3 files changed, 13 insertions, 7 deletions

diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreECPublicKey.java b/keystore/java/android/security/keystore2/AndroidKeyStoreECPublicKey.java
index 6ddaa704afa8..b631999c2c54 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreECPublicKey.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreECPublicKey.java
@@ -38,9 +38,10 @@ public class AndroidKeyStoreECPublicKey extends AndroidKeyStorePublicKey impleme
 
     public AndroidKeyStoreECPublicKey(@NonNull KeyDescriptor descriptor,
             @NonNull KeyMetadata metadata,
+            @NonNull byte[] x509EncodedForm,
             @NonNull KeyStoreSecurityLevel securityLevel,
             @NonNull ECParameterSpec params, @NonNull ECPoint w) {
-        super(descriptor, metadata, KeyProperties.KEY_ALGORITHM_EC, securityLevel);
+        super(descriptor, metadata, x509EncodedForm, KeyProperties.KEY_ALGORITHM_EC, securityLevel);
         mParams = params;
         mW = w;
     }
@@ -48,7 +49,7 @@ public class AndroidKeyStoreECPublicKey extends AndroidKeyStorePublicKey impleme
     public AndroidKeyStoreECPublicKey(@NonNull KeyDescriptor descriptor,
             @NonNull KeyMetadata metadata,
             @NonNull KeyStoreSecurityLevel securityLevel, @NonNull ECPublicKey info) {
-        this(descriptor, metadata, securityLevel, info.getParams(), info.getW());
+        this(descriptor, metadata, info.getEncoded(), securityLevel, info.getParams(), info.getW());
         if (!"X.509".equalsIgnoreCase(info.getFormat())) {
             throw new IllegalArgumentException(
                     "Unsupported key export format: " + info.getFormat());
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java b/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java
index 49dd77e3a3db..db3e567cb6b4 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java
@@ -32,13 +32,15 @@ import java.security.PublicKey;
 public abstract class AndroidKeyStorePublicKey extends AndroidKeyStoreKey implements PublicKey {
     private final byte[] mCertificate;
     private final byte[] mCertificateChain;
+    private final byte[] mEncoded;
 
     public AndroidKeyStorePublicKey(@NonNull KeyDescriptor descriptor,
-            @NonNull KeyMetadata metadata, @NonNull String algorithm,
-            @NonNull KeyStoreSecurityLevel securityLevel) {
+            @NonNull KeyMetadata metadata, @NonNull byte[] x509EncodedForm,
+            @NonNull String algorithm, @NonNull KeyStoreSecurityLevel securityLevel) {
         super(descriptor, metadata.key.nspace, metadata.authorizations, algorithm, securityLevel);
         mCertificate = metadata.certificate;
         mCertificateChain = metadata.certificateChain;
+        mEncoded = x509EncodedForm;
     }
 
     abstract AndroidKeyStorePrivateKey getPrivateKey();
@@ -50,7 +52,7 @@ public abstract class AndroidKeyStorePublicKey extends AndroidKeyStoreKey implem
 
     @Override
     public byte[] getEncoded() {
-        return ArrayUtils.cloneIfNotEmpty(mCertificate);
+        return ArrayUtils.cloneIfNotEmpty(mEncoded);
     }
 
     @Override
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreRSAPublicKey.java b/keystore/java/android/security/keystore2/AndroidKeyStoreRSAPublicKey.java
index b578ea9baa06..9fe6cf3c113f 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreRSAPublicKey.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreRSAPublicKey.java
@@ -36,9 +36,11 @@ public class AndroidKeyStoreRSAPublicKey extends AndroidKeyStorePublicKey implem
 
     public AndroidKeyStoreRSAPublicKey(@NonNull KeyDescriptor descriptor,
             @NonNull KeyMetadata metadata,
+            @NonNull byte[] x509EncodedForm,
             @NonNull KeyStoreSecurityLevel securityLevel, @NonNull BigInteger modulus,
             @NonNull BigInteger publicExponent) {
-        super(descriptor, metadata, KeyProperties.KEY_ALGORITHM_RSA, securityLevel);
+        super(descriptor, metadata, x509EncodedForm, KeyProperties.KEY_ALGORITHM_RSA,
+                securityLevel);
         mModulus = modulus;
         mPublicExponent = publicExponent;
     }
@@ -46,7 +48,8 @@ public class AndroidKeyStoreRSAPublicKey extends AndroidKeyStorePublicKey implem
     public AndroidKeyStoreRSAPublicKey(@NonNull KeyDescriptor descriptor,
             @NonNull KeyMetadata metadata,
             @NonNull KeyStoreSecurityLevel securityLevel, @NonNull RSAPublicKey info) {
-        this(descriptor, metadata, securityLevel, info.getModulus(), info.getPublicExponent());
+        this(descriptor, metadata, info.getEncoded(), securityLevel, info.getModulus(),
+                info.getPublicExponent());
         if (!"X.509".equalsIgnoreCase(info.getFormat())) {
             throw new IllegalArgumentException(
                     "Unsupported key export format: " + info.getFormat());