commit fdbe53a56de6e9861693bf063b4e48eb53fde0f1
author Eric Biggers <ebiggers@google.com> Mon Aug 14 23:41:00 2023 +0000
committer Eric Biggers <ebiggers@google.com> Tue Aug 15 01:12:08 2023 +0000
tree 393a00c62ef589b07bc72167af4a13134aa3c1ba
parent e7a2d0a06c294289668cd28be37e864f6b60a08b

Simplify some code in KeyStore2ParameterUtils#addUserAuthArgs

Deduplicate the addition of the SIDs and USER_AUTH_TYPE, and consolidate
the handling of isUserAuthenticationValidWhileOnBody() into one place.
No change in behavior.

Test: atest KeystoreTests
Change-Id: Ic57e3506a62d90ee0fd7b5860d4cda44aa1b5acf

keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java

diff --git a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java
index 54955c6..1394bd4 100644
--- a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java
+++ b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java
@@ -325,32 +325,25 @@
             args.add(KeyStore2ParameterUtils.makeBool(
                     KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED));
         } else {
-            if (spec.getUserAuthenticationValidityDurationSeconds() == 0) {
-                // Every use of this key needs to be authorized by the user.
-                addSids(args, spec);
-                args.add(KeyStore2ParameterUtils.makeEnum(
-                        KeymasterDefs.KM_TAG_USER_AUTH_TYPE, spec.getUserAuthenticationType()
-                ));
-
-                if (spec.isUserAuthenticationValidWhileOnBody()) {
-                    throw new ProviderException(
-                            "Key validity extension while device is on-body is not "
-                                    + "supported for keys requiring fingerprint authentication");
-                }
-            } else {
-                addSids(args, spec);
-                args.add(KeyStore2ParameterUtils.makeEnum(
-                        KeymasterDefs.KM_TAG_USER_AUTH_TYPE, spec.getUserAuthenticationType()
-                ));
+            addSids(args, spec);
+            args.add(KeyStore2ParameterUtils.makeEnum(
+                    KeymasterDefs.KM_TAG_USER_AUTH_TYPE, spec.getUserAuthenticationType()
+            ));
+            if (spec.getUserAuthenticationValidityDurationSeconds() != 0) {
                 args.add(KeyStore2ParameterUtils.makeInt(
                         KeymasterDefs.KM_TAG_AUTH_TIMEOUT,
                         spec.getUserAuthenticationValidityDurationSeconds()
                 ));
-                if (spec.isUserAuthenticationValidWhileOnBody()) {
-                    args.add(KeyStore2ParameterUtils.makeBool(
-                            KeymasterDefs.KM_TAG_ALLOW_WHILE_ON_BODY
-                    ));
+            }
+            if (spec.isUserAuthenticationValidWhileOnBody()) {
+                if (spec.getUserAuthenticationValidityDurationSeconds() == 0) {
+                    throw new ProviderException(
+                            "Key validity extension while device is on-body is not "
+                                    + "supported for keys requiring fingerprint authentication");
                 }
+                args.add(KeyStore2ParameterUtils.makeBool(
+                        KeymasterDefs.KM_TAG_ALLOW_WHILE_ON_BODY
+                ));
             }
         }
     }