summaryrefslogtreecommitdiffstats
path: root/keystore/java
diff options
context:
space:
mode:
authorChung-yih Wang <cywang@google.com>2009-07-02 00:22:04 +0800
committerChung-yih Wang <cywang@google.com>2009-07-02 18:56:12 +0800
commiteec11827a6c06b029030f43c8d54fd871cc3347d (patch)
tree6ed138af9f9d632cc6e74dbb517626adb802ac96 /keystore/java
parentd45dcbec856710f9478ffc5689e7cdf95d757ab8 (diff)
downloadframeworks_base-eec11827a6c06b029030f43c8d54fd871cc3347d.zip
frameworks_base-eec11827a6c06b029030f43c8d54fd871cc3347d.tar.gz
frameworks_base-eec11827a6c06b029030f43c8d54fd871cc3347d.tar.bz2
Add CertTool for handling the keygen and certificate download.
1. Have the new Keystore for mini-keystore impelemntation. 2. Add CertTool library and jni dll for handling keygen and certificates. 3. Make Reply hidden. 4. Revert some 'incorrect' change and correct the description.
Diffstat (limited to 'keystore/java')
-rw-r--r--keystore/java/android/security/CertTool.java143
-rw-r--r--keystore/java/android/security/Keystore.java198
-rw-r--r--keystore/java/android/security/Reply.java26
-rw-r--r--keystore/java/android/security/ServiceCommand.java88
4 files changed, 314 insertions, 141 deletions
diff --git a/keystore/java/android/security/CertTool.java b/keystore/java/android/security/CertTool.java
new file mode 100644
index 0000000..285def2
--- /dev/null
+++ b/keystore/java/android/security/CertTool.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security;
+
+import android.content.Context;
+import android.content.Intent;
+import android.security.Keystore;
+import android.text.TextUtils;
+
+
+/**
+ * The CertTool class provides the functions to list the certs/keys,
+ * generate the certificate request(csr) and store the certificate into
+ * keystore.
+ *
+ * {@hide}
+ */
+public class CertTool {
+ public static final String ACTION_ADD_CREDENTIAL =
+ "android.security.ADD_CREDENTIAL";
+ public static final String KEY_TYPE_NAME = "typeName";
+ public static final String KEY_ITEM = "item";
+ public static final String KEY_NAMESPACE = "namespace";
+ public static final String KEY_DESCRIPTION = "description";
+
+ private static final String TAG = "CertTool";
+
+ private static final String TITLE_CA_CERT = "CA Certificate";
+ private static final String TITLE_USER_CERT = "User Certificate";
+ private static final String TITLE_PKCS12_KEYSTORE = "PKCS12 Keystore";
+ private static final String TITLE_PRIVATE_KEY = "Private Key";
+ private static final String UNKNOWN = "Unknown";
+ private static final String ISSUER_NAME = "Issuer Name:";
+ private static final String DISTINCT_NAME = "Distinct Name:";
+
+ private static final String CA_CERTIFICATE = "CACERT";
+ private static final String USER_CERTIFICATE = "USRCERT";
+ private static final String USER_KEY = "USRKEY";
+
+ private static final String KEYNAME_DELIMITER = " ";
+ private static final Keystore keystore = Keystore.getInstance();
+
+ private native String generateCertificateRequest(int bits, String subject);
+ private native boolean isPkcs12Keystore(byte[] data);
