Add RequiresApi as appropriate to the functions in AndroidKeystoreManager and AndroidKeystoreKmsClient and remove the corresponding allowed_lint_checks.
PiperOrigin-RevId: 464787351
diff --git a/java_src/src/main/java/com/google/crypto/tink/integration/android/AndroidKeysetManager.java b/java_src/src/main/java/com/google/crypto/tink/integration/android/AndroidKeysetManager.java
index 2f5bdde..1cc4c39 100644
--- a/java_src/src/main/java/com/google/crypto/tink/integration/android/AndroidKeysetManager.java
+++ b/java_src/src/main/java/com/google/crypto/tink/integration/android/AndroidKeysetManager.java
@@ -19,6 +19,7 @@
import android.content.Context;
import android.os.Build;
import android.util.Log;
+import androidx.annotation.ChecksSdkIntAtLeast;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.CleartextKeysetHandle;
import com.google.crypto.tink.KeyTemplate;
@@ -332,7 +333,9 @@
}
}
- /** @return a {@link KeysetHandle} of the managed keyset */
+ /**
+ * @return a {@link KeysetHandle} of the managed keyset
+ */
public synchronized KeysetHandle getKeysetHandle() throws GeneralSecurityException {
return keysetManager.getKeysetHandle();
}
@@ -469,6 +472,7 @@
}
}
+ @ChecksSdkIntAtLeast(api = Build.VERSION_CODES.M)
private boolean shouldUseKeystore() {
return masterKey != null && isAtLeastM();
}
@@ -488,6 +492,7 @@
}
}
+ @ChecksSdkIntAtLeast(api = Build.VERSION_CODES.M)
private static boolean isAtLeastM() {
return Build.VERSION.SDK_INT >= Build.VERSION_CODES.M;
}
diff --git a/java_src/src/main/java/com/google/crypto/tink/integration/android/AndroidKeystoreKmsClient.java b/java_src/src/main/java/com/google/crypto/tink/integration/android/AndroidKeystoreKmsClient.java
index 24dc591..6cc1592 100644
--- a/java_src/src/main/java/com/google/crypto/tink/integration/android/AndroidKeystoreKmsClient.java
+++ b/java_src/src/main/java/com/google/crypto/tink/integration/android/AndroidKeystoreKmsClient.java
@@ -20,6 +20,8 @@
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
import android.util.Log;
+import androidx.annotation.ChecksSdkIntAtLeast;
+import androidx.annotation.RequiresApi;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KmsClient;
import com.google.crypto.tink.subtle.Random;
@@ -53,6 +55,7 @@
@GuardedBy("this")
private KeyStore keyStore;
+ @RequiresApi(23)
public AndroidKeystoreKmsClient() throws GeneralSecurityException {
this(new Builder());
}
@@ -64,6 +67,7 @@
* @deprecated use {@link AndroidKeystoreKmsClient.Builder}.
*/
@Deprecated
+ @RequiresApi(23)
public AndroidKeystoreKmsClient(String uri) {
this(new Builder().setKeyUri(uri));
}
@@ -78,6 +82,7 @@
String keyUri = null;
KeyStore keyStore = null;
+ @RequiresApi(23)
public Builder() {
if (!isAtLeastM()) {
throw new IllegalStateException("need Android Keystore on Android M or newer");
@@ -91,6 +96,7 @@
}
}
+ @RequiresApi(23)
public Builder setKeyUri(String val) {
if (val == null || !val.toLowerCase(Locale.US).startsWith(PREFIX)) {
throw new IllegalArgumentException("val must start with " + PREFIX);
@@ -100,6 +106,7 @@
}
/** This is for testing only */
+ @RequiresApi(23)
public Builder setKeyStore(KeyStore val) {
if (val == null) {
throw new IllegalArgumentException("val cannot be null");
@@ -119,6 +126,7 @@
* AndroidKeystoreKmsClient#PREFIX}.
