Merge "Keystore 2.0: Add human readable strings to Keystore exceptions." am:... (2b958ca9) · Commits · e / os / android_frameworks_base

keystore/java/android/security/KeyStore2.java

+38 −1

Original line number	Diff line number	Diff line
		@@ -23,6 +23,7 @@ import android.os.Build;
		import android.os.RemoteException;
		import android.os.ServiceManager;
		import android.os.ServiceSpecificException;
		import android.security.keymaster.KeymasterDefs;
		import android.system.keystore2.IKeystoreService;
		import android.system.keystore2.KeyDescriptor;
		import android.system.keystore2.KeyEntryResponse;
		@@ -107,7 +108,7 @@ public class KeyStore2 {
		return request.execute(service);
		} catch (ServiceSpecificException e) {
		Log.e(TAG, "KeyStore exception", e);
		throw new KeyStoreException(e.errorCode, "");
		throw getKeyStoreException(e.errorCode);
		} catch (RemoteException e) {
		if (firstTry) {
		Log.w(TAG, "Looks like we may have lost connection to the Keystore "
		@@ -274,4 +275,40 @@ public class KeyStore2 {
		}
		}

		static KeyStoreException getKeyStoreException(int errorCode) {
		if (errorCode > 0) {
		// KeyStore layer error
		switch (errorCode) {
		case ResponseCode.LOCKED:
		return new KeyStoreException(errorCode, "User authentication required");
		case ResponseCode.UNINITIALIZED:
		return new KeyStoreException(errorCode, "Keystore not initialized");
		case ResponseCode.SYSTEM_ERROR:
		return new KeyStoreException(errorCode, "System error");
		case ResponseCode.PERMISSION_DENIED:
		return new KeyStoreException(errorCode, "Permission denied");
		case ResponseCode.KEY_NOT_FOUND:
		return new KeyStoreException(errorCode, "Key not found");
		case ResponseCode.VALUE_CORRUPTED:
		return new KeyStoreException(errorCode, "Key blob corrupted");
		case ResponseCode.KEY_PERMANENTLY_INVALIDATED:
		return new KeyStoreException(errorCode, "Key permanently invalidated");
		default:
		return new KeyStoreException(errorCode, String.valueOf(errorCode));
		}
		} else {
		// Keymaster layer error
		switch (errorCode) {
		case KeymasterDefs.KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT:
		// The name of this parameter significantly differs between Keymaster and
		// framework APIs. Use the framework wording to make life easier for developers.
		return new KeyStoreException(errorCode,
		"Invalid user authentication validity duration");
		default:
		return new KeyStoreException(errorCode,
		KeymasterDefs.getErrorMessage(errorCode));
		}
		}
		}

		}

keystore/java/android/security/KeyStoreOperation.java

+1 −2

Original line number	Diff line number	Diff line
		@@ -73,8 +73,7 @@ public class KeyStoreOperation {
		);
		}
		default:
		// TODO Human readable string. Use something like KeyStore.getKeyStoreException
		throw new KeyStoreException(e.errorCode, "");
		throw KeyStore2.getKeyStoreException(e.errorCode);
		}
		} catch (RemoteException e) {
		// Log exception and report invalid operation handle.

keystore/java/android/security/KeyStoreSecurityLevel.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -52,7 +52,7 @@ public class KeyStoreSecurityLevel {
		try {
		return request.execute();
		} catch (ServiceSpecificException e) {
		throw new KeyStoreException(e.errorCode, "");
		throw KeyStore2.getKeyStoreException(e.errorCode);
		} catch (RemoteException e) {
		// Log exception and report invalid operation handle.
		// This should prompt the caller drop the reference to this operation and retry.
		@@ -114,7 +114,7 @@ public class KeyStoreSecurityLevel {
		break;
		}
		default:
		throw new KeyStoreException(e.errorCode, "");
		throw KeyStore2.getKeyStoreException(e.errorCode);
		}
		} catch (RemoteException e) {
		Log.w(TAG, "Cannot connect to keystore", e);