Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add signing to keystore

Browse Source 
Change the keystore to keep the private keys in keystore. When returned,
it uses the OpenSSL representation of the key to allow users to use it
in various operations through the OpenSSL ENGINE that connects to
keystore.

Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
This commit is contained in:
Kenny Root
2011-11-14 08:43:13 -08:00
parent b2e822fc2a
commit 5423e68d5d
5 changed files with 352 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
keystore/java/android/security/KeyChain.java
View File

@@ -27,6 +27,7 @@ import android.os.RemoteException;
import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.Principal;
import java.security.PrivateKey;
@@ -39,6 +40,8 @@ import java.util.List;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import libcore.util.Objects;
import org.apache.harmony.xnet.provider.jsse.OpenSSLEngine;
import org.apache.harmony.xnet.provider.jsse.TrustedCertificateStore;
/**
@@ -301,14 +304,21 @@ public final class KeyChain {
}
KeyChainConnection keyChainConnection = bind(context);
try {
IKeyChainService keyChainService = keyChainConnection.getService();
byte[] privateKeyBytes = keyChainService.getPrivateKey(alias);
return toPrivateKey(privateKeyBytes);
final IKeyChainService keyChainService = keyChainConnection.getService();
final String keyId = keyChainService.requestPrivateKey(alias);
if (keyId == null) {
throw new KeyChainException("keystore had a problem");
}
final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
return engine.getPrivateKeyById(keyId);
} catch (RemoteException e) {
throw new KeyChainException(e);
} catch (RuntimeException e) {
// only certain RuntimeExceptions can be propagated across the IKeyChainService call
throw new KeyChainException(e);
} catch (InvalidKeyException e) {
throw new KeyChainException(e);
} finally {
keyChainConnection.close();
}
@@ -356,18 +366,6 @@ public final class KeyChain {
}
}
private static PrivateKey toPrivateKey(byte[] bytes) {
if (bytes == null) {
throw new IllegalArgumentException("bytes == null");
}
try {
KeyPair keyPair = (KeyPair) Credentials.convertFromPem(bytes).get(0);
return keyPair.getPrivate();
} catch (IOException e) {
throw new AssertionError(e);
}
}
private static X509Certificate toCertificate(byte[] bytes) {
if (bytes == null) {
throw new IllegalArgumentException("bytes == null");