AndroidKeyStore: Add encrypted flag

Add the encrypted flag for the KeyPairGenerator and the KeyStore so that applications can choose to allow entries when there is no lockscreen. (partial cherry pick from commit 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3) Bug: 8122243 Change-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e
author: Kenny Root <kroot@google.com> 2013-04-10 11:30:58 -0700
committer: Kenny Root <kroot@android.com> 2013-04-15 19:33:15 +0000
commit: bf2147669e295384df17b50afc53a4d450b05bdd (patch)
tree: 594236183b0a773b440972214b5dc1ddc62eada1 /keystore/java/android/security/AndroidKeyPairGenerator.java
parent: 6fb172b12eefeea4b565c616a4d0a8d1fb015217 (diff)
1 files changed, 12 insertions, 5 deletions
diff --git a/keystore/java/android/security/AndroidKeyPairGenerator.java b/keystore/java/android/security/AndroidKeyPairGenerator.java
index c42001b79705..69755833e6f4 100644
--- a/keystore/java/android/security/AndroidKeyPairGenerator.java
+++ b/keystore/java/android/security/AndroidKeyPairGenerator.java
@@ -49,10 +49,7 @@ import java.security.spec.X509EncodedKeySpec;
  *
  * {@hide}
  */
-@SuppressWarnings("deprecation")
 public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
-    public static final String NAME = "AndroidKeyPairGenerator";
-
     private android.security.KeyStore mKeyStore;
 
     private AndroidKeyPairGeneratorSpec mSpec;
@@ -79,12 +76,21 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
                     "Must call initialize with an AndroidKeyPairGeneratorSpec first");
         }
 
+        if (((mSpec.getFlags() & KeyStore.FLAG_ENCRYPTED) != 0)
+                && (mKeyStore.state() != KeyStore.State.UNLOCKED)) {
+            throw new IllegalStateException(
+                    "Android keystore must be in initialized and unlocked state "
+                            + "if encryption is required");
+        }
+
         final String alias = mSpec.getKeystoreAlias();
 
         Credentials.deleteAllTypesForAlias(mKeyStore, alias);
 
         final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
-        mKeyStore.generate(privateKeyAlias);
+        if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, mSpec.getFlags())) {
+            throw new IllegalStateException("could not generate key in keystore");
+        }
 
         final PrivateKey privKey;
         final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
@@ -131,7 +137,8 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
             throw new IllegalStateException("Can't get encoding of certificate", e);
         }
 
-        if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, certBytes)) {
+        if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, certBytes, KeyStore.UID_SELF,
+                mSpec.getFlags())) {
             Credentials.deleteAllTypesForAlias(mKeyStore, alias);
             throw new IllegalStateException("Can't store certificate in AndroidKeyStore");
         }
author	Kenny Root <kroot@google.com>	2013-04-10 11:30:58 -0700
committer	Kenny Root <kroot@android.com>	2013-04-15 19:33:15 +0000
commit	bf2147669e295384df17b50afc53a4d450b05bdd (patch)
tree	594236183b0a773b440972214b5dc1ddc62eada1 /keystore/java/android/security/AndroidKeyPairGenerator.java
parent	6fb172b12eefeea4b565c616a4d0a8d1fb015217 (diff)