From e7a65b65e55253d74dd3a9899b62f285d014b74e Mon Sep 17 00:00:00 2001
From: Eran Messeri <eranm@google.com>
Date: Fri, 23 Aug 2019 13:37:43 +0100
Subject: [PATCH] AttestedKeyPair: Address API review comments

Make AttestedKeyPair c'tor accept a List<Certificate> rather than
Certificate[] to match the getter method on this class.

To make it easier to use this class from other framework code I've
re-instantiated the c'tor with a certificate array which will
convert the array to a list.

Bug: 139092002
Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t  com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: Ie80dcb28f112efa89d3cc6fdceb1b9e5e26c58b1
---
 api/current.txt                               |  2 +-
 .../android/security/AttestedKeyPair.java     | 23 ++++++++++++++-----
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/api/current.txt b/api/current.txt
index e76501328f826..df730895e565e 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -40629,7 +40629,7 @@ package android.se.omapi {
 package android.security {
 
   public final class AttestedKeyPair {
-    ctor public AttestedKeyPair(@Nullable java.security.KeyPair, @Nullable java.security.cert.Certificate[]);
+    ctor public AttestedKeyPair(@Nullable java.security.KeyPair, @NonNull java.util.List<java.security.cert.Certificate>);
     method @NonNull public java.util.List<java.security.cert.Certificate> getAttestationRecord();
     method @Nullable public java.security.KeyPair getKeyPair();
   }
diff --git a/keystore/java/android/security/AttestedKeyPair.java b/keystore/java/android/security/AttestedKeyPair.java
index 2debfee83923f..19fbdac16576c 100644
--- a/keystore/java/android/security/AttestedKeyPair.java
+++ b/keystore/java/android/security/AttestedKeyPair.java
@@ -23,6 +23,7 @@ import java.security.KeyPair;
 import java.security.cert.Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
 
 /**
@@ -36,7 +37,7 @@ import java.util.List;
 
 public final class AttestedKeyPair {
     private final KeyPair mKeyPair;
-    private final Certificate[] mAttestationRecord;
+    private final List<Certificate> mAttestationRecord;
 
     /**
      * Public constructor for creating a new instance (useful for testing).
@@ -44,11 +45,24 @@ public final class AttestedKeyPair {
      * @param keyPair the key pair associated with the attestation record.
      * @param attestationRecord attestation record for the provided key pair.
      */
-    public AttestedKeyPair(@Nullable KeyPair keyPair, @Nullable Certificate[] attestationRecord) {
+    public AttestedKeyPair(
+            @Nullable KeyPair keyPair, @NonNull List<Certificate> attestationRecord) {
         mKeyPair = keyPair;
         mAttestationRecord = attestationRecord;
     }
 
+    /**
+     * @hide used by platform.
+     */
+    public AttestedKeyPair(@Nullable KeyPair keyPair, @Nullable Certificate[] attestationRecord) {
+        mKeyPair = keyPair;
+        if (attestationRecord == null) {
+            mAttestationRecord = new ArrayList();
+        } else {
+            mAttestationRecord = Arrays.asList(attestationRecord);
+        }
+    }
+
     /**
      * Returns the generated key pair associated with the attestation record
      * in this instance.
@@ -73,9 +87,6 @@ public final class AttestedKeyPair {
      * Key Attestation</a> for the format of the attestation record inside the certificate.
      */
     public @NonNull List<Certificate> getAttestationRecord() {
-        if (mAttestationRecord == null) {
-            return new ArrayList();
-        }
-        return Arrays.asList(mAttestationRecord);
+        return Collections.unmodifiableList(mAttestationRecord);
     }
 }