Create PatchLevel class more consistent with status quo.

PiperOrigin-RevId: 772059484

Author: carmenyh

src/main/kotlin/Extension.kt

@@ -38,6 +38,9 @@ import java.math.BigInteger
 import java.nio.ByteBuffer
 import java.nio.charset.CodingErrorAction
 import java.security.cert.X509Certificate
+import java.time.YearMonth
+import java.time.format.DateTimeFormatter
+import java.time.format.DateTimeParseException
 import kotlin.text.Charsets.UTF_8
 import org.bouncycastle.asn1.ASN1Boolean
 import org.bouncycastle.asn1.ASN1Encodable
@@ -291,7 +294,7 @@ data class AuthorizationList(
   val rollbackResistant: Boolean? = null,
   val rootOfTrust: RootOfTrust? = null,
   val osVersion: BigInteger? = null,
-  val osPatchLevel: BigInteger? = null,
+  val osPatchLevel: PatchLevel? = null,
   val attestationApplicationId: AttestationApplicationId? = null,
   val attestationIdBrand: String? = null,
   val attestationIdDevice: String? = null,
@@ -301,8 +304,8 @@ data class AuthorizationList(
   val attestationIdMeid: String? = null,
   val attestationIdManufacturer: String? = null,
   val attestationIdModel: String? = null,
-  val vendorPatchLevel: BigInteger? = null,
-  val bootPatchLevel: BigInteger? = null,
+  val vendorPatchLevel: PatchLevel? = null,
+  val bootPatchLevel: PatchLevel? = null,
   val attestationIdSecondImei: String? = null,
   val moduleHash: ByteString? = null,
 ) {
@@ -431,7 +434,7 @@ data class AuthorizationList(
         rollbackResistant = if (objects.containsKey(KeyMintTag.ROLLBACK_RESISTANT)) true else null,
         rootOfTrust = objects[KeyMintTag.ROOT_OF_TRUST]?.toRootOfTrust(),
         osVersion = objects[KeyMintTag.OS_VERSION]?.toInt(),
-        osPatchLevel = objects[KeyMintTag.OS_PATCH_LEVEL]?.toInt(),
+        osPatchLevel = objects[KeyMintTag.OS_PATCH_LEVEL]?.toPatchLevel(),
         attestationApplicationId =
           objects[KeyMintTag.ATTESTATION_APPLICATION_ID]?.toAttestationApplicationId(),
         attestationIdBrand = objects[KeyMintTag.ATTESTATION_ID_BRAND]?.toStr(),
@@ -442,15 +445,48 @@ data class AuthorizationList(
         attestationIdMeid = objects[KeyMintTag.ATTESTATION_ID_MEID]?.toStr(),
         attestationIdManufacturer = objects[KeyMintTag.ATTESTATION_ID_MANUFACTURER]?.toStr(),
         attestationIdModel = objects[KeyMintTag.ATTESTATION_ID_MODEL]?.toStr(),
-        vendorPatchLevel = objects[KeyMintTag.VENDOR_PATCH_LEVEL]?.toInt(),
-        bootPatchLevel = objects[KeyMintTag.BOOT_PATCH_LEVEL]?.toInt(),
+        vendorPatchLevel = objects[KeyMintTag.VENDOR_PATCH_LEVEL]?.toPatchLevel(),
+        bootPatchLevel = objects[KeyMintTag.BOOT_PATCH_LEVEL]?.toPatchLevel(),
         attestationIdSecondImei = objects[KeyMintTag.ATTESTATION_ID_SECOND_IMEI]?.toStr(),
         moduleHash = objects[KeyMintTag.MODULE_HASH]?.toByteString(),
       )
     }
   }
 }
 
+@Immutable
+data class PatchLevel(val yearMonth: YearMonth, val version: Int? = null) {
+  fun toAsn1(): ASN1Encodable = ASN1Integer(this.toString().toBigInteger())
+
+  override fun toString(): String {
+    val yearMonthString = DateTimeFormatter.ofPattern("yyyyMM").format(this.yearMonth)
+    if (this.version != null) return String.format("$yearMonthString%02d", this.version)
+    return yearMonthString
+  }
+
+  companion object {
+    fun from(patchLevel: ASN1Encodable): PatchLevel? {
+      check(patchLevel is ASN1Integer) { "Must be an ASN1Integer, was ${this::class.simpleName}" }
+      return from(patchLevel.value.toString())
+    }
+
+    @JvmStatic
+    fun from(patchLevel: String): PatchLevel? {
+      if (patchLevel.length != 6 && patchLevel.length != 8) {
+        return null
+      }
+      try {
+        val yearMonth =
+          DateTimeFormatter.ofPattern("yyyyMM").parse(patchLevel.substring(0, 6), YearMonth::from)
+        val version = if (patchLevel.length == 8) patchLevel.substring(6).toInt() else null
+        return PatchLevel(yearMonth, version)
+      } catch (e: DateTimeParseException) {
+        return null
+      }
+    }
+  }
+}
+
 /**
  * Representation of the AttestationApplicationId sequence contained within [AuthorizationList].
  *
@@ -609,6 +645,8 @@ private fun ASN1Encodable.toInt(): BigInteger {
   return this.value
 }
 
