@android.annotation.RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)

Here are the examples of the java api @android.annotation.RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

30 Examples 7

19 Source : RecoverySession.java
with Apache License 2.0
from lulululbj

/**
 * @deprecated Use {@link #recoverKeyChainSnapshot(byte[], List)} instead.
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public Map<String, byte[]> recoverKeys(@NonNull byte[] recoveryKeyBlob, @NonNull List<WrappedApplicationKey> applicationKeys) throws SessionExpiredException, DecryptionFailedException, InternalRecoveryServiceException {
    throw new UnsupportedOperationException();
}

19 Source : RecoverySession.java
with Apache License 2.0
from lulululbj

/**
 * Deletes all data replacedociated with {@code session}.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@Override
public void close() {
    try {
        mRecoveryController.getBinder().closeSession(mSessionId);
    } catch (RemoteException | ServiceSpecificException e) {
        Log.e(TAG, "Unexpected error trying to close session", e);
    }
}

19 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Returns data necessary to store all recoverable keys. Key material is
 * encrypted with user secret and recovery public key.
 *
 * @return Data necessary to recover keystore or {@code null} if snapshot is not available.
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@Nullable
public KeyChainSnapshot getKeyChainSnapshot() throws InternalRecoveryServiceException {
    try {
        return mBinder.getKeyChainSnapshot();
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        if (e.errorCode == ERROR_NO_SNAPSHOT_PENDING) {
            return null;
        }
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

19 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Removes a key called {@code alias} from the recoverable key store.
 *
 * @param alias The key alias.
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public void removeKey(@NonNull String alias) throws InternalRecoveryServiceException {
    try {
        mBinder.removeKey(alias);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

19 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Gets a key called {@code alias} from the recoverable key store.
 *
 * @param alias The key alias.
 * @return The key.
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 * @throws UnrecoverableKeyException if key is permanently invalidated or not found.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@Nullable
public Key getKey(@NonNull String alias) throws InternalRecoveryServiceException, UnrecoverableKeyException {
    try {
        String grantAlias = mBinder.getKey(alias);
        if (grantAlias == null || "".equals(grantAlias)) {
            return null;
        }
        return getKeyFromGrant(grantAlias);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

19 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Sets the recovery status for given key. It is used to notify the keystore that the key was
 * successfully stored on the server or that there was an error. An application can check this
 * value using {@link #getRecoveryStatus(String, String)}.
 *
 * @param alias The alias of the key whose status to set.
 * @param status The status of the key. One of {@link #RECOVERY_STATUS_SYNCED},
 *     {@link #RECOVERY_STATUS_SYNC_IN_PROGRESS} or {@link #RECOVERY_STATUS_PERMANENT_FAILURE}.
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public void setRecoveryStatus(@NonNull String alias, int status) throws InternalRecoveryServiceException {
    try {
        mBinder.setRecoveryStatus(alias, status);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

18 Source : RecoverySession.java
with Apache License 2.0
from lulululbj

/**
 * Starts a recovery session and returns a blob with proof of recovery secret possession.
 * The method generates a symmetric key for a session, which trusted remote device can use to
 * return recovery key.
 *
 * @param rootCertificateAlias The alias of the root certificate that is already in the Android
 *     OS. The root certificate will be used for validating {@code verifierCertPath}.
 * @param verifierCertPath The certificate path used to create the recovery blob on the source
 *     device. Keystore will verify the certificate path by using the root of trust.
 * @param vaultParams Must match the parameters in the corresponding field in the recovery blob.
 *     Used to limit number of guesses.
 * @param vaultChallenge Data preplaceded from server for this recovery session and used to prevent
 *     replay attacks.
 * @param secrets Secrets provided by user, the method only uses type and secret fields.
 * @return The binary blob with recovery claim. It is encrypted with verifierPublicKey
 * and contains a proof of user secrets possession, session symmetric
 *     key and parameters necessary to identify the counter with the number of failed recovery
 *     attempts.
 * @throws CertificateException if the {@code verifierCertPath} is invalid.
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
public byte[] start(@NonNull String rootCertificateAlias, @NonNull CertPath verifierCertPath, @NonNull byte[] vaultParams, @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) throws CertificateException, InternalRecoveryServiceException {
    // Wrap the CertPath in a Parcelable so it can be preplaceded via Binder calls.
    RecoveryCertPath recoveryCertPath = RecoveryCertPath.createRecoveryCertPath(verifierCertPath);
    try {
        byte[] recoveryClaim = mRecoveryController.getBinder().startRecoverySessionWithCertPath(mSessionId, rootCertificateAlias, recoveryCertPath, vaultParams, vaultChallenge, secrets);
        return recoveryClaim;
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        if (e.errorCode == RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT || e.errorCode == RecoveryController.ERROR_INVALID_CERTIFICATE) {
            throw new CertificateException("Invalid certificate for recovery session", e);
        }
        throw mRecoveryController.wrapUnexpectedServiceSpecificException(e);
    }
}

18 Source : RecoverySession.java
with Apache License 2.0
from lulululbj

/**
 * A new session, started by the {@link RecoveryController}.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
static RecoverySession newInstance(RecoveryController recoveryController) {
    return new RecoverySession(recoveryController, newSessionId());
}

18 Source : RecoverySession.java
with Apache License 2.0
from lulululbj

/**
 * @deprecated Use {@link #start(String, CertPath, byte[], byte[], List)} instead.
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
public byte[] start(@NonNull byte[] verifierPublicKey, @NonNull byte[] vaultParams, @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) throws CertificateException, InternalRecoveryServiceException {
    throw new UnsupportedOperationException();
}

18 Source : RecoverySession.java
with Apache License 2.0
from lulululbj

/**
 * @deprecated Use {@link #start(String, CertPath, byte[], byte[], List)} instead.
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
public byte[] start(@NonNull CertPath verifierCertPath, @NonNull byte[] vaultParams, @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) throws CertificateException, InternalRecoveryServiceException {
    throw new UnsupportedOperationException();
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Imports a 256-bit recoverable AES key with the given {@code alias} and the raw bytes {@code
 * keyBytes}.
 *
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock
 *     screen is required to generate recoverable keys.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
public Key importKey(@NonNull String alias, @NonNull byte[] keyBytes) throws InternalRecoveryServiceException, LockScreenRequiredException {
    try {
        String grantAlias = mBinder.importKey(alias, keyBytes);
        if (grantAlias == null) {
            throw new InternalRecoveryServiceException("Null grant alias");
        }
        return getKeyFromGrant(grantAlias);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (UnrecoverableKeyException e) {
        throw new InternalRecoveryServiceException("Failed to get key from keystore", e);
    } catch (ServiceSpecificException e) {
        if (e.errorCode == ERROR_INSECURE_USER) {
            throw new LockScreenRequiredException(e.getMessage());
        }
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Specifies a set of secret types used for end-to-end keystore encryption. Knowing all of them
 * is necessary to recover data.
 *
 * @param secretTypes {@link KeyChainProtectionParams#TYPE_LOCKSCREEN}
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public void setRecoverySecretTypes(@NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) throws InternalRecoveryServiceException {
    try {
        mBinder.setRecoverySecretTypes(secretTypes);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * @deprecated Use {@link #getAliases()}.
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public List<String> getAliases(@Nullable String packageName) throws InternalRecoveryServiceException {
    throw new UnsupportedOperationException();
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Returns a new {@link RecoverySession}.
 *
 * <p>A recovery session is required to restore keys from a remote store.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
public RecoverySession createRecoverySession() {
    return RecoverySession.newInstance(this);
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * @deprecated Use {@link #initRecoveryService(String, byte[], byte[])} instead.
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public void initRecoveryService(@NonNull String rootCertificateAlias, @NonNull byte[] signedPublicKeyList) throws CertificateException, InternalRecoveryServiceException {
    throw new UnsupportedOperationException();
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
public Map<String, X509Certificate> getRootCertificates() {
    return TrustedRootCertificates.getRootCertificates();
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Server parameters used to generate new recovery key blobs. This value will be included in
 * {@code KeyChainSnapshot.getEncryptedRecoveryKeyBlob()}. The same value must be included
 * in vaultParams {@link RecoverySession#start(CertPath, byte[], byte[], List)}.
 *
 * @param serverParams included in recovery key blob.
 * @see #getKeyChainSnapshot
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public void setServerParams(@NonNull byte[] serverParams) throws InternalRecoveryServiceException {
    try {
        mBinder.setServerParams(serverParams);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * @deprecated Use {@link #setRecoveryStatus(String, int)}
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public void setRecoveryStatus(@NonNull String packageName, String alias, int status) throws NameNotFoundException, InternalRecoveryServiceException {
    throw new UnsupportedOperationException();
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Deprecated.
 * Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable
 * key store. Returns the raw material of the key.
 *
 * @param alias The key alias.
 * @param account The account replacedociated with the key
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 * @throws LockScreenRequiredException if the user has not set a lock screen. This is required
 *     to generate recoverable keys, as the snapshots are encrypted using a key derived from the
 *     lock screen.
 * @deprecated Use {@link #generateKey(String)}
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public byte[] generateAndStoreKey(@NonNull String alias, byte[] account) throws InternalRecoveryServiceException, LockScreenRequiredException {
    throw new UnsupportedOperationException("Operation is not supported, use generateKey");
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Initializes the recovery service for the calling application. The detailed steps should be:
 * <ol>
 *     <li>Parse {@code signatureFile} to get relevant information.
 *     <li>Validate the signer's X509 certificate, contained in {@code signatureFile}, against
 *         the root certificate pre-installed in the OS and chosen by {@code
 *         rootCertificateAlias}.
 *     <li>Verify the public-key signature, contained in {@code signatureFile}, and verify it
 *         against the entire {@code certificateFile}.
 *     <li>Parse {@code certificateFile} to get relevant information.
 *     <li>Check the serial number, contained in {@code certificateFile}, and skip the following
 *         steps if the serial number is not larger than the one previously stored.
 *     <li>Randomly choose a X509 certificate from the endpoint X509 certificates, contained in
 *         {@code certificateFile}, and validate it against the root certificate pre-installed
 *         in the OS and chosen by {@code rootCertificateAlias}.
 *     <li>Store the chosen X509 certificate and the serial in local database for later use.
 * </ol>
 *
 * @param rootCertificateAlias the alias of a root certificate pre-installed in the OS
 * @param certificateFile the binary content of the XML file containing a list of recovery
 *     service X509 certificates, and other metadata including the serial number
 * @param signatureFile the binary content of the XML file containing the public-key signature
 *     of the entire certificate file, and a signer's X509 certificate
 * @throws CertificateException if the given certificate files cannot be parsed or validated
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public void initRecoveryService(@NonNull String rootCertificateAlias, @NonNull byte[] certificateFile, @NonNull byte[] signatureFile) throws CertificateException, InternalRecoveryServiceException {
    try {
        mBinder.initRecoveryServiceWithSigFile(rootCertificateAlias, certificateFile, signatureFile);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        if (e.errorCode == ERROR_BAD_CERTIFICATE_FORMAT || e.errorCode == ERROR_INVALID_CERTIFICATE) {
            throw new CertificateException("Invalid certificate for recovery service", e);
        }
        if (e.errorCode == ERROR_DOWNGRADE_CERTIFICATE) {
            throw new CertificateException("Downgrading certificate serial version isn't supported.", e);
        }
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Generates a recoverable key with the given {@code alias}.
 *
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock
 *     screen is required to generate recoverable keys.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
public Key generateKey(@NonNull String alias) throws InternalRecoveryServiceException, LockScreenRequiredException {
    try {
        String grantAlias = mBinder.generateKey(alias);
        if (grantAlias == null) {
            throw new InternalRecoveryServiceException("null grant alias");
        }
        return getKeyFromGrant(grantAlias);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (UnrecoverableKeyException e) {
        throw new InternalRecoveryServiceException("Failed to get key from keystore", e);
    } catch (ServiceSpecificException e) {
        if (e.errorCode == ERROR_INSECURE_USER) {
            throw new LockScreenRequiredException(e.getMessage());
        }
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * @deprecated Use {@link #generateKey(String)}.
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public Key generateKey(@NonNull String alias, byte[] account) throws InternalRecoveryServiceException, LockScreenRequiredException {
    throw new UnsupportedOperationException();
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * @deprecated Use {@link #getRecoveryStatus(String)}.
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public int getRecoveryStatus(String packageName, String alias) throws InternalRecoveryServiceException {
    throw new UnsupportedOperationException();
}

18 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * @deprecated Use {@link #getKeyChainSnapshot()}
 * @removed
 */
@Deprecated
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@Nullable
public KeyChainSnapshot getRecoveryData() throws InternalRecoveryServiceException {
    throw new UnsupportedOperationException();
}

17 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Returns a list of aliases of keys belonging to the application.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
public List<String> getAliases() throws InternalRecoveryServiceException {
    try {
        Map<String, Integer> allStatuses = mBinder.getRecoveryStatus();
        return new ArrayList<>(allStatuses.keySet());
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

17 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Returns the recovery status for the key with the given {@code alias}.
 *
 * <ul>
 *   <li>{@link #RECOVERY_STATUS_SYNCED}
 *   <li>{@link #RECOVERY_STATUS_SYNC_IN_PROGRESS}
 *   <li>{@link #RECOVERY_STATUS_PERMANENT_FAILURE}
 * </ul>
 *
 * @see #setRecoveryStatus(String, int)
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public int getRecoveryStatus(@NonNull String alias) throws InternalRecoveryServiceException {
    try {
        Map<String, Integer> allStatuses = mBinder.getRecoveryStatus();
        Integer status = allStatuses.get(alias);
        if (status == null) {
            return RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE;
        } else {
            return status;
        }
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

17 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Sets a listener which notifies recovery agent that new recovery snapshot is available. {@link
 * #getKeyChainSnapshot} can be used to get the snapshot. Note that every recovery agent can
 * have at most one registered listener at any time.
 *
 * @param intent triggered when new snapshot is available. Unregisters listener if the value is
 *     {@code null}.
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent) throws InternalRecoveryServiceException {
    try {
        mBinder.setSnapshotCreatedPendingIntent(intent);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

17 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Checks whether the recoverable key store is currently available.
 *
 * <p>If it returns true, the device must currently be using a screen lock that is supported for
 * use with the recoverable key store, i.e. AOSP PIN, pattern or preplacedword.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public static boolean isRecoverableKeyStoreEnabled(@NonNull Context context) {
    KeyguardManager keyguardManager = context.getSystemService(KeyguardManager.clreplaced);
    return keyguardManager != null && keyguardManager.isDeviceSecure();
}

17 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Defines a set of secret types used for end-to-end keystore encryption. Knowing all of them is
 * necessary to generate KeyChainSnapshot.
 *
 * @return list of recovery secret types
 * @see KeyChainSnapshot
 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
 *     service.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
@KeyChainProtectionParams.UserSecretType
public int[] getRecoverySecretTypes() throws InternalRecoveryServiceException {
    try {
        return mBinder.getRecoverySecretTypes();
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    } catch (ServiceSpecificException e) {
        throw wrapUnexpectedServiceSpecificException(e);
    }
}

15 Source : RecoveryController.java
with Apache License 2.0
from lulululbj

/**
 * Gets a new instance of the clreplaced.
 */
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull
public static RecoveryController getInstance(@NonNull Context context) {
    ILockSettings lockSettings = ILockSettings.Stub.asInterface(ServiceManager.getService("lock_settings"));
    return new RecoveryController(lockSettings, KeyStore.getInstance());
}