Skip the parsing of the refresh interval in CertXml
It's not used in Android P or Q.
Test: atest FrameworksServicesTests:com.android.server.locksettings.recoverablekeystore
Change-Id: Id07d0cc26811f25e2962f642d86f0bfd877f62ff
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/certificate/CertXml.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/certificate/CertXml.java
index c62a31e..ff22a8d 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/certificate/CertXml.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/certificate/CertXml.java
@@ -20,6 +20,8 @@
import com.android.internal.annotations.VisibleForTesting;
+import org.w3c.dom.Element;
+
import java.security.SecureRandom;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
@@ -28,8 +30,6 @@
import java.util.Date;
import java.util.List;
-import org.w3c.dom.Element;
-
/**
* Parses and holds the XML file containing the list of THM public-key certificates and related
* metadata.
@@ -38,24 +38,20 @@
private static final String METADATA_NODE_TAG = "metadata";
private static final String METADATA_SERIAL_NODE_TAG = "serial";
- private static final String METADATA_REFRESH_INTERVAL_NODE_TAG = "refresh-interval";
private static final String ENDPOINT_CERT_LIST_TAG = "endpoints";
private static final String ENDPOINT_CERT_ITEM_TAG = "cert";
private static final String INTERMEDIATE_CERT_LIST_TAG = "intermediates";
private static final String INTERMEDIATE_CERT_ITEM_TAG = "cert";
private final long serial;
- private final long refreshInterval;
private final List<X509Certificate> intermediateCerts;
private final List<X509Certificate> endpointCerts;
private CertXml(
long serial,
- long refreshInterval,
List<X509Certificate> intermediateCerts,
List<X509Certificate> endpointCerts) {
this.serial = serial;
- this.refreshInterval = refreshInterval;
this.intermediateCerts = intermediateCerts;
this.endpointCerts = endpointCerts;
}
@@ -65,15 +61,6 @@
return serial;
}
- /**
- * Gets the refresh interval in the XML file containing public-key certificates. The refresh
- * interval denotes the number of seconds that the client should follow to contact the server to
- * refresh the XML file.
- */
- public long getRefreshInterval() {
- return refreshInterval;
- }
-
@VisibleForTesting
List<X509Certificate> getAllIntermediateCerts() {
return intermediateCerts;
@@ -121,7 +108,6 @@
Element rootNode = CertUtils.getXmlRootNode(bytes);
return new CertXml(
parseSerial(rootNode),
- parseRefreshInterval(rootNode),
parseIntermediateCerts(rootNode),
parseEndpointCerts(rootNode));
}
@@ -136,16 +122,6 @@
return Long.parseLong(contents.get(0));
}
- private static long parseRefreshInterval(Element rootNode) throws CertParsingException {
- List<String> contents =
- CertUtils.getXmlNodeContents(
- CertUtils.MUST_EXIST_EXACTLY_ONE,
- rootNode,
- METADATA_NODE_TAG,
- METADATA_REFRESH_INTERVAL_NODE_TAG);
- return Long.parseLong(contents.get(0));
- }
-
private static List<X509Certificate> parseIntermediateCerts(Element rootNode)
throws CertParsingException {
List<String> contents =
diff --git a/services/tests/servicestests/assets/KeyStoreRecoveryControllerTest/xml/invalid-cert-file-two-refresh-intervals.xml b/services/tests/servicestests/assets/KeyStoreRecoveryControllerTest/xml/invalid-cert-file-two-refresh-intervals.xml
deleted file mode 100644
index 0f4e8a3..0000000
--- a/services/tests/servicestests/assets/KeyStoreRecoveryControllerTest/xml/invalid-cert-file-two-refresh-intervals.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<certificates>
- <metadata>
- <serial>
- 1000
- </serial>
- <creation-time>
- 1515697631
- </creation-time>
- <refresh-interval>
- 2592000
- </refresh-interval>
