Update BasicKeyStore sample for new keystore APIs.
Above Android M, use KeyGenparameterSpec to generate the key pair.
This change also updates the icons.
Change-Id: I2717d21c3df62441eecdb5e24882c0311eb1a1cf
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/AndroidManifest.xml b/security/keystore/BasicAndroidKeyStore/Application/src/main/AndroidManifest.xml
index 1c3b255..1f8a431 100644
--- a/security/keystore/BasicAndroidKeyStore/Application/src/main/AndroidManifest.xml
+++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/AndroidManifest.xml
@@ -26,7 +26,7 @@
<application android:allowBackup="true"
android:label="@string/app_name"
- android:icon="@drawable/ic_launcher"
+ android:icon="@mipmap/ic_launcher"
android:theme="@style/AppTheme">
<activity android:name=".MainActivity"
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/java/com/example/android/basicandroidkeystore/BasicAndroidKeyStoreFragment.java b/security/keystore/BasicAndroidKeyStore/Application/src/main/java/com/example/android/basicandroidkeystore/BasicAndroidKeyStoreFragment.java
index e6244bf..3616e88 100644
--- a/security/keystore/BasicAndroidKeyStore/Application/src/main/java/com/example/android/basicandroidkeystore/BasicAndroidKeyStoreFragment.java
+++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/java/com/example/android/basicandroidkeystore/BasicAndroidKeyStoreFragment.java
@@ -16,15 +16,18 @@
package com.example.android.basicandroidkeystore;
+import com.example.android.common.logger.Log;
+
import android.content.Context;
+import android.os.Build;
import android.os.Bundle;
import android.security.KeyPairGeneratorSpec;
+import android.security.keystore.KeyGenParameterSpec;
+import android.security.keystore.KeyProperties;
import android.support.v4.app.Fragment;
import android.util.Base64;
import android.view.MenuItem;
-import com.example.android.common.logger.Log;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
@@ -39,6 +42,7 @@
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
+import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import java.util.GregorianCalendar;
@@ -46,7 +50,7 @@
public class BasicAndroidKeyStoreFragment extends Fragment {
- public static final String TAG = "BasicAndroidKeyStoreFragment";
+ public static final String TAG = "KeyStoreFragment";
// BEGIN_INCLUDE(values)
@@ -159,36 +163,54 @@
end.add(Calendar.YEAR, 1);
//END_INCLUDE(create_valid_dates)
-
- // BEGIN_INCLUDE(create_spec)
- // The KeyPairGeneratorSpec object is how parameters for your key pair are passed
- // to the KeyPairGenerator. For a fun home game, count how many classes in this sample
- // start with the phrase "KeyPair".
- KeyPairGeneratorSpec spec =
- new KeyPairGeneratorSpec.Builder(context)
- // You'll use the alias later to retrieve the key. It's a key for the key!
- .setAlias(mAlias)
- // The subject used for the self-signed certificate of the generated pair
- .setSubject(new X500Principal("CN=" + mAlias))
- // The serial number used for the self-signed certificate of the
- // generated pair.
- .setSerialNumber(BigInteger.valueOf(1337))
- // Date range of validity for the generated pair.
- .setStartDate(start.getTime())
- .setEndDate(end.getTime())
- .build();
- // END_INCLUDE(create_spec)
-
// BEGIN_INCLUDE(create_keypair)
// Initialize a KeyPair generator using the the intended algorithm (in this example, RSA
// and the KeyStore. This example uses the AndroidKeyStore.
KeyPairGenerator kpGenerator = KeyPairGenerator
.getInstance(SecurityConstants.TYPE_RSA,
SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
- kpGenerator.initialize(spec);
- KeyPair kp = kpGenerator.generateKeyPair();
- Log.d(TAG, "Public Key is: " + kp.getPublic().toString());
// END_INCLUDE(create_keypair)
+
+ // BEGIN_INCLUDE(create_spec)
+ // The KeyPairGeneratorSpec object is how parameters for your key pair are passed
+ // to the KeyPairGenerator.
+ AlgorithmParameterSpec spec;
+
+ if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) {
+ // Below Android M, use the KeyPairGeneratorSpec.Builder.
+
+ spec = new KeyPairGeneratorSpec.Builder(context)
+ // You'll use the alias later to retrieve the key. It's a key for the key!
+ .setAlias(mAlias)
+ // The subject used for the self-signed certificate of the generated pair
+ .setSubject(new X500Principal("CN=" + mAlias))
+ // The serial number used for the self-signed certificate of the
+ // generated pair.
