Replace AbstractSecretKeyLoader with ISecretKeyProvider, Fixes AB#3297746

changelog.txt

@@ -1,5 +1,6 @@
 vNext
 ----------
+- [MINOR] Replace AbstractSecretKeyLoader with ISecretKeyProvider (#2666)
 - [MINOR] Update IP phone app teams signature constants to use SHA-512 format (#2700)
 - [MINOR] Updating handling of ssl error received in Android WebView's onReceivedSslError callback (#2691)
 - [MINOR] Fixing the sign in screens when edge to edge is enabled (#2665)

common/src/androidTest/java/com/microsoft/identity/common/crypto/AndroidWrappedKeyLoaderTest.java → common/src/androidTest/java/com/microsoft/identity/common/crypto/AndroidWrappedKeyProviderTest.java

@@ -29,7 +29,6 @@
 
 import com.microsoft.identity.common.adal.internal.AuthenticationSettings;
 import com.microsoft.identity.common.internal.util.AndroidKeyStoreUtil;
-import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
 import com.microsoft.identity.common.java.exception.ClientException;
 import com.microsoft.identity.common.java.util.FileUtil;
 
@@ -50,13 +49,15 @@
 
 import static com.microsoft.identity.common.java.exception.ClientException.INVALID_KEY;
 
-public class AndroidWrappedKeyLoaderTest {
+public class AndroidWrappedKeyProviderTest {
 
     final Context context = ApplicationProvider.getApplicationContext();
     final String MOCK_KEY_ALIAS = "MOCK_KEY_ALIAS";
     final String MOCK_KEY_FILE_PATH = "MOCK_KEY_FILE_PATH";
     final int TEST_LOOP = 100;
 
+    final String AES_ALGORITHM = "AES";
+
     @Before
     public void setUp() throws Exception {
         // Everything is on clean slate.
@@ -110,23 +111,23 @@ private AlgorithmParameterSpec getMockKeyPairGeneratorSpec(final String alias) {
 
     @Test
     public void testGenerateKey() throws ClientException {
-        final AndroidWrappedKeyLoader keyLoader = new AndroidWrappedKeyLoader(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
-        final SecretKey secretKey = keyLoader.generateRandomKey();
+        final AndroidWrappedKeyProvider keyProvider = new AndroidWrappedKeyProvider(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
+        final SecretKey secretKey = keyProvider.generateRandomKey();
 
-        Assert.assertEquals(AES256KeyLoader.AES_ALGORITHM, secretKey.getAlgorithm());
+        Assert.assertEquals(AES_ALGORITHM, secretKey.getAlgorithm());
     }
 
     @Test
     public void testReadKeyDirectly() throws ClientException {
-        final AndroidWrappedKeyLoader keyLoader = initKeyLoaderWithKeyEntry();
-        final SecretKey secretKey = keyLoader.getKey();
-        final SecretKey storedSecretKey = keyLoader.readSecretKeyFromStorage();
+        final AndroidWrappedKeyProvider keyProvider = initkeyProviderWithKeyEntry();
+        final SecretKey secretKey = keyProvider.getKey();
+        final SecretKey storedSecretKey = keyProvider.readSecretKeyFromStorage();
 
         // They're not the same object!
         Assert.assertNotSame(secretKey, storedSecretKey);
 
-        Assert.assertEquals(AES256KeyLoader.AES_ALGORITHM, secretKey.getAlgorithm());
-        Assert.assertEquals(AES256KeyLoader.AES_ALGORITHM, storedSecretKey.getAlgorithm());
+        Assert.assertEquals(AES_ALGORITHM, secretKey.getAlgorithm());
+        Assert.assertEquals(AES_ALGORITHM, storedSecretKey.getAlgorithm());
 
         Assert.assertNotNull(secretKey.getEncoded());
         Assert.assertNotNull(storedSecretKey.getEncoded());
@@ -138,33 +139,33 @@ public void testReadKeyDirectly() throws ClientException {
     public void testLoadKey() throws ClientException {
         // Nothing exists. This load key function should generate a key if the key hasn't exist.
         Assert.assertNull(AndroidKeyStoreUtil.readKey(MOCK_KEY_ALIAS));
-        Assert.assertNull(FileUtil.readFromFile(getKeyFile(), AndroidWrappedKeyLoader.KEY_FILE_SIZE));
+        Assert.assertNull(FileUtil.readFromFile(getKeyFile(), AndroidWrappedKeyProvider.KEY_FILE_SIZE));
 
