3af8e9389e
In WebView, if we run into the certificate, we will save it to the Keystore instead of sending it to the WebKit.
246 lines
8.7 KiB
Java
246 lines
8.7 KiB
Java
/*
|
|
* Copyright (C) 2009 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package android.security;
|
|
|
|
/**
|
|
* The Keystore class provides the functions to list the certs/keys in keystore.
|
|
* {@hide}
|
|
*/
|
|
public abstract class Keystore {
|
|
private static final String TAG = "Keystore";
|
|
private static final String[] NOTFOUND = new String[0];
|
|
|
|
/**
|
|
*/
|
|
public static Keystore getInstance() {
|
|
return new FileKeystore();
|
|
}
|
|
|
|
// for compatiblity, start from here
|
|
/**
|
|
*/
|
|
public abstract String getUserkey(String key);
|
|
|
|
/**
|
|
*/
|
|
public abstract String getCertificate(String key);
|
|
|
|
/**
|
|
*/
|
|
public abstract String[] getAllCertificateKeys();
|
|
|
|
/**
|
|
*/
|
|
public abstract String[] getAllUserkeyKeys();
|
|
|
|
// to here
|
|
|
|
/**
|
|
*/
|
|
public abstract String getCaCertificate(String key);
|
|
|
|
/**
|
|
*/
|
|
public abstract String getUserCertificate(String key);
|
|
|
|
/**
|
|
*/
|
|
public abstract String getUserPrivateKey(String key);
|
|
|
|
/**
|
|
* Returns the array of the certificate keynames in keystore if successful.
|
|
* Or return an empty array if error.
|
|
*
|
|
* @return array of the certificate keynames
|
|
*/
|
|
public abstract String[] getAllUserCertificateKeys();
|
|
|
|
/**
|
|
*/
|
|
public abstract String[] getAllCaCertificateKeys();
|
|
|
|
/**
|
|
*/
|
|
public abstract String[] getSupportedKeyStrenghs();
|
|
|
|
/**
|
|
* Generates a key pair and returns the certificate request.
|
|
* @param keyStrengthIndex index to the array of supported key strengths
|
|
* @param challenge the challenge message in the keygen tag
|
|
* @param organizations the organization string, e.g.,
|
|
* "/C=US/ST={state}/L={city}/O={company}/OU={app}/CN={hostname}"
|
|
* @return the certificate request
|
|
*/
|
|
public abstract String generateKeyPair(
|
|
int keyStrengthIndex, String challenge, String organizations);
|
|
|
|
public abstract void addCertificate(byte[] cert);
|
|
|
|
private static class FileKeystore extends Keystore {
|
|
private static final String SERVICE_NAME = "keystore";
|
|
private static final String LIST_CA_CERTIFICATES = "listcacerts";
|
|
private static final String LIST_USER_CERTIFICATES = "listusercerts";
|
|
private static final String GET_CA_CERTIFICATE = "getcacert";
|
|
private static final String GET_USER_CERTIFICATE = "getusercert";
|
|
private static final String GET_USER_KEY = "getuserkey";
|
|
private static final String ADD_CA_CERTIFICATE = "addcacert";
|
|
private static final String ADD_USER_CERTIFICATE = "addusercert";
|
|
private static final String ADD_USER_KEY = "adduserkey";
|
|
private static final String COMMAND_DELIMITER = "\t";
|
|
private static final ServiceCommand mServiceCommand =
|
|
new ServiceCommand(SERVICE_NAME);
|
|
|
|
// for compatiblity, start from here
|
|
|
|
private static final String LIST_CERTIFICATES = "listcerts";
|
|
private static final String LIST_USERKEYS = "listuserkeys";
|
|
private static final String PATH = "/data/misc/keystore/";
|
|
private static final String USERKEY_PATH = PATH + "userkeys/";
|
|
private static final String CERT_PATH = PATH + "certs/";
|
|
|
|
@Override
|
|
public String getUserkey(String key) {
|
|
return USERKEY_PATH + key;
|
|
}
|
|
|
|
@Override
|
|
public String getCertificate(String key) {
|
|
return CERT_PATH + key;
|
|
}
|
|
|
|
@Override
|
|
public String[] getAllCertificateKeys() {
|
|
try {
|
|
String result = mServiceCommand.execute(LIST_CERTIFICATES);
|
|
if (result != null) return result.split("\\s+");
|
|
return NOTFOUND;
