Examples with ProviderException java.security.ProviderException used on opensource projects

Example 41 with ProviderException

use of java.security.ProviderException in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreCipherSpiBase method ensureKeystoreOperationInitialized.

private void ensureKeystoreOperationInitialized() throws InvalidKeyException, InvalidAlgorithmParameterException {
    if (mMainDataStreamer != null) {
        return;
    }
    if (mCachedException != null) {
        return;
    }
    if (mKey == null) {
        throw new IllegalStateException("Not initialized");
    }
    KeymasterArguments keymasterInputArgs = new KeymasterArguments();
    addAlgorithmSpecificParametersToBegin(keymasterInputArgs);
    byte[] additionalEntropy = KeyStoreCryptoOperationUtils.getRandomBytesToMixIntoKeystoreRng(mRng, getAdditionalEntropyAmountForBegin());
    int purpose;
    if (mKeymasterPurposeOverride != -1) {
        purpose = mKeymasterPurposeOverride;
    } else {
        purpose = mEncrypting ? KeymasterDefs.KM_PURPOSE_ENCRYPT : KeymasterDefs.KM_PURPOSE_DECRYPT;
    }
    OperationResult opResult = mKeyStore.begin(mKey.getAlias(), purpose, // permit aborting this operation if keystore runs out of resources
    true, keymasterInputArgs, additionalEntropy, mKey.getUid());
    if (opResult == null) {
        throw new KeyStoreConnectException();
    }
    // Store operation token and handle regardless of the error code returned by KeyStore to
    // ensure that the operation gets aborted immediately if the code below throws an exception.
    mOperationToken = opResult.token;
    mOperationHandle = opResult.operationHandle;
    // If necessary, throw an exception due to KeyStore operation having failed.
    GeneralSecurityException e = KeyStoreCryptoOperationUtils.getExceptionForCipherInit(mKeyStore, mKey, opResult.resultCode);
    if (e != null) {
        if (e instanceof InvalidKeyException) {
            throw (InvalidKeyException) e;
        } else if (e instanceof InvalidAlgorithmParameterException) {
            throw (InvalidAlgorithmParameterException) e;
        } else {
            throw new ProviderException("Unexpected exception type", e);
        }
    }
    if (mOperationToken == null) {
        throw new ProviderException("Keystore returned null operation token");
    }
    if (mOperationHandle == 0) {
        throw new ProviderException("Keystore returned invalid operation handle");
    }
    loadAlgorithmSpecificParametersFromBeginResult(opResult.outParams);
    mMainDataStreamer = createMainDataStreamer(mKeyStore, opResult.token);
    mAdditionalAuthenticationDataStreamer = createAdditionalAuthenticationDataStreamer(mKeyStore, opResult.token);
    mAdditionalAuthenticationDataStreamerClosed = false;
}

Example 42 with ProviderException

use of java.security.ProviderException in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreHmacSpi method ensureKeystoreOperationInitialized.

private void ensureKeystoreOperationInitialized() throws InvalidKeyException {
    if (mChunkedStreamer != null) {
        return;
    }
    if (mKey == null) {
        throw new IllegalStateException("Not initialized");
    }
    KeymasterArguments keymasterArgs = new KeymasterArguments();
    keymasterArgs.addEnum(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_HMAC);
    keymasterArgs.addEnum(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest);
    keymasterArgs.addUnsignedInt(KeymasterDefs.KM_TAG_MAC_LENGTH, mMacSizeBits);
    OperationResult opResult = mKeyStore.begin(mKey.getAlias(), KeymasterDefs.KM_PURPOSE_SIGN, true, keymasterArgs, // no additional entropy needed for HMAC because it's deterministic
    null, mKey.getUid());
    if (opResult == null) {
        throw new KeyStoreConnectException();
    }
    // Store operation token and handle regardless of the error code returned by KeyStore to
    // ensure that the operation gets aborted immediately if the code below throws an exception.
    mOperationToken = opResult.token;
    mOperationHandle = opResult.operationHandle;
    // If necessary, throw an exception due to KeyStore operation having failed.
    InvalidKeyException e = KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(mKeyStore, mKey, opResult.resultCode);
    if (e != null) {
        throw e;
    }
    if (mOperationToken == null) {
        throw new ProviderException("Keystore returned null operation token");
    }
    if (mOperationHandle == 0) {
        throw new ProviderException("Keystore returned invalid operation handle");
    }
    mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer(new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(mKeyStore, mOperationToken));
}

Example 43 with ProviderException

use of java.security.ProviderException in project OpenAM by OpenRock.

the class AMDirectoryAccessFactory method instantiateImpls.