-        final AndroidWrappedKeyLoader keyLoader = new AndroidWrappedKeyLoader(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
-        final SecretKey secretKey = keyLoader.getKey();
+        final AndroidWrappedKeyProvider keyProvider = new AndroidWrappedKeyProvider(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
+        final SecretKey secretKey = keyProvider.getKey();
 
-        final SecretKey key = keyLoader.getKeyCache().getData();
+        final SecretKey key = keyProvider.getKeyCache().getData();
         Assert.assertNotNull(key);
-        Assert.assertEquals(AES256KeyLoader.AES_ALGORITHM, secretKey.getAlgorithm());
+        Assert.assertEquals(AES_ALGORITHM, secretKey.getAlgorithm());
         Assert.assertArrayEquals(secretKey.getEncoded(), key.getEncoded());
         Assert.assertEquals(secretKey.getFormat(), key.getFormat());
     }
 
     @Test
     public void testLoadKeyFromCorruptedFile_TruncatedExisingKey() throws ClientException {
         // Create a new Keystore-wrapped key.
-        final AndroidWrappedKeyLoader keyLoader = new AndroidWrappedKeyLoader(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
-        keyLoader.generateRandomKey();
+        final AndroidWrappedKeyProvider keyProvider = new AndroidWrappedKeyProvider(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
+        keyProvider.generateRandomKey();
 
-        final byte[] wrappedKey = FileUtil.readFromFile(getKeyFile(), AndroidWrappedKeyLoader.KEY_FILE_SIZE);
+        final byte[] wrappedKey = FileUtil.readFromFile(getKeyFile(), AndroidWrappedKeyProvider.KEY_FILE_SIZE);
         Assert.assertNotNull(wrappedKey);
 
         // Overwrite the key file with corrupted data.
         FileUtil.writeDataToFile(Arrays.copyOfRange(wrappedKey, 0, wrappedKey.length/2), getKeyFile());
 
         // It should fail to read, with an exception, and everything should be wiped.
         try{
-            keyLoader.readSecretKeyFromStorage();
+            keyProvider.readSecretKeyFromStorage();
             Assert.fail();
         } catch (ClientException e){
             Assert.assertEquals(INVALID_KEY, e.getErrorCode());
@@ -174,24 +175,24 @@ public void testLoadKeyFromCorruptedFile_TruncatedExisingKey() throws ClientExce
         Assert.assertFalse(getKeyFile().exists());
 
         // the next read should be unblocked.
-        Assert.assertNull(keyLoader.readSecretKeyFromStorage());
+        Assert.assertNull(keyProvider.readSecretKeyFromStorage());
     }
 
     @Test
     public void testLoadKeyFromCorruptedFile_InjectGarbage() throws ClientException {
         // Create a new Keystore-wrapped key.
-        final AndroidWrappedKeyLoader keyLoader = new AndroidWrappedKeyLoader(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
-        keyLoader.generateRandomKey();
+        final AndroidWrappedKeyProvider keyProvider = new AndroidWrappedKeyProvider(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
+        keyProvider.generateRandomKey();
 
-        final byte[] wrappedKey = FileUtil.readFromFile(getKeyFile(), AndroidWrappedKeyLoader.KEY_FILE_SIZE);
+        final byte[] wrappedKey = FileUtil.readFromFile(getKeyFile(), AndroidWrappedKeyProvider.KEY_FILE_SIZE);
         Assert.assertNotNull(wrappedKey);
 
         // Overwrite the key file with corrupted data.
         FileUtil.writeDataToFile(new byte[]{10, 20, 30, 40}, getKeyFile());
 
         // It should fail to read, with an exception, and everything should be wiped.
         try{
-            keyLoader.readSecretKeyFromStorage();
+            keyProvider.readSecretKeyFromStorage();
             Assert.fail();
         } catch (ClientException e){
             Assert.assertEquals(INVALID_KEY, e.getErrorCode());
@@ -201,18 +202,18 @@ public void testLoadKeyFromCorruptedFile_InjectGarbage() throws ClientException
         Assert.assertFalse(getKeyFile().exists());
 
