/**
* Returns the current generation ID of the platform key. This increments whenever a platform
* key has to be replaced. (e.g., because the user has removed and then re-added their lock
- * screen).
+ * screen). Returns -1 if no key has been generated yet.
*
* @hide
*/
public int getGenerationId() {
- int generationId = mDatabase.getPlatformKeyGenerationId(mUserId);
- if (generationId == -1) {
- return 1;
- }
- return generationId;
+ return mDatabase.getPlatformKeyGenerationId(mUserId);
}
/**
Locale.US, "Platform key generation %d exists already.", generationId));
return;
}
- if (generationId == 1) {
+ if (generationId == -1) {
Log.i(TAG, "Generating initial platform ID.");
} else {
Log.w(TAG, String.format(Locale.US, "Platform generation ID was %d but no "
+ "entry was present in AndroidKeyStore. Generating fresh key.", generationId));
}
+ if (generationId == -1) {
+ generationId = 1;
+ } else {
+ // Had to generate a fresh key, bump the generation id
+ generationId++;
+ }
+
generateAndLoadKey(generationId);
+ mDatabase.setPlatformKeyGenerationId(mUserId, generationId);
}
/**
}
@Test
+ public void init_savesGenerationIdToDatabase() throws Exception {
+ mPlatformKeyManager.init();
+
+ assertEquals(1,
+ mRecoverableKeyStoreDb.getPlatformKeyGenerationId(USER_ID_FIXTURE));
+ }
+
+ @Test
public void init_setsGenerationIdTo1() throws Exception {
mPlatformKeyManager.init();
}
@Test
+ public void init_incrementsGenerationIdIfKeyIsUnavailable() throws Exception {
+ mPlatformKeyManager.init();
+
+ mPlatformKeyManager.init();
+
+ assertEquals(2, mPlatformKeyManager.getGenerationId());
+ }
+
+ @Test
+ public void init_doesNotIncrementGenerationIdIfKeyAvailable() throws Exception {
+ mPlatformKeyManager.init();
+ when(mKeyStoreProxy
+ .containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ + "platform/42/1/decrypt")).thenReturn(true);
+ when(mKeyStoreProxy
+ .containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ + "platform/42/1/encrypt")).thenReturn(true);
+
+ mPlatformKeyManager.init();
+
+ assertEquals(1, mPlatformKeyManager.getGenerationId());
+ }
+
+ @Test
+ public void getGenerationId_returnsMinusOneIfNotInitialized() throws Exception {
+ assertEquals(-1, mPlatformKeyManager.getGenerationId());
+ }
+
+ @Test
public void getDecryptKey_getsDecryptKeyWithCorrectAlias() throws Exception {
+ mPlatformKeyManager.init();
+
mPlatformKeyManager.getDecryptKey();
verify(mKeyStoreProxy).getKey(
@Test
public void getEncryptKey_getsDecryptKeyWithCorrectAlias() throws Exception {
+ mPlatformKeyManager.init();
+
mPlatformKeyManager.getEncryptKey();
verify(mKeyStoreProxy).getKey(