*/
@Override
+ @RequiresApi(23)
public synchronized boolean doesSupport(String uri) {
if (this.keyUri != null && this.keyUri.equals(uri)) {
return true;
@@ -132,6 +140,7 @@
* <p>Note that Android Keystore doesn't need credentials, thus the credential path is unused.
*/
@Override
+ @RequiresApi(23)
public KmsClient withCredentials(String unused) throws GeneralSecurityException {
return new AndroidKeystoreKmsClient();
}
@@ -142,6 +151,7 @@
* <p>Note that Android Keystore does not use credentials.
*/
@Override
+ @RequiresApi(23)
public KmsClient withDefaultCredentials() throws GeneralSecurityException {
return new AndroidKeystoreKmsClient();
}
@@ -156,8 +166,8 @@
public synchronized Aead getAead(String uri) throws GeneralSecurityException {
if (this.keyUri != null && !this.keyUri.equals(uri)) {
throw new GeneralSecurityException(
- String.format("this client is bound to %s, cannot load keys bound to %s",
- this.keyUri, uri));
+ String.format(
+ "this client is bound to %s, cannot load keys bound to %s", this.keyUri, uri));
}
Aead aead =
new AndroidKeystoreAesGcm(
@@ -199,6 +209,7 @@
*
* <p>At the moment it can generate only AES256-GCM keys.
*/
+ @RequiresApi(Build.VERSION_CODES.M)
public static Aead getOrGenerateNewAeadKey(String keyUri)
throws GeneralSecurityException, IOException {
AndroidKeystoreKmsClient client = new AndroidKeystoreKmsClient();
@@ -214,8 +225,8 @@
*
* <p>At the moment it can generate only AES256-GCM keys.
*/
- public static void generateNewAeadKey(String keyUri)
- throws GeneralSecurityException {
+ @RequiresApi(Build.VERSION_CODES.M)
+ public static void generateNewAeadKey(String keyUri) throws GeneralSecurityException {
AndroidKeystoreKmsClient client = new AndroidKeystoreKmsClient();
if (client.hasKey(keyUri)) {
throw new IllegalArgumentException(
@@ -226,15 +237,15 @@
}
String keyId = Validators.validateKmsKeyUriAndRemovePrefix(PREFIX, keyUri);
- KeyGenerator keyGenerator = KeyGenerator.getInstance(
- KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
+ KeyGenerator keyGenerator =
+ KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
KeyGenParameterSpec spec =
- new KeyGenParameterSpec.Builder(keyId,
- KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
- .setKeySize(256)
- .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
- .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
- .build();
+ new KeyGenParameterSpec.Builder(
+ keyId, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
+ .setKeySize(256)
+ .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
+ .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
+ .build();
keyGenerator.init(spec);
keyGenerator.generateKey();
}
@@ -255,6 +266,7 @@
return aead;
}
+ @ChecksSdkIntAtLeast(api = Build.VERSION_CODES.M)
private static boolean isAtLeastM() {
return Build.VERSION.SDK_INT >= Build.VERSION_CODES.M;
}
diff --git a/java_src/src/main/java/com/google/crypto/tink/integration/android/BUILD.bazel b/java_src/src/main/java/com/google/crypto/tink/integration/android/BUILD.bazel
index 61d3757..c6360c4 100644
--- a/java_src/src/main/java/com/google/crypto/tink/integration/android/BUILD.bazel
+++ b/java_src/src/main/java/com/google/crypto/tink/integration/android/BUILD.bazel
@@ -13,6 +13,7 @@
"//src/main/java/com/google/crypto/tink:kms_client",
"//src/main/java/com/google/crypto/tink/subtle:random",
"//src/main/java/com/google/crypto/tink/subtle:validators",
+ "@maven//:androidx_annotation_annotation",
"@maven//:com_google_code_findbugs_jsr305",
],
)
@@ -61,6 +62,7 @@
"//src/main/java/com/google/crypto/tink:keyset_writer-android",
"//src/main/java/com/google/crypto/tink:registry_cluster-android",
"@com_google_protobuf//:protobuf_javalite",
+ "@maven//:androidx_annotation_annotation",
"@maven//:com_google_code_findbugs_jsr305",
],
)