Merge "Android Keystore keys are no longer backed by Conscrypt." into mnc-dev

import android.os.Process;

import android.os.RemoteException;

import android.os.UserHandle;

import android.security.keystore.KeyInfo;

import android.security.keystore.AndroidKeyStoreProvider;

import android.security.keystore.KeyProperties;

import java.io.ByteArrayInputStream;

import java.io.Closeable;

import java.security.InvalidKeyException;

import java.security.KeyFactory;

import java.security.Principal;

import java.security.PrivateKey;

import java.security.UnrecoverableKeyException;

import java.security.cert.Certificate;

import java.security.cert.CertificateException;

import java.security.cert.CertificateFactory;

import java.util.concurrent.BlockingQueue;

import java.util.concurrent.LinkedBlockingQueue;

import com.android.org.conscrypt.OpenSSLEngine;

import com.android.org.conscrypt.TrustedCertificateStore;

/**

// TODO reference intent for credential installation when public

public final class KeyChain {

    private static final String TAG = "KeyChain";

    /**

     * @hide Also used by KeyChainService implementation

     */

            if (keyId == null) {

                throw new KeyChainException("keystore had a problem");

            }

            final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");

            return engine.getPrivateKeyById(keyId);

            return AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore(

                    KeyStore.getInstance(), keyId);

        } catch (RemoteException e) {

            throw new KeyChainException(e);

        } catch (RuntimeException e) {

            // only certain RuntimeExceptions can be propagated across the IKeyChainService call

            throw new KeyChainException(e);

        } catch (InvalidKeyException e) {

        } catch (UnrecoverableKeyException e) {

            throw new KeyChainException(e);

        } finally {

            keyChainConnection.close();

            if (keyType == null) {

                throw new NullPointerException("keyType == null");

            } else {

                if (KeyStore.getKeyTypeForAlgorithm(keyType) == -1) {

                try {

                    KeyProperties.KeyAlgorithm.toKeymasterAsymmetricKeyAlgorithm(keyType);

                } catch (IllegalArgumentException e) {

                    throw new NoSuchAlgorithmException("Unsupported key type: " + keyType);

                }

            }

import android.app.ActivityThread;

import android.app.Application;

import android.app.KeyguardManager;

import com.android.org.conscrypt.NativeConstants;

import android.content.Context;

import android.hardware.fingerprint.FingerprintManager;

import android.security.keystore.KeyExpiredException;

import android.security.keystore.KeyNotYetValidException;

import android.security.keystore.KeyPermanentlyInvalidatedException;

import android.security.keystore.KeyProperties;

import android.security.keystore.UserNotAuthenticatedException;

import android.util.Log;

        return mToken;

    }

    public static int getKeyTypeForAlgorithm(@KeyProperties.KeyAlgorithmEnum String keyType) {

        if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(keyType)) {

            return NativeConstants.EVP_PKEY_RSA;

        } else if (KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(keyType)) {

            return NativeConstants.EVP_PKEY_EC;

        } else {

            return -1;

        }

    }

    public State state(int userId) {

        final int ret;

        try {

/*

 * Copyright (C) 2015 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.security.keystore;

import java.security.PrivateKey;

import java.security.interfaces.ECKey;

import java.security.spec.ECParameterSpec;

/**

 * EC private key (instance of {@link PrivateKey} and {@link ECKey}) backed by keystore.

 *

 * @hide

 */

public class AndroidKeyStoreECPrivateKey extends AndroidKeyStorePrivateKey implements ECKey {

    private final ECParameterSpec mParams;

    public AndroidKeyStoreECPrivateKey(String alias, ECParameterSpec params) {

        super(alias, KeyProperties.KEY_ALGORITHM_EC);

        mParams = params;

    }

    @Override

    public ECParameterSpec getParams() {

        return mParams;

    }

}

        // This key does not export its key material

        return null;

    }

    @Override

    public int hashCode() {

        final int prime = 31;

        int result = 1;

        result = prime * result + ((mAlgorithm == null) ? 0 : mAlgorithm.hashCode());

        result = prime * result + ((mAlias == null) ? 0 : mAlias.hashCode());

        return result;

    }

    @Override

    public boolean equals(Object obj) {

        if (this == obj) {

            return true;

        }

        if (obj == null) {

            return false;

        }

        if (getClass() != obj.getClass()) {

            return false;

        }

        AndroidKeyStoreKey other = (AndroidKeyStoreKey) obj;

        if (mAlgorithm == null) {

            if (other.mAlgorithm != null) {

                return false;

            }

        } else if (!mAlgorithm.equals(other.mAlgorithm)) {

            return false;

        }

        if (mAlias == null) {

            if (other.mAlias != null) {

                return false;

            }

        } else if (!mAlias.equals(other.mAlias)) {

            return false;

        }

        return true;

    }

}