keystore/java/android/security/KeyStoreParameter.java - platform/frameworks/base - Git at Google

 /*
  * Copyright (C) 2013 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.security;

 import android.annotation.NonNull;
 import android.app.KeyguardManager;
 import android.content.Context;
 import android.security.keystore.KeyProtection;

 import java.security.KeyPairGenerator;
 import java.security.KeyStore.ProtectionParameter;

 /**
  * This provides the optional parameters that can be specified for
  * {@code KeyStore} entries that work with
  * <a href="{@docRoot}training/articles/keystore.html">Android KeyStore
  * facility</a>. The Android KeyStore facility is accessed through a
  * {@link java.security.KeyStore} API using the {@code AndroidKeyStore}
  * provider. The {@code context} passed in may be used to pop up some UI to ask
  * the user to unlock or initialize the Android KeyStore facility.
  * <p>
  * Any entries placed in the {@code KeyStore} may be retrieved later. Note that
  * there is only one logical instance of the {@code KeyStore} per application
  * UID so apps using the {@code sharedUid} facility will also share a
  * {@code KeyStore}.
  * <p>
  * Keys may be generated using the {@link KeyPairGenerator} facility with a
  * {@link KeyPairGeneratorSpec} to specify the entry's {@code alias}. A
  * self-signed X.509 certificate will be attached to generated entries, but that
  * may be replaced at a later time by a certificate signed by a real Certificate
  * Authority.
  *
  * @deprecated Use {@link KeyProtection} instead.
  */
 @Deprecated
 public final class KeyStoreParameter implements ProtectionParameter {
     private final int mFlags;

     private KeyStoreParameter(
             int flags) {
         mFlags = flags;
     }

     /**
      * @hide
      */
     public int getFlags() {
         return mFlags;
     }

     /**
      * Returns {@code true} if the {@link java.security.KeyStore} entry must be encrypted at rest.
      * This will protect the entry with the secure lock screen credential (e.g., password, PIN, or
      * pattern).
      *
      * <p>Note that encrypting the key at rest requires that the secure lock screen (e.g., password,
      * PIN, pattern) is set up, otherwise key generation will fail. Moreover, this key will be
      * deleted when the secure lock screen is disabled or reset (e.g., by the user or a Device
      * Administrator). Finally, this key cannot be used until the user unlocks the secure lock
      * screen after boot.
      *
      * @see KeyguardManager#isDeviceSecure()
      */
     public boolean isEncryptionRequired() {
         return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0;
     }

     /**
      * Builder class for {@link KeyStoreParameter} objects.
      * <p>
      * This will build protection parameters for use with the
      * <a href="{@docRoot}training/articles/keystore.html">Android KeyStore
      * facility</a>.
      * <p>
      * This can be used to require that KeyStore entries be stored encrypted.
      * <p>
      * Example:
      *
      * <pre class="prettyprint">
      * KeyStoreParameter params = new KeyStoreParameter.Builder(mContext)
      *         .setEncryptionRequired()
      *         .build();
      * </pre>
      *
      *  @deprecated Use {@link KeyProtection.Builder} instead.
      */
     @Deprecated
     public final static class Builder {
         private int mFlags;

         /**
          * Creates a new instance of the {@code Builder} with the given
          * {@code context}. The {@code context} passed in may be used to pop up
          * some UI to ask the user to unlock or initialize the Android KeyStore
          * facility.
          */
         public Builder(@NonNull Context context) {
             if (context == null) {
                 throw new NullPointerException("context == null");
             }
         }

         /**
          * Sets whether this {@link java.security.KeyStore} entry must be encrypted at rest.
          * Encryption at rest will protect the entry with the secure lock screen credential (e.g.,
          * password, PIN, or pattern).
          *
          * <p>Note that enabling this feature requires that the secure lock screen (e.g., password,
          * PIN, pattern) is set up, otherwise setting the {@code KeyStore} entry will fail.
          * Moreover, this entry will be deleted when the secure lock screen is disabled or reset
          * (e.g., by the user or a Device Administrator). Finally, this entry cannot be used until
          * the user unlocks the secure lock screen after boot.
          *
          * @see KeyguardManager#isDeviceSecure()
          */
         @NonNull
         public Builder setEncryptionRequired(boolean required) {
             if (required) {
                 mFlags |= KeyStore.FLAG_ENCRYPTED;
             } else {
                 mFlags &= ~KeyStore.FLAG_ENCRYPTED;
             }
             return this;
         }

