3 files changed, 48 insertions, 6 deletions

diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java b/keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java
index 624321cbf5ea..5730234184ab 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java
@@ -34,7 +34,7 @@ import java.security.Provider;
  *
  * @hide
  */
-class AndroidKeyStoreBCWorkaroundProvider extends Provider {
+public class AndroidKeyStoreBCWorkaroundProvider extends Provider {
 
     // IMPLEMENTATION NOTE: Class names are hard-coded in this provider to avoid loading these
     // classes when this provider is instantiated and installed early on during each app's
@@ -50,8 +50,14 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider {
 
     private static final String DESEDE_SYSTEM_PROPERTY = "ro.hardware.keystore_desede";
 
-    AndroidKeyStoreBCWorkaroundProvider() {
-        super("AndroidKeyStoreBCWorkaround",
+    /** @hide */
+    public AndroidKeyStoreBCWorkaroundProvider() {
+        this("AndroidKeyStoreBCWorkaround");
+    }
+
+    /** @hide **/
+    public AndroidKeyStoreBCWorkaroundProvider(String providerName) {
+        super(providerName,
                 1.0,
                 "Android KeyStore security provider to work around Bouncy Castle");
 
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
index d1b4464c1aed..3ac9d68d5a9f 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
@@ -71,14 +71,20 @@ public class AndroidKeyStoreProvider extends Provider {
     private static final String DESEDE_SYSTEM_PROPERTY =
             "ro.hardware.keystore_desede";
 
-    /** @hide **/
+    /** @hide */
     public AndroidKeyStoreProvider() {
-        super(PROVIDER_NAME, 1.0, "Android KeyStore security provider");
+        this(PROVIDER_NAME);
+    }
+
+    /** @hide **/
+    public AndroidKeyStoreProvider(String providerName) {
+        super(providerName, 1.0, "Android KeyStore security provider");
 
         boolean supports3DES = "true".equals(android.os.SystemProperties.get(DESEDE_SYSTEM_PROPERTY));
 
         // java.security.KeyStore
         put("KeyStore.AndroidKeyStore", PACKAGE_NAME + ".AndroidKeyStoreSpi");
+        put("alg.alias.KeyStore.AndroidKeyStoreLegacy", "AndroidKeyStore");
 
         // java.security.KeyPairGenerator
         put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC");
@@ -438,8 +444,12 @@ public class AndroidKeyStoreProvider extends Provider {
     @NonNull
     public static java.security.KeyStore getKeyStoreForUid(int uid)
             throws KeyStoreException, NoSuchProviderException {
+        String providerName = PROVIDER_NAME;
+        if (android.security.keystore2.AndroidKeyStoreProvider.isInstalled()) {
+            providerName = "AndroidKeyStoreLegacy";
+        }
         java.security.KeyStore result =
-                java.security.KeyStore.getInstance("AndroidKeyStore", PROVIDER_NAME);
+                java.security.KeyStore.getInstance(providerName);
         try {
             result.load(new AndroidKeyStoreLoadStoreParameter(uid));
         } catch (NoSuchAlgorithmException | CertificateException | IOException e) {
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
index e7fcbdb84ab3..b2e32a3175e3 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java
@@ -110,6 +110,23 @@ public class AndroidKeyStoreProvider extends Provider {
         putSecretKeyFactoryImpl("HmacSHA512");
     }
 
+    private static boolean sInstalled = false;
+
+    /**
+     * This function indicates whether or not this provider was installed. This is manly used
+     * as indicator for
+     * {@link android.security.keystore.AndroidKeyStoreProvider#getKeyStoreForUid(int)}
+     * to whether or not to retrieve the Keystore provider by "AndroidKeyStoreLegacy".
+     * This function can be removed once the transition to Keystore 2.0 is complete.
+     * b/171305684
+     *
+     * @return true if this provider was installed.
+     * @hide
+     */
+    public static boolean isInstalled() {
+        return sInstalled;
+    }
+
     /**
      * Installs a new instance of this provider (and the
      * {@link AndroidKeyStoreBCWorkaroundProvider}).
@@ -125,17 +142,26 @@ public class AndroidKeyStoreProvider extends Provider {
                 break;
             }
         }
+        sInstalled = true;
 
         Security.addProvider(new AndroidKeyStoreProvider());
+        Security.addProvider(
+                new android.security.keystore.AndroidKeyStoreProvider(
+                        "AndroidKeyStoreLegacy"));
         Provider workaroundProvider = new AndroidKeyStoreBCWorkaroundProvider();
+        Provider legacyWorkaroundProvider =
+                new android.security.keystore.AndroidKeyStoreBCWorkaroundProvider(
+                        "AndroidKeyStoreBCWorkaroundLegacy");
         if (bcProviderIndex != -1) {
             // Bouncy Castle provider found -- install the workaround provider above it.
             // insertProviderAt uses 1-based positions.
+            Security.insertProviderAt(legacyWorkaroundProvider, bcProviderIndex + 1);
             Security.insertProviderAt(workaroundProvider, bcProviderIndex + 1);
         } else {
             // Bouncy Castle provider not found -- install the workaround provider at lowest
             // priority.
             Security.addProvider(workaroundProvider);
+            Security.addProvider(legacyWorkaroundProvider);
         }
     }