+ private native int generateX509Certificate(byte[] data);
+ private native boolean isCaCertificate(int handle);
+ private native String getIssuerDN(int handle);
+ private native String getCertificateDN(int handle);
+ private native String getPrivateKeyPEM(int handle);
+ private native void freeX509Certificate(int handle);
+
+ public String getUserPrivateKey(String key) {
+ return USER_KEY + KEYNAME_DELIMITER + key;
+ }
+
+ public String getUserCertificate(String key) {
+ return USER_CERTIFICATE + KEYNAME_DELIMITER + key;
+ }
+
+ public String getCaCertificate(String key) {
+ return CA_CERTIFICATE + KEYNAME_DELIMITER + key;
+ }
+
+ public String[] getAllUserCertificateKeys() {
+ return keystore.listKeys(USER_KEY);
+ }
+
+ public String[] getAllCaCertificateKeys() {
+ return keystore.listKeys(CA_CERTIFICATE);
+ }
+
+ public String[] getSupportedKeyStrenghs() {
+ return new String[] {"High Grade", "Medium Grade"};
+ }
+
+ private int getKeyLength(int index) {
+ if (index == 0) return 2048;
+ return 1024;
+ }
+
+ public String generateKeyPair(int keyStrengthIndex, String challenge,
+ String dirName) {
+ return generateCertificateRequest(getKeyLength(keyStrengthIndex),
+ dirName);
+ }
+
+ private Intent prepareIntent(String title, byte[] data, String namespace,
+ String issuer, String distinctName) {
+ Intent intent = new Intent(ACTION_ADD_CREDENTIAL);
+ intent.putExtra(KEY_TYPE_NAME, title);
+ intent.putExtra(KEY_ITEM + "0", data);
+ intent.putExtra(KEY_NAMESPACE + "0", namespace);
+ intent.putExtra(KEY_DESCRIPTION + "0", ISSUER_NAME + issuer);
+ intent.putExtra(KEY_DESCRIPTION + "1", DISTINCT_NAME + distinctName);
+ return intent;
+ }
+
+ private void addExtraIntentInfo(Intent intent, String namespace,
+ String data) {
+ intent.putExtra(KEY_ITEM + "1", data);
+ intent.putExtra(KEY_NAMESPACE + "1", namespace);
+ }
+
+ public synchronized void addCertificate(byte[] data, Context context) {
+ int handle;
+ Intent intent = null;
+
+ if (isPkcs12Keystore(data)) {
+ intent = prepareIntent(TITLE_PKCS12_KEYSTORE, data, USER_KEY,
+ UNKNOWN, UNKNOWN);
+ } else if ((handle = generateX509Certificate(data)) != 0) {
+ String issuer = getIssuerDN(handle);
+ String distinctName = getCertificateDN(handle);
+ String privateKeyPEM = getPrivateKeyPEM(handle);
+ if (isCaCertificate(handle)) {
+ intent = prepareIntent(TITLE_CA_CERT, data, CA_CERTIFICATE,
+ issuer, distinctName);
+ } else {
+ intent = prepareIntent(TITLE_USER_CERT, data, USER_CERTIFICATE,
+ issuer, distinctName);
+ if (!TextUtils.isEmpty(privateKeyPEM)) {
+ addExtraIntentInfo(intent, USER_KEY, privateKeyPEM);
+ }
+ }
+ freeX509Certificate(handle);
+ }
+ if (intent != null) context.startActivity(intent);
+ }
+}
diff --git a/keystore/java/android/security/Keystore.java b/keystore/java/android/security/Keystore.java
index 2a3e6a7..462645a 100644
--- a/keystore/java/android/security/Keystore.java
+++ b/keystore/java/android/security/Keystore.java
@@ -20,6 +20,7 @@ package android.security;
* The Keystore class provides the functions to list the certs/keys in keystore.
