diff options
author | Alex Klyubin <klyubin@google.com> | 2015-06-23 18:58:23 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-06-23 18:58:25 +0000 |
commit | 81d299e4b8bb7520881f39303f25b5d68417b9e2 (patch) | |
tree | a4e0e64cfe8bb18134cad489c101471586d8ab08 /keystore/java | |
parent | bb0e985bed952734f4271672fd804539a66a2d36 (diff) | |
parent | 856aebe571e2efe332c1258b3131bfbae6f4b396 (diff) | |
download | frameworks_base-81d299e4b8bb7520881f39303f25b5d68417b9e2.zip frameworks_base-81d299e4b8bb7520881f39303f25b5d68417b9e2.tar.gz frameworks_base-81d299e4b8bb7520881f39303f25b5d68417b9e2.tar.bz2 |
Merge "Don't fail if self-signed certificate can't be signed." into mnc-dev
Diffstat (limited to 'keystore/java')
-rw-r--r-- | keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java | 16 | ||||
-rw-r--r-- | keystore/java/android/security/keystore/KeyGenParameterSpec.java | 2 |
2 files changed, 14 insertions, 4 deletions
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java index f7ff07f..02afa0a 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java @@ -515,15 +515,23 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato return generateSelfSignedCertificateWithFakeSignature(publicKey); } else { // Key can be used to sign a certificate - return generateSelfSignedCertificateWithValidSignature( - privateKey, publicKey, signatureAlgorithm); + try { + return generateSelfSignedCertificateWithValidSignature( + privateKey, publicKey, signatureAlgorithm); + } catch (Exception e) { + // Failed to generate the self-signed certificate with valid signature. Fall back + // to generating a self-signed certificate with a fake signature. This is done for + // all exception types because we prefer key pair generation to succeed and end up + // producing a self-signed certificate with an invalid signature to key pair + // generation failing. + return generateSelfSignedCertificateWithFakeSignature(publicKey); + } } } @SuppressWarnings("deprecation") private X509Certificate generateSelfSignedCertificateWithValidSignature( - PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) - throws Exception { + PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception { final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setPublicKey(publicKey); certGen.setSerialNumber(mSpec.getCertificateSerialNumber()); diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index 3d23399..919dd48 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -71,6 +71,8 @@ import javax.security.auth.x500.X500Principal; * <li>{@link KeyProperties#PURPOSE_SIGN},</li> * <li>operation without requiring the user to be authenticated (see * {@link Builder#setUserAuthenticationRequired(boolean)}),</li> + * <li>signing/origination at this moment in time (see {@link Builder#setKeyValidityStart(Date)} + * and {@link Builder#setKeyValidityForOriginationEnd(Date)}),</li> * <li>suitable digest or {@link KeyProperties#DIGEST_NONE},</li> * <li>(RSA keys only) padding scheme {@link KeyProperties#SIGNATURE_PADDING_RSA_PKCS1} or * {@link KeyProperties#ENCRYPTION_PADDING_NONE}.</li> |