Check keystore state first for installKeyPair Since this is available to 3rd-party apps through DevicePolicyManager, it makes sense to explain failures with more detail. Bug: 20486707 Change-Id: Ied1dc026f86c522c16d00a5705630348910ef679

commit: 8847b12978fb2dc4e33599e28f163aa1d213146d [log] [tgz]
author: Robin Lee <rgl@google.com> Mon Jul 27 12:50:28 2015 +0100
committer: Robin Lee <rgl@google.com> Mon Jul 27 15:51:51 2015 +0100
tree: 0d23d7ac4839c2f83cd61c6cd53fcbc7a6e4bd63
parent: e35a7e80cb41d32de9d8604b5ddce5fff08c985e [diff] [blame]
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java
index 8a94b19..ee19e50 100644
--- a/src/com/android/keychain/KeyChainService.java
+++ b/src/com/android/keychain/KeyChainService.java

@@ -152,6 +152,11 @@
         @Override public boolean installKeyPair(byte[] privateKey, byte[] userCertificate,
                 String alias) {
             checkCertInstallerOrSystemCaller();
+            if (!mKeyStore.isUnlocked()) {
+                Log.e(TAG, "Keystore is " + mKeyStore.state().toString() + ". Credentials cannot"
+                        + " be installed until device is unlocked");
+                return false;
+            }
             if (!mKeyStore.importKey(Credentials.USER_PRIVATE_KEY + alias, privateKey, -1,
                     KeyStore.FLAG_ENCRYPTED)) {
                 Log.e(TAG, "Failed to import private key " + alias);
commit	8847b12978fb2dc4e33599e28f163aa1d213146d	[log] [tgz]
author	Robin Lee <rgl@google.com>	Mon Jul 27 12:50:28 2015 +0100
committer	Robin Lee <rgl@google.com>	Mon Jul 27 15:51:51 2015 +0100
tree	0d23d7ac4839c2f83cd61c6cd53fcbc7a6e4bd63
parent	e35a7e80cb41d32de9d8604b5ddce5fff08c985e [diff] [blame]