* {@hide}
*/
+
public abstract class Keystore {
private static final String TAG = "Keystore";
private static final String[] NOTFOUND = new String[0];
@@ -30,25 +31,18 @@ public abstract class Keystore {
return new FileKeystore();
}
- // for compatiblity, start from here
- /**
- */
- public abstract String getUserkey(String key);
-
- /**
- */
- public abstract String getCertificate(String key);
-
- /**
- */
- public abstract String[] getAllCertificateKeys();
-
- /**
- */
- public abstract String[] getAllUserkeyKeys();
-
- // to here
-
+ public abstract int lock();
+ public abstract int unlock(String password);
+ public abstract int getState();
+ public abstract int changePassword(String oldPassword, String newPassword);
+ public abstract int setPassword(String firstPassword);
+ public abstract String[] listKeys(String namespace);
+ public abstract int put(String namespace, String keyname, String value);
+ public abstract String get(String namespace, String keyname);
+ public abstract int remove(String namespace, String keyname);
+ public abstract int reset();
+
+ // TODO: for migrating to the mini-keystore, clean up from here
/**
*/
public abstract String getCaCertificate(String key);
@@ -89,101 +83,41 @@ public abstract class Keystore {
int keyStrengthIndex, String challenge, String organizations);
public abstract void addCertificate(byte[] cert);
+ // to here
private static class FileKeystore extends Keystore {
private static final String SERVICE_NAME = "keystore";
- private static final String LIST_CA_CERTIFICATES = "listcacerts";
- private static final String LIST_USER_CERTIFICATES = "listusercerts";
- private static final String GET_CA_CERTIFICATE = "getcacert";
- private static final String GET_USER_CERTIFICATE = "getusercert";
- private static final String GET_USER_KEY = "getuserkey";
- private static final String ADD_CA_CERTIFICATE = "addcacert";
- private static final String ADD_USER_CERTIFICATE = "addusercert";
- private static final String ADD_USER_KEY = "adduserkey";
- private static final String COMMAND_DELIMITER = "\t";
+ private static final String CA_CERTIFICATE = "CaCertificate";
+ private static final String USER_CERTIFICATE = "UserCertificate";
+ private static final String USER_KEY = "UserPrivateKey";
+ private static final String COMMAND_DELIMITER = " ";
private static final ServiceCommand mServiceCommand =
new ServiceCommand(SERVICE_NAME);
- // for compatiblity, start from here
-
- private static final String LIST_CERTIFICATES = "listcerts";
- private static final String LIST_USERKEYS = "listuserkeys";
- private static final String PATH = "/data/misc/keystore/";
- private static final String USERKEY_PATH = PATH + "userkeys/";
- private static final String CERT_PATH = PATH + "certs/";
-
- @Override
- public String getUserkey(String key) {
- return USERKEY_PATH + key;
- }
-
- @Override
- public String getCertificate(String key) {
- return CERT_PATH + key;
- }
-
- @Override
- public String[] getAllCertificateKeys() {
- try {
- String result = mServiceCommand.execute(LIST_CERTIFICATES);
- if (result != null) return result.split("\\s+");
- return NOTFOUND;
- } catch (NumberFormatException ex) {
- return NOTFOUND;
- }
- }
-
- @Override
- public String[] getAllUserkeyKeys() {
- try {
- String result = mServiceCommand.execute(LIST_USERKEYS);
- if (result != null) return result.split("\\s+");
- return NOTFOUND;
- } catch (NumberFormatException ex) {
- return NOTFOUND;
- }
- }
-
- // to here
-
+ // TODO: for migrating to the mini-keystore, start from here
@Override
public String getUserPrivateKey(String key) {
- return mServiceCommand.execute(
- GET_USER_KEY + COMMAND_DELIMITER + key);
+ return "";
}
@Override
public String getUserCertificate(String key) {
- return mServiceCommand.execute(
- GET_USER_CERTIFICATE + COMMAND_DELIMITER + key);
+ return "";
}
@Override
public String getCaCertificate(String key) {
- return mServiceCommand.execute(
- GET_CA_CERTIFICATE + COMMAND_DELIMITER + key);
+ return "";
}
@Override
public String[] getAllUserCertificateKeys() {
- try {
- String result = mServiceCommand.execute(LIST_USER_CERTIFICATES);
