Merge changes from topic "ic-android14"

    ctor public AlreadyPersonalizedException(@NonNull String, @NonNull Throwable);

  }

  public class AuthenticationKeyMetadata {

    method @NonNull public java.time.Instant getExpirationDate();

    method @IntRange(from=0) public int getUsageCount();

  }

  public class CipherSuiteNotSupportedException extends android.security.identity.IdentityCredentialException {

    ctor public CipherSuiteNotSupportedException(@NonNull String);

    ctor public CipherSuiteNotSupportedException(@NonNull String, @NonNull Throwable);

  public abstract class CredentialDataResult {

    method @Nullable public abstract byte[] getDeviceMac();

    method @NonNull public abstract byte[] getDeviceNameSpaces();

    method @Nullable public byte[] getDeviceSignature();

    method @NonNull public abstract android.security.identity.CredentialDataResult.Entries getDeviceSignedEntries();

    method @NonNull public abstract android.security.identity.CredentialDataResult.Entries getIssuerSignedEntries();

    method @NonNull public abstract byte[] getStaticAuthenticationData();

    method @NonNull public byte[] delete(@NonNull byte[]);

    method @Deprecated @NonNull public abstract byte[] encryptMessageToReader(@NonNull byte[]);

    method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getAuthKeysNeedingCertification();

    method @NonNull public abstract int[] getAuthenticationDataUsageCount();

    method @Deprecated @NonNull public abstract int[] getAuthenticationDataUsageCount();

    method @NonNull public java.util.List<android.security.identity.AuthenticationKeyMetadata> getAuthenticationKeyMetadata();

    method @NonNull public abstract java.util.Collection<java.security.cert.X509Certificate> getCredentialKeyCertificateChain();

    method @Deprecated @NonNull public abstract android.security.identity.ResultData getEntries(@Nullable byte[], @NonNull java.util.Map<java.lang.String,java.util.Collection<java.lang.String>>, @Nullable byte[], @Nullable byte[]) throws android.security.identity.EphemeralPublicKeyNotFoundException, android.security.identity.InvalidReaderSignatureException, android.security.identity.InvalidRequestMessageException, android.security.identity.NoAuthenticationKeyAvailableException, android.security.identity.SessionTranscriptMismatchException;

    method @NonNull public byte[] proveOwnership(@NonNull byte[]);

    method @Deprecated public abstract void setAllowUsingExhaustedKeys(boolean);

    method @Deprecated public void setAllowUsingExpiredKeys(boolean);

    method public abstract void setAvailableAuthenticationKeys(int, int);

    method @Deprecated public abstract void setAvailableAuthenticationKeys(int, int);

    method public void setAvailableAuthenticationKeys(@IntRange(from=0) int, @IntRange(from=1) int, @IntRange(from=0) long);

    method @Deprecated public abstract void setReaderEphemeralPublicKey(@NonNull java.security.PublicKey) throws java.security.InvalidKeyException;

    method @Deprecated public abstract void storeStaticAuthenticationData(@NonNull java.security.cert.X509Certificate, @NonNull byte[]) throws android.security.identity.UnknownAuthenticationKeyException;

    method public void storeStaticAuthenticationData(@NonNull java.security.cert.X509Certificate, @NonNull java.time.Instant, @NonNull byte[]) throws android.security.identity.UnknownAuthenticationKeyException;

/*

 * Copyright 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.security.identity;

import android.annotation.IntRange;

import android.annotation.NonNull;

import java.time.Instant;

/**

 * Data about authentication keys.

 */

public class AuthenticationKeyMetadata {

    private int mUsageCount;

    private Instant mExpirationDate;

    AuthenticationKeyMetadata(int usageCount, Instant expirationDate) {

        mUsageCount = usageCount;

        mExpirationDate = expirationDate;

    }

    /**

     * Gets usage count for the authentication key.

     *

     * @return the usage count

     */

    public @IntRange(from = 0) int getUsageCount() {

        return mUsageCount;

    }

    /**

     * Gets expiration date for the authentication key.

     *

     * @return the expiration date of the authentication key.

     */

    public @NonNull Instant getExpirationDate() {

        return mExpirationDate;

    }

}

     */

    public abstract @Nullable byte[] getDeviceMac();

    /**

     * Returns a signature over the {@code DeviceAuthenticationBytes} CBOR

     * specified in {@link #getDeviceNameSpaces()}, to prove to the reader that the data

     * is from a trusted credential.

     *

     * <p>The signature is made using the authentication private key. See section 9.1.3.4 of

     * ISO/IEC 18013-5:2021 for details of this operation.

     *

     * <p>If the session transcript or reader ephemeral key wasn't set on the {@link

     * PresentationSession} used to obtain this data no signature will be produced and this method

     * will return {@code null}.

     *

     * <p>This is only implemented in feature version 202301 or later. If not implemented, the call

     * fails with {@link UnsupportedOperationException}. See

     * {@link android.content.pm.PackageManager#FEATURE_IDENTITY_CREDENTIAL_HARDWARE} for known

     * feature versions.

     *

     * @return A COSE_Sign1 structure as described above or {@code null} if the conditions

     *     specified above are not met.

