Examples with KeyStore android.security.KeyStore used on opensource projects

Search in sources :

Example 21 with KeyStore

use of android.security.KeyStore in project Resurrection_packages_apps_Settings by ResurrectionRemix.

the class ConfigDialogFragment method onClick.

@Override
public void onClick(DialogInterface dialogInterface, int button) {
    ConfigDialog dialog = (ConfigDialog) getDialog();
    VpnProfile profile = dialog.getProfile();
    if (button == DialogInterface.BUTTON_POSITIVE) {
        // Update KeyStore entry
        KeyStore.getInstance().put(Credentials.VPN + profile.key, profile.encode(), KeyStore.UID_SELF, /* flags */
        0);
        // Flush out old version of profile
        disconnect(profile);
        updateLockdownVpn(dialog.isVpnAlwaysOn(), profile);
        // If we are not editing, connect!
        if (!dialog.isEditing() && !VpnUtils.isVpnLockdown(profile.key)) {
            try {
                connect(profile);
            } catch (RemoteException e) {
                Log.e(TAG, "Failed to connect", e);
            }
        }
    } else if (button == DialogInterface.BUTTON_NEUTRAL) {
        // Disable profile if connected
        disconnect(profile);
        // Delete from KeyStore
        KeyStore keyStore = KeyStore.getInstance();
        keyStore.delete(Credentials.VPN + profile.key, KeyStore.UID_SELF);
        updateLockdownVpn(false, profile);
    }
    dismiss();
}
Also used : VpnProfile(com.android.internal.net.VpnProfile) RemoteException(android.os.RemoteException) KeyStore(android.security.KeyStore)

Example 22 with KeyStore

use of android.security.KeyStore in project android_frameworks_base by ResurrectionRemix.

the class LockSettingsService method tieProfileLockToParent.

private void tieProfileLockToParent(int userId, String password) {
    if (DEBUG)
        Slog.v(TAG, "tieProfileLockToParent for user: " + userId);
    byte[] randomLockSeed = password.getBytes(StandardCharsets.UTF_8);
    byte[] encryptionResult;
    byte[] iv;
    try {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES);
        keyGenerator.init(new SecureRandom());
        SecretKey secretKey = keyGenerator.generateKey();
        java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            keyStore.setEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId, new java.security.KeyStore.SecretKeyEntry(secretKey), new KeyProtection.Builder(KeyProperties.PURPOSE_ENCRYPT).setBlockModes(KeyProperties.BLOCK_MODE_GCM).setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE).build());
            keyStore.setEntry(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, new java.security.KeyStore.SecretKeyEntry(secretKey), new KeyProtection.Builder(KeyProperties.PURPOSE_DECRYPT).setBlockModes(KeyProperties.BLOCK_MODE_GCM).setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(30).build());
            // Key imported, obtain a reference to it.
            SecretKey keyStoreEncryptionKey = (SecretKey) keyStore.getKey(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId, null);
            Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE);
            cipher.init(Cipher.ENCRYPT_MODE, keyStoreEncryptionKey);
            encryptionResult = cipher.doFinal(randomLockSeed);
            iv = cipher.getIV();
        } finally {
            // The original key can now be discarded.
            keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId);
        }
    } catch (CertificateException | UnrecoverableKeyException | IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) {
        throw new RuntimeException("Failed to encrypt key", e);
    }
    ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
    try {
        if (iv.length != PROFILE_KEY_IV_SIZE) {
            throw new RuntimeException("Invalid iv length: " + iv.length);
        }
        outputStream.write(iv);
        outputStream.write(encryptionResult);
    } catch (IOException e) {
        throw new RuntimeException("Failed to concatenate byte arrays", e);
    }
    mStorage.writeChildProfileLock(userId, outputStream.toByteArray());
}
Also used : SecureRandom(java.security.SecureRandom) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeyException(java.security.InvalidKeyException) KeyStore(android.security.KeyStore) SecretKey(javax.crypto.SecretKey) UnrecoverableKeyException(java.security.UnrecoverableKeyException) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator)

Example 23 with KeyStore

use of android.security.KeyStore in project android_frameworks_base by ResurrectionRemix.

the class LockSettingsService method setKeystorePassword.

private void setKeystorePassword(String password, int userHandle) {
    final KeyStore ks = KeyStore.getInstance();
    ks.onUserPasswordChanged(userHandle, password);
}
Also used : KeyStore(android.security.KeyStore)

Example 24 with KeyStore

use of android.security.KeyStore in project android_frameworks_base by crdroidandroid.

