diff options
author | Jan-Felix Schmakeit <jfschmakeit@google.com> | 2017-01-19 17:01:21 +1100 |
---|---|---|
committer | Jan-Felix Schmakeit <jfschmakeit@google.com> | 2017-02-09 01:03:27 +0000 |
commit | 6f3586bc08b96d14d8f1315f4839ac59aa39798c (patch) | |
tree | 994fbb354afcfe5cc1d29dd9da9cb65d2a9816e9 /security | |
parent | 9bc28e3c6afc84700fb35a2ae3b9440a0f59c107 (diff) | |
download | android-6f3586bc08b96d14d8f1315f4839ac59aa39798c.tar.gz |
Update BasicKeyStore sample for new keystore APIs.
Above Android M, use KeyGenparameterSpec to generate the key pair.
This change also updates the icons.
Change-Id: I2717d21c3df62441eecdb5e24882c0311eb1a1cf
Diffstat (limited to 'security')
13 files changed, 57 insertions, 25 deletions
diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/AndroidManifest.xml b/security/keystore/BasicAndroidKeyStore/Application/src/main/AndroidManifest.xml index 1c3b255f..1f8a4319 100644 --- a/security/keystore/BasicAndroidKeyStore/Application/src/main/AndroidManifest.xml +++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/AndroidManifest.xml @@ -26,7 +26,7 @@ <application android:allowBackup="true" android:label="@string/app_name" - android:icon="@drawable/ic_launcher" + android:icon="@mipmap/ic_launcher" android:theme="@style/AppTheme"> <activity android:name=".MainActivity" diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/java/com/example/android/basicandroidkeystore/BasicAndroidKeyStoreFragment.java b/security/keystore/BasicAndroidKeyStore/Application/src/main/java/com/example/android/basicandroidkeystore/BasicAndroidKeyStoreFragment.java index e6244bfb..3616e88e 100644 --- a/security/keystore/BasicAndroidKeyStore/Application/src/main/java/com/example/android/basicandroidkeystore/BasicAndroidKeyStoreFragment.java +++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/java/com/example/android/basicandroidkeystore/BasicAndroidKeyStoreFragment.java @@ -16,15 +16,18 @@ package com.example.android.basicandroidkeystore; +import com.example.android.common.logger.Log; + import android.content.Context; +import android.os.Build; import android.os.Bundle; import android.security.KeyPairGeneratorSpec; +import android.security.keystore.KeyGenParameterSpec; +import android.security.keystore.KeyProperties; import android.support.v4.app.Fragment; import android.util.Base64; import android.view.MenuItem; -import com.example.android.common.logger.Log; - import java.io.IOException; import java.math.BigInteger; import java.security.InvalidAlgorithmParameterException; @@ -39,6 +42,7 @@ import java.security.Signature; import java.security.SignatureException; import java.security.UnrecoverableEntryException; import java.security.cert.CertificateException; +import java.security.spec.AlgorithmParameterSpec; import java.util.Calendar; import java.util.GregorianCalendar; @@ -46,7 +50,7 @@ import javax.security.auth.x500.X500Principal; public class BasicAndroidKeyStoreFragment extends Fragment { - public static final String TAG = "BasicAndroidKeyStoreFragment"; + public static final String TAG = "KeyStoreFragment"; // BEGIN_INCLUDE(values) @@ -159,36 +163,54 @@ public class BasicAndroidKeyStoreFragment extends Fragment { end.add(Calendar.YEAR, 1); //END_INCLUDE(create_valid_dates) - - // BEGIN_INCLUDE(create_spec) - // The KeyPairGeneratorSpec object is how parameters for your key pair are passed - // to the KeyPairGenerator. For a fun home game, count how many classes in this sample - // start with the phrase "KeyPair". - KeyPairGeneratorSpec spec = - new KeyPairGeneratorSpec.Builder(context) - // You'll use the alias later to retrieve the key. It's a key for the key! - .setAlias(mAlias) - // The subject used for the self-signed certificate of the generated pair - .setSubject(new X500Principal("CN=" + mAlias)) - // The serial number used for the self-signed certificate of the - // generated pair. - .setSerialNumber(BigInteger.valueOf(1337)) - // Date range of validity for the generated pair. - .setStartDate(start.getTime()) - .setEndDate(end.getTime()) - .build(); - // END_INCLUDE(create_spec) - // BEGIN_INCLUDE(create_keypair) // Initialize a KeyPair generator using the the intended algorithm (in this example, RSA // and the KeyStore. This example uses the AndroidKeyStore. KeyPairGenerator kpGenerator = KeyPairGenerator .getInstance(SecurityConstants.TYPE_RSA, SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE); + // END_INCLUDE(create_keypair) + + // BEGIN_INCLUDE(create_spec) + // The KeyPairGeneratorSpec object is how parameters for your key pair are passed + // to the KeyPairGenerator. + AlgorithmParameterSpec spec; + + if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) { + // Below Android M, use the KeyPairGeneratorSpec.Builder. + + spec = new KeyPairGeneratorSpec.Builder(context) + // You'll use the alias later to retrieve the key. It's a key for the key! + .setAlias(mAlias) + // The subject used for the self-signed certificate of the generated pair + .setSubject(new X500Principal("CN=" + mAlias)) + // The serial number used for the self-signed certificate of the + // generated pair. + .setSerialNumber(BigInteger.valueOf(1337)) + // Date range of validity for the generated pair. + .setStartDate(start.getTime()) + .setEndDate(end.getTime()) + .build(); + + + } else { + // On Android M or above, use the KeyGenparameterSpec.Builder and specify permitted + // properties and restrictions of the key. + spec = new KeyGenParameterSpec.Builder(mAlias, KeyProperties.PURPOSE_SIGN) + .setCertificateSubject(new X500Principal("CN=" + mAlias)) + .setDigests(KeyProperties.DIGEST_SHA256) + .