-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Migrate Function For KeystoreIdentityCredential #346
Add Migrate Function For KeystoreIdentityCredential #346
Conversation
2d6ad27
to
ff7da86
Compare
This needs to be rebased on master branch for the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs rebased on top of master.
af23ea3
to
3c6da26
Compare
...android/src/main/java/com/android/identity/android/securearea/AndroidKeystoreSecureArea.java
Show resolved
Hide resolved
* @param existingKeyAlias the alias of the existing key. | ||
* @return A newly created credential. | ||
*/ | ||
public @NonNull Credential createCredentialWithExistingKey( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
*/ | ||
public @NonNull Credential createCredentialWithExistingKey( | ||
@NonNull String name, | ||
@NonNull SecureArea.CreateKeySettings credentialKeySettings, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we take a CreateKeySettings
object here? I mean, the key already exists so...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My reasoning is that I wanted CredentialStore#createCredentialWithExistingKey
to be generic enough to support all keys, not just from KeystoreIdentityCredential#migrateToCredentialStore
(since the keys being migrated have CreateKeySettings
with only EC_CURVE_P256, no biometric authentication, and no attest key).
On that note, though, if being generic isn't needed/wanted here, I could rename the function (to be clear it's only for migration) and make the CreateKeySettings
further down the call path before it gets to SecureArea#createKey(alias, createKeySettings)
3c6da26
to
58c2052
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but unit tests are failing.
The unit tests don't like the way the |
Added a function to the KeystoreIdentityCredential class that creates a new Credential (identity/src/main/java/com/android/identity/credential/Credential.java) using the information in the given KeystoreIdentityCredential and deletes the KeystoreIdentityCredential once the new Credential is created. This change required additional functions in the Credential, CredentialStore, and AndroidKeystore classes which allow Credential creation with an existing key so the credential key from the KeystoreIdentityCredential could be preserved. A function in Utility.java to extract key settings from an existing key as well as a function in CredentialData.java to delete credential information while preserving the key were also added to aid in this process. Tested in MigrateFromKeystoreICStoreTest.
58c2052
to
ba341af
Compare
f8b3596
into
openwallet-foundation-labs:master
Added a function to the KeystoreIdentityCredential class that creates a new Credential (identity/src/main/java/com/android/identity/credential/Credential.java) using the information in the given KeystoreIdentityCredential and deletes the KeystoreIdentityCredential once the new Credential is created. This change required additional functions in the Credential, CredentialStore, and AndroidKeystore classes which allow Credential creation with an existing key so the credential key from the KeystoreIdentityCredential could be preserved. A function in Utility.java to extract key settings from an existing key as well as a function in CredentialData.java to delete credential information while preserving the key were also added to aid in this process.
Tested in MigrateFromKeystoreICStoreTest.
Fixes #331