         /**
          * Builds the instance of the {@code KeyStoreParameter}.
          *
          * @throws IllegalArgumentException if a required field is missing
          * @return built instance of {@code KeyStoreParameter}
          */
         @NonNull
         public KeyStoreParameter build() {
             return new KeyStoreParameter(
                     mFlags);
         }
     }
 }
	/*
	* Copyright (C) 2013 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.security;

	import android.annotation.NonNull;
	import android.app.KeyguardManager;
	import android.content.Context;
	import android.security.keystore.KeyProtection;

	import java.security.KeyPairGenerator;
	import java.security.KeyStore.ProtectionParameter;

	/**
	* This provides the optional parameters that can be specified for
	* {@code KeyStore} entries that work with
	* <a href="{@docRoot}training/articles/keystore.html">Android KeyStore
	* facility</a>. The Android KeyStore facility is accessed through a
	* {@link java.security.KeyStore} API using the {@code AndroidKeyStore}
	* provider. The {@code context} passed in may be used to pop up some UI to ask
	* the user to unlock or initialize the Android KeyStore facility.
	* <p>
	* Any entries placed in the {@code KeyStore} may be retrieved later. Note that
	* there is only one logical instance of the {@code KeyStore} per application
	* UID so apps using the {@code sharedUid} facility will also share a
	* {@code KeyStore}.
	* <p>
	* Keys may be generated using the {@link KeyPairGenerator} facility with a
	* {@link KeyPairGeneratorSpec} to specify the entry's {@code alias}. A
	* self-signed X.509 certificate will be attached to generated entries, but that
	* may be replaced at a later time by a certificate signed by a real Certificate
	* Authority.
	*
	* @deprecated Use {@link KeyProtection} instead.
	*/
	@Deprecated
	public final class KeyStoreParameter implements ProtectionParameter {
	private final int mFlags;

	private KeyStoreParameter(
	int flags) {
	mFlags = flags;
	}

	/**
	* @hide
	*/
	public int getFlags() {
	return mFlags;
	}

	/**
	* Returns {@code true} if the {@link java.security.KeyStore} entry must be encrypted at rest.
	* This will protect the entry with the secure lock screen credential (e.g., password, PIN, or
	* pattern).
	*
	* <p>Note that encrypting the key at rest requires that the secure lock screen (e.g., password,
	* PIN, pattern) is set up, otherwise key generation will fail. Moreover, this key will be
	* deleted when the secure lock screen is disabled or reset (e.g., by the user or a Device
	* Administrator). Finally, this key cannot be used until the user unlocks the secure lock
	* screen after boot.
	*
	* @see KeyguardManager#isDeviceSecure()
	*/
	public boolean isEncryptionRequired() {
	return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0;
	}

	/**
	* Builder class for {@link KeyStoreParameter} objects.
	* <p>
	* This will build protection parameters for use with the
	* <a href="{@docRoot}training/articles/keystore.html">Android KeyStore
	* facility</a>.
	* <p>
	* This can be used to require that KeyStore entries be stored encrypted.
	* <p>
	* Example:
	*
	* <pre class="prettyprint">
	* KeyStoreParameter params = new KeyStoreParameter.Builder(mContext)
	* .setEncryptionRequired()
	* .build();
	* </pre>
	*
	* @deprecated Use {@link KeyProtection.Builder} instead.
	*/
	@Deprecated
	public final static class Builder {
	private int mFlags;

	/**
	* Creates a new instance of the {@code Builder} with the given
	* {@code context}. The {@code context} passed in may be used to pop up
	* some UI to ask the user to unlock or initialize the Android KeyStore
	* facility.
	*/
	public Builder(@NonNull Context context) {
	if (context == null) {
	throw new NullPointerException("context == null");
	}
	}

	/**
	* Sets whether this {@link java.security.KeyStore} entry must be encrypted at rest.
	* Encryption at rest will protect the entry with the secure lock screen credential (e.g.,
	* password, PIN, or pattern).
	*
	* <p>Note that enabling this feature requires that the secure lock screen (e.g., password,
	* PIN, pattern) is set up, otherwise setting the {@code KeyStore} entry will fail.
	* Moreover, this entry will be deleted when the secure lock screen is disabled or reset
	* (e.g., by the user or a Device Administrator). Finally, this entry cannot be used until
	* the user unlocks the secure lock screen after boot.
	*
	* @see KeyguardManager#isDeviceSecure()
	*/
	@NonNull
	public Builder setEncryptionRequired(boolean required) {
	if (required) {
	mFlags \|= KeyStore.FLAG_ENCRYPTED;
	} else {
	mFlags &= ~KeyStore.FLAG_ENCRYPTED;
	}
	return this;
	}

	/**
	* Builds the instance of the {@code KeyStoreParameter}.
	*
	* @throws IllegalArgumentException if a required field is missing
	* @return built instance of {@code KeyStoreParameter}
	*/
	@NonNull
	public KeyStoreParameter build() {
	return new KeyStoreParameter(
	mFlags);
	}
	}
	}