skip encryption padding when no encryption purpose passed

somalaya · somalaya · commit 2ffa9e8e6009 · 2025-10-29T17:27:59.000-07:00
diff --git a/common/src/main/java/com/microsoft/identity/common/internal/platform/AndroidDevicePopManager.java b/common/src/main/java/com/microsoft/identity/common/internal/platform/AndroidDevicePopManager.java
@@ -373,7 +373,7 @@ private void initialize(@NonNull final Context context,
             if (!unnecessaryCryptoPurposesDisabled && enableImport) {
                 purposes |= KeyProperties.PURPOSE_WRAP_KEY;
             }
-            initialize28(keyPairGenerator, keySize, useStrongbox, trySetAttestationChallenge, purposes);
+            initialize28(keyPairGenerator, keySize, useStrongbox, trySetAttestationChallenge, purposes, unnecessaryCryptoPurposesDisabled);
         }
     }
 
@@ -454,7 +454,8 @@ private void initialize28(@androidx.annotation.NonNull final KeyPairGenerator ke
                               final int keySize,
                               final boolean useStrongbox,
                               final boolean trySetAttestationChallenge,
-                              final int purposes) throws InvalidAlgorithmParameterException {
+                              final int purposes,
+                              final boolean unnecessaryCryptoPurposesDisabled) throws InvalidAlgorithmParameterException {
         KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(
                 mKeyManager.getKeyAlias(), purposes)
                 .setKeySize(keySize)
@@ -465,11 +466,15 @@ private void initialize28(@androidx.annotation.NonNull final KeyPairGenerator ke
                         KeyProperties.DIGEST_NONE,
                         KeyProperties.DIGEST_SHA1,
                         KeyProperties.DIGEST_SHA256
-                ).setEncryptionPaddings(
-                        KeyProperties.ENCRYPTION_PADDING_RSA_OAEP,
-                        KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1
                 );
 
+        if (!unnecessaryCryptoPurposesDisabled) {
+            builder.setEncryptionPaddings(
+                    KeyProperties.ENCRYPTION_PADDING_RSA_OAEP,
+                    KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1
+            );
+        }
+
         if (trySetAttestationChallenge) {
             builder = setAttestationChallenge(builder);
         }
diff --git a/common4j/src/main/com/microsoft/identity/common/java/platform/AbstractDevicePopManager.java b/common4j/src/main/com/microsoft/identity/common/java/platform/AbstractDevicePopManager.java
@@ -885,14 +885,16 @@ public String mintSignedAccessToken(@Nullable String httpMethod,
                                         @Nullable final String clientClaims) throws ClientException {
         final Span span = OTelUtility.createSpan(SpanName.DevicePopMintSignedAccessToken.name());
         try (final Scope scope = SpanExtension.makeCurrentSpan(span)) {
-            return mintSignedHttpRequestInternal(
+            final String signedAccessToken = mintSignedHttpRequestInternal(
                     httpMethod,
                     timestamp,
                     requestUrl,
                     accessToken,
                     nonce,
                     clientClaims
             );
+            span.setStatus(StatusCode.OK);
+            return signedAccessToken;
         } catch (final Exception exception) {
             span.recordException(exception);
             span.setStatus(StatusCode.ERROR);
