summaryrefslogtreecommitdiffstats
path: root/keystore/java/android/security/KeyGeneratorSpec.java
diff options
context:
space:
mode:
Diffstat (limited to 'keystore/java/android/security/KeyGeneratorSpec.java')
-rw-r--r--keystore/java/android/security/KeyGeneratorSpec.java80
1 files changed, 26 insertions, 54 deletions
diff --git a/keystore/java/android/security/KeyGeneratorSpec.java b/keystore/java/android/security/KeyGeneratorSpec.java
index 7ecc47e..8f135a6 100644
--- a/keystore/java/android/security/KeyGeneratorSpec.java
+++ b/keystore/java/android/security/KeyGeneratorSpec.java
@@ -51,9 +51,8 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
private final String[] mEncryptionPaddings;
private final String[] mBlockModes;
private final boolean mRandomizedEncryptionRequired;
- private final @KeyStoreKeyProperties.UserAuthenticatorEnum int mUserAuthenticators;
+ private final boolean mUserAuthenticationRequired;
private final int mUserAuthenticationValidityDurationSeconds;
- private final boolean mInvalidatedOnNewFingerprintEnrolled;
private KeyGeneratorSpec(
Context context,
@@ -67,9 +66,8 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
String[] encryptionPaddings,
String[] blockModes,
boolean randomizedEncryptionRequired,
- @KeyStoreKeyProperties.UserAuthenticatorEnum int userAuthenticators,
- int userAuthenticationValidityDurationSeconds,
- boolean invalidatedOnNewFingerprintEnrolled) {
+ boolean userAuthenticationRequired,
+ int userAuthenticationValidityDurationSeconds) {
if (context == null) {
throw new IllegalArgumentException("context == null");
} else if (TextUtils.isEmpty(keyStoreAlias)) {
@@ -92,9 +90,8 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(encryptionPaddings));
mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes));
mRandomizedEncryptionRequired = randomizedEncryptionRequired;
- mUserAuthenticators = userAuthenticators;
+ mUserAuthenticationRequired = userAuthenticationRequired;
mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
- mInvalidatedOnNewFingerprintEnrolled = invalidatedOnNewFingerprintEnrolled;
}
/**
@@ -188,18 +185,17 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
}
/**
- * Gets the set of user authenticators which protect access to this key. The key can only be
- * used iff the user has authenticated to at least one of these user authenticators.
+ * Returns {@code true} if user authentication is required for this key to be used.
*
- * @return user authenticators or {@code 0} if the key can be used without user authentication.
+ * @see #getUserAuthenticationValidityDurationSeconds()
*/
- public @KeyStoreKeyProperties.UserAuthenticatorEnum int getUserAuthenticators() {
- return mUserAuthenticators;
+ public boolean isUserAuthenticationRequired() {
+ return mUserAuthenticationRequired;
}
/**
- * Gets the duration of time (seconds) for which this key can be used after the user
- * successfully authenticates to one of the associated user authenticators.
+ * Gets the duration of time (seconds) for which this key can be used after the user is
+ * successfully authenticated.
*
* @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication
* is required for every use of the key.
@@ -209,17 +205,6 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
}
/**
- * Returns {@code true} if this key must be permanently invalidated once a new fingerprint is
- * enrolled. This constraint only has effect if fingerprint reader is one of the user
- * authenticators protecting access to this key.
- *
- * @see #getUserAuthenticators()
- */
- public boolean isInvalidatedOnNewFingerprintEnrolled() {
- return mInvalidatedOnNewFingerprintEnrolled;
- }
-
- /**
* Returns {@code true} if the key must be encrypted in the {@link java.security.KeyStore}.
*/
public boolean isEncryptionRequired() {
@@ -238,9 +223,8 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
private String[] mEncryptionPaddings;
private String[] mBlockModes;
private boolean mRandomizedEncryptionRequired = true;
- private @KeyStoreKeyProperties.UserAuthenticatorEnum int mUserAuthenticators;
+ private boolean mUserAuthenticationRequired;
private int mUserAuthenticationValidityDurationSeconds = -1;
- private boolean mInvalidatedOnNewFingerprintEnrolled;
/**
* Creates a new instance of the {@code Builder} with the given {@code context}. The
@@ -416,32 +400,35 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
}
/**
- * Sets the user authenticators which protect access to this key. The key can only be used
- * iff the user has authenticated to at least one of these user authenticators.
+ * Sets whether user authentication is required to use this key.
*
* <p>By default, the key can be used without user authentication.
*
- * @param userAuthenticators user authenticators or empty list if this key can be accessed
- * without user authentication.
+ * <p>When user authentication is required, the user authorizes the use of the key by
+ * authenticating to this Android device using a subset of their secure lock screen
+ * credentials. Different authentication methods are used depending on whether the every
+ * use of the key must be authenticated (as specified by
+ * {@link #setUserAuthenticationValidityDurationSeconds(int)}).
+ * <a href="{@docRoot}training/articles/keystore.html#UserAuthentication">More
+ * information</a>.
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
*/
- public Builder setUserAuthenticators(
- @KeyStoreKeyProperties.UserAuthenticatorEnum int userAuthenticators) {
- mUserAuthenticators = userAuthenticators;
+ public Builder setUserAuthenticationRequired(boolean required) {
+ mUserAuthenticationRequired = required;
return this;
}
/**
- * Sets the duration of time (seconds) for which this key can be used after the user
- * successfully authenticates to one of the associated user authenticators.
+ * Sets the duration of time (seconds) for which this key can be used after the user is
+ * successfully authenticated. This has effect only if user authentication is required.
*
* <p>By default, the user needs to authenticate for every use of the key.
*
* @param seconds duration in seconds or {@code 0} if the user needs to authenticate for
* every use of the key.
*
- * @see #setUserAuthenticators(int)
+ * @see #setUserAuthenticationRequired(boolean)
*/
public Builder setUserAuthenticationValidityDurationSeconds(int seconds) {
mUserAuthenticationValidityDurationSeconds = seconds;
@@ -449,20 +436,6 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
}
/**
- * Sets whether this key must be invalidated (permanently) once a new fingerprint is
- * enrolled. This only has effect if fingerprint reader is one of the user authenticators
- * protecting access to the key.
- *
- * <p>By default, enrolling a new fingerprint does not invalidate the key.
- *
- * @see #setUserAuthenticators(Set)
- */
- public Builder setInvalidatedOnNewFingerprintEnrolled(boolean invalidated) {
- mInvalidatedOnNewFingerprintEnrolled = invalidated;
- return this;
- }
-
- /**
* Builds a new instance instance of {@code KeyGeneratorSpec}.
*
* @throws IllegalArgumentException if a required field is missing or violates a constraint.
@@ -479,9 +452,8 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
mEncryptionPaddings,
mBlockModes,
mRandomizedEncryptionRequired,
- mUserAuthenticators,
- mUserAuthenticationValidityDurationSeconds,
- mInvalidatedOnNewFingerprintEnrolled);
+ mUserAuthenticationRequired,
+ mUserAuthenticationValidityDurationSeconds);
}
}
}
generated by cgit v1.1 at 2024-12-26 08:59:00 +0000