diff options
| author | Kenny Root <kroot@google.com> | 2013-04-15 19:54:55 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2013-04-15 19:54:55 +0000 |
| commit | e47539684e1431a69893e45bcf9ace4f812edbc8 (patch) | |
| tree | 582788231cc30a4115d001f1cf5f2ff64ff0fec1 | |
| parent | 097ed01adca362b7c3e49a9301aacbbf3415384a (diff) | |
| parent | b2c0ff64d8ff92dab53e969a44fa12427d145952 (diff) | |
| download | frameworks_base-e47539684e1431a69893e45bcf9ace4f812edbc8.zip frameworks_base-e47539684e1431a69893e45bcf9ace4f812edbc8.tar.gz frameworks_base-e47539684e1431a69893e45bcf9ace4f812edbc8.tar.bz2 | |
Merge "Remove old KeyStore call sites" into jb-mr2-dev
3 files changed, 180 insertions, 122 deletions
diff --git a/keystore/tests/src/android/security/AndroidKeyStoreTest.java b/keystore/tests/src/android/security/AndroidKeyStoreTest.java index 05ffe109..507d41c 100644 --- a/keystore/tests/src/android/security/AndroidKeyStoreTest.java +++ b/keystore/tests/src/android/security/AndroidKeyStoreTest.java @@ -504,11 +504,13 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertAliases(new String[] {}); - assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1)); + assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertAliases(new String[] { TEST_ALIAS_1 }); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); } @@ -530,11 +532,13 @@ public class AndroidKeyStoreTest extends AndroidTestCase { assertAliases(new String[] {}); - assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1)); + assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); @@ -547,7 +551,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should contain added CA certificate", mKeyStore.containsAlias(TEST_ALIAS_2)); } @@ -567,15 +572,19 @@ public class AndroidKeyStoreTest extends AndroidTestCase { // TEST_ALIAS_1 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); // TEST_ALIAS_2 - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); // TEST_ALIAS_3 - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_3, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_3, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); @@ -608,9 +617,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { // TEST_ALIAS_1 assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); // Should not throw when a non-existent entry is requested for delete. mKeyStore.deleteEntry(TEST_ALIAS_2); @@ -621,7 +632,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertAliases(new String[] { TEST_ALIAS_1 }); @@ -652,7 +664,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); CertificateFactory f = CertificateFactory.getInstance("X.509"); Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); @@ -668,9 +681,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); CertificateFactory f = CertificateFactory.getInstance("X.509"); Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); @@ -686,13 +701,16 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); // Insert TrustedCertificateEntry with CA name - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); // Insert PrivateKeyEntry that uses the same CA assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); CertificateFactory f = CertificateFactory.getInstance("X.509"); Certificate actual = f.generateCertificate(new ByteArrayInputStream(FAKE_CA_1)); @@ -719,7 +737,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); CertificateFactory f = CertificateFactory.getInstance("X.509"); Certificate userCert = f.generateCertificate(new ByteArrayInputStream(FAKE_USER_1)); @@ -734,9 +753,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); CertificateFactory cf = CertificateFactory.getInstance("X.509"); Certificate[] expected = new Certificate[2]; @@ -771,9 +792,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); Date now = new Date(); Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); @@ -810,7 +833,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); Date now = new Date(); Date actual = mKeyStore.getCreationDate(TEST_ALIAS_1); @@ -829,9 +853,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); assertNotNull("Entry should exist", entry); @@ -930,9 +956,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); Key key = mKeyStore.getKey(TEST_ALIAS_1, null); assertNotNull("Key should exist", key); @@ -977,7 +1005,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertNull("Certificate entries should return null", mKeyStore.getKey(TEST_ALIAS_1, null)); } @@ -1006,7 +1035,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { setupPassword(); mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should return true for CA certificate", mKeyStore.isCertificateEntry(TEST_ALIAS_1)); @@ -1017,9 +1047,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertFalse("Should return false for PrivateKeyEntry", mKeyStore.isCertificateEntry(TEST_ALIAS_1)); @@ -1045,9 +1077,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should return true for PrivateKeyEntry", mKeyStore.isKeyEntry(TEST_ALIAS_1)); } @@ -1056,7 +1090,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { setupPassword(); mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertFalse("Should return false for CA certificate", mKeyStore.isKeyEntry(TEST_ALIAS_1)); } @@ -1089,7 +1124,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { setupPassword(); mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertAliases(new String[] { TEST_ALIAS_1 }); @@ -1107,9 +1143,11 @@ public class AndroidKeyStoreTest extends AndroidTestCase { mKeyStore.load(null, null); assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, - FAKE_KEY_1)); - assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1)); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + FAKE_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_USER_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertAliases(new String[] { TEST_ALIAS_1 }); @@ -1596,7 +1634,8 @@ public class AndroidKeyStoreTest extends AndroidTestCase { // Create key #1 { final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; - assertTrue(mAndroidKeyStore.generate(privateKeyAlias)); + assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); Key key = mKeyStore.getKey(TEST_ALIAS_1, null); @@ -1608,7 +1647,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - expectedCert.getEncoded())); + expectedCert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); Entry