Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 51e0f914 authored by Eric Biggers's avatar Eric Biggers
Browse files

Use switch expression in verifyCredentialResponseFromWeaverResponse() 

Make default handling explicit.  No functional change.

Bug: 423038471
Test: atest FrameworksServicesTests:com.android.server.locksettings
Flag: EXEMPT refactor
Change-Id: I17b6036352d87ae3127f015aff30e38c8290e079
parent c88c575f

services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

+16 −16
Original line number Diff line number Diff line
@@ -709,17 +709,16 @@ class SyntheticPasswordManager { 
     */

    private static VerifyCredentialResponse verifyCredentialResponseFromWeaverResponse(

            WeaverReadResponse weaverResponse) {

        switch (weaverResponse.status) {

            case WeaverReadStatus.OK:

                return VerifyCredentialResponse.OK;

            case WeaverReadStatus.THROTTLE:

                // Either the credential could not be verified because a timeout is still active, or

                // the credential was incorrect and there is a timeout before the next attempt will

                // be allowed. INCORRECT_KEY is preferred in the latter case to avoid the ambiguity,

                // but we still have to support implementations that use THROTTLE for both cases.

                return VerifyCredentialResponse.fromTimeout(

                        Duration.ofMillis(weaverResponse.timeout));

            case WeaverReadStatus.INCORRECT_KEY:

        return switch (weaverResponse.status) {

            case WeaverReadStatus.OK -> VerifyCredentialResponse.OK;

            case WeaverReadStatus.THROTTLE ->

                    // Either the credential could not be verified because a timeout is still

                    // active, or the credential was incorrect and there is a timeout before the

                    // next attempt will be allowed. INCORRECT_KEY is preferred in the latter case

                    // to avoid the ambiguity, but we still have to support implementations that use

                    // THROTTLE for both cases.

                    VerifyCredentialResponse.fromTimeout(Duration.ofMillis(weaverResponse.timeout));

            case WeaverReadStatus.INCORRECT_KEY -> {

                if (weaverResponse.timeout != 0) {

                    // The credential was incorrect, and there is a timeout until the next attempt

                    // will be allowed. This is reached if the Weaver implementation returns
@@ -727,16 +726,17 @@ class SyntheticPasswordManager { 
                    //

                    // TODO(b/395976735): use RESPONSE_CRED_INCORRECT in this case, and update users

                    // of VerifyCredentialResponse to be compatible with that.

                    return VerifyCredentialResponse.fromTimeout(

                    yield VerifyCredentialResponse.fromTimeout(

                            Duration.ofMillis(weaverResponse.timeout));

                }

                if (android.security.Flags.softwareRatelimiter()) {

                    return VerifyCredentialResponse.fromError(

                    yield VerifyCredentialResponse.fromError(

                            VerifyCredentialResponse.RESPONSE_CRED_INCORRECT);

                }

                break;

                yield VerifyCredentialResponse.OTHER_ERROR;

            }

        return VerifyCredentialResponse.OTHER_ERROR;

            default -> VerifyCredentialResponse.OTHER_ERROR;

        };

    }



    /**