KeyChain: Provide public & private keys

In order for the DevicePolicyManager to provide key generation
functionality, it has to return both the private and public keys
in form of a KeyPair.

Since the KeyChainService will perform the key generation on behalf
of the DevicePolicyManager (so that KeyChain will be the owner of
the generated keys outright), the DevicePolicyManager needs a way
to get both the private and public key representations from KeyChain.

A getKeyPair method is added that gets the private and public
key pair associated with a given alias from Keystore.
The getPrivateKey now delegates to the getKeyPair method and returns
only the private key.

Tested using existing CTS tests.

Bug: 63388672
Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
Change-Id: I06b8511acd2049a0053ec8893de6de7429f7c92e

1 files changed, 14 insertions, 1 deletions

diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index 3fe730fdacba..2daf733d057f 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -40,6 +40,7 @@ import android.security.keystore.KeyProperties;
 
 import java.io.ByteArrayInputStream;
 import java.io.Closeable;
+import java.security.KeyPair;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.UnrecoverableKeyException;
@@ -418,6 +419,18 @@ public final class KeyChain {
     @Nullable @WorkerThread
     public static PrivateKey getPrivateKey(@NonNull Context context, @NonNull String alias)
             throws KeyChainException, InterruptedException {
+        KeyPair keyPair = getKeyPair(context, alias);
+        if (keyPair != null) {
+            return keyPair.getPrivate();
+        }
+
+        return null;
+    }
+
+    /** @hide */
+    @Nullable @WorkerThread
+    public static KeyPair getKeyPair(@NonNull Context context, @NonNull String alias)
+            throws KeyChainException, InterruptedException {
         if (alias == null) {
             throw new NullPointerException("alias == null");
         }
@@ -439,7 +452,7 @@ public final class KeyChain {
             return null;
         } else {
             try {
-                return AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore(
+                return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(
                         KeyStore.getInstance(), keyId, KeyStore.UID_SELF);
             } catch (RuntimeException | UnrecoverableKeyException e) {
                 throw new KeyChainException(e);