+ .setSerialNumber(BigInteger.valueOf(1337))
+ // Date range of validity for the generated pair.
+ .setStartDate(start.getTime())
+ .setEndDate(end.getTime())
+ .build();
+
+
+ } else {
+ // On Android M or above, use the KeyGenparameterSpec.Builder and specify permitted
+ // properties and restrictions of the key.
+ spec = new KeyGenParameterSpec.Builder(mAlias, KeyProperties.PURPOSE_SIGN)
+ .setCertificateSubject(new X500Principal("CN=" + mAlias))
+ .setDigests(KeyProperties.DIGEST_SHA256)
+ .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
+ .setCertificateSerialNumber(BigInteger.valueOf(1337))
+ .setCertificateNotBefore(start.getTime())
+ .setCertificateNotAfter(end.getTime())
+ .build();
+ }
+
+ kpGenerator.initialize(spec);
+
+ KeyPair kp = kpGenerator.generateKeyPair();
+ // END_INCLUDE(create_spec)
+ Log.d(TAG, "Public Key is: " + kp.getPublic().toString());
}
/**
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-hdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-hdpi/ic_launcher.png
deleted file mode 100644
index b1efaf4..0000000
--- a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-hdpi/ic_launcher.png
+++ /dev/null
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-mdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-mdpi/ic_launcher.png
deleted file mode 100644
index f5f9244..0000000
--- a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-mdpi/ic_launcher.png
+++ /dev/null
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xhdpi/ic_launcher.png
deleted file mode 100644
index 5d07b3f..0000000
--- a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xhdpi/ic_launcher.png
+++ /dev/null
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xxhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xxhdpi/ic_launcher.png
deleted file mode 100644
index 6ef21e1..0000000
--- a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xxhdpi/ic_launcher.png
+++ /dev/null
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-hdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-hdpi/ic_launcher.png
new file mode 100644
index 0000000..c57b83a
--- /dev/null
+++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-hdpi/ic_launcher.png
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-mdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-mdpi/ic_launcher.png
new file mode 100644
index 0000000..c43fc24
--- /dev/null
+++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-mdpi/ic_launcher.png
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xhdpi/ic_launcher.png
new file mode 100644
index 0000000..4255f23
--- /dev/null
+++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xhdpi/ic_launcher.png
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxhdpi/ic_launcher.png
new file mode 100644
index 0000000..f6ca8a9
--- /dev/null
+++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxhdpi/ic_launcher.png
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxxhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxxhdpi/ic_launcher.png
new file mode 100644
index 0000000..0f623f6
--- /dev/null
+++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxxhdpi/ic_launcher.png
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/screenshots/big_icon.png b/security/keystore/BasicAndroidKeyStore/screenshots/big_icon.png
index 004d80c..aa816d7 100644
--- a/security/keystore/BasicAndroidKeyStore/screenshots/big_icon.png
+++ b/security/keystore/BasicAndroidKeyStore/screenshots/big_icon.png
Binary files differ
diff --git a/security/keystore/BasicAndroidKeyStore/template-params.xml b/security/keystore/BasicAndroidKeyStore/template-params.xml
index e2fddf6..bb0056a 100644
--- a/security/keystore/BasicAndroidKeyStore/template-params.xml
+++ b/security/keystore/BasicAndroidKeyStore/template-params.xml
@@ -57,7 +57,10 @@
<img>screenshots/screenshot5.png</img>
</screenshots>
<api_refs>
+ <android>android.security.keystore.KeyGenParameterSpec</android>
+ <android>android.security.keystore.KeyProperties</android>
<android>android.security.KeyPairGeneratorSpec</android>
+ <android>java.security.KeyStore</android>
</api_refs>
<description>
<![CDATA[
@@ -72,12 +75,19 @@
A [KeyPair][2] consisting of a [PrivateKey][3] and a [PublicKey][4] is being generated.
The private key then is being used to sign and verify a String.
+Below Android M, this sample uses a [KeyPairGeneratorSpec][5] to generate a key pair.
+On newer versions of Android, a [KeyGenParameterSpec][6] generates a key pair with
+additional restrictions and properties.
+
+
Next to that appropriate exception handling for potential errors is being displayed.
[1]: https://developer.android.com/reference/java/security/KeyStore.html
[2]: https://developer.android.com/reference/java/security/KeyPair.html
[3]: https://developer.android.com/reference/java/security/PrivateKey.html
[4]: https://developer.android.com/reference/java/security/PublicKey.html
+[5]: https://developer.android.com/reference/android/security/KeyPairGeneratorSpec.html
+[6]: https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.html
]]>
</intro>
</metadata>