com/android/server/backup/encryption/keys/SecondaryKeyRotationScheduler.java - platform/prebuilts/fullsdk/sources/android-30 - Git at Google

 /*
  * Copyright (C) 2019 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.server.backup.encryption.keys;

 import android.content.Context;
 import android.util.Slog;

 import com.android.server.backup.encryption.CryptoSettings;
 import com.android.server.backup.encryption.tasks.StartSecondaryKeyRotationTask;

 import java.io.File;
 import java.time.Clock;
 import java.util.Optional;

 /**
  * Helps schedule rotations of secondary keys.
  *
  * <p>TODO(b/72028016) Replace with a job.
  */
 public class SecondaryKeyRotationScheduler {

     private static final String TAG = "SecondaryKeyRotationScheduler";
     private static final String SENTINEL_FILE_PATH = "force_secondary_key_rotation";

     private final Context mContext;
     private final RecoverableKeyStoreSecondaryKeyManager mSecondaryKeyManager;
     private final CryptoSettings mCryptoSettings;
     private final Clock mClock;

     public SecondaryKeyRotationScheduler(
             Context context,
             RecoverableKeyStoreSecondaryKeyManager secondaryKeyManager,
             CryptoSettings cryptoSettings,
             Clock clock) {
         mContext = context;
         mCryptoSettings = cryptoSettings;
         mClock = clock;
         mSecondaryKeyManager = secondaryKeyManager;
     }

     /**
      * Returns {@code true} if a sentinel file for forcing secondary key rotation is present. This
      * is only for testing purposes.
      */
     private boolean isForceRotationTestSentinelPresent() {
         File file = new File(mContext.getFilesDir(), SENTINEL_FILE_PATH);
         if (file.exists()) {
             file.delete();
             return true;
         }
         return false;
     }

     /** Start the key rotation task if it's time to do so */
     public void startRotationIfScheduled() {
         if (isForceRotationTestSentinelPresent()) {
             Slog.i(TAG, "Found force flag for secondary rotation. Starting now.");
             startRotation();
             return;
         }

         Optional<Long> maybeLastRotated = mCryptoSettings.getSecondaryLastRotated();
         if (!maybeLastRotated.isPresent()) {
             Slog.v(TAG, "No previous rotation, scheduling from now.");
             scheduleRotationFromNow();
             return;
         }

         long lastRotated = maybeLastRotated.get();
         long now = mClock.millis();

         if (lastRotated > now) {
             Slog.i(TAG, "Last rotation was in the future. Clock must have changed. Rotate now.");
             startRotation();
             return;
         }

         long millisSinceLastRotation = now - lastRotated;
         long rotationInterval = mCryptoSettings.backupSecondaryKeyRotationIntervalMs();
         if (millisSinceLastRotation >= rotationInterval) {
             Slog.i(
                     TAG,
                     "Last rotation was more than "
                             + rotationInterval
                             + "ms ("
                             + millisSinceLastRotation
                             + "ms) in the past. Rotate now.");
             startRotation();
         }

         Slog.v(TAG, "No rotation required, last " + lastRotated + ".");
     }

     private void startRotation() {
         scheduleRotationFromNow();
         new StartSecondaryKeyRotationTask(mCryptoSettings, mSecondaryKeyManager).run();
     }

     private void scheduleRotationFromNow() {
         mCryptoSettings.setSecondaryLastRotated(mClock.millis());
     }
 }
	/*
	* Copyright (C) 2019 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.server.backup.encryption.keys;

	import android.content.Context;
	import android.util.Slog;

	import com.android.server.backup.encryption.CryptoSettings;
	import com.android.server.backup.encryption.tasks.StartSecondaryKeyRotationTask;

	import java.io.File;
	import java.time.Clock;
	import java.util.Optional;

	/**
	* Helps schedule rotations of secondary keys.
	*
	* <p>TODO(b/72028016) Replace with a job.
	*/
	public class SecondaryKeyRotationScheduler {

	private static final String TAG = "SecondaryKeyRotationScheduler";
	private static final String SENTINEL_FILE_PATH = "force_secondary_key_rotation";

	private final Context mContext;
	private final RecoverableKeyStoreSecondaryKeyManager mSecondaryKeyManager;
	private final CryptoSettings mCryptoSettings;
	private final Clock mClock;

	public SecondaryKeyRotationScheduler(
	Context context,
	RecoverableKeyStoreSecondaryKeyManager secondaryKeyManager,
	CryptoSettings cryptoSettings,
	Clock clock) {
	mContext = context;
	mCryptoSettings = cryptoSettings;
	mClock = clock;
	mSecondaryKeyManager = secondaryKeyManager;
	}

	/**
	* Returns {@code true} if a sentinel file for forcing secondary key rotation is present. This
	* is only for testing purposes.
	*/
	private boolean isForceRotationTestSentinelPresent() {
	File file = new File(mContext.getFilesDir(), SENTINEL_FILE_PATH);
	if (file.exists()) {
	file.delete();
	return true;
	}
	return false;
	}

	/** Start the key rotation task if it's time to do so */
	public void startRotationIfScheduled() {
	if (isForceRotationTestSentinelPresent()) {
	Slog.i(TAG, "Found force flag for secondary rotation. Starting now.");
	startRotation();
	return;
	}

	Optional<Long> maybeLastRotated = mCryptoSettings.getSecondaryLastRotated();
	if (!maybeLastRotated.isPresent()) {
	Slog.v(TAG, "No previous rotation, scheduling from now.");
	scheduleRotationFromNow();
	return;
	}

	long lastRotated = maybeLastRotated.get();
	long now = mClock.millis();

	if (lastRotated > now) {
	Slog.i(TAG, "Last rotation was in the future. Clock must have changed. Rotate now.");
	startRotation();
	return;
	}

	long millisSinceLastRotation = now - lastRotated;
	long rotationInterval = mCryptoSettings.backupSecondaryKeyRotationIntervalMs();
	if (millisSinceLastRotation >= rotationInterval) {
	Slog.i(
	TAG,
	"Last rotation was more than "
	+ rotationInterval
	+ "ms ("
	+ millisSinceLastRotation
	+ "ms) in the past. Rotate now.");
	startRotation();
	}

	Slog.v(TAG, "No rotation required, last " + lastRotated + ".");
	}

	private void startRotation() {
	scheduleRotationFromNow();
	new StartSecondaryKeyRotationTask(mCryptoSettings, mSecondaryKeyManager).run();
	}

	private void scheduleRotationFromNow() {
	mCryptoSettings.setSecondaryLastRotated(mClock.millis());
	}
	}