         // the next read should be unblocked.
-        Assert.assertNull(keyLoader.readSecretKeyFromStorage());
+        Assert.assertNull(keyProvider.readSecretKeyFromStorage());
     }
 
     // 1s With Google Pixel XL, OS Version 29 (100 loop)
     @Test
     @Ignore
     public void testPerf_WithCachedKey() throws ClientException {
-        final AndroidWrappedKeyLoader keyLoader = new AndroidWrappedKeyLoader(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
+        final AndroidWrappedKeyProvider keyProvider = new AndroidWrappedKeyProvider(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
 
         long timeStartLoop = System.nanoTime();
         for (int i = 0; i < TEST_LOOP; i++) {
-            keyLoader.getKey();
+            keyProvider.getKey();
         }
         long timeFinishLoop = System.nanoTime();
 
@@ -223,12 +224,12 @@ public void testPerf_WithCachedKey() throws ClientException {
     @Test
     @Ignore
     public void testPerf_NoCachedKey() throws ClientException {
-        final AndroidWrappedKeyLoader keyLoader = new AndroidWrappedKeyLoader(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
+        final AndroidWrappedKeyProvider keyProvider = new AndroidWrappedKeyProvider(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
 
         long timeStartLoopNotCached = System.nanoTime();
         for (int i = 0; i < 100; i++) {
-            keyLoader.getKeyCache().clear();
-            keyLoader.getKey();
+            keyProvider.getKeyCache().clear();
+            keyProvider.getKey();
         }
         long timeFinishLoopNotCached = System.nanoTime();
 
@@ -240,31 +241,31 @@ public void testPerf_NoCachedKey() throws ClientException {
      */
     @Test
     public void testLoadDeletedKeyStoreKey() throws ClientException {
-        final AndroidWrappedKeyLoader keyLoader = initKeyLoaderWithKeyEntry();
+        final AndroidWrappedKeyProvider keyProvider = initkeyProviderWithKeyEntry();
 
         AndroidKeyStoreUtil.deleteKey(MOCK_KEY_ALIAS);
 
         // Cached key also be wiped.
-        final SecretKey key = keyLoader.getKeyCache().getData();
+        final SecretKey key = keyProvider.getKeyCache().getData();
         Assert.assertNull(key);
     }
 
     @Test
     public void testLoadDeletedKeyFile() throws ClientException {
-        final AndroidWrappedKeyLoader keyLoader = initKeyLoaderWithKeyEntry();
+        final AndroidWrappedKeyProvider keyProvider = initkeyProviderWithKeyEntry();
 
         FileUtil.deleteFile(getKeyFile());
 
         // Cached key also be wiped.
-        final SecretKey key = keyLoader.getKeyCache().getData();
+        final SecretKey key = keyProvider.getKeyCache().getData();
         Assert.assertNull(key);
     }
 
-    private AndroidWrappedKeyLoader initKeyLoaderWithKeyEntry() throws ClientException {
-        final AndroidWrappedKeyLoader keyLoader = new AndroidWrappedKeyLoader(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
-        final SecretKey key = keyLoader.getKey();
+    private AndroidWrappedKeyProvider initkeyProviderWithKeyEntry() throws ClientException {
+        final AndroidWrappedKeyProvider keyProvider = new AndroidWrappedKeyProvider(MOCK_KEY_ALIAS, MOCK_KEY_FILE_PATH, context);
+        final SecretKey key = keyProvider.getKey();
         Assert.assertNotNull(key);
-        Assert.assertNotNull(keyLoader.getKeyCache().getData());
-        return keyLoader;
+        Assert.assertNotNull(keyProvider.getKeyCache().getData());
+        return keyProvider;
     }
 }

common/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationSettings.java

@@ -414,7 +414,7 @@ public boolean getDisableWebViewHardwareAcceleration() {
      * @param shouldIgnore if true, ignores keyloader not found errors
      */
     @SuppressFBWarnings(ME_ENUM_FIELD_SETTER)
-    public void setIgnoreKeyLoaderNotFoundError(boolean shouldIgnore) {
+    public void setIgnoreKeyProviderNotFoundError(boolean shouldIgnore) {
         mIgnoreKeyLoaderNotFoundError = shouldIgnore;
     }
 

common/src/main/java/com/microsoft/identity/common/crypto/AndroidAuthSdkStorageEncryptionManager.java

