Merge "Fixing engineGetCertificateChain exception" am: 09e3d8c3eb am: 53187655d0
am: efb8468705
Change-Id: I8157345ed59352152c5035467f94836c0c4f216e
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
index 105af6e..51c4252 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
@@ -16,7 +16,6 @@
package android.security.keystore;
-import libcore.util.EmptyArray;
import android.security.Credentials;
import android.security.GateKeeper;
import android.security.KeyStore;
@@ -31,6 +30,8 @@
import android.security.keystore.WrappedKeyEntry;
import android.util.Log;
+import libcore.util.EmptyArray;
+
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -123,7 +124,14 @@
final Certificate[] caList;
- final byte[] caBytes = mKeyStore.get(Credentials.CA_CERTIFICATE + alias, mUid);
+ // Suppress the key not found warning for this call. It seems that this error is exclusively
+ // being thrown when there is a self signed certificate chain, so when the keystore service
+ // attempts to query for the CA details, it obviously fails to find them and returns a
+ // key not found exception. This is WAI, and throwing a stack trace here can be very
+ // misleading since the trace is not clear.
+ final byte[] caBytes = mKeyStore.get(Credentials.CA_CERTIFICATE + alias,
+ mUid,
+ true /* suppressKeyNotFoundWarning */);
if (caBytes != null) {
final Collection<X509Certificate> caChain = toCertificates(caBytes);