|
|
} catch (NumberFormatException ex) {
|
|
return NOTFOUND;
|
|
}
|
|
}
|
|
|
|
@Override
|
|
public String[] getAllUserkeyKeys() {
|
|
try {
|
|
String result = mServiceCommand.execute(LIST_USERKEYS);
|
|
if (result != null) return result.split("\\s+");
|
|
return NOTFOUND;
|
|
} catch (NumberFormatException ex) {
|
|
return NOTFOUND;
|
|
}
|
|
}
|
|
|
|
// to here
|
|
|
|
@Override
|
|
public String getUserPrivateKey(String key) {
|
|
return mServiceCommand.execute(
|
|
GET_USER_KEY + COMMAND_DELIMITER + key);
|
|
}
|
|
|
|
@Override
|
|
public String getUserCertificate(String key) {
|
|
return mServiceCommand.execute(
|
|
GET_USER_CERTIFICATE + COMMAND_DELIMITER + key);
|
|
}
|
|
|
|
@Override
|
|
public String getCaCertificate(String key) {
|
|
return mServiceCommand.execute(
|
|
GET_CA_CERTIFICATE + COMMAND_DELIMITER + key);
|
|
}
|
|
|
|
@Override
|
|
public String[] getAllUserCertificateKeys() {
|
|
try {
|
|
String result = mServiceCommand.execute(LIST_USER_CERTIFICATES);
|
|
if (result != null) return result.split("\\s+");
|
|
return NOTFOUND;
|
|
} catch (NumberFormatException ex) {
|
|
return NOTFOUND;
|
|
}
|
|
}
|
|
|
|
@Override
|
|
public String[] getAllCaCertificateKeys() {
|
|
try {
|
|
String result = mServiceCommand.execute(LIST_CA_CERTIFICATES);
|
|
if (result != null) return result.split("\\s+");
|
|
return NOTFOUND;
|
|
} catch (NumberFormatException ex) {
|
|
return NOTFOUND;
|
|
}
|
|
}
|
|
|
|
@Override
|
|
public String[] getSupportedKeyStrenghs() {
|
|
// TODO: real implementation
|
|
return new String[] {"High Grade", "Medium Grade"};
|
|
}
|
|
|
|
@Override
|
|
public String generateKeyPair(int keyStrengthIndex, String challenge,
|
|
String organizations) {
|
|
// TODO: real implementation
|
|
return "-----BEGIN CERTIFICATE REQUEST-----"
|
|
+ "\nMIICzjCCAbYCAQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh"
|
|
+ "\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRYw"
|
|
+ "\nFAYDVQQLEw1SZW1vdGUgQWNjZXNzMRAwDgYDVQQLEwdHbGFwdG9wMQ0wCwYDVQQD"
|
|
+ "\nEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznwy7a16O35u"
|
|
+ "\nODLQOw6yHAxozrrX1J+c0reiIh8GYohwKrBedFnQ/FnTls6bxY4fNHD+SZvFFgvU"
|
|
+ "\nECBFOfRmRm7AFo51qT0t2a8qgvDLM6L1qGkmy94W28Q3OlcpF2QianHYdjyGT+Ac"
|
|
+ "\nYDek1Zi/E/mdPzuVM/K8tkB7n8ktC0PTm1ZtdMRauE5R0WrEhWuF6In/2gy1Q/Zh"
|
|
+ "\noy7/zQqpbPl2ouulvkx1Y3OXHM6XPNFLoHS1gH0HyAuBUokO0QmetRn6ngJSvz7e"
|
|
+ "\nVD7QYRppGp+g4BxqaV9XSxhaaKrMs4PAld9enV51X9qjvjCRBve2QxtuJgMfGJdU"
|
|
+ "\njGr/JweZoQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBADtxOtEseoLOVYh6sh4b"
|
|
+ "\nWCdngK87uHn2bdGipFwKdNTxQDdxNQLAKdoGYIfbVsC1cDgFiufeNwVukxxymdnm"
|
|
+ "\nk0GGK+0O0tZKENv8ysgfbgEsHpJH9FoR5Y5XEq1etejkcgCp59dyhrSk0DLyVm0D"
|
|
+ "\nIfTC/nsK95H7AAGOkbbDFo2otyLNNrthYncQ9diAG0UzzLacA+86JXZmD3HyC48u"
|
|
+ "\nI9hsivVnTTfl9afcfVAhfxbQ6HgkhZZjbjFjfABSd4v8wKlAAqK58VxCajNVOVcV"
|
|
+ "\ncCzOWf6NpE7xEHCf32i8bWDP6hi0WgQcdpQwnZNKhhTLGNb23Uty6HYlJhbxexC7"
|
|
+ "\nUoM="
|
|
+ "\n-----END CERTIFICATE REQUEST-----";
|
|
}
|
|
|
|
@Override
|
|
public void addCertificate(byte[] cert) {
|
|
// TODO: real implementation
|
|
}
|
|
|
|
private boolean addUserCertificate(String key, String certificate,
|
|
String privateKey) {
|
|
if(mServiceCommand.execute(ADD_USER_CERTIFICATE + COMMAND_DELIMITER
|
|
+ key + COMMAND_DELIMITER + certificate) != null) {
|
|
if (mServiceCommand.execute(ADD_USER_KEY + COMMAND_DELIMITER
|
|
+ key + COMMAND_DELIMITER + privateKey) != null) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
private boolean addCaCertificate(String key, String content) {
|
|
if (mServiceCommand.execute(ADD_CA_CERTIFICATE + COMMAND_DELIMITER
|
|
+ key + COMMAND_DELIMITER + content) != null) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
}
|
|
}
|