resolved conflicts for merge of e7e705d4 to master

Change-Id: If3e8c985f4f122f9fb36aab206787aac1407a74e
2015-04-02 14:58:27 -07:00
parent f4f0671618 e7e705d494
commit 7f5b87692b
3 changed files with 458 additions and 17 deletions
--- a/keystore/java/android/security/KeyStoreParameter.java
+++ b/keystore/java/android/security/KeyStoreParameter.java
@@ -61,8 +61,10 @@ public final class KeyStoreParameter implements ProtectionParameter {
    private final Integer mUserAuthenticationValidityDurationSeconds;
    private final boolean mInvalidatedOnNewFingerprintEnrolled;

-    private KeyStoreParameter(int flags, Date keyValidityStart,
-            Date keyValidityForOriginationEnd, Date keyValidityForConsumptionEnd,
+    private KeyStoreParameter(int flags,
+            Date keyValidityStart,
+            Date keyValidityForOriginationEnd,
+            Date keyValidityForConsumptionEnd,
            @KeyStoreKeyConstraints.PurposeEnum Integer purposes,
            @KeyStoreKeyConstraints.AlgorithmEnum Integer algorithm,
            @KeyStoreKeyConstraints.PaddingEnum Integer padding,
@@ -177,8 +179,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
    }

    /**
-     * Gets the digest to which the key is restricted when generating Message Authentication Codes
-     * (MACs).
+     * Gets the digest to which the key is restricted when generating signatures or Message
+     * Authentication Codes (MACs).
     *
     * @return digest or {@code null} if the digest is not restricted.
     *
@@ -421,12 +423,13 @@ public final class KeyStoreParameter implements ProtectionParameter {
        }

        /**
-         * Restricts the key to being used only with the provided digest when generating Message
-         * Authentication Codes (MACs). Attempts to use the key with any other digest will be
-         * rejected.
+         * Restricts the key to being used only with the provided digest when generating signatures
+         * or Message Authentication Codes (MACs). Attempts to use the key with any other digest
+         * will be rejected.
         *
         * <p>For MAC keys, the default is to restrict to the digest specified in the key algorithm
-         * name.
+         * name. For asymmetric signing keys this constraint must be specified because there is no
+         * default.
         *
         * @see java.security.Key#getAlgorithm()
         *
@@ -535,10 +538,18 @@ public final class KeyStoreParameter implements ProtectionParameter {
         * @return built instance of {@code KeyStoreParameter}
         */
        public KeyStoreParameter build() {
-            return new KeyStoreParameter(mFlags, mKeyValidityStart,
-                    mKeyValidityForOriginationEnd, mKeyValidityForConsumptionEnd, mPurposes,
-                    mAlgorithm, mPadding, mDigest, mBlockMode, mMinSecondsBetweenOperations,
-                    mMaxUsesPerBoot, mUserAuthenticators,
+            return new KeyStoreParameter(mFlags,
+                    mKeyValidityStart,
+                    mKeyValidityForOriginationEnd,
+                    mKeyValidityForConsumptionEnd,
+                    mPurposes,
+                    mAlgorithm,
+                    mPadding,
+                    mDigest,
+                    mBlockMode,
+                    mMinSecondsBetweenOperations,
+                    mMaxUsesPerBoot,
+                    mUserAuthenticators,
                    mUserAuthenticationValidityDurationSeconds,
                    mInvalidatedOnNewFingerprintEnrolled);
        }