diff options
Diffstat (limited to 'keystore/java/android/security/CertTool.java')
| -rw-r--r-- | keystore/java/android/security/CertTool.java | 68 |
1 files changed, 62 insertions, 6 deletions
diff --git a/keystore/java/android/security/CertTool.java b/keystore/java/android/security/CertTool.java index 26d22ae..79418bd 100644 --- a/keystore/java/android/security/CertTool.java +++ b/keystore/java/android/security/CertTool.java @@ -16,11 +16,19 @@ package android.security; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; + import android.content.Context; import android.content.Intent; import android.security.Keystore; import android.text.TextUtils; - +import android.util.Log; /** * The CertTool class provides the functions to list the certs/keys, @@ -41,12 +49,13 @@ public class CertTool { public static final String KEY_NAMESPACE = "namespace"; public static final String KEY_DESCRIPTION = "description"; - private static final String TAG = "CertTool"; + public static final String TITLE_CA_CERT = "CA Certificate"; + public static final String TITLE_USER_CERT = "User Certificate"; + public static final String TITLE_PKCS12_KEYSTORE = "PKCS12 Keystore"; + public static final String TITLE_PRIVATE_KEY = "Private Key"; + public static final int INCORRECT_PKCS12_PASSPHRASE = -100; - private static final String TITLE_CA_CERT = "CA Certificate"; - private static final String TITLE_USER_CERT = "User Certificate"; - private static final String TITLE_PKCS12_KEYSTORE = "PKCS12 Keystore"; - private static final String TITLE_PRIVATE_KEY = "Private Key"; + private static final String TAG = "CertTool"; private static final String UNKNOWN = "Unknown"; private static final String ISSUER_NAME = "Issuer Name:"; private static final String DISTINCT_NAME = "Distinct Name:"; @@ -58,6 +67,11 @@ public class CertTool { private static final String KEYNAME_DELIMITER = "_"; private static final Keystore sKeystore = Keystore.getInstance(); + private native int getPkcs12Handle(byte[] data, String password); + private native String getPkcs12Certificate(int handle); + private native String getPkcs12PrivateKey(int handle); + private native String popPkcs12CertificateStack(int handle); + private native void freePkcs12Handle(int handle); private native String generateCertificateRequest(int bits, String subject); private native boolean isPkcs12Keystore(byte[] data); private native int generateX509Certificate(byte[] data); @@ -130,10 +144,52 @@ public class CertTool { intent.putExtra(KEY_NAMESPACE + "1", namespace); } + private int extractAndStoreKeysFromPkcs12(int handle, String keyname) { + int ret, i = 0; + String pemData; + + if ((pemData = getPkcs12Certificate(handle)) != null) { + if ((ret = sKeystore.put(USER_CERTIFICATE, keyname, pemData)) != 0) { + return ret; + } + } + if ((pemData = getPkcs12PrivateKey(handle)) != null) { + if ((ret = sKeystore.put(USER_KEY, keyname, pemData)) != 0) { + return ret; + } + } + while ((pemData = this.popPkcs12CertificateStack(handle)) != null) { + if (i++ > 0) { + if ((ret = sKeystore.put(CA_CERTIFICATE, keyname + i, pemData)) != 0) { + return ret; + } + } else { + if ((ret = sKeystore.put(CA_CERTIFICATE, keyname, pemData)) != 0) { + return ret; + } + } + } + return 0; + } + + public int addPkcs12Keystore(byte[] p12Data, String password, + String keyname) { + int handle, ret; + Log.i("CertTool", "addPkcs12Keystore()"); + + if ((handle = getPkcs12Handle(p12Data, password)) == 0) { + return INCORRECT_PKCS12_PASSPHRASE; + } + ret = extractAndStoreKeysFromPkcs12(handle, keyname); + freePkcs12Handle(handle); + return ret; + } + public synchronized void addCertificate(byte[] data, Context context) { int handle; Intent intent = null; + Log.i("CertTool", "addCertificate()"); if (isPkcs12Keystore(data)) { intent = prepareIntent(TITLE_PKCS12_KEYSTORE, data, USER_KEY, UNKNOWN, UNKNOWN); |