diff options
| author | Eran Messeri <eranm@google.com> | 2018-03-26 16:43:14 +0100 |
|---|---|---|
| committer | Eran Messeri <eranm@google.com> | 2018-03-29 10:58:20 +0100 |
| commit | 6169239b942fc2f6e8721b219f84b506c106fbe1 (patch) | |
| tree | 9826db736692e5d9d870117d4b4be68e770c6fce /keystore/java/android/security/KeyChain.java | |
| parent | 3a5dabbb10861a5cea627936c56693550345b9a8 (diff) | |
Utilize verbose KeyChain errors
As KeyChain reports detailed error codes about failure to generate keys
or attestation records for them, log these detailed errors and throw an
exception if the hardware does not support Device ID attestation.
Bug: 72642093
Bug: 73448533
Test: cts-tradefed run commandAndExit cts-dev -s 127.0.0.1:50487 -a x86_64 -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG
Change-Id: Ib12efcf48c158373e1fc28cc51d67e70282d029e
Diffstat (limited to 'keystore/java/android/security/KeyChain.java')
| -rw-r--r-- | keystore/java/android/security/KeyChain.java | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 2daf733d057f..46a7fa8d5e28 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -246,6 +246,82 @@ public final class KeyChain { public static final String EXTRA_KEY_ACCESSIBLE = "android.security.extra.KEY_ACCESSIBLE"; /** + * Indicates that a call to {@link #generateKeyPair} was successful. + * @hide + */ + public static final int KEY_GEN_SUCCESS = 0; + + /** + * An alias was missing from the key specifications when calling {@link #generateKeyPair}. + * @hide + */ + public static final int KEY_GEN_MISSING_ALIAS = 1; + + /** + * A key attestation challenge was provided to {@link #generateKeyPair}, but it shouldn't + * have been provided. + * @hide + */ + public static final int KEY_GEN_SUPERFLUOUS_ATTESTATION_CHALLENGE = 2; + + /** + * Algorithm not supported by {@link #generateKeyPair} + * @hide + */ + public static final int KEY_GEN_NO_SUCH_ALGORITHM = 3; + + /** + * Invalid algorithm parameters when calling {@link #generateKeyPair} + * @hide + */ + public static final int KEY_GEN_INVALID_ALGORITHM_PARAMETERS = 4; + + /** + * Keystore is not available when calling {@link #generateKeyPair} + * @hide + */ + public static final int KEY_GEN_NO_KEYSTORE_PROVIDER = 5; + + /** + * General failure while calling {@link #generateKeyPair} + * @hide + */ + public static final int KEY_GEN_FAILURE = 6; + + /** + * Successful call to {@link #attestKey} + * @hide + */ + public static final int KEY_ATTESTATION_SUCCESS = 0; + + /** + * Attestation challenge missing when calling {@link #attestKey} + * @hide + */ + public static final int KEY_ATTESTATION_MISSING_CHALLENGE = 1; + + /** + * The caller requested Device ID attestation when calling {@link #attestKey}, but has no + * permissions to get device identifiers. + * @hide + */ + public static final int KEY_ATTESTATION_CANNOT_COLLECT_DATA = 2; + + /** + * The underlying hardware does not support Device ID attestation or cannot attest to the + * identifiers that are stored on the device. This indicates permanent inability + * to get attestation records on the device. + * @hide + */ + public static final int KEY_ATTESTATION_CANNOT_ATTEST_IDS = 3; + + /** + * General failure when calling {@link #attestKey} + * @hide + */ + public static final int KEY_ATTESTATION_FAILURE = 4; + + /** * Returns an {@code Intent} that can be used for credential * installation. The intent may be used without any extras, in * which case the user will be able to install credentials from |