@@ -26,9 +26,8 @@
 
 import com.microsoft.identity.common.adal.internal.AuthenticationSettings;
 import com.microsoft.identity.common.java.crypto.StorageEncryptionManager;
-import com.microsoft.identity.common.java.crypto.key.AES256KeyLoader;
-import com.microsoft.identity.common.java.crypto.key.AbstractSecretKeyLoader;
-import com.microsoft.identity.common.java.crypto.key.PredefinedKeyLoader;
+import com.microsoft.identity.common.java.crypto.key.ISecretKeyProvider;
+import com.microsoft.identity.common.java.crypto.key.PredefinedKeyProvider;
 import com.microsoft.identity.common.logging.Logger;
 
 import java.util.Collections;
@@ -54,49 +53,50 @@ public class AndroidAuthSdkStorageEncryptionManager extends StorageEncryptionMan
      */
     public static final String WRAPPED_KEY_FILE_NAME = "adalks";
 
-    private final PredefinedKeyLoader mPredefinedKeyLoader;
-    private final AndroidWrappedKeyLoader mKeyStoreKeyLoader;
+    private final PredefinedKeyProvider mPredefinedKeyProvider;
+    private final ISecretKeyProvider mKeyStoreKeyProvider;
 
     public AndroidAuthSdkStorageEncryptionManager(@NonNull final Context context) {
         if (AuthenticationSettings.INSTANCE.getSecretKeyData() == null) {
-            mPredefinedKeyLoader = null;
+            mPredefinedKeyProvider = null;
         } else {
-            mPredefinedKeyLoader = new PredefinedKeyLoader("USER_DEFINED_KEY",
+            mPredefinedKeyProvider = new PredefinedKeyProvider("USER_DEFINED_KEY",
                     AuthenticationSettings.INSTANCE.getSecretKeyData());
         }
 
-        mKeyStoreKeyLoader = new AndroidWrappedKeyLoader(
+        mKeyStoreKeyProvider = new AndroidWrappedKeyProvider(
                 WRAPPING_KEY_ALIAS,
                 WRAPPED_KEY_FILE_NAME,
-                context);
+                context
+        );
     }
 
     @Override
     @NonNull
-    public AES256KeyLoader getKeyLoaderForEncryption() {
-        if (mPredefinedKeyLoader != null) {
-            return mPredefinedKeyLoader;
+    public ISecretKeyProvider getKeyProviderForEncryption() {
+        if (mPredefinedKeyProvider != null) {
+            return mPredefinedKeyProvider;
         }
 
-        return mKeyStoreKeyLoader;
+        return mKeyStoreKeyProvider;
     }
 
     @Override
     @NonNull
-    public List<AbstractSecretKeyLoader> getKeyLoaderForDecryption(byte[] cipherText) {
+    public List<ISecretKeyProvider> getKeyProviderForDecryption(byte[] cipherText) {
         final String methodTag = TAG + ":getKeyLoaderForDecryption";
 
         final String keyIdentifier = getKeyIdentifierFromCipherText(cipherText);
-        if (PredefinedKeyLoader.USER_PROVIDED_KEY_IDENTIFIER.equalsIgnoreCase(keyIdentifier)) {
-            if (mPredefinedKeyLoader != null) {
-                return Collections.<AbstractSecretKeyLoader>singletonList(mPredefinedKeyLoader);
+        if (PredefinedKeyProvider.USER_PROVIDED_KEY_IDENTIFIER.equalsIgnoreCase(keyIdentifier)) {
+            if (mPredefinedKeyProvider != null) {
+                return Collections.singletonList(mPredefinedKeyProvider);
             } else {
                 throw new IllegalStateException(
                         "Cipher Text is encrypted by USER_PROVIDED_KEY_IDENTIFIER, " +
-                                "but mPredefinedKeyLoader is null.");
+                                "but mPredefinedKeyProvider is null.");
             }
-        } else if (AndroidWrappedKeyLoader.WRAPPED_KEY_KEY_IDENTIFIER.equalsIgnoreCase(keyIdentifier)) {
-            return Collections.<AbstractSecretKeyLoader>singletonList(mKeyStoreKeyLoader);
+        } else if (mKeyStoreKeyProvider.getKeyTypeIdentifier().equalsIgnoreCase(keyIdentifier)) {
+            return Collections.singletonList(mKeyStoreKeyProvider);
         }
 
         Logger.warn(methodTag,