commit 0329a82c48aeea98b87a9ea4598a3a49619a482e
author Shawn Willden <swillden@google.com> Mon Dec 04 13:55:14 2017 -0700
committer Shawn Willden <swillden@google.com> Wed Dec 20 09:01:01 2017 -0700
tree cf6362ee88242a3f10c8f982d45294e4e623cdfe
parent c67a8aa3f536904264e64feca9009b79788ea2ae

Move keystore to Keymaster4

Test: CTS
Change-Id: I6b7fa300f505ee685b1fe503edea3188225a98e3

keystore/auth_token_table.h

diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h
index 3e3ff6e..0a23c99 100644
--- a/keystore/auth_token_table.h
+++ b/keystore/auth_token_table.h
@@ -18,13 +18,14 @@
 #include <vector>
 
 #include <keystore/authorization_set.h>
+#include <keystore/keymaster_types.h>
 
 #ifndef KEYSTORE_AUTH_TOKEN_TABLE_H_
 #define KEYSTORE_AUTH_TOKEN_TABLE_H_
 
 namespace keystore {
 
-using android::hardware::keymaster::V3_0::HardwareAuthToken;
+using keymaster::HardwareAuthToken;
 
 namespace test {
 class AuthTokenTableTest;
@@ -60,7 +61,7 @@
     /**
      * Add an authorization token to the table.  The table takes ownership of the argument.
      */
-    void AddAuthenticationToken(std::unique_ptr<const HardwareAuthToken>&& auth_token);
+    void AddAuthenticationToken(HardwareAuthToken&& auth_token);
 
     /**
      * Find an authorization token that authorizes the operation specified by \p operation_handle on
@@ -96,7 +97,7 @@
 
     class Entry {
       public:
-        Entry(std::unique_ptr<const HardwareAuthToken>&& token, time_t current_time);
+        Entry(HardwareAuthToken&& token, time_t current_time);
         Entry(Entry&& entry) { *this = std::move(entry); }
 
         void operator=(Entry&& rhs) {
@@ -115,8 +116,8 @@
 
         bool is_newer_than(const Entry* entry) const {
             if (!entry) return true;
-            uint64_t ts = timestamp_host_order();
-            uint64_t other_ts = entry->timestamp_host_order();
+            uint64_t ts = token_.timestamp;
+            uint64_t other_ts = entry->token_.timestamp;
             // Normally comparing timestamp_host_order alone is sufficient, but here is an
             // additional hack to compare time_received value for some devices where their auth
             // tokens contain fixed timestamp (due to the a stuck secure RTC on them)
@@ -126,14 +127,17 @@
 
         void mark_completed() { operation_completed_ = true; }
 
-        const HardwareAuthToken& token() { return *token_.get(); }
+        const HardwareAuthToken& token() const & { return token_; }
         time_t time_received() const { return time_received_; }
         bool completed() const { return operation_completed_; }
-        uint64_t timestamp_host_order() const;
-        HardwareAuthenticatorType authenticator_type() const;
 
       private:
-        std::unique_ptr<const HardwareAuthToken> token_;
+        bool SatisfiesAuth(uint64_t sid, HardwareAuthenticatorType auth_type) const {
+            return (sid == token_.userId || sid == token_.authenticatorId) &&
+                   (auth_type & token_.authenticatorType) != 0;
+        }
+
+        HardwareAuthToken token_;
         time_t time_received_;
         time_t last_use_;
         bool operation_completed_;
@@ -155,6 +159,6 @@
     time_t (*clock_function_)();
 };
 
-}  // namespace keymaster
+}  // namespace keystore
 
 #endif  // KEYSTORE_AUTH_TOKEN_TABLE_H_