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) + .setCertificateSerialNumber(BigInteger.valueOf(1337)) + .setCertificateNotBefore(start.getTime()) + .setCertificateNotAfter(end.getTime()) + .build(); + } + kpGenerator.initialize(spec); + KeyPair kp = kpGenerator.generateKeyPair(); + // END_INCLUDE(create_spec) Log.d(TAG, "Public Key is: " + kp.getPublic().toString()); - // END_INCLUDE(create_keypair) } /** diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-hdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-hdpi/ic_launcher.png Binary files differdeleted file mode 100644 index b1efaf4b..00000000 --- a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-hdpi/ic_launcher.png +++ /dev/null diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-mdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-mdpi/ic_launcher.png Binary files differdeleted file mode 100644 index f5f9244f..00000000 --- a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-mdpi/ic_launcher.png +++ /dev/null diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xhdpi/ic_launcher.png Binary files differdeleted file mode 100644 index 5d07b3f0..00000000 --- a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xhdpi/ic_launcher.png +++ /dev/null diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xxhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xxhdpi/ic_launcher.png Binary files differdeleted file mode 100644 index 6ef21e1f..00000000 --- a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/drawable-xxhdpi/ic_launcher.png +++ /dev/null diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-hdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-hdpi/ic_launcher.png Binary files differnew file mode 100644 index 00000000..c57b83ab --- /dev/null +++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-hdpi/ic_launcher.png diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-mdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-mdpi/ic_launcher.png Binary files differnew file mode 100644 index 00000000..c43fc24a --- /dev/null +++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-mdpi/ic_launcher.png diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xhdpi/ic_launcher.png Binary files differnew file mode 100644 index 00000000..4255f237 --- /dev/null +++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xhdpi/ic_launcher.png diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxhdpi/ic_launcher.png Binary files differnew file mode 100644 index 00000000..f6ca8a92 --- /dev/null +++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxhdpi/ic_launcher.png diff --git a/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxxhdpi/ic_launcher.png b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxxhdpi/ic_launcher.png Binary files differnew file mode 100644 index 00000000..0f623f6f --- /dev/null +++ b/security/keystore/BasicAndroidKeyStore/Application/src/main/res/mipmap-xxxhdpi/ic_launcher.png diff --git a/security/keystore/BasicAndroidKeyStore/screenshots/big_icon.png b/security/keystore/BasicAndroidKeyStore/screenshots/big_icon.png Binary files differindex 004d80cd..aa816d75 100644 --- a/security/keystore/BasicAndroidKeyStore/screenshots/big_icon.png +++ b/security/keystore/BasicAndroidKeyStore/screenshots/big_icon.png diff --git a/security/keystore/BasicAndroidKeyStore/template-params.xml b/security/keystore/BasicAndroidKeyStore/template-params.xml index e2fddf67..bb0056ab 100644 --- a/security/keystore/BasicAndroidKeyStore/template-params.xml +++ b/security/keystore/BasicAndroidKeyStore/template-params.xml @@ -57,7 +57,10 @@ To verify the data using the signature provided, click \"Verify\".\n\n <img>screenshots/screenshot5.png</img> </screenshots> <api_refs> + <android>android.security.keystore.KeyGenParameterSpec</android> + <android>android.security.keystore.KeyProperties</android> <android>android.security.KeyPairGeneratorSpec</android> + <android>java.security.KeyStore</android> </api_refs> <description> <![CDATA[ @@ -72,12 +75,19 @@ encryption keys that only your application can access. A [KeyPair][2] consisting of a [PrivateKey][3] and a [PublicKey][4] is being generated. The private key then is being used to sign and verify a String. +Below Android M, this sample uses a [KeyPairGeneratorSpec][5] to generate a key pair. +On newer versions of Android, a [KeyGenParameterSpec][6] generates a key pair with +additional restrictions and properties. + + Next to that appropriate exception handling for potential errors is being displayed. [1]: https://developer.android.com/reference/java/security/KeyStore.html [2]: https://developer.android.com/reference/java/security/KeyPair.html [3]: https://developer.android.com/reference/java/security/PrivateKey.html [4]: https://developer.android.com/reference/java/security/PublicKey.html +[5]: https://developer.android.com/reference/android/security/KeyPairGeneratorSpec.html +[6]: https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.html ]]> </intro> </metadata> |