Keystore: Fix KeyGenParameterSpec parceling

Fix the way KeyGenParameterSpec is parceled, by correctly handling
default and null values for some of the fields.

A recent CL added the ability to parcel/unparcel KeyGenParameterSpec (by
a separate class).
Due to refactoring late in the CL review cycle, the parceling code did
not take into account a few edge cases.

Unit tests:
m -j KeystoreTests && adb install -r out/target/product/marlin/data/app/KeystoreTests/KeystoreTests.apk
adb shell am instrument 'android.security.tests/android.support.test.runner.AndroidJUnitRunner'

CTS tests:
cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG

Bug: 69337278
Test: Keystore unit tets (see instructions above) and cts Key Management test.
Change-Id: Ie08f42b07fb55b6fa1d8fb73c89d69687c97e214

1 files changed, 25 insertions, 10 deletions

diff --git a/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java b/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
index b15e0a221c6f..7cb8e375a969 100644
--- a/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
@@ -81,12 +81,16 @@ public final class ParcelableKeyGenParameterSpec implements Parcelable {
         }
         out.writeByteArray(mSpec.getCertificateSubject().getEncoded());
         out.writeByteArray(mSpec.getCertificateSerialNumber().toByteArray());
-        writeOptionalDate(out, mSpec.getCertificateNotBefore());
-        writeOptionalDate(out, mSpec.getCertificateNotAfter());
+        out.writeLong(mSpec.getCertificateNotBefore().getTime());
+        out.writeLong(mSpec.getCertificateNotAfter().getTime());
         writeOptionalDate(out, mSpec.getKeyValidityStart());
         writeOptionalDate(out, mSpec.getKeyValidityForOriginationEnd());
         writeOptionalDate(out, mSpec.getKeyValidityForConsumptionEnd());
-        out.writeStringArray(mSpec.getDigests());
+        if (mSpec.isDigestsSpecified()) {
+            out.writeStringArray(mSpec.getDigests());
+        } else {
+            out.writeStringArray(null);
+        }
         out.writeStringArray(mSpec.getEncryptionPaddings());
         out.writeStringArray(mSpec.getSignaturePaddings());
         out.writeStringArray(mSpec.getBlockModes());
@@ -111,9 +115,15 @@ public final class ParcelableKeyGenParameterSpec implements Parcelable {
     private ParcelableKeyGenParameterSpec(Parcel in) {
         String keystoreAlias = in.readString();
         int purposes = in.readInt();
-        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(keystoreAlias, purposes);
+        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(
+                keystoreAlias, purposes);
         builder.setUid(in.readInt());
-        builder.setKeySize(in.readInt());
+        // KeySize is -1 by default, if the KeyGenParameterSpec previously parcelled had the default
+        // value, do not set it as this will cause setKeySize to throw.
+        int keySize = in.readInt();
+        if (keySize >= 0) {
+            builder.setKeySize(keySize);
+        }
 
         int keySpecType = in.readInt();
         AlgorithmParameterSpec algorithmSpec = null;
@@ -128,17 +138,22 @@ public final class ParcelableKeyGenParameterSpec implements Parcelable {
             algorithmSpec = new ECGenParameterSpec(stdName);
         } else {
             throw new IllegalArgumentException(
-                    String.format("Unknown algorithm parameter spec: %d", algorithmSpec));
+                    String.format("Unknown algorithm parameter spec: %d", keySpecType));
+        }
+        if (algorithmSpec != null) {
+            builder.setAlgorithmParameterSpec(algorithmSpec);
         }
-        builder.setAlgorithmParameterSpec(algorithmSpec);
         builder.setCertificateSubject(new X500Principal(in.createByteArray()));
         builder.setCertificateSerialNumber(new BigInteger(in.createByteArray()));
-        builder.setCertificateNotBefore(readDateOrNull(in));
-        builder.setCertificateNotAfter(readDateOrNull(in));
+        builder.setCertificateNotBefore(new Date(in.readLong()));
+        builder.setCertificateNotAfter(new Date(in.readLong()));
         builder.setKeyValidityStart(readDateOrNull(in));
         builder.setKeyValidityForOriginationEnd(readDateOrNull(in));
         builder.setKeyValidityForConsumptionEnd(readDateOrNull(in));
-        builder.setDigests(in.createStringArray());
+        String[] digests = in.createStringArray();
+        if (digests != null) {
+            builder.setDigests(digests);
+        }
         builder.setEncryptionPaddings(in.createStringArray());
         builder.setSignaturePaddings(in.createStringArray());
         builder.setBlockModes(in.createStringArray());