summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrian Carlstrom <bdc@google.com>2011-06-07 13:45:33 -0700
committerBrian Carlstrom <bdc@google.com>2011-06-07 15:33:09 -0700
commit9d7faa91be6661eccf73494f1ab96ae9a28d42d7 (patch)
tree85bf8aec36f40536a4e6dbf2cd25ea59239ab956
parenta4a48a484fe862787cf2fbe1314deab8ac375951 (diff)
downloadframeworks_base-9d7faa91be6661eccf73494f1ab96ae9a28d42d7.zip
frameworks_base-9d7faa91be6661eccf73494f1ab96ae9a28d42d7.tar.gz
frameworks_base-9d7faa91be6661eccf73494f1ab96ae9a28d42d7.tar.bz2
Change KeyChain to assume PEM encoded keystore entries
Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
-rw-r--r--keystore/java/android/security/Credentials.java47
-rw-r--r--keystore/java/android/security/KeyChain.java9
2 files changed, 50 insertions, 6 deletions
diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java
index 6b69b8a..fd6c22c 100644
--- a/keystore/java/android/security/Credentials.java
+++ b/keystore/java/android/security/Credentials.java
@@ -20,8 +20,19 @@ import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.util.Log;
-
+import com.android.org.bouncycastle.openssl.PEMReader;
+import com.android.org.bouncycastle.openssl.PEMWriter;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Reader;
+import java.io.Writer;
+import java.nio.charset.Charsets;
import java.security.KeyPair;
+import java.util.ArrayList;
+import java.util.List;
/**
* {@hide}
@@ -60,6 +71,40 @@ public class Credentials {
/** Data type for PKCS12. */
public static final String PKCS12 = "PKCS12";
+ /**
+ * Convert objects to a PEM format, which is used for
+ * CA_CERTIFICATE, USER_CERTIFICATE, and USER_PRIVATE_KEY
+ * entries.
+ */
+ public static byte[] convertToPem(Object... objects) throws IOException {
+ ByteArrayOutputStream bao = new ByteArrayOutputStream();
+ Writer writer = new OutputStreamWriter(bao, Charsets.US_ASCII);
+ PEMWriter pw = new PEMWriter(writer);
+ for (Object o : objects) {
+ pw.writeObject(o);
+ }
+ pw.close();
+ return bao.toByteArray();
+ }
+ /**
+ * Convert objects from PEM format, which is used for
+ * CA_CERTIFICATE, USER_CERTIFICATE, and USER_PRIVATE_KEY
+ * entries.
+ */
+ public static List<Object> convertFromPem(byte[] bytes) throws IOException {
+ ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
+ Reader reader = new InputStreamReader(bai, Charsets.US_ASCII);
+ PEMReader pr = new PEMReader(reader);
+
+ List<Object> result = new ArrayList<Object>();
+ Object o;
+ while ((o = pr.readObject()) != null) {
+ result.add(o);
+ }
+ pr.close();
+ return result;
+ }
+
private static Credentials singleton;
public static Credentials getInstance() {
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index ec820cf..ba784ed 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -34,6 +34,7 @@ import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.IOException;
import java.security.KeyFactory;
+import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
@@ -185,11 +186,9 @@ public final class KeyChain {
throw new IllegalArgumentException("bytes == null");
}
try {
- KeyFactory keyFactory = KeyFactory.getInstance("RSA");
- return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes));
- } catch (NoSuchAlgorithmException e) {
- throw new AssertionError(e);
- } catch (InvalidKeySpecException e) {
+ KeyPair keyPair = (KeyPair) Credentials.convertFromPem(bytes).get(0);
+ return keyPair.getPrivate();
+ } catch (IOException e) {
throw new AssertionError(e);
}
}