keystore/java/android/security/KeyStoreKeySpec.java - platform/frameworks/base - Git at Google

 /*
  * Copyright (C) 2015 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.security;

 import java.security.spec.KeySpec;
 import java.util.Date;

 /**
  * Information about a key from the <a href="{@docRoot}training/articles/keystore.html">Android
  * KeyStore</a>.
  *
  * @hide
  */
 public class KeyStoreKeySpec implements KeySpec {
     private final String mKeystoreAlias;
     private final int mKeySize;
     private final boolean mTeeBacked;
     private final @KeyStoreKeyProperties.OriginEnum int mOrigin;
     private final Date mKeyValidityStart;
     private final Date mKeyValidityForOriginationEnd;
     private final Date mKeyValidityForConsumptionEnd;
     private final @KeyStoreKeyProperties.PurposeEnum int mPurposes;
     private final String[] mEncryptionPaddings;
     private final String[] mSignaturePaddings;
     private final String[] mDigests;
     private final String[] mBlockModes;
     private final @KeyStoreKeyProperties.UserAuthenticatorEnum int mUserAuthenticators;
     private final @KeyStoreKeyProperties.UserAuthenticatorEnum int mTeeEnforcedUserAuthenticators;
     private final int mUserAuthenticationValidityDurationSeconds;


     /**
      * @hide
      */
     KeyStoreKeySpec(String keystoreKeyAlias,
             boolean teeBacked,
             @KeyStoreKeyProperties.OriginEnum int origin,
             int keySize,
             Date keyValidityStart,
             Date keyValidityForOriginationEnd,
             Date keyValidityForConsumptionEnd,
             @KeyStoreKeyProperties.PurposeEnum int purposes,
             String[] encryptionPaddings,
             String[] signaturePaddings,
             String[] digests,
             String[] blockModes,
             @KeyStoreKeyProperties.UserAuthenticatorEnum int userAuthenticators,
             @KeyStoreKeyProperties.UserAuthenticatorEnum int teeEnforcedUserAuthenticators,
             int userAuthenticationValidityDurationSeconds) {
         mKeystoreAlias = keystoreKeyAlias;
         mTeeBacked = teeBacked;
         mOrigin = origin;
         mKeySize = keySize;
         mKeyValidityStart = keyValidityStart;
         mKeyValidityForOriginationEnd = keyValidityForOriginationEnd;
         mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd;
         mPurposes = purposes;
         mEncryptionPaddings =
                 ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(encryptionPaddings));
         mSignaturePaddings =
                 ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(signaturePaddings));
         mDigests = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(digests));
         mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes));
         mUserAuthenticators = userAuthenticators;
         mTeeEnforcedUserAuthenticators = teeEnforcedUserAuthenticators;
         mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
     }

     /**
      * Gets the entry alias under which the key is stored in the {@code AndroidKeyStore}.
      */
     public String getKeystoreAlias() {
         return mKeystoreAlias;
     }

     /**
      * Returns {@code true} if the key is TEE-backed. Key material of TEE-backed keys is available
      * in plaintext only inside the TEE.
      */
     public boolean isTeeBacked() {
         return mTeeBacked;
     }

     /**
      * Gets the origin of the key.
      */
     public @KeyStoreKeyProperties.OriginEnum int getOrigin() {
         return mOrigin;
     }

     /**
      * Gets the size of the key in bits.
      */
     public int getKeySize() {
         return mKeySize;
     }

     /**
      * Gets the time instant before which the key is not yet valid.
      *
      * @return instant or {@code null} if not restricted.
      */
     public Date getKeyValidityStart() {
         return mKeyValidityStart;
     }

     /**
      * Gets the time instant after which the key is no long valid for decryption and verification.
      *
      * @return instant or {@code null} if not restricted.
      */
     public Date getKeyValidityForConsumptionEnd() {
         return mKeyValidityForConsumptionEnd;
     }

     /**
      * Gets the time instant after which the key is no long valid for encryption and signing.
      *
      * @return instant or {@code null} if not restricted.
      */
     public Date getKeyValidityForOriginationEnd() {
         return mKeyValidityForOriginationEnd;
     }

