KeyStoreException
public
class
KeyStoreException
extends Exception
java.lang.Object | |||
↳ | java.lang.Throwable | ||
↳ | java.lang.Exception | ||
↳ | android.security.KeyStoreException |
Exception containing information about the failure at the Keystore / KeyMint layer while generating or using a key. The public error codes indicate the cause of the error and the methods indicate whether it's a system/key issue and whether re-trying the operation (with the same key or a new key) is likely to succeed.
Summary
Constants | |
---|---|
int |
ERROR_ATTESTATION_CHALLENGE_TOO_LARGE
The attestation challenge specified is too large. |
int |
ERROR_ATTESTATION_KEYS_UNAVAILABLE
There are no keys available for attestation. |
int |
ERROR_ID_ATTESTATION_FAILURE
The error related to inclusion of device identifiers in the attestation record. |
int |
ERROR_INCORRECT_USAGE
The feature the caller is trying to use is not compatible with the parameters used to generate the key. |
int |
ERROR_INTERNAL_SYSTEM_ERROR
An internal system error - refer to |
int |
ERROR_KEYMINT_FAILURE
General error in the KeyMint layer. |
int |
ERROR_KEYSTORE_FAILURE
Failure in the Keystore layer. |
int |
ERROR_KEYSTORE_UNINITIALIZED
Indicating that |
int |
ERROR_KEY_CORRUPTED
The key is corrupted and could not be recovered. |
int |
ERROR_KEY_DOES_NOT_EXIST
The key the operation refers to doesn't exist. |
int |
ERROR_KEY_NOT_TEMPORALLY_VALID
The key is not currently valid: Either at has expired or it will be valid for use in the future. |
int |
ERROR_KEY_OPERATION_EXPIRED
The crypto object the caller has been using held a reference to a KeyMint operation that has been evacuated (likely due to other concurrent operations taking place). |
int |
ERROR_OTHER
This error code is for mapping errors that the caller will not know about. |
int |
ERROR_PERMISSION_DENIED
The caller has requested key parameters or operation which are only available to system or privileged apps. |
int |
ERROR_UNIMPLEMENTED
The feature the caller is trying to use is not implemented by the underlying KeyMint implementation. |
int |
ERROR_USER_AUTHENTICATION_REQUIRED
Indicating the key could not be used because the user needs to authenticate first. |
int |
RETRY_AFTER_NEXT_REBOOT
Re-try the operation that led to this error when the device has a software update downloaded and on the next reboot. |
int |
RETRY_NEVER
Never re-try the operation that led to this error, since it's a permanent error. |
int |
RETRY_WHEN_CONNECTIVITY_AVAILABLE
Re-try the operation that led to this error when the device regains connectivity. |
int |
RETRY_WITH_EXPONENTIAL_BACKOFF
Re-try the operation that led to this error with an exponential back-off delay. |
Public methods | |
---|---|
int
|
getNumericErrorCode()
Returns one of the error codes exported by the class. |
int
|
getRetryPolicy()
Returns the re-try policy for transient failures. |
boolean
|
isSystemError()
Indicates whether the error related to the Keystore/KeyMint implementation and not a specific key. |
boolean
|
isTransientFailure()
Returns true if the failure is a transient failure - that is, performing the same operation again at a late time is likely to succeed. |
boolean
|
requiresUserAuthentication()
Indicates whether the failure is due to the device being locked. |
String
|
toString()
Returns a short description of this throwable. |
Inherited methods | |
---|---|
Constants
ERROR_ATTESTATION_CHALLENGE_TOO_LARGE
public static final int ERROR_ATTESTATION_CHALLENGE_TOO_LARGE
The attestation challenge specified is too large.
Constant Value: 9 (0x00000009)
ERROR_ATTESTATION_KEYS_UNAVAILABLE
public static final int ERROR_ATTESTATION_KEYS_UNAVAILABLE
There are no keys available for attestation. This error is returned only on devices that rely solely on remotely-provisioned keys (see Remote Key Provisioning).
On such a device, if the caller requests key generation and includes an attestation challenge (indicating key attestation is required), the error will be returned in one of the following cases:
- The pool of remotely-provisioned keys has been exhausted.
