New AndroidKeyStore API in android.security.keystore.

This CL addresses the comments from API Council about Android KeyStore KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter: 1. These abstractions should not take or hold references to Context. 2. The Builders of these abstractions should take all mandatory parameters in their constructors rather than expose them as setters -- only optional paratemers should be exposed via setters. These comments cannot be addressed without deprecation in the already launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of deprecating just the getContext methods and Builder constructors, this CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and KeyStoreParameter as a whole and exposing all of the AndroidKeyStore API in the new package android.security.keystore. This enables this CL to correct all of the accrued design issues with KeyPairGeneratorSpec (e.g., naming of certificate-related methods) and KeyStoreParameter. This also makes the transition to API Level M more clear for existing users of the AndroidKeyStore API. These users will only have to deal with the new always-mandatory parameters (e.g., purposes) and sometimes-mandatory (e.g., digests, block modes, paddings) if they switch to the new API. Prior to this CL they would've had to deal with this if they invoked any of the new methods of KeyPairGeneratorSpec or KeyStoreParameter introduced in API Level M. This CL rips out all the new API introduced into KeyPairGeneratorSpec and KeyStoreParameter classes for Android M, thus reverting these classes to the API launched in L MR1. This is because the new API is now in android.security.keystore.KeyGenParameterSpec and KeyProtection respectively. Bug: 21039983 Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
author: Alex Klyubin <klyubin@google.com> 2015-05-13 09:15:00 -0700
committer: Alex Klyubin <klyubin@google.com> 2015-05-13 12:49:58 -0700
commit: 3f8d4d840894468f2be8a5b56ff266cef2d71c50 (patch)
tree: a6c2457700b1ab3b9bf5207b79c44c8ee315c209 /keystore/tests/src
parent: b33455511b7b704e848c79c9e76e28abe2509178 (diff)
download: frameworks_base-3f8d4d840894468f2be8a5b56ff266cef2d71c50.zip
frameworks_base-3f8d4d840894468f2be8a5b56ff266cef2d71c50.tar.gz
frameworks_base-3f8d4d840894468f2be8a5b56ff266cef2d71c50.tar.bz2
2 files changed, 30 insertions, 27 deletions
diff --git a/keystore/tests/src/android/security/KeyPairGeneratorSpecTest.java b/keystore/tests/src/android/security/KeyPairGeneratorSpecTest.java
index 681a9ff..bc8dd13 100644
--- a/keystore/tests/src/android/security/KeyPairGeneratorSpecTest.java
+++ b/keystore/tests/src/android/security/KeyPairGeneratorSpecTest.java
@@ -24,11 +24,6 @@ import java.util.Date;
 import javax.security.auth.x500.X500Principal;
 
 public class KeyPairGeneratorSpecTest extends AndroidTestCase {
-    private static final X500Principal DEFAULT_CERT_SUBJECT = new X500Principal("CN=fake");
-    private static final BigInteger DEFAULT_CERT_SERIAL_NUMBER = new BigInteger("1");
-    private static final Date DEFAULT_CERT_NOT_BEFORE = new Date(0L); // Jan 1 1980
-    private static final Date DEFAULT_CERT_NOT_AFTER = new Date(2461449600000L); // Jan 1 2048
-
     private static final String TEST_ALIAS_1 = "test1";
 
     private static final X500Principal TEST_DN_1 = new X500Principal("CN=test1");
@@ -110,37 +105,46 @@ public class KeyPairGeneratorSpecTest extends AndroidTestCase {
         }
     }
 
-    public void testConstructor_NullSubjectDN_Success() throws Exception {
-        KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec(
-                getContext(), TEST_ALIAS_1, "RSA", 1024, null, null, SERIAL_1, NOW,
-                NOW_PLUS_10_YEARS, 0);
-        assertEquals(DEFAULT_CERT_SUBJECT, spec.getSubjectDN());
+    public void testConstructor_NullSubjectDN_Failure() throws Exception {
+        try {
+            new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, null, SERIAL_1, NOW,
+                    NOW_PLUS_10_YEARS, 0);
+            fail("Should throw IllegalArgumentException when subjectDN is null");
+        } catch (IllegalArgumentException success) {
+        }
     }
 
