summaryrefslogtreecommitdiffstats
path: root/keystore
diff options
context:
space:
mode:
authorAlex Klyubin <klyubin@google.com>2015-06-23 18:58:23 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2015-06-23 18:58:25 +0000
commit81d299e4b8bb7520881f39303f25b5d68417b9e2 (patch)
treea4e0e64cfe8bb18134cad489c101471586d8ab08 /keystore
parentbb0e985bed952734f4271672fd804539a66a2d36 (diff)
parent856aebe571e2efe332c1258b3131bfbae6f4b396 (diff)
downloadframeworks_base-81d299e4b8bb7520881f39303f25b5d68417b9e2.zip
frameworks_base-81d299e4b8bb7520881f39303f25b5d68417b9e2.tar.gz
frameworks_base-81d299e4b8bb7520881f39303f25b5d68417b9e2.tar.bz2
Merge "Don't fail if self-signed certificate can't be signed." into mnc-dev
Diffstat (limited to 'keystore')
-rw-r--r--keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java16
-rw-r--r--keystore/java/android/security/keystore/KeyGenParameterSpec.java2
2 files changed, 14 insertions, 4 deletions
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
index f7ff07f..02afa0a 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -515,15 +515,23 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
return generateSelfSignedCertificateWithFakeSignature(publicKey);
} else {
// Key can be used to sign a certificate
- return generateSelfSignedCertificateWithValidSignature(
- privateKey, publicKey, signatureAlgorithm);
+ try {
+ return generateSelfSignedCertificateWithValidSignature(
+ privateKey, publicKey, signatureAlgorithm);
+ } catch (Exception e) {
+ // Failed to generate the self-signed certificate with valid signature. Fall back
+ // to generating a self-signed certificate with a fake signature. This is done for
+ // all exception types because we prefer key pair generation to succeed and end up
+ // producing a self-signed certificate with an invalid signature to key pair
+ // generation failing.
+ return generateSelfSignedCertificateWithFakeSignature(publicKey);
+ }
}
}
@SuppressWarnings("deprecation")
private X509Certificate generateSelfSignedCertificateWithValidSignature(
- PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm)
- throws Exception {
+ PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception {
final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setPublicKey(publicKey);
certGen.setSerialNumber(mSpec.getCertificateSerialNumber());
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index 3d23399..919dd48 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -71,6 +71,8 @@ import javax.security.auth.x500.X500Principal;
* <li>{@link KeyProperties#PURPOSE_SIGN},</li>
* <li>operation without requiring the user to be authenticated (see
* {@link Builder#setUserAuthenticationRequired(boolean)}),</li>
+ * <li>signing/origination at this moment in time (see {@link Builder#setKeyValidityStart(Date)}
+ * and {@link Builder#setKeyValidityForOriginationEnd(Date)}),</li>
* <li>suitable digest or {@link KeyProperties#DIGEST_NONE},</li>
* <li>(RSA keys only) padding scheme {@link KeyProperties#SIGNATURE_PADDING_RSA_PKCS1} or
* {@link KeyProperties#ENCRYPTION_PADDING_NONE}.</li>