Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 10770c15 authored by Eran Messeri's avatar Eran Messeri
Browse files

Handle unparsable public keys 

Handle the case where a KeyMint implementation produced an invalid
X.509 certificate that is the container for the generated key's public
portion.

There's not much for the caller to do other than re-generate the key.

Bug: 261788762
Test: Not tested yet.
Change-Id: Ia883df4f5e29a7d75929d37a68b015e857b90560
parent d469322a

keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java

+9 −1
Original line number Diff line number Diff line
@@ -38,6 +38,7 @@ import java.security.PublicKey; 
import java.security.Security;

import java.security.Signature;

import java.security.UnrecoverableKeyException;

import java.security.cert.X509Certificate;

import java.security.interfaces.ECPublicKey;

import java.security.interfaces.RSAPublicKey;
@@ -221,7 +222,14 @@ public class AndroidKeyStoreProvider extends Provider { 
        }

        final byte[] x509PublicCert = metadata.certificate;



        PublicKey publicKey = AndroidKeyStoreSpi.toCertificate(x509PublicCert).getPublicKey();

        final X509Certificate parsedX509Certificate =

                AndroidKeyStoreSpi.toCertificate(x509PublicCert);

        if (parsedX509Certificate == null) {

            throw new UnrecoverableKeyException("Failed to parse the X.509 certificate containing"

                   + " the public key. This likely indicates a hardware problem.");

        }



        PublicKey publicKey = parsedX509Certificate.getPublicKey();



        String jcaKeyAlgorithm = publicKey.getAlgorithm();