- The device is not registered with the key provisioning server.
This error is a transient one if the pool of remotely-provisioned keys has been exhausted. However, if the device is not registered with the server, or the key provisioning server refuses key issuance, this is a permanent error.
Constant Value: 16 (0x00000010)
ERROR_ID_ATTESTATION_FAILURE
public static final int ERROR_ID_ATTESTATION_FAILURE
The error related to inclusion of device identifiers in the attestation record.
Constant Value: 8 (0x00000008)
ERROR_INCORRECT_USAGE
public static final int ERROR_INCORRECT_USAGE
The feature the caller is trying to use is not compatible with the parameters used to generate the key. For example, trying to use a key generated for a different signature algorithm, or a digest not specified during key creation. Another case is the attempt to generate a symmetric AES key and requesting key attestation.
Constant Value: 13 (0x0000000d)
ERROR_INTERNAL_SYSTEM_ERROR
public static final int ERROR_INTERNAL_SYSTEM_ERROR
An internal system error - refer to isTransientFailure()
to determine whether
re-trying the operation is likely to yield different results.
Constant Value: 4 (0x00000004)
ERROR_KEYMINT_FAILURE
public static final int ERROR_KEYMINT_FAILURE
General error in the KeyMint layer.
Constant Value: 10 (0x0000000a)
ERROR_KEYSTORE_FAILURE
public static final int ERROR_KEYSTORE_FAILURE
Failure in the Keystore layer.
Constant Value: 11 (0x0000000b)
ERROR_KEYSTORE_UNINITIALIZED
public static final int ERROR_KEYSTORE_UNINITIALIZED
Indicating that load()
has not been called on the Keystore instance, or an attempt
has been made to generate an authorization bound key while the user has not set a lock
screen knowledge factor (LSKF). Instruct the user to set an LSKF and retry.
Constant Value: 3 (0x00000003)
ERROR_KEY_CORRUPTED
public static final int ERROR_KEY_CORRUPTED
The key is corrupted and could not be recovered.
Constant Value: 7 (0x00000007)
ERROR_KEY_DOES_NOT_EXIST
public static final int ERROR_KEY_DOES_NOT_EXIST
The key the operation refers to doesn't exist.
Constant Value: 6 (0x00000006)
ERROR_KEY_NOT_TEMPORALLY_VALID
public static final int ERROR_KEY_NOT_TEMPORALLY_VALID
The key is not currently valid: Either at has expired or it will be valid for use in the future.
Constant Value: 14 (0x0000000e)
ERROR_KEY_OPERATION_EXPIRED
public static final int ERROR_KEY_OPERATION_EXPIRED
The crypto object the caller has been using held a reference to a KeyMint operation that has been evacuated (likely due to other concurrent operations taking place). The caller should re-create the crypto object and try again.
Constant Value: 15 (0x0000000f)
ERROR_OTHER
public static final int ERROR_OTHER
This error code is for mapping errors that the caller will not know about. If the caller is targeting an API level earlier than the one the error was introduced in, then the error will be mapped to this one. In API level 33 no errors map to this error.
Constant Value: 1 (0x00000001)
ERROR_PERMISSION_DENIED
public static final int ERROR_PERMISSION_DENIED
The caller has requested key parameters or operation which are only available to system or privileged apps.
Constant Value: 5 (0x00000005)
ERROR_UNIMPLEMENTED
public static final int ERROR_UNIMPLEMENTED
The feature the caller is trying to use is not implemented by the underlying KeyMint implementation. This could happen when an unsupported algorithm is requested, or when trying to import a key in a format other than raw or PKCS#8.
Constant Value: 12 (0x0000000c)
ERROR_USER_AUTHENTICATION_REQUIRED
public static final int ERROR_USER_AUTHENTICATION_REQUIRED
Indicating the key could not be used because the user needs to authenticate first.
See
KeyGenParameterSpec.Builder.setUserAuthenticationRequired(boolean)
.
Constant Value: 2 (0x00000002)
RETRY_AFTER_NEXT_REBOOT
public static final int RETRY_AFTER_NEXT_REBOOT
Re-try the operation that led to this error when the device has a software update downloaded and on the next reboot. The Remote provisioning server recognizes the device, but refuses issuance of attestation keys because it contains a software version that could potentially be vulnerable and needs an update. Re-trying after the device has upgraded and rebooted may alleviate the problem.
