diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-04-29 13:16:30 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2015-04-29 13:28:56 -0700 |
| commit | 4812563f68c87278af68309662433279d10f573e (patch) | |
| tree | 64c1a78e3339bf04acd427c9a8da78653b71720c /core/java | |
| parent | 47ea8b3d6bcef193a2d0ec9f0141525c83a0bcda (diff) | |
| download | frameworks_base-4812563f68c87278af68309662433279d10f573e.zip frameworks_base-4812563f68c87278af68309662433279d10f573e.tar.gz frameworks_base-4812563f68c87278af68309662433279d10f573e.tar.bz2 | |
AndroidKeyStore keys should not be handled by Bouncy Castle.
Bouncy Castle JCA provider incorrectly declares that its Cipher, Mac,
Signature, and KeyAgreement implementations accept arbitrary keys (
including AndroidKeyStore keys). As a result, when a Cipher, Mac,
Signature, or KeyAgreement instance is requested from JCA without
explicitly specifying the provider (which follows best practices)
and then initialied with an AndroidKeyStore key, JCA chooses the
BouncyCastle's implementation, which in turn blows up because it
can't handle such keys.
The workaround is to install Cipher, Mac, Signature, and
KeyAgreement implementations backed by AndroidKeyStore as a
higher-priority JCA provider than the Bouncy Castle one. This is
achieved by splitting out the above implementations from
AndroidKeyStoreProvider into AndroidKeyStoreBCWorkaroundProvider
and installing the AndroidKeyStoreProvider at the usual priority
(below Bouncy Castle) and the AndroidKeyStoreBCWorkaroundProvider
at above Bouncy Castle priority.
Bug: 20691708
Change-Id: I336464f4a49bc30c6845ddc4e84b07f4105424dd
Diffstat (limited to 'core/java')
| -rw-r--r-- | core/java/android/app/ActivityThread.java | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java index 9bad9bb..2e45b79 100644 --- a/core/java/android/app/ActivityThread.java +++ b/core/java/android/app/ActivityThread.java @@ -114,7 +114,6 @@ import java.io.IOException; import java.io.PrintWriter; import java.lang.ref.WeakReference; import java.net.InetAddress; -import java.security.Security; import java.text.DateFormat; import java.util.ArrayList; import java.util.List; @@ -5338,7 +5337,7 @@ public final class ActivityThread { // Set the reporter for event logging in libcore EventLogger.setReporter(new EventLoggingReporter()); - Security.addProvider(new AndroidKeyStoreProvider()); + AndroidKeyStoreProvider.install(); // Make sure TrustedCertificateStore looks in the right place for CA certificates final File configDir = Environment.getUserConfigDirectory(UserHandle.myUserId()); |