KeyStoreException
open class KeyStoreException : Exception
| kotlin.Any | |||
| ↳ | kotlin.Throwable | ||
| ↳ | java.lang.Exception | ||
| ↳ | android.security.KeyStoreException | ||
Exception containing information about the failure at the Keystore / KeyMint layer while generating or using a key. The public error codes indicate the cause of the error and the methods indicate whether it's a system/key issue and whether re-trying the operation (with the same key or a new key) is likely to succeed.
Summary
| Constants | |
|---|---|
| static Int |
The attestation challenge specified is too large. |
| static Int |
There are no keys available for attestation. |
| static Int |
The error related to inclusion of device identifiers in the attestation record. |
| static Int |
The feature the caller is trying to use is not compatible with the parameters used to generate the key. |
| static Int |
An internal system error - refer to |
| static Int |
General error in the KeyMint layer. |
| static Int |
Failure in the Keystore layer. |
| static Int |
Indicating that |
| static Int |
The key is corrupted and could not be recovered. |
| static Int |
The key the operation refers to doesn't exist. |
| static Int |
The key is not currently valid: Either at has expired or it will be valid for use in the future. |
| static Int |
The crypto object the caller has been using held a reference to a KeyMint operation that has been evacuated (likely due to other concurrent operations taking place). |
| static Int |
This error code is for mapping errors that the caller will not know about. |
| static Int |
The caller has requested key parameters or operation which are only available to system or privileged apps. |
| static Int |
The feature the caller is trying to use is not implemented by the underlying KeyMint implementation. |
| static Int |
Indicating the key could not be used because the user needs to authenticate first. |
| static Int |
Re-try the operation that led to this error when the device has a software update downloaded and on the next reboot. |
| static Int |
Never re-try the operation that led to this error, since it's a permanent error. |
| static Int |
Re-try the operation that led to this error when the device regains connectivity. |
| static Int |
Re-try the operation that led to this error with an exponential back-off delay. |
| Public methods | |
|---|---|
| open Int |
Returns one of the error codes exported by the class. |
| open Int |
Returns the re-try policy for transient failures. |
| open Boolean |
Indicates whether the error related to the Keystore/KeyMint implementation and not a specific key. |
| open Boolean |
Returns true if the failure is a transient failure - that is, performing the same operation again at a late time is likely to succeed. |
| open Boolean |
Indicates whether the failure is due to the device being locked. |
| open String |
toString() |
Constants
ERROR_ATTESTATION_CHALLENGE_TOO_LARGE
static val ERROR_ATTESTATION_CHALLENGE_TOO_LARGE: Int
The attestation challenge specified is too large.
Value: 9ERROR_ATTESTATION_KEYS_UNAVAILABLE
static val ERROR_ATTESTATION_KEYS_UNAVAILABLE: Int
There are no keys available for attestation. This error is returned only on devices that rely solely on remotely-provisioned keys (see Remote Key Provisioning).
On such a device, if the caller requests key generation and includes an attestation challenge (indicating key attestation is required), the error will be returned in one of the following cases:
- The pool of remotely-provisioned keys has been exhausted.
- The device is not registered with the key provisioning server.
This error is a transient one if the pool of remotely-provisioned keys has been exhausted. However, if the device is not registered with the server, or the key provisioning server refuses key issuance, this is a permanent error.
Value: 16ERROR_ID_ATTESTATION_FAILURE
static val ERROR_ID_ATTESTATION_FAILURE: Int
The error related to inclusion of device identifiers in the attestation record.
Value: 8ERROR_INCORRECT_USAGE
static val ERROR_INCORRECT_USAGE: Int
The feature the caller is trying to use is not compatible with the parameters used to generate the key. For example, trying to use a key generated for a different signature algorithm, or a digest not specified during key creation. Another case is the attempt to generate a symmetric AES key and requesting key attestation.
Value: 13ERROR_INTERNAL_SYSTEM_ERROR
static val ERROR_INTERNAL_SYSTEM_ERROR: Int
An internal system error - refer to isTransientFailure() to determine whether re-trying the operation is likely to yield different results.
Value: 4ERROR_KEYMINT_FAILURE
static val ERROR_KEYMINT_FAILURE: Int
General error in the KeyMint layer.
Value: 10ERROR_KEYSTORE_FAILURE
static val ERROR_KEYSTORE_FAILURE: Int
Failure in the Keystore layer.
Value: 11ERROR_KEYSTORE_UNINITIALIZED
static val ERROR_KEYSTORE_UNINITIALIZED: Int
Indicating that load() has not been called on the Keystore instance, or an attempt has been made to generate an authorization bound key while the user has not set a lock screen knowledge factor (LSKF). Instruct the user to set an LSKF and retry.
