Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Use TrustedCertificateStore for chain building" into jb-mr1-dev

Browse Source
This commit is contained in:
Kenny Root
2012-08-08 14:49:29 -07:00
committed by Android (Google) Code Review
parent 603af61a7c 54e03afcfe
commit 6ab4511aa6
1 changed files with 2 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
keystore/java/android/security/KeyChain.java
View File

@@ -26,20 +26,16 @@ import android.os.Looper;
import android.os.RemoteException; import android.os.RemoteException;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.Closeable; import java.io.Closeable;
import java.io.IOException;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.Principal; import java.security.Principal;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.concurrent.BlockingQueue; import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.LinkedBlockingQueue;
import libcore.util.Objects;
import org.apache.harmony.xnet.provider.jsse.OpenSSLEngine; import org.apache.harmony.xnet.provider.jsse.OpenSSLEngine;
import org.apache.harmony.xnet.provider.jsse.TrustedCertificateStore; import org.apache.harmony.xnet.provider.jsse.TrustedCertificateStore;
@@ -341,20 +337,9 @@ public final class KeyChain {
try { try {
IKeyChainService keyChainService = keyChainConnection.getService(); IKeyChainService keyChainService = keyChainConnection.getService();
byte[] certificateBytes = keyChainService.getCertificate(alias); byte[] certificateBytes = keyChainService.getCertificate(alias);
List<X509Certificate> chain = new ArrayList<X509Certificate>();
chain.add(toCertificate(certificateBytes));
TrustedCertificateStore store = new TrustedCertificateStore(); TrustedCertificateStore store = new TrustedCertificateStore();
for (int i = 0; true; i++) { List<X509Certificate> chain = store
X509Certificate cert = chain.get(i); .getCertificateChain(toCertificate(certificateBytes));
if (Objects.equal(cert.getSubjectX500Principal(), cert.getIssuerX500Principal())) {
break;
}
X509Certificate issuer = store.findIssuer(cert);
if (issuer == null) {
break;
}
chain.add(issuer);
}
return chain.toArray(new X509Certificate[chain.size()]); return chain.toArray(new X509Certificate[chain.size()]);
} catch (RemoteException e) { } catch (RemoteException e) {
throw new KeyChainException(e); throw new KeyChainException(e);