Merge "Ensure key generation retries after remote key provisioning" into...

                case KeymasterDefs.KM_ERROR_HARDWARE_TYPE_UNAVAILABLE:

                case KeymasterDefs.KM_ERROR_HARDWARE_TYPE_UNAVAILABLE:

                    throw new StrongBoxUnavailableException("Failed to generated key pair.", e);

                    throw new StrongBoxUnavailableException("Failed to generated key pair.", e);

                case ResponseCode.OUT_OF_KEYS:

                case ResponseCode.OUT_OF_KEYS:

                    throw makeOutOfKeysException(e, securityLevel);

                    return checkIfRetryableOrThrow(e, securityLevel);

                default:

                default:

                    ProviderException p = new ProviderException("Failed to generate key pair.", e);

                    ProviderException p = new ProviderException("Failed to generate key pair.", e);

                    if ((mSpec.getPurposes() & KeyProperties.PURPOSE_WRAP_KEY) != 0) {

                    if ((mSpec.getPurposes() & KeyProperties.PURPOSE_WRAP_KEY) != 0) {

    // In case keystore reports OUT_OF_KEYS, call this handler in an attempt to remotely provision

    // In case keystore reports OUT_OF_KEYS, call this handler in an attempt to remotely provision

    // some keys.

    // some keys.

    private ProviderException makeOutOfKeysException(KeyStoreException e, int securityLevel) {

    GenerateKeyPairHelperResult checkIfRetryableOrThrow(KeyStoreException e, int securityLevel) {

        GenerateRkpKey keyGen = new GenerateRkpKey(ActivityThread

        GenerateRkpKey keyGen = new GenerateRkpKey(ActivityThread

                .currentApplication());

                .currentApplication());

        KeyStoreException ksException;

        KeyStoreException ksException;

                    rkpStatus = KeyStoreException.RKP_SERVER_REFUSED_ISSUANCE;

                    rkpStatus = KeyStoreException.RKP_SERVER_REFUSED_ISSUANCE;

                    break;

                    break;

                case IGenerateRkpKeyService.Status.OK:

                case IGenerateRkpKeyService.Status.OK:

                    // This will actually retry once immediately, so on "OK" go ahead and return

                    // Explicitly return not-OK here so we retry in generateKeyPair. All other cases

                    // "temporarily unavailable". @see generateKeyPair

                    // should throw because a retry doesn't make sense if we didn't actually

                    // provision fresh keys.

                    return new GenerateKeyPairHelperResult(

                            KeyStoreException.RKP_TEMPORARILY_UNAVAILABLE, null);

                case IGenerateRkpKeyService.Status.NETWORK_COMMUNICATION_ERROR:

                case IGenerateRkpKeyService.Status.NETWORK_COMMUNICATION_ERROR:

                case IGenerateRkpKeyService.Status.HTTP_CLIENT_ERROR:

                case IGenerateRkpKeyService.Status.HTTP_CLIENT_ERROR:

                case IGenerateRkpKeyService.Status.HTTP_SERVER_ERROR:

                case IGenerateRkpKeyService.Status.HTTP_SERVER_ERROR:

                    KeyStoreException.RKP_TEMPORARILY_UNAVAILABLE);

                    KeyStoreException.RKP_TEMPORARILY_UNAVAILABLE);

        }

        }

        ksException.initCause(e);

        ksException.initCause(e);

        return new ProviderException("Failed to talk to RemoteProvisioner", ksException);

        throw new ProviderException("Failed to provision new attestation keys.", ksException);

    }

    }

    private void addAttestationParameters(@NonNull List<KeyParameter> params)

    private void addAttestationParameters(@NonNull List<KeyParameter> params)