4/n: Remove challenge from choose/confirm, use new path

Biometric enrollment will not request a Gatekeeper HAT during
initial credential setup or credential confirmation anymore.
Instead, it is broken down into the following steps now.

Bug: 161765592

1) Request credential setup / confirmation to return a
   Gatekeeper Password
2) Biometric enrollment will generate a challenge
3) Biometric enrollment will request LockSettingsService to
   verify(GatekeeperPassword, challenge), and upon verification,
   the Gatekeeper HAT will be returned.

Since both LockSettingsService and Biometric enroll/settings
make use of biometric challenges, this allows us to make the
challenge ownership/lifecycle clear (vs. previously, where
LockSettingsService has no idea who the challenge belongs to).

Exempt-From-Owner-Approval:For files not owned by our team,
(StorageWizard), this change is just a method rename

Test: RunSettingsRoboTests

Run the following on face/fingerprint devices
Test: Remove credential
      adb shell am start -a android.app.action.SET_NEW_PASSWORD
      Set up credential + fingerprint
Test: Remove credential,
      adb shell am start -a android.settings.FINGERPRINT_SETTINGS
      This tests the ChooseLock* logic in FingerprintSettings
Test: Set up credential,
      adb shell am start -a android.settings.FINGERPRINT_SETTINGS
      This tests the ConfirmLock* logic in FingerprintSettings
Test: Remove device credential, enroll fingerprint/face. Succeeds.
      This tests the ChooseLock* returning SP path from
      BiometricEnrollIntro
Test: With credential and fingerprint/face enrolled, go to
      fingerprint/face settings and enroll. This tests the
      ConfirmLock* path in Fingerprint/FaceSettings
Test: Remove device credential, enroll credential-only, enroll
      fingerprint/face separately. Succeeds. This tests the
      ConfirmLock* returning SP path in BiometricEnrollIntro
Test: In SUW, set up credential, then biometric. This tests
      the ChooseLock* path in SUW
Test: In SUW, set up credential, go back, then set up biometric.
      This tests the ConfirmLock* path in SUW

Change-Id: Idf6fcb43f7497323d089eb9c37125294e7a7f5dc

src/com/android/settings/password/ChooseLockPattern.java

@@ -42,7 +42,6 @@ import androidx.fragment.app.Fragment;
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.widget.LinearLayoutWithDefaultTouchRecepient;
 import com.android.internal.widget.LockPatternUtils;
-import com.android.internal.widget.LockPatternUtils.RequestThrottledException;
 import com.android.internal.widget.LockPatternView;
 import com.android.internal.widget.LockPatternView.Cell;
 import com.android.internal.widget.LockPatternView.DisplayMode;
@@ -55,7 +54,6 @@ import com.android.settings.SetupWizardUtils;
 import com.android.settings.Utils;
 import com.android.settings.core.InstrumentedFragment;
 import com.android.settings.notification.RedactionInterstitial;
-import com.android.settings.password.ChooseLockPassword.IntentBuilder;
 
 import com.google.android.collect.Lists;
 import com.google.android.setupcompat.template.FooterBarMixin;
@@ -107,7 +105,6 @@ public class ChooseLockPattern extends SettingsActivity {
             mIntent = new Intent(context, ChooseLockPattern.class);
             mIntent.putExtra(EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, false);
             mIntent.putExtra(ChooseLockGeneric.CONFIRM_CREDENTIALS, false);
-            mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
         }
 
         public IntentBuilder setUserId(int userId) {
@@ -115,9 +112,9 @@ public class ChooseLockPattern extends SettingsActivity {
             return this;
         }
 
-        public IntentBuilder setChallenge(long challenge) {
-            mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, true);
-            mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
+        public IntentBuilder setRequestGatekeeperPassword(boolean requestGatekeeperPassword) {
+            mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW,
+                    requestGatekeeperPassword);
             return this;
         }
 
