AndroidKeyStore: Add encrypted flag

Add the encrypted flag for the KeyPairGenerator and the KeyStore so that applications can choose to allow entries when there is no lockscreen. Bug: 8122243 Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
author: Kenny Root <kroot@google.com> 2013-04-10 11:30:58 -0700
committer: Kenny Root <kroot@google.com> 2013-04-12 15:19:48 -0700
commit: 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3 (patch)
tree: cf77426b72b1287ce66c230da7c67d2d5c8cdd8a /keystore/java/android/security/AndroidKeyPairGenerator.java
parent: a3788b00bb221e20abdd42f747d2af419e0a088c (diff)
download: frameworks_base-2eeda7286f3c7cb79f7eb71ae6464cad213d12a3.zip
frameworks_base-2eeda7286f3c7cb79f7eb71ae6464cad213d12a3.tar.gz
frameworks_base-2eeda7286f3c7cb79f7eb71ae6464cad213d12a3.tar.bz2
1 files changed, 12 insertions, 5 deletions
diff --git a/keystore/java/android/security/AndroidKeyPairGenerator.java b/keystore/java/android/security/AndroidKeyPairGenerator.java
index c42001b..6975583 100644
--- a/keystore/java/android/security/AndroidKeyPairGenerator.java
+++ b/keystore/java/android/security/AndroidKeyPairGenerator.java
@@ -49,10 +49,7 @@ import java.security.spec.X509EncodedKeySpec;
  *
  * {@hide}
  */
-@SuppressWarnings("deprecation")
 public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
-    public static final String NAME = "AndroidKeyPairGenerator";
-
     private android.security.KeyStore mKeyStore;
 
     private AndroidKeyPairGeneratorSpec mSpec;
@@ -79,12 +76,21 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
                     "Must call initialize with an AndroidKeyPairGeneratorSpec first");
         }
 
+        if (((mSpec.getFlags() & KeyStore.FLAG_ENCRYPTED) != 0)
+                && (mKeyStore.state() != KeyStore.State.UNLOCKED)) {
+            throw new IllegalStateException(
+                    "Android keystore must be in initialized and unlocked state "
+                            + "if encryption is required");
+        }
+
         final String alias = mSpec.getKeystoreAlias();
 
         Credentials.deleteAllTypesForAlias(mKeyStore, alias);
 
         final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
-        mKeyStore.generate(privateKeyAlias);
+        if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, mSpec.getFlags())) {
+            throw new IllegalStateException("could not generate key in keystore");
+        }
 
         final PrivateKey privKey;
         final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
@@ -131,7 +137,8 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
             throw new IllegalStateException("Can't get encoding of certificate", e);
         }
 
-        if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, certBytes)) {
+        if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, certBytes, KeyStore.UID_SELF,
+                mSpec.getFlags())) {
             Credentials.deleteAllTypesForAlias(mKeyStore, alias);
             throw new IllegalStateException("Can't store certificate in AndroidKeyStore");
         }
author	Kenny Root <kroot@google.com>	2013-04-10 11:30:58 -0700
committer	Kenny Root <kroot@google.com>	2013-04-12 15:19:48 -0700
commit	2eeda7286f3c7cb79f7eb71ae6464cad213d12a3 (patch)
tree	cf77426b72b1287ce66c230da7c67d2d5c8cdd8a /keystore/java/android/security/AndroidKeyPairGenerator.java
parent	a3788b00bb221e20abdd42f747d2af419e0a088c (diff)
download	frameworks_base-2eeda7286f3c7cb79f7eb71ae6464cad213d12a3.zip frameworks_base-2eeda7286f3c7cb79f7eb71ae6464cad213d12a3.tar.gz frameworks_base-2eeda7286f3c7cb79f7eb71ae6464cad213d12a3.tar.bz2