Merge "hasKeyPair callable by the cred mng app" into sc-dev am: 255b41f1

    // STOPSHIP(b/174298501): clarify the expected return value following generateKeyPair call.

    /**

     * Called by a device or profile owner, or delegated certificate installer, to query whether a

     * certificate and private key are installed under a given alias.

     * This API can be called by the following to query whether a certificate and private key are

     * installed under a given alias:

     * <ul>

     *    <li>Device owner</li>

     *    <li>Profile owner</li>

     *    <li>Delegated certificate installer</li>

     *    <li>Credential management app</li>

     * </ul>

     *

     * If called by the credential management app, the alias must exist in the credential

     * management app's {@link android.security.AppUriAuthenticationPolicy}.

     *

     * @param alias The alias under which the key pair is installed.

     * @return {@code true} if a key pair with this alias exists, {@code false} otherwise.

     * @throws SecurityException if the caller is not a device or profile owner or a delegated

     *         certificate installer.

     * @throws SecurityException if the caller is not a device or profile owner, a delegated

     *         certificate installer or the credential management app.

     * @see #setDelegatedScopes

     * @see #DELEGATION_CERT_INSTALL

     */

    @Override

    public boolean hasKeyPair(String callerPackage, String alias) {

        final CallerIdentity caller = getCallerIdentity(callerPackage);

        Preconditions.checkCallAuthorization(canManageCertificates(caller));

        Preconditions.checkCallAuthorization(canManageCertificates(caller)

                || isCredentialManagementApp(caller, alias));

        return mInjector.binderWithCleanCallingIdentity(() -> {

            try (KeyChainConnection keyChainConnection =