- if (result != null) return result.split("\\s+");
- return NOTFOUND;
- } catch (NumberFormatException ex) {
- return NOTFOUND;
- }
+ return new String[0];
}
@Override
public String[] getAllCaCertificateKeys() {
- try {
- String result = mServiceCommand.execute(LIST_CA_CERTIFICATES);
- if (result != null) return result.split("\\s+");
- return NOTFOUND;
- } catch (NumberFormatException ex) {
- return NOTFOUND;
- }
+ return new String[0];
}
@Override
@@ -221,25 +155,77 @@ public abstract class Keystore {
// TODO: real implementation
}
- private boolean addUserCertificate(String key, String certificate,
- String privateKey) {
- if(mServiceCommand.execute(ADD_USER_CERTIFICATE + COMMAND_DELIMITER
- + key + COMMAND_DELIMITER + certificate) != null) {
- if (mServiceCommand.execute(ADD_USER_KEY + COMMAND_DELIMITER
- + key + COMMAND_DELIMITER + privateKey) != null) {
- return true;
- }
- }
- return false;
+ // to here
+
+ @Override
+ public int lock() {
+ Reply result = mServiceCommand.execute(ServiceCommand.LOCK, null);
+ return (result != null) ? result.returnCode : -1;
+ }
+
+ @Override
+ public int unlock(String password) {
+ Reply result = mServiceCommand.execute(ServiceCommand.UNLOCK,
+ password);
+ return (result != null) ? result.returnCode : -1;
}
- private boolean addCaCertificate(String key, String content) {
- if (mServiceCommand.execute(ADD_CA_CERTIFICATE + COMMAND_DELIMITER
- + key + COMMAND_DELIMITER + content) != null) {
- return true;
- }
- return false;
+ @Override
+ public int getState() {
+ Reply result = mServiceCommand.execute(ServiceCommand.GET_STATE,
+ null);
+ return (result != null) ? result.returnCode : -1;
+ }
+
+ @Override
+ public int changePassword(String oldPassword, String newPassword) {
+ Reply result = mServiceCommand.execute(ServiceCommand.PASSWD,
+ oldPassword + " " + newPassword);
+ return (result != null) ? result.returnCode : -1;
+ }
+
+ @Override
+ public int setPassword(String firstPassword) {
+ Reply result = mServiceCommand.execute(ServiceCommand.PASSWD,
+ firstPassword);
+ return (result != null) ? result.returnCode : -1;
}
+ @Override
+ public String[] listKeys(String namespace) {
+ Reply result = mServiceCommand.execute(ServiceCommand.LIST_KEYS,
+ namespace);
+ return (result != null) ? ((result.returnCode != 0) ? NOTFOUND :
+ new String(result.data, 0, result.len).split("\\s+"))
+ : NOTFOUND;
+ }
+
+ @Override
+ public int put(String namespace, String keyname, String value) {
+ Reply result = mServiceCommand.execute(ServiceCommand.PUT_KEY,
+ namespace + " " + keyname + " " + value);
+ return (result != null) ? result.returnCode : -1;
+ }
+
+ @Override
+ public String get(String namespace, String keyname) {
+ Reply result = mServiceCommand.execute(ServiceCommand.GET_KEY,
+ namespace + " " + keyname);
+ return (result != null) ? ((result.returnCode != 0) ? null :
+ new String(result.data, 0, result.len)) : null;
+ }
+
+ @Override
+ public int remove(String namespace, String keyname) {
+ Reply result = mServiceCommand.execute(ServiceCommand.REMOVE_KEY,
+ namespace + " " + keyname);
+ return (result != null) ? result.returnCode : -1;
+ }
+
+ @Override
+ public int reset() {
+ Reply result = mServiceCommand.execute(ServiceCommand.RESET, null);
+ return (result != null) ? result.returnCode : -1;
+ }
}
}
diff --git a/keystore/java/android/security/Reply.java b/keystore/java/android/security/Reply.java
new file mode 100644
index 0000000..15a0dde
--- /dev/null
+++ b/keystore/java/android/security/Reply.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security;
+
+/*
+ * {@hide}
+ */
+public class Reply {
+ public int len;
+ public int returnCode;
+ public byte[] data = new byte[ServiceCommand.BUFFER_LENGTH];
+}
diff --git a/keystore/java/android/security/ServiceCommand.java b/keystore/java/android/security/ServiceCommand.java
index f1d4302..2f335be 100644
--- a/keystore/java/android/security/ServiceCommand.java
+++ b/keystore/java/android/security/ServiceCommand.java
@@ -35,15 +35,25 @@ public class ServiceCommand {
public static final String SUCCESS = "0";
public static final String FAILED = "-1";
+ // Opcodes for keystore commands.