- <refresh-interval>
- 2592000
- </refresh-interval>
- <previous>
- <serial>
- 0
- </serial>
- <hash>
- 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
- </hash>
- </previous>
- </metadata>
- <endpoints>
- <cert>
- MIIDCDCB8aADAgECAgYBYOlweDswDQYJKoZIhvcNAQELBQAwLTErMCkGA1UEAwwi
- R29vZ2xlIENyeXB0QXV0aFZhdWx0IEludGVybWVkaWF0ZTAeFw0xODAxMTEwODE1
- NTBaFw0yMDAxMTIwODE1NTBaMCkxJzAlBgNVBAMTHkdvb2dsZSBDcnlwdEF1dGhW
- YXVsdCBJbnN0YW5jZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLgAERiYHfBu
- tJT+htocB40BtDr2jdxh0EZJlQ8QhpMkZuA/0t/zeSAdkVWw5b16izJ9JVOi/KVl
- 4b0hRH54UvowDQYJKoZIhvcNAQELBQADggIBABZALhC9j3hpZ0AgN0tsqAP2Ix21
- tNOcvo/aFJuSFanOM4DZbycZEYAo5rorvuFu7eXETBKDGnI5xreNAoQsaj/dyCHu
- HKIn5P7yCmKvG2sV2TQ5go+0xV2x8BhTrtUWLeHvUbM3fXipa3NrordbA8MgzXwr
- GR1Y1FuMOn5n4kiuHJ2sQTbDdzSQSK5VpH+6rjARlfOCyLUX0u8UKRRH81qhIQWb
- UFMp9q1CVfiLP2O3CdDdpZXCysdflIb62TWnma+I8jqMryyxrMVs9kpfa8zkX9qe
- 33Vxp+QaQTqQ07/7KYVw869MeFn+bXeHnjUhqGY6S8M71vrTMG3M5p8Sq9LmV8Y5
- 7YB5uqKap2Inf0FOuJS7h7nVVzU/kOFkepaQVHyScwTPuuXNgpQg8XZnN/AWfRwJ
- hf5zE6vXXTHMzQA1mY2eEhxGfpryv7LH8pvfcyTakdBlw8aMJjKdre8xLLGZeVCa
- 79plkfYD0rMrxtRHCGyTKGzUcx/B9kYJK5qBgJiDJLKF3XwGbAs/F8CyEPihjvj4
- M2EoeyhmHWKLYsps6+uTksJ+PxZU14M7672K2y8BdulyfkZIhili118XnRykKkMf
- JLQJKMqZx5O0B9bF8yQdcGKEGEwMQt5ENdH8HeiwLm4QS3VzFXYetgUPCM5lPDIp
- BuwwuQxvQDF4pmQd
- </cert>
- </endpoints>
-</certificates>
diff --git a/services/tests/servicestests/assets/KeyStoreRecoveryControllerTest/xml/invalid-cert-file-no-refresh-interval.xml b/services/tests/servicestests/assets/KeyStoreRecoveryControllerTest/xml/valid-cert-file-no-refresh-interval.xml
similarity index 100%
rename from services/tests/servicestests/assets/KeyStoreRecoveryControllerTest/xml/invalid-cert-file-no-refresh-interval.xml
rename to services/tests/servicestests/assets/KeyStoreRecoveryControllerTest/xml/valid-cert-file-no-refresh-interval.xml
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/certificate/CertXmlTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/certificate/CertXmlTest.java
index bbcc411..9836c64 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/certificate/CertXmlTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/certificate/CertXmlTest.java
@@ -47,7 +47,6 @@
public void parse_succeeds() throws Exception {
CertXml certXml = CertXml.parse(certXmlBytes);
assertThat(certXml.getSerial()).isEqualTo(1000L);
- assertThat(certXml.getRefreshInterval()).isEqualTo(2592000L);
}
@Test
@@ -75,6 +74,13 @@
}
@Test
+ public void parse_doesNotThrowIfNoRefreshInterval() throws Exception {
+ CertXml.parse(
+ TestData.readTestFile(
+ "xml/valid-cert-file-no-refresh-interval.xml"));
+ }
+
+ @Test
public void parse_throwsIfNoEndpointCert() throws Exception {
CertParsingException expected =
expectThrows(
@@ -87,18 +93,6 @@
}
@Test
- public void parse_throwsIfNoRefreshInterval() throws Exception {
- CertParsingException expected =
- expectThrows(
- CertParsingException.class,
- () ->
- CertXml.parse(
- TestData.readTestFile(
- "xml/invalid-cert-file-no-refresh-interval.xml")));
- assertThat(expected.getMessage()).contains("exactly one");
- }
-
- @Test
public void parse_throwsIfNoSerial() throws Exception {
CertParsingException expected =
expectThrows(
@@ -111,19 +105,6 @@
}
@Test
- public void parse_throwsIfTwoRefreshIntervals() throws Exception {
- CertParsingException expected =
- expectThrows(
- CertParsingException.class,
- () ->
- CertXml.parse(
- TestData.readTestFile(
- "xml/invalid-cert-file-two-refresh-intervals"
- + ".xml")));
- assertThat(expected.getMessage()).contains("exactly one");
- }
-
- @Test
public void parse_throwsIfTwoSerials() throws Exception {
CertParsingException expected =
expectThrows(