Merge "Return the auth token to begin call when timestamp token is required." am: 70d788a442 Original change: https://android-review.googlesource.com/c/platform/system/security/+/1692705 Change-Id: Id691a72acf7e7f6cef998ccebc9dc2df04bced39

commit: 424dcbdd7206a412939fc595bad6c87d068185ec [log] [tgz]
author: Hasini Gunasinghe <hasinitg@google.com> Sat May 01 02:02:47 2021 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Sat May 01 02:02:47 2021 +0000
tree: 21b69fd081975ca65100b29263d9545f6629147c
parent: bf5421f1b293e820c789b56ff59cae90ebbbee8b [diff]
parent: 70d788a4424f170138305b3ea6c6529a350938d5 [diff]
diff --git a/keystore2/src/enforcements.rs b/keystore2/src/enforcements.rs
index 378b72f..04d1f77 100644
--- a/keystore2/src/enforcements.rs
+++ b/keystore2/src/enforcements.rs

@@ -682,9 +682,10 @@
             // So the HAT cannot be presented on create. So on update/finish we present both
             // an per-op-bound auth token and a timestamp token.
             (Some(_), true, true) => (None, DeferredAuthState::TimeStampedOpAuthRequired),
-            (Some(hat), true, false) => {
-                (None, DeferredAuthState::TimeStampRequired(hat.take_auth_token()))
-            }
+            (Some(hat), true, false) => (
+                Some(hat.auth_token().clone()),
+                DeferredAuthState::TimeStampRequired(hat.take_auth_token()),
+            ),
             (Some(hat), false, true) => {
                 (Some(hat.take_auth_token()), DeferredAuthState::OpAuthRequired)
             }
commit	424dcbdd7206a412939fc595bad6c87d068185ec	[log] [tgz]
author	Hasini Gunasinghe <hasinitg@google.com>	Sat May 01 02:02:47 2021 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Sat May 01 02:02:47 2021 +0000
tree	21b69fd081975ca65100b29263d9545f6629147c
parent	bf5421f1b293e820c789b56ff59cae90ebbbee8b [diff]
parent	70d788a4424f170138305b3ea6c6529a350938d5 [diff]