@@ -207,8 +204,7 @@ public class ChooseLockPattern extends SettingsActivity {
         private static final String FRAGMENT_TAG_SAVE_AND_FINISH = "save_and_finish_worker";
 
         private LockscreenCredential mCurrentCredential;
-        private boolean mHasChallenge;
-        private long mChallenge;
+        private boolean mRequestGatekeeperPassword;
         protected TextView mTitleText;
         protected TextView mHeaderText;
         protected TextView mMessageText;
@@ -484,7 +480,8 @@ public class ChooseLockPattern extends SettingsActivity {
                         ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
                 w.setBlocking(true);
                 w.setListener(this);
-                w.start(mLockPatternUtils, required, false, 0, current, current, mUserId);
+                w.start(mLockPatternUtils, required, false /* requestGatekeeperPassword */, current,
+                        current, mUserId);
             }
             mForFingerprint = intent.getBooleanExtra(
                     ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false);
@@ -564,9 +561,8 @@ public class ChooseLockPattern extends SettingsActivity {
             Intent intent = getActivity().getIntent();
             mCurrentCredential =
                     intent.getParcelableExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
-            mHasChallenge = intent.getBooleanExtra(
-                    ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
-            mChallenge = intent.getLongExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0);
+            mRequestGatekeeperPassword = intent.getBooleanExtra(
+                    ChooseLockSettingsHelper.EXTRA_KEY_REQUEST_GK_PW, false);
 
             if (savedInstanceState == null) {
                 if (confirmCredentials) {
@@ -579,6 +575,7 @@ public class ChooseLockPattern extends SettingsActivity {
                     final boolean launched = builder.setRequestCode(CONFIRM_EXISTING_REQUEST)
                             .setTitle(getString(R.string.unlock_set_unlock_launch_picker_title))
                             .setReturnCredentials(true)
+                            .setRequestGatekeeperPassword(mRequestGatekeeperPassword)
                             .setUserId(mUserId)
                             .show();
 
@@ -859,7 +856,7 @@ public class ChooseLockPattern extends SettingsActivity {
                 }
             }
             mSaveAndFinishWorker.start(mLockPatternUtils, required,
-                    mHasChallenge, mChallenge, mChosenPattern, mCurrentCredential, mUserId);
+                    mRequestGatekeeperPassword, mChosenPattern, mCurrentCredential, mUserId);
         }
 
         @Override
@@ -889,10 +886,10 @@ public class ChooseLockPattern extends SettingsActivity {
         private LockscreenCredential mCurrentCredential;
         private boolean mLockVirgin;
 
-        public void start(LockPatternUtils utils, boolean credentialRequired, boolean hasChallenge,
-                long challenge, LockscreenCredential chosenPattern,
+        public void start(LockPatternUtils utils, boolean credentialRequired,
+                boolean requestGatekeeperPassword, LockscreenCredential chosenPattern,
                 LockscreenCredential currentCredential, int userId) {
-            prepare(utils, credentialRequired, hasChallenge, challenge, userId);
+            prepare(utils, credentialRequired, requestGatekeeperPassword, userId);
 
             mCurrentCredential = currentCredential != null ? currentCredential
                     : LockscreenCredential.createNone();
@@ -913,18 +910,21 @@ public class ChooseLockPattern extends SettingsActivity {
                 unifyProfileCredentialIfRequested();
             }
             Intent result = null;
-            if (success && mHasChallenge) {
+            if (success && mRequestGatekeeperPassword) {
+                // If a Gatekeeper Password was requested, invoke the LockSettingsService code
+                // path to return a Gatekeeper Password based on the credential that the user
+                // chose. This should only be run if the credential was successfully set.
                 final VerifyCredentialResponse response = mUtils.verifyCredential(mChosenPattern,
-                        mChallenge, userId, 0 /* flags */);
+                        userId, LockPatternUtils.VERIFY_FLAG_RETURN_GK_PW);
 
-                if (!response.isMatched() || response.getGatekeeperHAT() == null) {
+                if (!response.isMatched() || response.getGatekeeperPw() == null) {
                     Log.e(TAG, "critical: bad response or missing GK HAT for known good pattern: "
                             + response.toString());
                 }
 
                 result = new Intent();
-                result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN,
-                        response.getGatekeeperHAT());
+                result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_GK_PW,
+                        response.getGatekeeperPw());
             }
             return Pair.create(success, result);
         }