diff options
author | Kenny Root <kroot@google.com> | 2013-04-18 17:57:03 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2013-04-18 18:34:58 -0700 |
commit | 1c219f619291ba818bc2542390a2988539d94ed0 (patch) | |
tree | f9b17839a23ca3978cea2251767b4432d1d1f9a6 /keystore/java/android/security/KeyStoreParameter.java | |
parent | a454c5732cacffdda53ae277b1e43d87b43044b1 (diff) | |
download | frameworks_base-1c219f619291ba818bc2542390a2988539d94ed0.zip frameworks_base-1c219f619291ba818bc2542390a2988539d94ed0.tar.gz frameworks_base-1c219f619291ba818bc2542390a2988539d94ed0.tar.bz2 |
Rename API AndroidKey* -> Key*
Bug: 8657552
Change-Id: Id9102b7c2c2f6d27fba7645f0629750cfe1eb510
Diffstat (limited to 'keystore/java/android/security/KeyStoreParameter.java')
-rw-r--r-- | keystore/java/android/security/KeyStoreParameter.java | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/keystore/java/android/security/KeyStoreParameter.java b/keystore/java/android/security/KeyStoreParameter.java new file mode 100644 index 0000000..621a605 --- /dev/null +++ b/keystore/java/android/security/KeyStoreParameter.java @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security; + +import android.content.Context; +import android.security.KeyPairGeneratorSpec.Builder; + +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.KeyStore.ProtectionParameter; +import java.security.cert.Certificate; + +/** + * This provides the optional parameters that can be specified for + * {@code KeyStore} entries that work with + * <a href="{@docRoot}guide/topics/security/keystore.html">Android KeyStore + * facility</a>. The Android KeyStore facility is accessed through a + * {@link java.security.KeyStore} API using the {@code AndroidKeyStore} + * provider. The {@code context} passed in may be used to pop up some UI to ask + * the user to unlock or initialize the Android KeyStore facility. + * <p> + * Any entries placed in the {@code KeyStore} may be retrieved later. Note that + * there is only one logical instance of the {@code KeyStore} per application + * UID so apps using the {@code sharedUid} facility will also share a + * {@code KeyStore}. + * <p> + * Keys may be generated using the {@link KeyPairGenerator} facility with a + * {@link KeyPairGeneratorSpec} to specify the entry's {@code alias}. A + * self-signed X.509 certificate will be attached to generated entries, but that + * may be replaced at a later time by a certificate signed by a real Certificate + * Authority. + */ +public final class KeyStoreParameter implements ProtectionParameter { + private int mFlags; + + private KeyStoreParameter(int flags) { + mFlags = flags; + } + + /** + * @hide + */ + public int getFlags() { + return mFlags; + } + + /** + * Returns {@code true} if this parameter requires entries to be encrypted + * on the disk. + */ + public boolean isEncryptionRequired() { + return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0; + } + + /** + * Builder class for {@link KeyStoreParameter} objects. + * <p> + * This will build protection parameters for use with the + * <a href="{@docRoot}guide/topics/security/keystore.html">Android KeyStore + * facility</a>. + * <p> + * This can be used to require that KeyStore entries be stored encrypted. + * <p> + * Example: + * + * <pre class="prettyprint"> + * KeyStoreParameter params = new KeyStoreParameter.Builder(mContext) + * .setEncryptionRequired() + * .build(); + * </pre> + */ + public final static class Builder { + private int mFlags; + + /** + * Creates a new instance of the {@code Builder} with the given + * {@code context}. The {@code context} passed in may be used to pop up + * some UI to ask the user to unlock or initialize the Android KeyStore + * facility. + */ + public Builder(Context context) { + if (context == null) { + throw new NullPointerException("context == null"); + } + + // Context is currently not used, but will be in the future. + } + + /** + * Indicates that this key must be encrypted at rest on storage. Note + * that enabling this will require that the user enable a strong lock + * screen (e.g., PIN, password) before creating or using the generated + * key is successful. + */ + public Builder setEncryptionRequired(boolean required) { + if (required) { + mFlags |= KeyStore.FLAG_ENCRYPTED; + } else { + mFlags &= ~KeyStore.FLAG_ENCRYPTED; + } + return this; + } + + /** + * Builds the instance of the {@code KeyPairGeneratorSpec}. + * + * @throws IllegalArgumentException if a required field is missing + * @return built instance of {@code KeyPairGeneratorSpec} + */ + public KeyStoreParameter build() { + return new KeyStoreParameter(mFlags); + } + } +} |