     /**
      * Gets the set of purposes for which the key can be used.
      */
     public @KeyStoreKeyProperties.PurposeEnum int getPurposes() {
         return mPurposes;
     }

     /**
      * Gets the set of block modes with which the key can be used.
      */
     public String[] getBlockModes() {
         return ArrayUtils.cloneIfNotEmpty(mBlockModes);
     }

     /**
      * Gets the set of padding modes with which the key can be used when encrypting/decrypting.
      */
     public String[] getEncryptionPaddings() {
         return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);
     }

     /**
      * Gets the set of padding modes with which the key can be used when signing/verifying.
      */
     public String[] getSignaturePaddings() {
         return ArrayUtils.cloneIfNotEmpty(mSignaturePaddings);
     }

     /**
      * Gets the set of digest algorithms with which the key can be used.
      */
     public String[] getDigests() {
         return ArrayUtils.cloneIfNotEmpty(mDigests);
     }

     /**
      * Gets the set of user authenticators which protect access to the key. The key can only be used
      * iff the user has authenticated to at least one of these user authenticators.
      *
      * @return user authenticators or {@code 0} if the key can be used without user authentication.
      */
     public @KeyStoreKeyProperties.UserAuthenticatorEnum int getUserAuthenticators() {
         return mUserAuthenticators;
     }

     /**
      * Gets the set of user authenticators for which the TEE enforces access restrictions for this
      * key. This is a subset of the user authentications returned by
      * {@link #getUserAuthenticators()}.
      */
     public @KeyStoreKeyProperties.UserAuthenticatorEnum int getTeeEnforcedUserAuthenticators() {
         return mTeeEnforcedUserAuthenticators;
     }

     /**
      * Gets the duration of time (seconds) for which the key can be used after the user
      * successfully authenticates to one of the associated user authenticators.
      *
      * @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication
      *         is required for every use of the key.
      */
     public int getUserAuthenticationValidityDurationSeconds() {
         return mUserAuthenticationValidityDurationSeconds;
     }
 }
	/*
	* Copyright (C) 2015 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.security;

	import java.security.spec.KeySpec;
	import java.util.Date;

	/**
	* Information about a key from the <a href="{@docRoot}training/articles/keystore.html">Android
	* KeyStore</a>.
	*
	* @hide
	*/
	public class KeyStoreKeySpec implements KeySpec {
	private final String mKeystoreAlias;
	private final int mKeySize;
	private final boolean mTeeBacked;
	private final @KeyStoreKeyProperties.OriginEnum int mOrigin;
	private final Date mKeyValidityStart;
	private final Date mKeyValidityForOriginationEnd;
	private final Date mKeyValidityForConsumptionEnd;
	private final @KeyStoreKeyProperties.PurposeEnum int mPurposes;
	private final String[] mEncryptionPaddings;
	private final String[] mSignaturePaddings;
	private final String[] mDigests;
	private final String[] mBlockModes;
	private final @KeyStoreKeyProperties.UserAuthenticatorEnum int mUserAuthenticators;
	private final @KeyStoreKeyProperties.UserAuthenticatorEnum int mTeeEnforcedUserAuthenticators;
	private final int mUserAuthenticationValidityDurationSeconds;


	/**
	* @hide
	*/
	KeyStoreKeySpec(String keystoreKeyAlias,
	boolean teeBacked,
	@KeyStoreKeyProperties.OriginEnum int origin,
	int keySize,
	Date keyValidityStart,
	Date keyValidityForOriginationEnd,
	Date keyValidityForConsumptionEnd,
	@KeyStoreKeyProperties.PurposeEnum int purposes,
	String[] encryptionPaddings,
	String[] signaturePaddings,
	String[] digests,
	String[] blockModes,
	@KeyStoreKeyProperties.UserAuthenticatorEnum int userAuthenticators,
	@KeyStoreKeyProperties.UserAuthenticatorEnum int teeEnforcedUserAuthenticators,
	int userAuthenticationValidityDurationSeconds) {
	mKeystoreAlias = keystoreKeyAlias;
	mTeeBacked = teeBacked;
	mOrigin = origin;
	mKeySize = keySize;
	mKeyValidityStart = keyValidityStart;
	mKeyValidityForOriginationEnd = keyValidityForOriginationEnd;
	mKeyValidityForConsumptionEnd = keyValidityForConsumptionEnd;
	mPurposes = purposes;
	mEncryptionPaddings =
	ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(encryptionPaddings));
	mSignaturePaddings =
	ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(signaturePaddings));
	mDigests = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(digests));
	mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes));
	mUserAuthenticators = userAuthenticators;
	mTeeEnforcedUserAuthenticators = teeEnforcedUserAuthenticators;
	mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
	}

	/**
	* Gets the entry alias under which the key is stored in the {@code AndroidKeyStore}.
	*/
	public String getKeystoreAlias() {
	return mKeystoreAlias;
	}

	/**
	* Returns {@code true} if the key is TEE-backed. Key material of TEE-backed keys is available
	* in plaintext only inside the TEE.
	*/
	public boolean isTeeBacked() {
	return mTeeBacked;
	}

	/**
	* Gets the origin of the key.
	*/
	public @KeyStoreKeyProperties.OriginEnum int getOrigin() {
	return mOrigin;
	}

	/**
	* Gets the size of the key in bits.
	*/
	public int getKeySize() {
	return mKeySize;
	}

	/**
	* Gets the time instant before which the key is not yet valid.
	*
	* @return instant or {@code null} if not restricted.
	*/
	public Date getKeyValidityStart() {
	return mKeyValidityStart;
	}

	/**
	* Gets the time instant after which the key is no long valid for decryption and verification.
	*
	* @return instant or {@code null} if not restricted.
	*/
	public Date getKeyValidityForConsumptionEnd() {
	return mKeyValidityForConsumptionEnd;
	}

	/**
	* Gets the time instant after which the key is no long valid for encryption and signing.
	*
	* @return instant or {@code null} if not restricted.
	*/
	public Date getKeyValidityForOriginationEnd() {
	return mKeyValidityForOriginationEnd;
	}

	/**
	* Gets the set of purposes for which the key can be used.
	*/
	public @KeyStoreKeyProperties.PurposeEnum int getPurposes() {
	return mPurposes;
	}

	/**
	* Gets the set of block modes with which the key can be used.
	*/
	public String[] getBlockModes() {
	return ArrayUtils.cloneIfNotEmpty(mBlockModes);
	}

	/**
	* Gets the set of padding modes with which the key can be used when encrypting/decrypting.
	*/
	public String[] getEncryptionPaddings() {
	return ArrayUtils.cloneIfNotEmpty(mEncryptionPaddings);
	}

	/**
	* Gets the set of padding modes with which the key can be used when signing/verifying.
	*/
	public String[] getSignaturePaddings() {
	return ArrayUtils.cloneIfNotEmpty(mSignaturePaddings);
	}

	/**
	* Gets the set of digest algorithms with which the key can be used.
	*/
	public String[] getDigests() {
	return ArrayUtils.cloneIfNotEmpty(mDigests);
	}

	/**
	* Gets the set of user authenticators which protect access to the key. The key can only be used
	* iff the user has authenticated to at least one of these user authenticators.
	*
	* @return user authenticators or {@code 0} if the key can be used without user authentication.
	*/
	public @KeyStoreKeyProperties.UserAuthenticatorEnum int getUserAuthenticators() {
	return mUserAuthenticators;
	}

	/**
	* Gets the set of user authenticators for which the TEE enforces access restrictions for this
	* key. This is a subset of the user authentications returned by
	* {@link #getUserAuthenticators()}.
	*/
	public @KeyStoreKeyProperties.UserAuthenticatorEnum int getTeeEnforcedUserAuthenticators() {
	return mTeeEnforcedUserAuthenticators;
	}

	/**
	* Gets the duration of time (seconds) for which the key can be used after the user
	* successfully authenticates to one of the associated user authenticators.
	*
	* @return duration in seconds or {@code -1} if not restricted. {@code 0} means authentication
	* is required for every use of the key.
	*/
	public int getUserAuthenticationValidityDurationSeconds() {
	return mUserAuthenticationValidityDurationSeconds;
	}
	}