     */

    public @Nullable byte[] getDeviceSignature() {

        throw new UnsupportedOperationException();

    }

    /**

     * Returns the static authentication data associated with the dynamic authentication

     * key used to MAC the data returned by {@link #getDeviceNameSpaces()}.

        return mDeviceSignedResult.getMessageAuthenticationCode();

    }

    @Override

    public @Nullable byte[] getDeviceSignature() {

        return mDeviceSignedResult.getSignature();

    }

    @Override

    public @NonNull byte[] getStaticAuthenticationData() {

        return mDeviceSignedResult.getStaticAuthenticationData();

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.time.Instant;

import java.util.ArrayList;

import java.util.Collection;

import java.util.LinkedList;

import java.util.List;

import java.util.Map;

import javax.crypto.BadPaddingException;

    private Context mContext;

    private ICredential mBinder;

    private CredstorePresentationSession mSession;

    private int mFeatureVersion;

    CredstoreIdentityCredential(Context context, String credentialName,

            @IdentityCredentialStore.Ciphersuite int cipherSuite,

            ICredential binder,

            @Nullable CredstorePresentationSession session) {

            @Nullable CredstorePresentationSession session,

            int featureVersion) {

        mContext = context;

        mCredentialName = credentialName;

        mCipherSuite = cipherSuite;

        mBinder = binder;

        mSession = session;

        mFeatureVersion = featureVersion;

    }

    private KeyPair mEphemeralKeyPair = null;

                throw new RuntimeException("Error decoding certificates", e);

            }

            LinkedList<X509Certificate> x509Certs = new LinkedList<>();

            ArrayList<X509Certificate> x509Certs = new ArrayList<>();

            for (Certificate cert : certs) {

                x509Certs.add((X509Certificate) cert);

            }

            }

        }

        byte[] signature = resultParcel.signature;

        if (signature != null && signature.length == 0) {

            signature = null;

        }

        byte[] mac = resultParcel.mac;

        if (mac != null && mac.length == 0) {

            mac = null;

        }

        CredstoreResultData.Builder resultDataBuilder = new CredstoreResultData.Builder(

                resultParcel.staticAuthenticationData, resultParcel.deviceNameSpaces, mac);

                mFeatureVersion, resultParcel.staticAuthenticationData,

                resultParcel.deviceNameSpaces, mac, signature);

        for (ResultNamespaceParcel resultNamespaceParcel : resultParcel.resultNamespaces) {

            for (ResultEntryParcel resultEntryParcel : resultNamespaceParcel.entries) {

    @Override

    public void setAvailableAuthenticationKeys(int keyCount, int maxUsesPerKey) {

        setAvailableAuthenticationKeys(keyCount, maxUsesPerKey, 0);

    }

    @Override

    public void setAvailableAuthenticationKeys(int keyCount, int maxUsesPerKey,

                                               long minValidTimeMillis) {

        try {

            mBinder.setAvailableAuthenticationKeys(keyCount, maxUsesPerKey);

            mBinder.setAvailableAuthenticationKeys(keyCount, maxUsesPerKey, minValidTimeMillis);

        } catch (android.os.RemoteException e) {

            throw new RuntimeException("Unexpected RemoteException ", e);

        } catch (android.os.ServiceSpecificException e) {

    public @NonNull Collection<X509Certificate> getAuthKeysNeedingCertification() {

        try {

            AuthKeyParcel[] authKeyParcels = mBinder.getAuthKeysNeedingCertification();

            LinkedList<X509Certificate> x509Certs = new LinkedList<>();

            ArrayList<X509Certificate> x509Certs = new ArrayList<>();

            CertificateFactory factory = CertificateFactory.getInstance("X.509");

            for (AuthKeyParcel authKeyParcel : authKeyParcels) {

                Collection<? extends Certificate> certs = null;

        }

    }

    @Override

    public @NonNull List<AuthenticationKeyMetadata> getAuthenticationKeyMetadata() {

        try {

            int[] usageCount = mBinder.getAuthenticationDataUsageCount();

            long[] expirationsMillis = mBinder.getAuthenticationDataExpirations();

            if (usageCount.length != expirationsMillis.length) {

                throw new IllegalStateException("Size og usageCount and expirationMillis differ");

            }

            List<AuthenticationKeyMetadata> mds = new ArrayList<>();

            for (int n = 0; n < expirationsMillis.length; n++) {

                AuthenticationKeyMetadata md = null;

                long expirationMillis = expirationsMillis[n];

                if (expirationMillis != Long.MAX_VALUE) {

                    md = new AuthenticationKeyMetadata(

                        usageCount[n],

                        Instant.ofEpochMilli(expirationMillis));

                }

                mds.add(md);

            }

            return mds;

        } catch (android.os.RemoteException e) {

            throw new IllegalStateException("Unexpected RemoteException ", e);

        } catch (android.os.ServiceSpecificException e) {

            throw new IllegalStateException("Unexpected ServiceSpecificException with code "

                    + e.errorCode, e);

        }

    }

    @Override

    public @NonNull byte[] proveOwnership(@NonNull byte[] challenge) {

        try {