diff options
| author | Janis Danisevskis <jdanis@google.com> | 2020-10-20 08:16:52 -0700 |
|---|---|---|
| committer | Janis Danisevskis <jdanis@google.com> | 2020-11-13 19:55:41 -0800 |
| commit | 4392c6977ce935a084ab30baeed511f170a606d5 (patch) | |
| tree | 032379fac886c4bebe706dc5e897ef4975d3bb0c /keystore/java/android/security/keystore2 | |
| parent | 6180e85e369c5554c62a7a87c9f946f1801f3202 (diff) | |
Keystore 2.0 SPI: Install legacy Keystore provider as AndroidKeyStoreLegacy
With this patch we install the old Keystore provider as
AndroidKeyStoreLegacy when the Keystore 2.0 provider is installed as
AndroidKeyStore. This allows system components to keep using the old
keystore while we can run CTS tests against the new provider.
The tests are still mostly failing at this point. Installing the new SPI
can be enabled by setting the property
ro.android.security.keystore2.enable=true
Bug: 159476414
Test: This enables running CTS tests against Keystore 2.0.
Change-Id: I9731d9783ccf8f2705a5ca7335e00c8f4c8debba
Diffstat (limited to 'keystore/java/android/security/keystore2')
| -rw-r--r-- | keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java index e7fcbdb84ab3..b2e32a3175e3 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java @@ -110,6 +110,23 @@ public class AndroidKeyStoreProvider extends Provider { putSecretKeyFactoryImpl("HmacSHA512"); } + private static boolean sInstalled = false; + + /** + * This function indicates whether or not this provider was installed. This is manly used + * as indicator for + * {@link android.security.keystore.AndroidKeyStoreProvider#getKeyStoreForUid(int)} + * to whether or not to retrieve the Keystore provider by "AndroidKeyStoreLegacy". + * This function can be removed once the transition to Keystore 2.0 is complete. + * b/171305684 + * + * @return true if this provider was installed. + * @hide + */ + public static boolean isInstalled() { + return sInstalled; + } + /** * Installs a new instance of this provider (and the * {@link AndroidKeyStoreBCWorkaroundProvider}). @@ -125,17 +142,26 @@ public class AndroidKeyStoreProvider extends Provider { break; } } + sInstalled = true; Security.addProvider(new AndroidKeyStoreProvider()); + Security.addProvider( + new android.security.keystore.AndroidKeyStoreProvider( + "AndroidKeyStoreLegacy")); Provider workaroundProvider = new AndroidKeyStoreBCWorkaroundProvider(); + Provider legacyWorkaroundProvider = + new android.security.keystore.AndroidKeyStoreBCWorkaroundProvider( + "AndroidKeyStoreBCWorkaroundLegacy"); if (bcProviderIndex != -1) { // Bouncy Castle provider found -- install the workaround provider above it. // insertProviderAt uses 1-based positions. + Security.insertProviderAt(legacyWorkaroundProvider, bcProviderIndex + 1); Security.insertProviderAt(workaroundProvider, bcProviderIndex + 1); } else { // Bouncy Castle provider not found -- install the workaround provider at lowest // priority. Security.addProvider(workaroundProvider); + Security.addProvider(legacyWorkaroundProvider); } } |