Value: 3ERROR_KEY_CORRUPTED
static val ERROR_KEY_CORRUPTED: Int
The key is corrupted and could not be recovered.
Value: 7ERROR_KEY_DOES_NOT_EXIST
static val ERROR_KEY_DOES_NOT_EXIST: Int
The key the operation refers to doesn't exist.
Value: 6ERROR_KEY_NOT_TEMPORALLY_VALID
static val ERROR_KEY_NOT_TEMPORALLY_VALID: Int
The key is not currently valid: Either at has expired or it will be valid for use in the future.
Value: 14ERROR_KEY_OPERATION_EXPIRED
static val ERROR_KEY_OPERATION_EXPIRED: Int
The crypto object the caller has been using held a reference to a KeyMint operation that has been evacuated (likely due to other concurrent operations taking place). The caller should re-create the crypto object and try again.
Value: 15ERROR_OTHER
static val ERROR_OTHER: Int
This error code is for mapping errors that the caller will not know about. If the caller is targeting an API level earlier than the one the error was introduced in, then the error will be mapped to this one. In API level 33 no errors map to this error.
Value: 1ERROR_PERMISSION_DENIED
static val ERROR_PERMISSION_DENIED: Int
The caller has requested key parameters or operation which are only available to system or privileged apps.
Value: 5ERROR_UNIMPLEMENTED
static val ERROR_UNIMPLEMENTED: Int
The feature the caller is trying to use is not implemented by the underlying KeyMint implementation. This could happen when an unsupported algorithm is requested, or when trying to import a key in a format other than raw or PKCS#8.
Value: 12ERROR_USER_AUTHENTICATION_REQUIRED
static val ERROR_USER_AUTHENTICATION_REQUIRED: Int
Indicating the key could not be used because the user needs to authenticate first. See android.security.keystore.KeyGenParameterSpec.Builder#setUserAuthenticationRequired(boolean).
Value: 2RETRY_AFTER_NEXT_REBOOT
static val RETRY_AFTER_NEXT_REBOOT: Int
Re-try the operation that led to this error when the device has a software update downloaded and on the next reboot. The Remote provisioning server recognizes the device, but refuses issuance of attestation keys because it contains a software version that could potentially be vulnerable and needs an update. Re-trying after the device has upgraded and rebooted may alleviate the problem.
This value is returned when isTransientFailure() is true.
Value: 4RETRY_NEVER
static val RETRY_NEVER: Int
Never re-try the operation that led to this error, since it's a permanent error. This value is always returned when isTransientFailure() is false.
Value: 1RETRY_WHEN_CONNECTIVITY_AVAILABLE
static val RETRY_WHEN_CONNECTIVITY_AVAILABLE: Int
Re-try the operation that led to this error when the device regains connectivity. Remote provisioning of keys requires reaching the remote server, and the device is currently unable to due that due to lack of network connectivity. This value is returned when isTransientFailure() is true.
Value: 3RETRY_WITH_EXPONENTIAL_BACKOFF
static val RETRY_WITH_EXPONENTIAL_BACKOFF: Int
Re-try the operation that led to this error with an exponential back-off delay. The first delay should be between 5 to 30 seconds, and each subsequent re-try should double the delay time. This value is returned when isTransientFailure() is true.
Value: 2Public methods
getNumericErrorCode
open fun getNumericErrorCode(): Int
Returns one of the error codes exported by the class.
getRetryPolicy
open fun getRetryPolicy(): Int
Returns the re-try policy for transient failures. Valid only if isTransientFailure() returns True.
isSystemError
open fun isSystemError(): Boolean
Indicates whether the error related to the Keystore/KeyMint implementation and not a specific key.
| Return | |
|---|---|
Boolean |
true if the error is related to the system, not the key in use. System errors indicate a feature isn't working, whereas key-related errors are likely to succeed with a new key. |
isTransientFailure
open fun isTransientFailure(): Boolean
Returns true if the failure is a transient failure - that is, performing the same operation again at a late time is likely to succeed. If isSystemError() returns true, the transient nature of the failure relates to the device, otherwise relates to the key (so a permanent failure with an existing key likely requires creating another key to repeat the operation with).
requiresUserAuthentication
open fun requiresUserAuthentication(): Boolean
Indicates whether the failure is due to the device being locked.
| Return | |
|---|---|
Boolean |
true if the key operation failed because the user has to authenticate (e.g. by unlocking the device). |
toString
open fun toString(): String
| Return | |
|---|---|
String |
a string representation of this throwable. |