From 906147cdb3663b1aa5f6ebdc4a8ce2ce509ffa27 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Tue, 6 Nov 2018 14:14:05 -0800 Subject: Fix deleting legacy key blobs Since the keystore alias prefix USERSKEY was deprecated Credentials.deleteUserKeyTypeForAlias tried to delete key the remaining prefix first and if that failed tried to delete the legacy prefix. However, KeyStore.delete returns true if the key was deleted or did not exist. So the first call to delete would return true whether the key existed or not and the legacy alias would never be deleted. This patch introduces a new flavor of KeyStore.delete, that returns an error code instead of a boolean. The caller can now distinguish the nature of the failure. Credentials.deleteUserKeyTypeForAlias now checks this return code and attempts to delete the legacy variant if KEY_NOT_FOUND was returned. Bug: 117818447 Change-Id: Ifae1f3dbb07d85d94f430ead2cdd3e39d22436a4 --- keystore/java/android/security/Credentials.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'keystore/java/android/security/Credentials.java') diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index 7216a2201c88..072fe7321826 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -282,8 +282,11 @@ public class Credentials { * Returns {@code true} if the entry no longer exists. */ public static boolean deleteUserKeyTypeForAlias(KeyStore keystore, String alias, int uid) { - return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid) || - keystore.delete(Credentials.USER_SECRET_KEY + alias, uid); + int ret = keystore.delete2(Credentials.USER_PRIVATE_KEY + alias, uid); + if (ret == KeyStore.KEY_NOT_FOUND) { + return keystore.delete(Credentials.USER_SECRET_KEY + alias, uid); + } + return ret == KeyStore.NO_ERROR; } /** -- cgit v1.2.3