+private fun ASN1Encodable.toPatchLevel(): PatchLevel? = PatchLevel.from(this)
+
 private fun ASN1Encodable.toRootOfTrust(): RootOfTrust {
   check(this is ASN1Sequence) { "Object must be an ASN1Sequence, was ${this::class.simpleName}" }
   return RootOfTrust.from(this)

src/main/kotlin/testing/TestUtils.kt

@@ -17,6 +17,7 @@
 package com.android.keyattestation.verifier.testing
 
 import com.android.keyattestation.verifier.KeyDescription
+import com.android.keyattestation.verifier.PatchLevel
 import com.android.keyattestation.verifier.asX509Certificate
 import com.android.keyattestation.verifier.provider.KeyAttestationCertPath
 
@@ -89,7 +90,15 @@ object BigIntegerAdapter {
   @ToJson fun toJson(value: BigInteger) = value.toString()
 }
 
-private val moshi = Moshi.Builder().add(Base64ByteStringAdapter).add(BigIntegerAdapter).build()
+// Assumes everything is well formatted.
+object PatchLevelAdapter {
+  @ToJson fun toJson(patchLevel: PatchLevel) = patchLevel.toString()
+
+  @FromJson fun fromJson(patchLevel: String) = PatchLevel.from(patchLevel)
+}
+
+private val moshi =
+  Moshi.Builder().add(Base64ByteStringAdapter).add(BigIntegerAdapter).add(PatchLevelAdapter).build()
 private val keyDescriptionAdapter = moshi.adapter(KeyDescription::class.java)
 
 internal fun KeyDescription.toJson() = keyDescriptionAdapter.toJson(this)

src/test/kotlin/ExtensionTest.kt

@@ -24,6 +24,8 @@ import com.google.common.truth.Truth.assertThat
 import com.google.protobuf.ByteString
 import com.google.testing.junit.testparameterinjector.TestParameter
 import com.google.testing.junit.testparameterinjector.TestParameterInjector
+import com.google.testing.junit.testparameterinjector.TestParameters
+import java.time.YearMonth
 import java.util.Base64
 import kotlin.io.path.Path
 import kotlin.io.path.inputStream
@@ -76,6 +78,14 @@ class ExtensionTest {
     }
   }
 
+  @Test
+  @TestParameters("{patchLevel: '202400'}")
+  @TestParameters("{patchLevel: '00000000'}")
+  @TestParameters("{patchLevel: '2000231'}")
+  fun parseFrom_invalidPatchLevel_returnsNull(patchLevel: String) {
+    assertThat(PatchLevel.from(patchLevel)).isNull()
+  }
+
   @Test
   fun keyDescription_encodeToAsn1_expectedResult() {
     val authorizationList =
@@ -105,7 +115,7 @@ class ExtensionTest {
             verifiedBootHash = ByteString.copyFromUtf8("verifiedBootHash"),
           ),
         osVersion = 11.toBigInteger(),
-        osPatchLevel = 5.toBigInteger(),
+        osPatchLevel = PatchLevel(yearMonth = YearMonth.of(2024, 4)),
         attestationApplicationId =
           AttestationApplicationId(
             packages = setOf(AttestationPackageInfo(name = "name", version = 1.toBigInteger())),
@@ -119,8 +129,8 @@ class ExtensionTest {
         attestationIdMeid = "meid",
         attestationIdManufacturer = "manufacturer",
         attestationIdModel = "model",
-        vendorPatchLevel = 6.toBigInteger(),
-        bootPatchLevel = 7.toBigInteger(),
+        vendorPatchLevel = PatchLevel(YearMonth.of(2024, 4), 5),
+        bootPatchLevel = PatchLevel(YearMonth.of(2024, 4), 5),
         attestationIdSecondImei = "secondImei",
       )
     val keyDescription =