diff options
| author | Janis Danisevskis <jdanis@google.com> | 2018-11-06 14:14:05 -0800 |
|---|---|---|
| committer | Janis Danisevskis <jdanis@google.com> | 2018-11-21 18:42:17 +0000 |
| commit | 906147cdb3663b1aa5f6ebdc4a8ce2ce509ffa27 (patch) | |
| tree | dc12b2c48b0250736ea7568fe5f8d703cb7e0b8d /keystore/java/android/security/Credentials.java | |
| parent | 4492ec573ae421affd3adebb1d583fcf33508bb4 (diff) | |
Fix deleting legacy key blobs
Since the keystore alias prefix USERSKEY was deprecated
Credentials.deleteUserKeyTypeForAlias tried to delete key the
remaining prefix first and if that failed tried to delete the
legacy prefix.
However, KeyStore.delete returns true if the key was deleted or
did not exist. So the first call to delete would return true
whether the key existed or not and the legacy alias would never be
deleted.
This patch introduces a new flavor of KeyStore.delete, that returns an
error code instead of a boolean. The caller can now distinguish
the nature of the failure. Credentials.deleteUserKeyTypeForAlias now
checks this return code and attempts to delete the legacy variant if
KEY_NOT_FOUND was returned.
Bug: 117818447
Change-Id: Ifae1f3dbb07d85d94f430ead2cdd3e39d22436a4
Diffstat (limited to 'keystore/java/android/security/Credentials.java')
| -rw-r--r-- | keystore/java/android/security/Credentials.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index 7216a2201c88..072fe7321826 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -282,8 +282,11 @@ public class Credentials { * Returns {@code true} if the entry no longer exists. */ public static boolean deleteUserKeyTypeForAlias(KeyStore keystore, String alias, int uid) { - return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid) || - keystore.delete(Credentials.USER_SECRET_KEY + alias, uid); + int ret = keystore.delete2(Credentials.USER_PRIVATE_KEY + alias, uid); + if (ret == KeyStore.KEY_NOT_FOUND) { + return keystore.delete(Credentials.USER_SECRET_KEY + alias, uid); + } + return ret == KeyStore.NO_ERROR; } /** |