/* * Copyright (C) 2013 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security; import android.content.Context; import android.security.KeyPairGeneratorSpec.Builder; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.KeyStore.ProtectionParameter; import java.security.cert.Certificate; /** * This provides the optional parameters that can be specified for * {@code KeyStore} entries that work with * Android KeyStore * facility. The Android KeyStore facility is accessed through a * {@link java.security.KeyStore} API using the {@code AndroidKeyStore} * provider. The {@code context} passed in may be used to pop up some UI to ask * the user to unlock or initialize the Android KeyStore facility. *

* Any entries placed in the {@code KeyStore} may be retrieved later. Note that * there is only one logical instance of the {@code KeyStore} per application * UID so apps using the {@code sharedUid} facility will also share a * {@code KeyStore}. *

* Keys may be generated using the {@link KeyPairGenerator} facility with a * {@link KeyPairGeneratorSpec} to specify the entry's {@code alias}. A * self-signed X.509 certificate will be attached to generated entries, but that * may be replaced at a later time by a certificate signed by a real Certificate * Authority. */ public final class KeyStoreParameter implements ProtectionParameter { private int mFlags; private KeyStoreParameter(int flags) { mFlags = flags; } /** * @hide */ public int getFlags() { return mFlags; } /** * Returns {@code true} if this parameter requires entries to be encrypted * on the disk. */ public boolean isEncryptionRequired() { return (mFlags & KeyStore.FLAG_ENCRYPTED) != 0; } /** * Builder class for {@link KeyStoreParameter} objects. *

* This will build protection parameters for use with the * Android KeyStore * facility. *

* This can be used to require that KeyStore entries be stored encrypted. *

* Example: * * 

     * KeyStoreParameter params = new KeyStoreParameter.Builder(mContext)
     *         .setEncryptionRequired()
     *         .build();
     *
*/ public final static class Builder { private int mFlags; /** * Creates a new instance of the {@code Builder} with the given * {@code context}. The {@code context} passed in may be used to pop up * some UI to ask the user to unlock or initialize the Android KeyStore * facility. */ public Builder(Context context) { if (context == null) { throw new NullPointerException("context == null"); } // Context is currently not used, but will be in the future. } /** * Indicates that this key must be encrypted at rest on storage. Note * that enabling this will require that the user enable a strong lock * screen (e.g., PIN, password) before creating or using the generated * key is successful. */ public Builder setEncryptionRequired(boolean required) { if (required) { mFlags |= KeyStore.FLAG_ENCRYPTED; } else { mFlags &= ~KeyStore.FLAG_ENCRYPTED; } return this; } /** * Builds the instance of the {@code KeyPairGeneratorSpec}. * * @throws IllegalArgumentException if a required field is missing * @return built instance of {@code KeyPairGeneratorSpec} */ public KeyStoreParameter build() { return new KeyStoreParameter(mFlags); } } }