entry = mKeyStore.getEntry(TEST_ALIAS_1, null); @@ -1651,25 +1690,27 @@ public class AndroidKeyStoreTest extends AndroidTestCase { // Create key #1 { final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; - assertTrue(mAndroidKeyStore.generate(privateKeyAlias)); + assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - cert.getEncoded())); + cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); } // Create key #2 { final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_2; - assertTrue(mAndroidKeyStore.generate(privateKeyAlias)); + assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2, TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS); assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_2, - cert.getEncoded())); + cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); } // Replace key #1 with key #2 @@ -1731,17 +1772,20 @@ public class AndroidKeyStoreTest extends AndroidTestCase { setupPassword(); mKeyStore.load(null, null); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertEquals("The keystore size should match expected", 1, mKeyStore.size()); assertAliases(new String[] { TEST_ALIAS_1 }); - assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1)); + assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_2, FAKE_CA_1, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertEquals("The keystore size should match expected", 2, mKeyStore.size()); assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 }); - assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3)); + assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3, + KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertEquals("The keystore size should match expected", 3, mKeyStore.size()); assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2, TEST_ALIAS_3 }); @@ -1807,13 +1851,14 @@ public class AndroidKeyStoreTest extends AndroidTestCase { private void setupKey() throws Exception { final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1; - assertTrue(mAndroidKeyStore.generate(privateKeyAlias)); + assertTrue(mAndroidKeyStore + .generate(privateKeyAlias, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS); assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, - cert.getEncoded())); + cert.getEncoded(), KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); } public void testKeyStore_KeyOperations_Wrap_Encrypted_Success() throws Exception { diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java index 1de1eaf..815f4ac 100644 --- a/keystore/tests/src/android/security/KeyStoreTest.java +++ b/keystore/tests/src/android/security/KeyStoreTest.java @@ -142,42 +142,51 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertNull(mKeyStore.get(TEST_KEYNAME)); mKeyStore.password(TEST_PASSWD); assertNull(mKeyStore.get(TEST_KEYNAME)); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE)); + assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); } public void testPut() throws Exception { assertNull(mKeyStore.get(TEST_KEYNAME)); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE)); + assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_KEYNAME)); mKeyStore.password(TEST_PASSWD); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE)); + assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); } public void testPut_grantedUid_Wifi() throws Exception { assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID)); + assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, + KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); mKeyStore.password(TEST_PASSWD); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID)); + assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, + KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); } public void testPut_ungrantedUid_Bluetooth() throws Exception { assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID)); + assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, + KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); mKeyStore.password(TEST_PASSWD); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID)); + assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, + KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); } public void testI18n() throws Exception { - assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE)); + assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_I18N_KEY)); mKeyStore.password(TEST_I18N_KEY); - assertTrue(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE)); + assertTrue(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_I18N_KEY)); } @@ -186,7 +195,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.password(TEST_PASSWD); assertFalse(mKeyStore.delete(TEST_KEYNAME)); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE)); + assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); assertTrue(Arrays.equals(TEST_KEYVALUE, mKeyStore.get(TEST_KEYNAME))); assertTrue(mKeyStore.delete(TEST_KEYNAME)); assertNull(mKeyStore.get(TEST_KEYNAME)); @@ -197,7 +207,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.password(TEST_PASSWD); assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID)); + assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, + KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); assertTrue(mKeyStore.delete(TEST_KEYNAME, Process.WIFI_UID)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); @@ -208,7 +219,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.password(TEST_PASSWD); assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID)); + assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, + KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); assertFalse(mKeyStore.delete(TEST_KEYNAME, Process.BLUETOOTH_UID)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); @@ -220,7 +232,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertTrue(mKeyStore.password(TEST_PASSWD)); assertFalse(mKeyStore.contains(TEST_KEYNAME)); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE)); + assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, + KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME)); } @@ -230,7 +243,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertTrue(mKeyStore.password(TEST_PASSWD)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); - assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID)); + assertTrue(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.WIFI_UID, + KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); } @@ -240,7 +254,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertTrue(mKeyStore.password(TEST_PASSWD)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); - assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID)); + assertFalse(mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, Process.BLUETOOTH_UID, + KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); } @@ -250,8 +265,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertEquals(0, emptyResult.length); mKeyStore.password(TEST_PASSWD); - mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE); - mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE); + mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); + mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); String[] results = mKeyStore.saw(TEST_KEYNAME); assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), @@ -264,8 +279,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertNull(results1); mKeyStore.password(TEST_PASSWD); - mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE); - mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE); + mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); + mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.BLUETOOTH_UID); assertNull(results2); @@ -277,8 +292,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertEquals(0, results1.length); mKeyStore.password(TEST_PASSWD); - mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID); - mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID); + mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); + mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.WIFI_UID); assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), @@ -292,8 +307,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertEquals(0, results1.length); mKeyStore.password(TEST_PASSWD); - mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID); - mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID); + mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); + mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE, Process.VPN_UID, KeyStore.FLAG_ENCRYPTED); String[] results2 = mKeyStore.saw(TEST_KEYNAME, Process.VPN_UID); assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), @@ -324,7 +339,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertTrue(mKeyStore.isEmpty()); mKeyStore.password(TEST_PASSWD); assertTrue(mKeyStore.isEmpty()); - mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE); + mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED); assertFalse(mKeyStore.isEmpty()); mKeyStore.reset(); assertTrue(mKeyStore.isEmpty()); @@ -332,20 +347,21 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { public void testGenerate_NotInitialized_Fail() throws Exception { assertFalse("Should fail when keystore is not initialized", - mKeyStore.generate(TEST_KEYNAME)); + mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); } public void testGenerate_Locked_Fail() throws Exception { mKeyStore.password(TEST_PASSWD); mKeyStore.lock(); - assertFalse("Should fail when keystore is locked", mKeyStore.generate(TEST_KEYNAME)); + assertFalse("Should fail when keystore is locked", + mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); } public void testGenerate_Success() throws Exception { assertTrue(mKeyStore.password(TEST_PASSWD)); assertTrue("Should be able to generate key when unlocked", - mKeyStore.generate(TEST_KEYNAME)); + mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); } @@ -354,7 +370,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertTrue(mKeyStore.password(TEST_PASSWD)); assertTrue("Should be able to generate key when unlocked", - mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID)); + mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); assertFalse(mKeyStore.contains(TEST_KEYNAME)); } @@ -362,7 +378,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { public void testGenerate_ungrantedUid_Bluetooth_Failure() throws Exception { assertTrue(mKeyStore.password(TEST_PASSWD)); - assertFalse(mKeyStore.generate(TEST_KEYNAME, Process.BLUETOOTH_UID)); + assertFalse(mKeyStore.generate(TEST_KEYNAME, Process.BLUETOOTH_UID, KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); assertFalse(mKeyStore.contains(TEST_KEYNAME)); @@ -371,8 +387,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { public void testImport_Success() throws Exception { assertTrue(mKeyStore.password(TEST_PASSWD)); - assertTrue("Should be able to import key when unlocked", - mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES)); + assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, + PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); } @@ -380,8 +396,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { public void testImport_grantedUid_Wifi_Success() throws Exception { assertTrue(mKeyStore.password(TEST_PASSWD)); - assertTrue("Should be able to import key when unlocked", - mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.WIFI_UID)); + assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, + PRIVKEY_BYTES, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); assertFalse(mKeyStore.contains(TEST_KEYNAME)); } @@ -389,7 +405,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { public void testImport_ungrantedUid_Bluetooth_Failure() throws Exception { assertTrue(mKeyStore.password(TEST_PASSWD)); - assertFalse(mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.BLUETOOTH_UID)); + assertFalse(mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES, Process.BLUETOOTH_UID, + KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); assertFalse(mKeyStore.contains(TEST_KEYNAME)); @@ -398,8 +415,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { public void testImport_Failure_BadEncoding() throws Exception { mKeyStore.password(TEST_PASSWD); - assertFalse("Invalid DER-encoded key should not be imported", - mKeyStore.importKey(TEST_KEYNAME, TEST_DATA)); + assertFalse("Invalid DER-encoded key should not be imported", mKeyStore.importKey( + TEST_KEYNAME, TEST_DATA, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertFalse(mKeyStore.contains(TEST_KEYNAME)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); } @@ -407,7 +424,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { public void testSign_Success() throws Exception { mKeyStore.password(TEST_PASSWD); - assertTrue(mKeyStore.generate(TEST_KEYNAME)); + assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME)); final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); @@ -417,7 +434,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { public void testVerify_Success() throws Exception { mKeyStore.password(TEST_PASSWD); - assertTrue(mKeyStore.generate(TEST_KEYNAME)); + assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME)); final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA); @@ -444,7 +461,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.password(TEST_PASSWD)); assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME)); + mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); @@ -453,8 +470,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { public void testGrant_Imported_Success() throws Exception { assertTrue("Password should work for keystore", mKeyStore.password(TEST_PASSWD)); - assertTrue("Should be able to import key for testcase", - mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES)); + assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, + PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); } @@ -477,7 +494,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.password(TEST_PASSWD)); assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME)); + mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); @@ -490,8 +507,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertTrue("Password should work for keystore", mKeyStore.password(TEST_PASSWD)); - assertTrue("Should be able to import key for testcase", - mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES)); + assertTrue("Should be able to import key for testcase", mKeyStore.importKey(TEST_KEYNAME, + PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); @@ -510,7 +527,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.password(TEST_PASSWD)); assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME)); + mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertFalse("Should not be able to revoke not existent grant", mKeyStore.ungrant(TEST_KEYNAME, 0)); @@ -521,7 +538,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.password(TEST_PASSWD)); assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME)); + mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); @@ -538,7 +555,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { mKeyStore.password(TEST_PASSWD)); assertTrue("Should be able to generate key for testcase", - mKeyStore.generate(TEST_KEYNAME)); + mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue("Should be able to grant key to other user", mKeyStore.grant(TEST_KEYNAME, 0)); @@ -558,7 +575,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertFalse(mKeyStore.contains(TEST_KEYNAME)); - assertTrue(mKeyStore.generate(TEST_KEYNAME)); + assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID)); @@ -596,7 +613,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertFalse(mKeyStore.contains(TEST_KEYNAME)); - assertTrue(mKeyStore.generate(TEST_KEYNAME)); + assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertTrue(mKeyStore.contains(TEST_KEYNAME)); assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID)); @@ -619,8 +636,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertTrue("Password should work for keystore", mKeyStore.password(TEST_PASSWD)); - assertTrue("Should be able to import key when unlocked", - mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES)); + assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, + PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); long now = System.currentTimeMillis(); long actual = mKeyStore.getmtime(TEST_KEYNAME); @@ -650,8 +667,8 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { assertTrue("Password should work for keystore", mKeyStore.password(TEST_PASSWD)); - assertTrue("Should be able to import key when unlocked", - mKeyStore.importKey(TEST_KEYNAME, PRIVKEY_BYTES)); + assertTrue("Should be able to import key when unlocked", mKeyStore.importKey(TEST_KEYNAME, + PRIVKEY_BYTES, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED)); assertEquals("-1 should be returned for non-existent key", -1L, mKeyStore.getmtime(TEST_KEYNAME2)); diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java index f73a13c..4e7497c 100644 --- a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java +++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java @@ -19,17 +19,12 @@ import android.os.Parcel; import android.os.Parcelable; import android.os.Process; import android.security.Credentials; +import android.security.KeyStore; import android.text.TextUtils; -import com.android.org.bouncycastle.asn1.ASN1InputStream; -import com.android.org.bouncycastle.asn1.ASN1Sequence; -import com.android.org.bouncycastle.asn1.DEROctetString; -import com.android.org.bouncycastle.asn1.x509.BasicConstraints; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.KeyFactory; -import java.security.KeyStore; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.Certificate; @@ -481,7 +476,8 @@ public class WifiEnterpriseConfig implements Parcelable { String caCertName = Credentials.CA_CERTIFICATE + name; if (mClientCertificate != null) { byte[] privKeyData = mClientPrivateKey.getEncoded(); - ret = keyStore.importKey(privKeyName, privKeyData, Process.WIFI_UID); + ret = keyStore.importKey(privKeyName, privKeyData, Process.WIFI_UID, + KeyStore.FLAG_ENCRYPTED); if (ret == false) { return ret; } @@ -525,7 +521,7 @@ public class WifiEnterpriseConfig implements Parcelable { Certificate cert) { try { byte[] certData = Credentials.convertToPem(cert); - return keyStore.put(name, certData, Process.WIFI_UID); + return keyStore.put(name, certData, Process.WIFI_UID, KeyStore.FLAG_ENCRYPTED); } catch (IOException e1) { return false; } catch (CertificateException e2) { @@ -533,7 +529,7 @@ public class WifiEnterpriseConfig implements Parcelable { } } - void removeKeys(android.security.KeyStore keyStore) { + void removeKeys(KeyStore keyStore) { String client = getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX); // a valid client certificate is configured if (!TextUtils.isEmpty(client)) { |