From b4834ae3fa09e8013f7ab743a12def063ae999e3 Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Thu, 2 Apr 2015 15:53:46 -0700 Subject: Rename KeymasterException to KeyStoreException. The code in question talks to KeyStore which returns error codes which are a mix of keystore and keymaster error codes. To better match the layering of KeyStore on top of keystore and keymaster, this CL renames KeymasterException into KeyStoreException. It also adds human-readable error messages to exceptions raised by keystore rather than keymaster (e.g., key not found). Bug: 18088752 Change-Id: I4cd1235e16518c9f2e8c5557a457774c6e687b88 --- keystore/java/android/security/KeyStore.java | 54 ++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'keystore/java/android/security/KeyStore.java') diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 94a479b..84a664e 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -26,6 +26,7 @@ import android.security.keymaster.ExportResult; import android.security.keymaster.KeyCharacteristics; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterBlob; +import android.security.keymaster.KeymasterDefs; import android.security.keymaster.OperationResult; import android.util.Log; @@ -506,4 +507,57 @@ public class KeyStore { return SYSTEM_ERROR; } } + + public static KeyStoreException getKeyStoreException(int errorCode) { + if (errorCode > 0) { + // KeyStore layer error + switch (errorCode) { + case NO_ERROR: + return new KeyStoreException(errorCode, "OK"); + case LOCKED: + return new KeyStoreException(errorCode, "Keystore locked"); + case UNINITIALIZED: + return new KeyStoreException(errorCode, "Keystore not initialized"); + case SYSTEM_ERROR: + return new KeyStoreException(errorCode, "System error"); + case PERMISSION_DENIED: + return new KeyStoreException(errorCode, "Permission denied"); + case KEY_NOT_FOUND: + return new KeyStoreException(errorCode, "Key not found"); + case VALUE_CORRUPTED: + return new KeyStoreException(errorCode, "Key blob corrupted"); + default: + return new KeyStoreException(errorCode, String.valueOf(errorCode)); + } + } else { + // Keymaster layer error + switch (errorCode) { + case KeymasterDefs.KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT: + // The name of this parameter significantly differs between Keymaster and + // framework APIs. Use the framework wording to make life easier for developers. + return new KeyStoreException(errorCode, + "Invalid user authentication validity duration"); + default: + return new KeyStoreException(errorCode, + KeymasterDefs.getErrorMessage(errorCode)); + } + } + } + + public static CryptoOperationException getCryptoOperationException(KeyStoreException e) { + switch (e.getErrorCode()) { + case KeymasterDefs.KM_ERROR_KEY_EXPIRED: + return new KeyExpiredException(); + case KeymasterDefs.KM_ERROR_KEY_NOT_YET_VALID: + return new KeyNotYetValidException(); + case KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED: + return new UserNotAuthenticatedException(); + default: + return new CryptoOperationException("Crypto operation failed", e); + } + } + + public static CryptoOperationException getCryptoOperationException(int errorCode) { + return getCryptoOperationException(getKeyStoreException(errorCode)); + } } -- cgit v1.1