the class LockSettingsService method tieProfileLockToParent.

private void tieProfileLockToParent(int userId, String password) throws KeyStoreException {
    if (DEBUG)
        Slog.v(TAG, "tieProfileLockToParent for user: " + userId);
    byte[] randomLockSeed = password.getBytes(StandardCharsets.UTF_8);
    byte[] encryptionResult;
    byte[] iv;
    try {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES);
        keyGenerator.init(new SecureRandom());
        SecretKey secretKey = keyGenerator.generateKey();
        java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        try {
            keyStore.setEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId, new java.security.KeyStore.SecretKeyEntry(secretKey), new KeyProtection.Builder(KeyProperties.PURPOSE_ENCRYPT).setBlockModes(KeyProperties.BLOCK_MODE_GCM).setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE).build());
            keyStore.setEntry(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, new java.security.KeyStore.SecretKeyEntry(secretKey), new KeyProtection.Builder(KeyProperties.PURPOSE_DECRYPT).setBlockModes(KeyProperties.BLOCK_MODE_GCM).setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE).setUserAuthenticationRequired(true).setUserAuthenticationValidityDurationSeconds(30).build());
            // Key imported, obtain a reference to it.
            SecretKey keyStoreEncryptionKey = (SecretKey) keyStore.getKey(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId, null);
            Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE);
            cipher.init(Cipher.ENCRYPT_MODE, keyStoreEncryptionKey);
            encryptionResult = cipher.doFinal(randomLockSeed);
            iv = cipher.getIV();
        } finally {
            // The original key can now be discarded.
            keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId);
        }
    } catch (CertificateException | UnrecoverableKeyException | IOException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) {
        throw new RuntimeException("Failed to encrypt key", e);
    }
    ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
    try {
        if (iv.length != PROFILE_KEY_IV_SIZE) {
            throw new RuntimeException("Invalid iv length: " + iv.length);
        }
        outputStream.write(iv);
        outputStream.write(encryptionResult);
    } catch (IOException e) {
        throw new RuntimeException("Failed to concatenate byte arrays", e);
    }
    mStorage.writeChildProfileLock(userId, outputStream.toByteArray());
}
Also used : SecureRandom(java.security.SecureRandom) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeyException(java.security.InvalidKeyException) KeyStore(android.security.KeyStore) SecretKey(javax.crypto.SecretKey) UnrecoverableKeyException(java.security.UnrecoverableKeyException) Cipher(javax.crypto.Cipher) KeyGenerator(javax.crypto.KeyGenerator)

Example 25 with KeyStore

use of android.security.KeyStore in project android_frameworks_base by crdroidandroid.

the class LockSettingsService method removeUser.

private void removeUser(int userId, boolean unknownUser) {
    mStorage.removeUser(userId);
    mStrongAuth.removeUser(userId);
    final KeyStore ks = KeyStore.getInstance();
    ks.onUserRemoved(userId);
    try {
        final IGateKeeperService gk = getGateKeeperService();
        if (gk != null) {
            gk.clearSecureUserId(userId);
        }
    } catch (RemoteException ex) {
        Slog.w(TAG, "unable to clear GK secure user id");
    }
    if (unknownUser || mUserManager.getUserInfo(userId).isManagedProfile()) {
        removeKeystoreProfileKey(userId);
    }
}
Also used : IGateKeeperService(android.service.gatekeeper.IGateKeeperService) RemoteException(android.os.RemoteException) KeyStore(android.security.KeyStore)

Aggregations

KeyStore (android.security.KeyStore)26 RemoteException (android.os.RemoteException)8 IOException (java.io.IOException)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6 CertificateException (java.security.cert.CertificateException)6 IGateKeeperService (android.service.gatekeeper.IGateKeeperService)5 ByteArrayOutputStream (java.io.ByteArrayOutputStream)5 InvalidKeyException (java.security.InvalidKeyException)5 KeyStoreException (java.security.KeyStoreException)5 SecureRandom (java.security.SecureRandom)5 UnrecoverableKeyException (java.security.UnrecoverableKeyException)5 BadPaddingException (javax.crypto.BadPaddingException)5 Cipher (javax.crypto.Cipher)5 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)5 KeyGenerator (javax.crypto.KeyGenerator)5 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)5 SecretKey (javax.crypto.SecretKey)5 DevicePolicyManager (android.app.admin.DevicePolicyManager)4 FileNotFoundException (java.io.FileNotFoundException)2 RandomAccessFile (java.io.RandomAccessFile)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial