Skip to content

Add niap-android-cert-ext and sdp-file-encrypt libraries to niap-cc#58

Open
KVVat wants to merge 3 commits into
android:masterfrom
KVVat:niap-libararies-updates
Open

Add niap-android-cert-ext and sdp-file-encrypt libraries to niap-cc#58
KVVat wants to merge 3 commits into
android:masterfrom
KVVat:niap-libararies-updates

Conversation

@KVVat
Copy link
Copy Markdown
Contributor

@KVVat KVVat commented May 28, 2026

Added new 2 librarariees for NIAP validations.

  • niap-android-cert-ext
    • TLS/Cert Validator and X509 cert with EST client framework which compliat to the NIAP definitons.
    • docker files for mock server
  • sdp-file-encrypt
    • Encrypted file i/o libray which compliant to the NIAP definitions

@KVVat KVVat requested a review from mpgroover May 28, 2026 08:20
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 28, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces two major security modules: niap-android-cert-ext, which implements strict X.509 certificate validation and secure lifecycle management using the EST protocol, and sdp-file-encrypt, which provides robust file encryption strategies compliant with NIAP MDF PP requirements. The code review identified several critical issues, including a namespace mismatch in NiapCertHelper that prevents configuration loading, sensitive cryptographic key material being logged to Logcat, potential file descriptor leaks in TinkEncryptionProvider, and thread-safety concerns in NiapCertManager. Additionally, optimizations were suggested to prevent performance bottlenecks during binder buffer flushing and to avoid potential null pointer exceptions in NiapCertValidator.

Comment thread ...-android-cert-ext/cert-lib/src/main/kotlin/com/android/niap/cert/validator/NiapCertHelper.kt
Comment thread ...ypt/encryption-lib/src/main/java/com/android/niapsec/encryption/tools/SecurityAuditLogger.kt
Comment thread ...p-android-cert-ext/cert-lib/src/main/kotlin/com/android/niap/cert/manager/NiapCertManager.kt Outdated
Comment thread ...encrypt/encryption-lib/src/main/java/com/android/niapsec/encryption/api/EncryptionManager.kt
Comment thread .../src/main/java/com/android/niapsec/encryption/internal/keymanagement/RawHybridKeyProvider.kt
Comment thread ...droid-cert-ext/cert-lib/src/main/kotlin/com/android/niap/cert/validator/NiapCertValidator.kt
Comment thread ...cryption-lib/src/main/java/com/android/niapsec/encryption/internal/TinkEncryptionProvider.kt
Comment thread ...cryption-lib/src/main/java/com/android/niapsec/encryption/internal/TinkEncryptionProvider.kt Outdated
Comment thread .../src/main/java/com/android/niapsec/encryption/internal/keymanagement/RawHybridKeyProvider.kt
Comment thread .../src/main/java/com/android/niapsec/encryption/internal/keymanagement/RawHybridKeyProvider.kt Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mpgroover mpgroover Awaiting requested review from mpgroover

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KVVat