Exception {
+ String[] emptyResult = mKeyStore.list(TEST_KEYNAME);
assertNotNull(emptyResult);
assertEquals(0, emptyResult.length);
@@ -285,26 +285,26 @@
mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
- String[] results = mKeyStore.saw(TEST_KEYNAME);
+ String[] results = mKeyStore.list(TEST_KEYNAME);
assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
new HashSet(Arrays.asList(results)));
}
- public void testSaw_ungrantedUid_Bluetooth() throws Exception {
- String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID);
+ public void testList_ungrantedUid_Bluetooth() throws Exception {
+ String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID);
assertEquals(0, results1.length);
mKeyStore.onUserPasswordChanged(TEST_PASSWD);
mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED);
- String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID);
+ String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.BLUETOOTH_UID);
assertEquals(0, results2.length);
}
- public void testSaw_grantedUid_Wifi() throws Exception {
- String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID);
+ public void testList_grantedUid_Wifi() throws Exception {
+ String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID);
assertNotNull(results1);
assertEquals(0, results1.length);
@@ -312,14 +312,14 @@
mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED);
mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED);
- String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID);
+ String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.WIFI_UID);
assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
new HashSet(Arrays.asList(results2)));
}
- public void testSaw_grantedUid_Vpn() throws Exception {
- String[] results1 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID);
+ public void testList_grantedUid_Vpn() throws Exception {
+ String[] results1 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID);
assertNotNull(results1);
assertEquals(0, results1.length);
@@ -327,7 +327,7 @@
mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED);
mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED);
- String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID);
+ String[] results2 = mKeyStore.list(TEST_KEYNAME, Process.VPN_UID);
assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()),
TEST_KEYNAME2.substring(TEST_KEYNAME.length()))),
new HashSet(Arrays.asList(results2)));
diff --git a/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java b/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java
index cad4e54..8488acd 100644
--- a/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java
+++ b/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java
@@ -18,6 +18,9 @@
import android.security.Credentials;
import android.security.KeyPairGeneratorSpec;
+import android.security.KeyStore;
+import android.security.keymaster.ExportResult;
+import android.security.keymaster.KeymasterDefs;
import android.test.AndroidTestCase;
import java.io.ByteArrayInputStream;
@@ -78,7 +81,7 @@
assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111"));
assertTrue(mAndroidKeyStore.isUnlocked());
- String[] aliases = mAndroidKeyStore.saw("");
+ String[] aliases = mAndroidKeyStore.list("");
assertNotNull(aliases);
assertEquals(0, aliases.length);
}
@@ -359,7 +362,10 @@
final byte[] caCerts = mAndroidKeyStore.get(Credentials.CA_CERTIFICATE + alias);
assertNull("A list of CA certificates should not exist for the generated entry", caCerts);
- final byte[] pubKeyBytes = mAndroidKeyStore.getPubkey(Credentials.USER_PRIVATE_KEY + alias);
+ ExportResult exportResult = mAndroidKeyStore.exportKey(
+ Credentials.USER_PRIVATE_KEY + alias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null);
+ assertEquals(KeyStore.NO_ERROR, exportResult.resultCode);
+ final byte[] pubKeyBytes = exportResult.exportData;
assertNotNull("The keystore should return the public key for the generated key",
pubKeyBytes);
}
diff --git a/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java b/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java
index 2d4e4a0..336fa40 100644
--- a/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java
+++ b/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java
@@ -24,6 +24,8 @@
import android.security.Credentials;
import android.security.KeyStore;
import android.security.KeyStoreParameter;
+import android.security.keymaster.ExportResult;
+import android.security.keymaster.KeymasterDefs;
import android.test.AndroidTestCase;
import java.io.ByteArrayInputStream;
@@ -742,7 +744,7 @@
assertTrue(mAndroidKeyStore.onUserPasswordChanged("1111"));
assertTrue(mAndroidKeyStore.isUnlocked());
- assertEquals(0, mAndroidKeyStore.saw("").length);
+ assertEquals(0, mAndroidKeyStore.list("").length);
}
private void assertAliases(final String[] expectedAliases) throws KeyStoreException {
@@ -1932,7 +1934,10 @@
throw new RuntimeException("Can't get key", e);
}
- final byte[] pubKeyBytes = keyStore.getPubkey(privateKeyAlias);
+ ExportResult exportResult =
+ keyStore.exportKey(privateKeyAlias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null);
+ assertEquals(KeyStore.NO_ERROR, exportResult.resultCode);
+ final byte[] pubKeyBytes = exportResult.exportData;
final PublicKey pubKey;
try {