This value is returned when isTransientFailure()
is true
.
Constant Value: 4 (0x00000004)
RETRY_NEVER
public static final int RETRY_NEVER
Never re-try the operation that led to this error, since it's a permanent error.
This value is always returned when isTransientFailure()
is false
.
Constant Value: 1 (0x00000001)
RETRY_WHEN_CONNECTIVITY_AVAILABLE
public static final int RETRY_WHEN_CONNECTIVITY_AVAILABLE
Re-try the operation that led to this error when the device regains connectivity.
Remote provisioning of keys requires reaching the remote server, and the device is
currently unable to due that due to lack of network connectivity.
This value is returned when isTransientFailure()
is true
.
Constant Value: 3 (0x00000003)
RETRY_WITH_EXPONENTIAL_BACKOFF
public static final int RETRY_WITH_EXPONENTIAL_BACKOFF
Re-try the operation that led to this error with an exponential back-off delay.
The first delay should be between 5 to 30 seconds, and each subsequent re-try should double
the delay time.
This value is returned when isTransientFailure()
is true
.
Constant Value: 2 (0x00000002)
Public methods
getNumericErrorCode
public int getNumericErrorCode ()
Returns one of the error codes exported by the class.
Returns | |
---|---|
int |
a public error code
Value is either 0 or a combination of ERROR_OTHER , ERROR_USER_AUTHENTICATION_REQUIRED , ERROR_KEYSTORE_UNINITIALIZED , ERROR_INTERNAL_SYSTEM_ERROR , ERROR_PERMISSION_DENIED , ERROR_KEY_DOES_NOT_EXIST , ERROR_KEY_CORRUPTED , ERROR_ID_ATTESTATION_FAILURE , ERROR_ATTESTATION_CHALLENGE_TOO_LARGE , ERROR_KEYMINT_FAILURE , ERROR_KEYSTORE_FAILURE , ERROR_UNIMPLEMENTED , ERROR_INCORRECT_USAGE , ERROR_KEY_NOT_TEMPORALLY_VALID , ERROR_KEY_OPERATION_EXPIRED , ERROR_ATTESTATION_KEYS_UNAVAILABLE , and android.security.KeyStoreException.ERROR_DEVICE_REQUIRES_UPGRADE_FOR_ATTESTATION |
getRetryPolicy
public int getRetryPolicy ()
Returns the re-try policy for transient failures. Valid only if
isTransientFailure()
returns True
.
Returns | |
---|---|
int |
Value is either 0 or a combination of RETRY_NEVER , RETRY_WITH_EXPONENTIAL_BACKOFF , RETRY_WHEN_CONNECTIVITY_AVAILABLE , and RETRY_AFTER_NEXT_REBOOT |
isSystemError
public boolean isSystemError ()
Indicates whether the error related to the Keystore/KeyMint implementation and not a specific key.
Returns | |
---|---|
boolean |
true if the error is related to the system, not the key in use. System errors indicate a feature isn't working, whereas key-related errors are likely to succeed with a new key. |
isTransientFailure
public boolean isTransientFailure ()
Returns true if the failure is a transient failure - that is, performing the same operation
again at a late time is likely to succeed.
If isSystemError()
returns true, the transient nature of the failure relates to the
device, otherwise relates to the key (so a permanent failure with an existing key likely
requires creating another key to repeat the operation with).
Returns | |
---|---|
boolean |
requiresUserAuthentication
public boolean requiresUserAuthentication ()
Indicates whether the failure is due to the device being locked.
Returns | |
---|---|
boolean |
true if the key operation failed because the user has to authenticate (e.g. by unlocking the device). |
toString
public String toString ()
Returns a short description of this throwable. The result is the concatenation of:
- the name of the class of this object
- ": " (a colon and a space)
- the result of invoking this object's
getLocalizedMessage()
method
getLocalizedMessage
returns null
, then just
the class name is returned.
Returns | |
---|---|
String |
a string representation of this throwable. |