+ public static final int LOCK = 0;
+ public static final int UNLOCK = 1;
+ public static final int PASSWD = 2;
+ public static final int GET_STATE = 3;
+ public static final int LIST_KEYS = 4;
+ public static final int GET_KEY = 5;
+ public static final int PUT_KEY = 6;
+ public static final int REMOVE_KEY = 7;
+ public static final int RESET = 8;
+ public static final int MAX_CMD_INDEX = 9;
+
+ public static final int BUFFER_LENGTH = 4096;
+
private String mServiceName;
private String mTag;
private InputStream mIn;
private OutputStream mOut;
private LocalSocket mSocket;
- private static final int BUFFER_LENGTH = 1024;
-
- private byte buf[] = new byte[BUFFER_LENGTH];
- private int buflen = 0;
private boolean connect() {
if (mSocket != null) {
@@ -104,35 +114,47 @@ public class ServiceCommand {
return false;
}
- private boolean readReply() {
- int len, ret;
- buflen = 0;
+ private Reply readReply() {
+ byte buf[] = new byte[4];
+ Reply reply = new Reply();
- if (!readBytes(buf, 2)) return false;
- ret = (((int) buf[0]) & 0xff) | ((((int) buf[1]) & 0xff) << 8);
- if (ret != 0) return false;
+ if (!readBytes(buf, 4)) return null;
+ reply.len = (((int) buf[0]) & 0xff) | ((((int) buf[1]) & 0xff) << 8) |
+ ((((int) buf[2]) & 0xff) << 16) |
+ ((((int) buf[3]) & 0xff) << 24);
- if (!readBytes(buf, 2)) return false;
- len = (((int) buf[0]) & 0xff) | ((((int) buf[1]) & 0xff) << 8);
- if (len > BUFFER_LENGTH) {
- Log.e(mTag,"invalid reply length (" + len + ")");
+ if (!readBytes(buf, 4)) return null;
+ reply.returnCode = (((int) buf[0]) & 0xff) |
+ ((((int) buf[1]) & 0xff) << 8) |
+ ((((int) buf[2]) & 0xff) << 16) |
+ ((((int) buf[3]) & 0xff) << 24);
+
+ if (reply.len > BUFFER_LENGTH) {
+ Log.e(mTag,"invalid reply length (" + reply.len + ")");
disconnect();
- return false;
+ return null;
}
- if (!readBytes(buf, len)) return false;
- buflen = len;
- return true;
+ if (!readBytes(reply.data, reply.len)) return null;
+ return reply;
}
- private boolean writeCommand(String _cmd) {
- byte[] cmd = _cmd.getBytes();
- int len = cmd.length;
- if ((len < 1) || (len > BUFFER_LENGTH)) return false;
+ private boolean writeCommand(int cmd, String _data) {
+ byte buf[] = new byte[8];
+ byte[] data = _data.getBytes();
+ int len = data.length;
+ // the length of data
buf[0] = (byte) (len & 0xff);
buf[1] = (byte) ((len >> 8) & 0xff);
+ buf[2] = (byte) ((len >> 16) & 0xff);
+ buf[3] = (byte) ((len >> 24) & 0xff);
+ // the opcode of the command
+ buf[4] = (byte) (cmd & 0xff);
+ buf[5] = (byte) ((cmd >> 8) & 0xff);
+ buf[6] = (byte) ((cmd >> 16) & 0xff);
+ buf[7] = (byte) ((cmd >> 24) & 0xff);
try {
- mOut.write(buf, 0, 2);
- mOut.write(cmd, 0, len);
+ mOut.write(buf, 0, 8);
+ mOut.write(data, 0, len);
} catch (IOException ex) {
Log.e(mTag,"write error");
disconnect();
@@ -141,32 +163,28 @@ public class ServiceCommand {
return true;
}
- private String executeCommand(String cmd) {
- if (!writeCommand(cmd)) {
+ private Reply executeCommand(int cmd, String data) {
+ if (!writeCommand(cmd, data)) {
/* If service died and restarted in the background
* (unlikely but possible) we'll fail on the next
* write (this one). Try to reconnect and write
* the command one more time before giving up.
*/
Log.e(mTag, "write command failed? reconnect!");
- if (!connect() || !writeCommand(cmd)) {
+ if (!connect() || !writeCommand(cmd, data)) {
return null;
}
}
- if (readReply()) {
- return new String(buf, 0, buflen);
- } else {
- return null;
- }
+ return readReply();
}
- public synchronized String execute(String cmd) {
- String result;
+ public synchronized Reply execute(int cmd, String data) {
+ Reply result;
if (!connect()) {
Log.e(mTag, "connection failed");
return null;
}
- result = executeCommand(cmd);
+ result = executeCommand(cmd, data);
disconnect();
return result;
}