diff options
| author | Janis Danisevskis <jdanis@google.com> | 2020-10-18 17:15:36 -0700 |
|---|---|---|
| committer | Janis Danisevskis <jdanis@google.com> | 2020-10-27 12:09:37 -0700 |
| commit | 2528438731f14a9a5a09e15f6ed661ba47a8a1b9 (patch) | |
| tree | 05b04be2b2e798f5e2987efe0fb914aa0796c8e4 /keystore/java/android/security/Credentials.java | |
| parent | ff062f6e7311ce8a87bd00a8cb92323fc99a586b (diff) | |
Keystore 2.0: Deprecate Credential prefixes.
Keystore 2.0 will no longer support free form blobs. Certificates and
certificate chains will have types fields associated with an alias.
Other free form blobs will need to be migrated to a different key value
store.
Bug: 171305684
Test: None
Change-Id: I93270f0086329229dc36c2b14c88f229351e6560
Diffstat (limited to 'keystore/java/android/security/Credentials.java')
| -rw-r--r-- | keystore/java/android/security/Credentials.java | 42 |
1 files changed, 35 insertions, 7 deletions
diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index f53a7dc922f0..2162b8ac4885 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -48,18 +48,38 @@ public class Credentials { public static final String INSTALL_AS_USER_ACTION = "android.credentials.INSTALL_AS_USER"; - /** Key prefix for CA certificates. */ + /** + * Key prefix for CA certificates. + * + * @deprecated Keystore no longer supports unstructured blobs. Public certificates are + * stored in typed slots associated with a given alias. + */ + @Deprecated public static final String CA_CERTIFICATE = "CACERT_"; - /** Key prefix for user certificates. */ + /** + * Key prefix for user certificates. + * + * @deprecated Keystore no longer supports unstructured blobs. Public certificates are + * stored in typed slots associated with a given alias. + */ + @Deprecated public static final String USER_CERTIFICATE = "USRCERT_"; - /** Key prefix for user private and secret keys. */ + /** + * Key prefix for user private and secret keys. + * + * @deprecated Keystore no longer uses alias prefixes to discriminate between entry types. + */ + @Deprecated public static final String USER_PRIVATE_KEY = "USRPKEY_"; - /** Key prefix for user secret keys. - * @deprecated use {@code USER_PRIVATE_KEY} for this category instead. + /** + * Key prefix for user secret keys. + * + * @deprecated use {@code USER_PRIVATE_KEY} for this category instead. */ + @Deprecated public static final String USER_SECRET_KEY = "USRSKEY_"; /** Key prefix for VPN. */ @@ -71,7 +91,13 @@ public class Credentials { /** Key prefix for WIFI. */ public static final String WIFI = "WIFI_"; - /** Key prefix for App Source certificates. */ + /** + * Key prefix for App Source certificates. + * + * @deprecated This was intended for FS-verity but never used. FS-verity is not + * going to use this constant moving forward. + */ + @Deprecated public static final String APP_SOURCE_CERTIFICATE = "FSV_"; /** Key containing suffix of lockdown VPN profile. */ @@ -149,6 +175,7 @@ public class Credentials { pw.close(); return bao.toByteArray(); } + /** * Convert objects from PEM format, which is used for * CA_CERTIFICATE and USER_CERTIFICATE entries. @@ -166,7 +193,8 @@ public class Credentials { PemObject o; while ((o = pr.readPemObject()) != null) { if (o.getType().equals("CERTIFICATE")) { - Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent())); + Certificate c = cf.generateCertificate( + new ByteArrayInputStream(o.getContent())); result.add((X509Certificate) c); } else { throw new IllegalArgumentException("Unknown type " + o.getType()); |