private static void instantiateImpls(String packageName, String className, boolean isCriticalErrorIfClassNotFound) {
    String providerClass = packageName + PACKAGE_SEPARATOR + className;
    try {
        IDirectoryServicesProvider dsServicesProvider = (IDirectoryServicesProvider) Class.forName(providerClass).newInstance();
        dsServicesImpl = dsServicesProvider.getDirectoryServicesImpl();
        dcTreeServicesImpl = dsServicesProvider.getDCTreeServicesImpl();
        complianceServicesImpl = dsServicesProvider.getComplianceServicesImpl();
        // Add the listener
        initListener();
    } catch (InstantiationException e) {
        debug.error("AMDirectoryAccessFactory.instantiateImpls()- " + "Initializing Impls from package: " + packageName + " FAILED!", e);
        throw new ProviderException(AMSDKBundle.getString("300"));
    } catch (IllegalAccessException e) {
        debug.error("AMDirectoryAccessFactory.instantiateImpls()- " + "Initializing Impls from package: " + packageName + " FAILED!", e);
        throw new ProviderException(AMSDKBundle.getString("300"));
    } catch (ClassNotFoundException e) {
        String message = "AMDirectoryAccessFactory." + "instantiateImpls()- Initializing Impls from " + "package: " + packageName + " FAILED!";
        if (isCriticalErrorIfClassNotFound) {
            debug.error(message, e);
        } else {
            debug.warning(message, e);
        }
        throw new ProviderException(AMSDKBundle.getString("300"));
    } catch (AMEventManagerException ame) {
        debug.error("AMDirectoryAccessFactory.instantiateImpls()- " + "Initializing Impls from package: " + packageName + "FAILED!", ame);
        throw new ProviderException(AMSDKBundle.getString("300"));
    }
    if (debug.messageEnabled()) {
        debug.message("AMDirectoryAccessFactory.instantiateImpls() - " + "Successfully initialized Impls Using Impl Package: " + packageName + " for accessing Directory Services");
    }
}

Example 44 with ProviderException

use of java.security.ProviderException in project android_frameworks_base by ResurrectionRemix.

the class KeymasterUtils method addUserAuthArgs.

/**
     * Adds keymaster arguments to express the key's authorization policy supported by user
     * authentication.
     *
     * @param userAuthenticationRequired whether user authentication is required to authorize the
     *        use of the key.
     * @param userAuthenticationValidityDurationSeconds duration of time (seconds) for which user
     *        authentication is valid as authorization for using the key or {@code -1} if every
     *        use of the key needs authorization.
     *
     * @throws IllegalStateException if user authentication is required but the system is in a wrong
     *         state (e.g., secure lock screen not set up) for generating or importing keys that
     *         require user authentication.
     */
public static void addUserAuthArgs(KeymasterArguments args, boolean userAuthenticationRequired, int userAuthenticationValidityDurationSeconds, boolean userAuthenticationValidWhileOnBody, boolean invalidatedByBiometricEnrollment) {
    if (!userAuthenticationRequired) {
        args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
        return;
    }
    if (userAuthenticationValidityDurationSeconds == -1) {
        // Every use of this key needs to be authorized by the user. This currently means
        // fingerprint-only auth.
        FingerprintManager fingerprintManager = KeyStore.getApplicationContext().getSystemService(FingerprintManager.class);
        // TODO: Restore USE_FINGERPRINT permission check in
        // FingerprintManager.getAuthenticatorId once the ID is no longer needed here.
        long fingerprintOnlySid = (fingerprintManager != null) ? fingerprintManager.getAuthenticatorId() : 0;
        if (fingerprintOnlySid == 0) {
            throw new IllegalStateException("At least one fingerprint must be enrolled to create keys requiring user" + " authentication for every use");
        }
        long sid;
        if (invalidatedByBiometricEnrollment) {
            // The fingerprint-only SID will change on fingerprint enrollment or removal of all,
            // enrolled fingerprints, invalidating the key.
            sid = fingerprintOnlySid;
        } else {
            // The root SID will *not* change on fingerprint enrollment, or removal of all
            // enrolled fingerprints, allowing the key to remain valid.
            sid = getRootSid();
        }
        args.addUnsignedLong(KeymasterDefs.KM_TAG_USER_SECURE_ID, KeymasterArguments.toUint64(sid));
        args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeymasterDefs.HW_AUTH_FINGERPRINT);
        if (userAuthenticationValidWhileOnBody) {
            throw new ProviderException("Key validity extension while device is on-body is not " + "supported for keys requiring fingerprint authentication");
        }
    } else {
        // The key is authorized for use for the specified amount of time after the user has
        // authenticated. Whatever unlocks the secure lock screen should authorize this key.
        long rootSid = getRootSid();
        args.addUnsignedLong(KeymasterDefs.KM_TAG_USER_SECURE_ID, KeymasterArguments.toUint64(rootSid));
        args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, KeymasterDefs.HW_AUTH_PASSWORD | KeymasterDefs.HW_AUTH_FINGERPRINT);
        args.addUnsignedInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, userAuthenticationValidityDurationSeconds);
        if (userAuthenticationValidWhileOnBody) {
            args.addBoolean(KeymasterDefs.KM_TAG_ALLOW_WHILE_ON_BODY);
        }
    }
}

Example 45 with ProviderException

use of java.security.ProviderException in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreAuthenticatedAESCipherSpi method loadAlgorithmSpecificParametersFromBeginResult.

@Override
protected final void loadAlgorithmSpecificParametersFromBeginResult(@NonNull KeymasterArguments keymasterArgs) {
    mIvHasBeenUsed = true;
    // NOTE: Keymaster doesn't always return an IV, even if it's used.
    byte[] returnedIv = keymasterArgs.getBytes(KeymasterDefs.KM_TAG_NONCE, null);
    if ((returnedIv != null) && (returnedIv.length == 0)) {
        returnedIv = null;
    }
    if (mIv == null) {
        mIv = returnedIv;
    } else if ((returnedIv != null) && (!Arrays.equals(returnedIv, mIv))) {
        throw new ProviderException("IV in use differs from provided IV");
    }
}