AndroidKeyStore: enforce keys have no encoding

getFormat() and getEncoding() should return "null" for PrivateKey
instances from AndroidKeyStore infrastructure.

Bug: 12877721

(cherry picked from commit 779702053c155b1bb22d2102db5b79d64791e9f9)

Change-Id: I067172b864202e4fb2043e76ad51fc56af356da1
diff --git a/tests/tests/keystore/src/android/keystore/cts/AndroidKeyPairGeneratorTest.java b/tests/tests/keystore/src/android/keystore/cts/AndroidKeyPairGeneratorTest.java
index 39373e3..9127984 100644
--- a/tests/tests/keystore/src/android/keystore/cts/AndroidKeyPairGeneratorTest.java
+++ b/tests/tests/keystore/src/android/keystore/cts/AndroidKeyPairGeneratorTest.java
@@ -406,6 +406,8 @@
         final PublicKey pubKey = pair.getPublic();
         assertNotNull("The PublicKey for the KeyPair should be not null", pubKey);
         assertEquals(keyType, pubKey.getAlgorithm());
+        assertEquals("Public keys should be in X.509 format", "X.509", pubKey.getFormat());
+        assertNotNull("Public keys should be encodable", pubKey.getEncoded());
 
         if ("DSA".equalsIgnoreCase(keyType)) {
             DSAPublicKey dsaPubKey = (DSAPublicKey) pubKey;
@@ -434,6 +436,8 @@
         final PrivateKey privKey = pair.getPrivate();
         assertNotNull("The PrivateKey for the KeyPair should be not null", privKey);
         assertEquals(keyType, privKey.getAlgorithm());
+        assertNull("getFormat() should return null", privKey.getFormat());
+        assertNull("getEncoded() should return null", privKey.getEncoded());
 
         KeyStore.Entry entry = mKeyStore.getEntry(alias, null);
         assertNotNull("Entry should exist", entry);
@@ -471,6 +475,9 @@
                 chain.length);
 
         assertUsableInSSLConnection(privKey, x509userCert);
+
+        assertEquals("Retrieved key and generated key should be equal", privKey,
+                privEntry.getPrivateKey());
     }
 
     private static void assertUsableInSSLConnection(final PrivateKey privKey,
diff --git a/tests/tests/keystore/src/android/keystore/cts/AndroidKeyStoreTest.java b/tests/tests/keystore/src/android/keystore/cts/AndroidKeyStoreTest.java
index 4f8715e..2c926a8 100644
--- a/tests/tests/keystore/src/android/keystore/cts/AndroidKeyStoreTest.java
+++ b/tests/tests/keystore/src/android/keystore/cts/AndroidKeyStoreTest.java
@@ -1468,20 +1468,29 @@
 
     private void assertPrivateKeyEntryEquals(PrivateKeyEntry keyEntry, PrivateKey expectedKey,
             Certificate expectedCert, Collection<Certificate> expectedChain) throws Exception {
+        final PrivateKey privKey = keyEntry.getPrivateKey();
+        final PublicKey pubKey = keyEntry.getCertificate().getPublicKey();
+
         if (expectedKey instanceof DSAPrivateKey) {
             assertEquals("Returned PrivateKey should be what we inserted",
                     ((DSAPrivateKey) expectedKey).getParams(),
-                    ((DSAPublicKey) keyEntry.getCertificate().getPublicKey()).getParams());
+                    ((DSAPublicKey) pubKey).getParams());
         } else if (expectedKey instanceof ECPrivateKey) {
             assertEquals("Returned PrivateKey should be what we inserted",
                     ((ECPrivateKey) expectedKey).getParams().getCurve(),
-                    ((ECPublicKey) keyEntry.getCertificate().getPublicKey()).getParams().getCurve());
+                    ((ECPublicKey) pubKey).getParams().getCurve());
         } else if (expectedKey instanceof RSAPrivateKey) {
             assertEquals("Returned PrivateKey should be what we inserted",
                     ((RSAPrivateKey) expectedKey).getModulus(),
-                    ((RSAPrivateKey) keyEntry.getPrivateKey()).getModulus());
+                    ((RSAPrivateKey) privKey).getModulus());
         }
 
+        assertNull("getFormat() should return null", privKey.getFormat());
+        assertNull("getEncoded() should return null", privKey.getEncoded());
+
+        assertEquals("Public keys should be in X.509 format", "X.509", pubKey.getFormat());
+        assertNotNull("Public keys should be encodable", pubKey.getEncoded());
+
         assertEquals("Returned Certificate should be what we inserted", expectedCert,
                 keyEntry.getCertificate());