-    public void testConstructor_NullSerial_Success() throws Exception {
-        KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec(
-                getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, null, NOW,
-                NOW_PLUS_10_YEARS, 0);
-        assertEquals(DEFAULT_CERT_SERIAL_NUMBER, spec.getSerialNumber());
+    public void testConstructor_NullSerial_Failure() throws Exception {
+        try {
+            new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, null, NOW,
+                    NOW_PLUS_10_YEARS, 0);
+            fail("Should throw IllegalArgumentException when startDate is null");
+        } catch (IllegalArgumentException success) {
+        }
     }
 
-    public void testConstructor_NullStartDate_Success() throws Exception {
-        KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec(
-                getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, SERIAL_1, null,
-                NOW_PLUS_10_YEARS, 0);
-        assertEquals(DEFAULT_CERT_NOT_BEFORE, spec.getStartDate());
+    public void testConstructor_NullStartDate_Failure() throws Exception {
+        try {
+            new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, SERIAL_1,
+                    null, NOW_PLUS_10_YEARS, 0);
+            fail("Should throw IllegalArgumentException when startDate is null");
+        } catch (IllegalArgumentException success) {
+        }
     }
 
-    public void testConstructor_NullEndDate_Success() throws Exception {
-        KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec(
-                getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, SERIAL_1, NOW, null, 0);
-        assertEquals(DEFAULT_CERT_NOT_AFTER, spec.getEndDate());
+    public void testConstructor_NullEndDate_Failure() throws Exception {
+        try {
+            new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, SERIAL_1,
+                    NOW, null, 0);
+            fail("Should throw IllegalArgumentException when keystoreAlias is null");
+        } catch (IllegalArgumentException success) {
+        }
     }
 
     public void testConstructor_EndBeforeStart_Failure() throws Exception {
         try {
-            new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1,
-                    SERIAL_1, NOW_PLUS_10_YEARS, NOW, 0);
+            new KeyPairGeneratorSpec(getContext(), TEST_ALIAS_1, "RSA", 1024, null, TEST_DN_1, SERIAL_1,
+                    NOW_PLUS_10_YEARS, NOW, 0);
             fail("Should throw IllegalArgumentException when end is before start");
         } catch (IllegalArgumentException success) {
         }
diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java
index d138c24..7421120 100644
--- a/keystore/tests/src/android/security/KeyStoreTest.java
+++ b/keystore/tests/src/android/security/KeyStoreTest.java
@@ -21,7 +21,6 @@ import android.os.Binder;
 import android.os.IBinder;
 import android.os.Process;
 import android.os.ServiceManager;
-import android.security.KeyStore;
 import android.security.keymaster.ExportResult;
 import android.security.keymaster.KeyCharacteristics;
 import android.security.keymaster.KeymasterArguments;
author	Alex Klyubin <klyubin@google.com>	2015-05-13 09:15:00 -0700
committer	Alex Klyubin <klyubin@google.com>	2015-05-13 12:49:58 -0700
commit	3f8d4d840894468f2be8a5b56ff266cef2d71c50 (patch)
tree	a6c2457700b1ab3b9bf5207b79c44c8ee315c209 /keystore/tests/src
parent	b33455511b7b704e848c79c9e76e28abe2509178 (diff)
download	frameworks_base-3f8d4d840894468f2be8a5b56ff266cef2d71c50.zip frameworks_base-3f8d4d840894468f2be8a5b56ff266cef2d71c50.tar.gz frameworks_base-3f8d4d840894468f2be8a5b56ff266cef2d71c50.tar.bz2