Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Migrate Function For KeystoreIdentityCredential #346

Merged

Conversation

suzannajiwani
Copy link
Contributor

Added a function to the KeystoreIdentityCredential class that creates a new Credential (identity/src/main/java/com/android/identity/credential/Credential.java) using the information in the given KeystoreIdentityCredential and deletes the KeystoreIdentityCredential once the new Credential is created. This change required additional functions in the Credential, CredentialStore, and AndroidKeystore classes which allow Credential creation with an existing key so the credential key from the KeystoreIdentityCredential could be preserved. A function in Utility.java to extract key settings from an existing key as well as a function in CredentialData.java to delete credential information while preserving the key were also added to aid in this process.

Tested in MigrateFromKeystoreICStoreTest.

Fixes #331

  • Tests pass

@davidz25
Copy link
Contributor

This needs to be rebased on master branch for the s/KeystoreEngine/SecureArea/ change and maybe other things.

Copy link
Contributor

@davidz25 davidz25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs rebased on top of master.

@suzannajiwani suzannajiwani force-pushed the issue-331 branch 3 times, most recently from af23ea3 to 3c6da26 Compare August 31, 2023 14:10
* @param existingKeyAlias the alias of the existing key.
* @return A newly created credential.
*/
public @NonNull Credential createCredentialWithExistingKey(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer for this to not be public as it's only called by migrateToCredentialStore(). Maybe add "@hide" for now and we can revisit when solving #292.

*/
public @NonNull Credential createCredentialWithExistingKey(
@NonNull String name,
@NonNull SecureArea.CreateKeySettings credentialKeySettings,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we take a CreateKeySettings object here? I mean, the key already exists so...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My reasoning is that I wanted CredentialStore#createCredentialWithExistingKey to be generic enough to support all keys, not just from KeystoreIdentityCredential#migrateToCredentialStore (since the keys being migrated have CreateKeySettings with only EC_CURVE_P256, no biometric authentication, and no attest key).

On that note, though, if being generic isn't needed/wanted here, I could rename the function (to be clear it's only for migration) and make the CreateKeySettings further down the call path before it gets to SecureArea#createKey(alias, createKeySettings)

Copy link
Contributor

@davidz25 davidz25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but unit tests are failing.

@suzannajiwani
Copy link
Contributor Author

The unit tests don't like the way the @Hidden tag is added, so I'm going to circle back to that with #292

Added a function to the KeystoreIdentityCredential class that creates a new
Credential (identity/src/main/java/com/android/identity/credential/Credential.java)
using the information in the given KeystoreIdentityCredential and deletes the
KeystoreIdentityCredential once the new Credential is created. This change required
additional functions in the Credential, CredentialStore, and AndroidKeystore classes
which allow Credential creation with an existing key so the credential key from the
KeystoreIdentityCredential could be preserved. A function in Utility.java to extract
key settings from an existing key as well as a function in CredentialData.java
to delete credential information while preserving the key were also added to aid in
this process.

Tested in MigrateFromKeystoreICStoreTest.
@suzannajiwani suzannajiwani merged commit f8b3596 into openwallet-foundation-labs:master Oct 2, 2023
2 checks passed
@suzannajiwani suzannajiwani deleted the issue-331 branch October 2, 2023 18:34
@suzannajiwani suzannajiwani restored the issue-331 branch January 22, 2024 21:47
@suzannajiwani suzannajiwani deleted the issue-331 branch November 20, 2024 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Migrate credentials from KeystoreIdentityCredentialStore to CredentialStore
2 participants