| /* |
| * Copyright (C) 2013 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package android.security; |
| |
| import android.content.Context; |
| |
| import java.security.KeyPairGenerator; |
| import java.security.KeyStore.ProtectionParameter; |
| |
| /** |
| * This provides the optional parameters that can be specified for |
| * {@code KeyStore} entries that work with |
| * <a href="{@docRoot}training/articles/keystore.html">Android KeyStore |
| * facility</a>. The Android KeyStore facility is accessed through a |
| * {@link java.security.KeyStore} API using the {@code AndroidKeyStore} |
| * provider. The {@code context} passed in may be used to pop up some UI to ask |
| * the user to unlock or initialize the Android KeyStore facility. |
| * <p> |
| * Any entries placed in the {@code KeyStore} may be retrieved later. Note that |
| * there is only one logical instance of the {@code KeyStore} per application |
| * UID so apps using the {@code sharedUid} facility will also share a |
| * {@code KeyStore}. |
| * <p> |
| * Keys may be generated using the {@link KeyPairGenerator} facility with a |
| * {@link KeyPairGeneratorSpec} to specify the entry's {@code alias}. A |
| * self-signed X.509 certificate will be attached to generated entries, but that |
| * may be replaced at a later time by a certificate signed by a real Certificate |
| * Authority. |
| */ |
| public final class KeyStoreParameter implements ProtectionParameter { |
| private int mFlags; |
| |
| private KeyStoreParameter(int flags) { |
| mFlags = flags; |
| } |
| |
| /** |
| * @hide |
| */ |
| public int getFlags() { |
| return mFlags; |
| } |
| |
| /** |
| * Returns {@code true} if this parameter requires entries to be encrypted |
| * on the disk. |
| */ |
| public boolean isEncryptionRequired() { |
| return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0; |
| } |
| |
| /** |
| * Builder class for {@link KeyStoreParameter} objects. |
| * <p> |
| * This will build protection parameters for use with the |
| * <a href="{@docRoot}training/articles/keystore.html">Android KeyStore |
| * facility</a>. |
| * <p> |
| * This can be used to require that KeyStore entries be stored encrypted. |
| * <p> |
| * Example: |
| * |
| * <pre class="prettyprint"> |
| * KeyStoreParameter params = new KeyStoreParameter.Builder(mContext) |
| * .setEncryptionRequired() |
| * .build(); |
| * </pre> |
| */ |
| public final static class Builder { |
| private int mFlags; |
| |
| /** |
| * Creates a new instance of the {@code Builder} with the given |
| * {@code context}. The {@code context} passed in may be used to pop up |
| * some UI to ask the user to unlock or initialize the Android KeyStore |
| * facility. |
| */ |
| public Builder(Context context) { |
| if (context == null) { |
| throw new NullPointerException("context == null"); |
| } |
| |
| // Context is currently not used, but will be in the future. |
| } |
| |
| /** |
| * Indicates that this key must be encrypted at rest on storage. Note |
| * that enabling this will require that the user enable a strong lock |
| * screen (e.g., PIN, password) before creating or using the generated |
| * key is successful. |
| */ |
| public Builder setEncryptionRequired(boolean required) { |
| if (required) { |
| mFlags |= KeyStore.FLAG_ENCRYPTED; |
| } else { |
| mFlags &= ~KeyStore.FLAG_ENCRYPTED; |
| } |
| return this; |
| } |
| |
| /** |
| * Builds the instance of the {@code KeyPairGeneratorSpec}. |
| * |
| * @throws IllegalArgumentException if a required field is missing |
| * @return built instance of {@code KeyPairGeneratorSpec} |
| */ |
| public KeyStoreParameter build() { |
| return new KeyStoreParameter(mFlags); |
| } |
| } |
| } |