Check keystore state first for installKeyPair
Since this is available to 3rd-party apps through DevicePolicyManager,
it makes sense to explain failures with more detail.
Bug: 20486707
Change-Id: Ied1dc026f86c522c16d00a5705630348910ef679
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java
index 8a94b19..ee19e50 100644
--- a/src/com/android/keychain/KeyChainService.java
+++ b/src/com/android/keychain/KeyChainService.java
@@ -152,6 +152,11 @@
@Override public boolean installKeyPair(byte[] privateKey, byte[] userCertificate,
String alias) {
checkCertInstallerOrSystemCaller();
+ if (!mKeyStore.isUnlocked()) {
+ Log.e(TAG, "Keystore is " + mKeyStore.state().toString() + ". Credentials cannot"
+ + " be installed until device is unlocked");
+ return false;
+ }
if (!mKeyStore.importKey(Credentials.USER_PRIVATE_KEY + alias, privateKey, -1,
KeyStore.FLAG_ENCRYPTED)) {
Log.e(TAG, "Failed to import private key " + alias);