Remove account from WrappedApplicationKey
Recovery controller will no longer be aware of accounts. It is up to
the recovery agent to decide where to upload keys, and if so what
accounts to use.
Bug: 73811828
Test: runtest frameworks-core -p android.security.keystore.recovery
Change-Id: I929076d948f4d36ba88b68cca08058a5cdde0107
diff --git a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java
index f360bbe9..df9766d 100644
--- a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java
+++ b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 The Android Open Source Project
+ * Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,7 +18,6 @@
import android.annotation.NonNull;
import android.annotation.SystemApi;
-
import android.os.Parcel;
import android.os.Parcelable;
@@ -29,7 +28,6 @@
*
* <ul>
* <li>Alias - Keystore alias of the key.
- * <li>Account Recovery Agent specific account associated with the key.
* <li>Encrypted key material.
* </ul>
*
@@ -43,7 +41,6 @@
private String mAlias;
// The only supported format is AES-256 symmetric key.
private byte[] mEncryptedKeyMaterial;
- private byte[] mAccount;
/**
* Builder for creating {@link WrappedApplicationKey}.
@@ -63,13 +60,11 @@
}
/**
- * Sets Recovery agent specific account.
- *
- * @param account The account.
- * @return This builder.
+ * @deprecated AOSP does not associate keys with accounts. This may be done by system app.
+ * @removed
*/
+ @Deprecated
public Builder setAccount(@NonNull byte[] account) {
- mInstance.mAccount = account;
return this;
}
@@ -94,15 +89,11 @@
@NonNull public WrappedApplicationKey build() {
Preconditions.checkNotNull(mInstance.mAlias);
Preconditions.checkNotNull(mInstance.mEncryptedKeyMaterial);
- if (mInstance.mAccount == null) {
- mInstance.mAccount = new byte[]{};
- }
return mInstance;
}
}
- private WrappedApplicationKey() {
- }
+ private WrappedApplicationKey() { }
/**
* Deprecated - consider using Builder.
@@ -127,12 +118,13 @@
return mEncryptedKeyMaterial;
}
- /** Account, default value is empty array */
+ /**
+ * @deprecated AOSP does not associate keys with accounts. This may be done by system app.
+ * @removed
+ */
+ @Deprecated
public @NonNull byte[] getAccount() {
- if (mAccount == null) {
- return new byte[]{};
- }
- return mAccount;
+ return new byte[0];
}
public static final Parcelable.Creator<WrappedApplicationKey> CREATOR =
@@ -150,7 +142,6 @@
public void writeToParcel(Parcel out, int flags) {
out.writeString(mAlias);
out.writeByteArray(mEncryptedKeyMaterial);
- out.writeByteArray(mAccount);
}
/**
@@ -159,7 +150,6 @@
protected WrappedApplicationKey(Parcel in) {
mAlias = in.readString();
mEncryptedKeyMaterial = in.createByteArray();
- mAccount = in.createByteArray();
}
@Override
diff --git a/core/tests/coretests/src/android/security/keystore/recovery/WrappedApplicationKeyTest.java b/core/tests/coretests/src/android/security/keystore/recovery/WrappedApplicationKeyTest.java
new file mode 100644
index 0000000..15afbdd
--- /dev/null
+++ b/core/tests/coretests/src/android/security/keystore/recovery/WrappedApplicationKeyTest.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.keystore.recovery;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
+import android.os.Parcel;
+import android.support.test.filters.SmallTest;
+import android.support.test.runner.AndroidJUnit4;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+@SmallTest
+public class WrappedApplicationKeyTest {
+
+ private static final String ALIAS = "karlin";
+ private static final byte[] KEY_MATERIAL = new byte[] { 0, 1, 2, 3, 4 };
+
+ private Parcel mParcel;
+
+ @Before
+ public void setUp() {
+ mParcel = Parcel.obtain();
+ }
+
+ @After
+ public void tearDown() {
+ mParcel.recycle();
+ }
+
+ @Test
+ public void build_setsAlias() {
+ assertEquals(ALIAS, buildTestKey().getAlias());
+ }
+
+ @Test
+ public void build_setsEncryptedKeyMaterial() {
+ assertArrayEquals(KEY_MATERIAL, buildTestKey().getEncryptedKeyMaterial());
+ }
+
+ @Test
+ public void writeToParcel_writesAliasToParcel() {
+ buildTestKey().writeToParcel(mParcel, /*flags=*/ 0);
+
+ mParcel.setDataPosition(0);
+ WrappedApplicationKey readFromParcel =
+ WrappedApplicationKey.CREATOR.createFromParcel(mParcel);
+ assertEquals(ALIAS, readFromParcel.getAlias());
+ }
+
+ @Test
+ public void writeToParcel_writesKeyMaterial() {
+ buildTestKey().writeToParcel(mParcel, /*flags=*/ 0);
+
+ mParcel.setDataPosition(0);
+ WrappedApplicationKey readFromParcel =
+ WrappedApplicationKey.CREATOR.createFromParcel(mParcel);
+ assertArrayEquals(KEY_MATERIAL, readFromParcel.getEncryptedKeyMaterial());
+ }
+
+ private WrappedApplicationKey buildTestKey() {
+ return new WrappedApplicationKey.Builder()
+ .setAlias(ALIAS)
+ .setEncryptedKeyMaterial(KEY_MATERIAL)
+ .build();
+ }
+}