Merge "Do not allow -1 duration in setUserAuthenticationParameters" into rvc-dev
diff --git a/api/current.txt b/api/current.txt
index f5135b2..563665f 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -42787,7 +42787,7 @@
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUnlockedDeviceRequired(boolean);
- method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationParameters(@IntRange(from=0xffffffff) int, int);
+ method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationParameters(@IntRange(from=0) int, int);
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean);
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean);
method @Deprecated @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(@IntRange(from=0xffffffff) int);
@@ -42905,7 +42905,7 @@
method @NonNull public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);
method @NonNull public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);
method @NonNull public android.security.keystore.KeyProtection.Builder setUnlockedDeviceRequired(boolean);
- method @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationParameters(@IntRange(from=0xffffffff) int, int);
+ method @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationParameters(@IntRange(from=0) int, int);
method @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);
method @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);
method @Deprecated @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(@IntRange(from=0xffffffff) int);
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index d683041..d9d2eea 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -1264,8 +1264,7 @@
* successfully.
*
* @param timeout duration in seconds or {@code 0} if user authentication must take place
- * for every use of the key. {@code -1} is also accepted for legacy purposes. It is
- * functionally the same as {@code 0}.
+ * for every use of the key.
* @param type set of authentication types which can authorize use of the key. See
* {@link KeyProperties}.{@code AUTH} flags.
*
@@ -1275,12 +1274,10 @@
* @see KeyguardManager
*/
@NonNull
- public Builder setUserAuthenticationParameters(@IntRange(from = -1) int timeout,
+ public Builder setUserAuthenticationParameters(@IntRange(from = 0) int timeout,
@KeyProperties.AuthEnum int type) {
- if (timeout < -1) {
- throw new IllegalArgumentException("timeout must be -1 or larger");
- } else if (timeout == -1) {
- timeout = 0;
+ if (timeout < 0) {
+ throw new IllegalArgumentException("timeout must be 0 or larger");
}
mUserAuthenticationValidityDurationSeconds = timeout;
mUserAuthenticationType = type;
diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java
index e230b7c..8120a93 100644
--- a/keystore/java/android/security/keystore/KeyProtection.java
+++ b/keystore/java/android/security/keystore/KeyProtection.java
@@ -894,8 +894,7 @@
* successfully.
*
* @param timeout duration in seconds or {@code 0} if user authentication must take place
- * for every use of the key. {@code -1} is also accepted for legacy purposes. It is
- * functionally the same as {@code 0}.
+ * for every use of the key.
* @param type set of authentication types which can authorize use of the key. See
* {@link KeyProperties}.{@code AUTH} flags.
*
@@ -905,12 +904,10 @@
* @see KeyguardManager
*/
@NonNull
- public Builder setUserAuthenticationParameters(@IntRange(from = -1) int timeout,
+ public Builder setUserAuthenticationParameters(@IntRange(from = 0) int timeout,
@KeyProperties.AuthEnum int type) {
- if (timeout < -1) {
- throw new IllegalArgumentException("timeout must be -1 or larger");
- } else if (timeout == -1) {
- timeout = 0;
+ if (timeout < 0) {
+ throw new IllegalArgumentException("timeout must be 0 or larger");
}
mUserAuthenticationValidityDurationSeconds = timeout;
mUserAuthenticationType = type;