Fix Android Keystore key factories to obey JCA contract.

Android Keystore provider's KeyFactory and SecretKeyFactory
implementations were throwing UnsupportedOperationException instead of
InvalidKeyException/InvalidKeySpecException from their
translateKey/generateKey methods.

Bug: 22459811
Change-Id: I6d5a5dc1bed724e858ad324d558b7480b9b848da

2 files changed, 23 insertions, 13 deletions

diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyFactorySpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyFactorySpi.java
index 515be1d..5ce4fd2 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyFactorySpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyFactorySpi.java
@@ -124,22 +124,27 @@ public class AndroidKeyStoreKeyFactorySpi extends KeyFactorySpi {
 
     @Override
     protected PrivateKey engineGeneratePrivate(KeySpec spec) throws InvalidKeySpecException {
-        throw new UnsupportedOperationException(
-                "To generate a key pair in Android KeyStore, use KeyPairGenerator initialized with"
+        throw new InvalidKeySpecException(
+                "To generate a key pair in Android Keystore, use KeyPairGenerator initialized with"
                 + " " + KeyGenParameterSpec.class.getName());
     }
 
     @Override
     protected PublicKey engineGeneratePublic(KeySpec spec) throws InvalidKeySpecException {
-        throw new UnsupportedOperationException(
-                "To generate a key pair in Android KeyStore, use KeyPairGenerator initialized with"
+        throw new InvalidKeySpecException(
+                "To generate a key pair in Android Keystore, use KeyPairGenerator initialized with"
                 + " " + KeyGenParameterSpec.class.getName());
     }
 
     @Override
-    protected Key engineTranslateKey(Key arg0) throws InvalidKeyException {
-        throw new UnsupportedOperationException(
-                "To import a key into Android KeyStore, use KeyStore.setEntry with "
-                + KeyProtection.class.getName());
+    protected Key engineTranslateKey(Key key) throws InvalidKeyException {
+        if (key == null) {
+            throw new InvalidKeyException("key == null");
+        } else if ((!(key instanceof AndroidKeyStorePrivateKey))
+                && (!(key instanceof AndroidKeyStorePublicKey))) {
+            throw new InvalidKeyException(
+                    "To import a key into Android Keystore, use KeyStore.setEntry");
+        }
+        return key;
     }
 }
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
index 9a2f908..11c22a9 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
@@ -185,15 +185,20 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
 
     @Override
     protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
-        throw new UnsupportedOperationException(
-                "To generate secret key in Android KeyStore, use KeyGenerator initialized with "
+        throw new InvalidKeySpecException(
+                "To generate secret key in Android Keystore, use KeyGenerator initialized with "
                         + KeyGenParameterSpec.class.getName());
     }
 
     @Override
     protected SecretKey engineTranslateKey(SecretKey key) throws InvalidKeyException {
-        throw new UnsupportedOperationException(
-                "To import a secret key into Android KeyStore, use KeyStore.setEntry with "
-                + KeyProtection.class.getName());
+        if (key == null) {
+            throw new InvalidKeyException("key == null");
+        } else if (!(key instanceof AndroidKeyStoreSecretKey)) {
+            throw new InvalidKeyException(
+                    "To import a secret key into Android Keystore, use KeyStore.setEntry");
+        }
+
+        return key;
     }
 }