Merge "DPM: API review for installKeyPair" into pi-dev

    method public boolean installExistingPackage(android.content.ComponentName, java.lang.String);

    method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate, java.lang.String);

    method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate[], java.lang.String, boolean);

    method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate[], java.lang.String, boolean, boolean);

    method public boolean installKeyPair(android.content.ComponentName, java.security.PrivateKey, java.security.cert.Certificate[], java.lang.String, int);

    method public boolean isActivePasswordSufficient();

    method public boolean isAdminActive(android.content.ComponentName);

    method public boolean isAffiliatedUser();

    field public static final int ID_TYPE_IMEI = 4; // 0x4

    field public static final int ID_TYPE_MEID = 8; // 0x8

    field public static final int ID_TYPE_SERIAL = 2; // 0x2

    field public static final int INSTALLKEY_REQUEST_CREDENTIALS_ACCESS = 1; // 0x1

    field public static final int INSTALLKEY_SET_USER_SELECTABLE = 2; // 0x2

    field public static final int KEYGUARD_DISABLE_BIOMETRICS = 416; // 0x1a0

    field public static final int KEYGUARD_DISABLE_FACE = 128; // 0x80

    field public static final int KEYGUARD_DISABLE_FEATURES_ALL = 2147483647; // 0x7fffffff

@SystemService(Context.DEVICE_POLICY_SERVICE)

@RequiresFeature(PackageManager.FEATURE_DEVICE_ADMIN)

public class DevicePolicyManager {

    private static String TAG = "DevicePolicyManager";

    private final Context mContext;

     */

    public static final int ID_TYPE_MEID = 8;

    /**

     * Specifies that the calling app should be granted access to the installed credentials

     * immediately. Otherwise, access to the credentials will be gated by user approval.

     * For use with {@link #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)}

     *

     * @see #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)

     */

    public static final int INSTALLKEY_REQUEST_CREDENTIALS_ACCESS = 1;

    /**

     * Specifies that a user can select the key via the Certificate Selection prompt.

     * If this flag is not set when calling {@link #installKeyPair}, the key can only be granted

     * access by implementing {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias}.

     * For use with {@link #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)}

     *

     * @see #installKeyPair(ComponentName, PrivateKey, Certificate[], String, int)

     */

    public static final int INSTALLKEY_SET_USER_SELECTABLE = 2;

    /**

     * Broadcast action: sent when the profile owner is set, changed or cleared.

     *

     */

    public boolean installKeyPair(@Nullable ComponentName admin, @NonNull PrivateKey privKey,

            @NonNull Certificate[] certs, @NonNull String alias, boolean requestAccess) {

        return installKeyPair(admin, privKey, certs, alias, requestAccess, true);

        int flags = INSTALLKEY_SET_USER_SELECTABLE;

        if (requestAccess) {

            flags |= INSTALLKEY_REQUEST_CREDENTIALS_ACCESS;

        }

        return installKeyPair(admin, privKey, certs, alias, flags);

    }

    /**

     *        {@link android.security.KeyChain#getCertificateChain}.

     * @param alias The private key alias under which to install the certificate. If a certificate

     *        with that alias already exists, it will be overwritten.

     * @param requestAccess {@code true} to request that the calling app be granted access to the

     *        credentials immediately. Otherwise, access to the credentials will be gated by user

     *        approval.

     * @param isUserSelectable {@code true} to indicate that a user can select this key via the

     *        Certificate Selection prompt, false to indicate that this key can only be granted

     *        access by implementing

     *        {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias}.

     * @param flags Flags to request that the calling app be granted access to the credentials

     *        and set the key to be user-selectable. See {@link #INSTALLKEY_SET_USER_SELECTABLE} and

     *        {@link #INSTALLKEY_REQUEST_CREDENTIALS_ACCESS}.

     * @return {@code true} if the keys were installed, {@code false} otherwise.

     * @throws SecurityException if {@code admin} is not {@code null} and not a device or profile

     *         owner.

     * @see #DELEGATION_CERT_INSTALL

     */

    public boolean installKeyPair(@Nullable ComponentName admin, @NonNull PrivateKey privKey,

            @NonNull Certificate[] certs, @NonNull String alias, boolean requestAccess,

            boolean isUserSelectable) {

            @NonNull Certificate[] certs, @NonNull String alias, int flags) {

        throwIfParentInstance("installKeyPair");

        boolean requestAccess = (flags & INSTALLKEY_REQUEST_CREDENTIALS_ACCESS)

                == INSTALLKEY_REQUEST_CREDENTIALS_ACCESS;

        boolean isUserSelectable = (flags & INSTALLKEY_SET_USER_SELECTABLE)

                == INSTALLKEY_SET_USER_SELECTABLE;

        try {

            final byte[] pemCert = Credentials.convertToPem(certs[0]);

            byte[] pemChain = null;