From 9d7faa91be6661eccf73494f1ab96ae9a28d42d7 Mon Sep 17 00:00:00 2001 From: Brian Carlstrom Date: Tue, 7 Jun 2011 13:45:33 -0700 Subject: Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e --- keystore/java/android/security/Credentials.java | 47 ++++++++++++++++++++++++- keystore/java/android/security/KeyChain.java | 9 +++-- 2 files changed, 50 insertions(+), 6 deletions(-) (limited to 'keystore/java/android') diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index 6b69b8a..fd6c22c 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -20,8 +20,19 @@ import android.content.ActivityNotFoundException; import android.content.Context; import android.content.Intent; import android.util.Log; - +import com.android.org.bouncycastle.openssl.PEMReader; +import com.android.org.bouncycastle.openssl.PEMWriter; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStreamReader; +import java.io.OutputStreamWriter; +import java.io.Reader; +import java.io.Writer; +import java.nio.charset.Charsets; import java.security.KeyPair; +import java.util.ArrayList; +import java.util.List; /** * {@hide} @@ -60,6 +71,40 @@ public class Credentials { /** Data type for PKCS12. */ public static final String PKCS12 = "PKCS12"; + /** + * Convert objects to a PEM format, which is used for + * CA_CERTIFICATE, USER_CERTIFICATE, and USER_PRIVATE_KEY + * entries. + */ + public static byte[] convertToPem(Object... objects) throws IOException { + ByteArrayOutputStream bao = new ByteArrayOutputStream(); + Writer writer = new OutputStreamWriter(bao, Charsets.US_ASCII); + PEMWriter pw = new PEMWriter(writer); + for (Object o : objects) { + pw.writeObject(o); + } + pw.close(); + return bao.toByteArray(); + } + /** + * Convert objects from PEM format, which is used for + * CA_CERTIFICATE, USER_CERTIFICATE, and USER_PRIVATE_KEY + * entries. + */ + public static List convertFromPem(byte[] bytes) throws IOException { + ByteArrayInputStream bai = new ByteArrayInputStream(bytes); + Reader reader = new InputStreamReader(bai, Charsets.US_ASCII); + PEMReader pr = new PEMReader(reader); + + List result = new ArrayList(); + Object o; + while ((o = pr.readObject()) != null) { + result.add(o); + } + pr.close(); + return result; + } + private static Credentials singleton; public static Credentials getInstance() { diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index ec820cf..ba784ed 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -34,6 +34,7 @@ import java.io.ByteArrayInputStream; import java.io.Closeable; import java.io.IOException; import java.security.KeyFactory; +import java.security.KeyPair; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.Certificate; @@ -185,11 +186,9 @@ public final class KeyChain { throw new IllegalArgumentException("bytes == null"); } try { - KeyFactory keyFactory = KeyFactory.getInstance("RSA"); - return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes)); - } catch (NoSuchAlgorithmException e) { - throw new AssertionError(e); - } catch (InvalidKeySpecException e) { + KeyPair keyPair = (KeyPair) Credentials.convertFromPem(bytes).get(0); + return keyPair.getPrivate(); + } catch (IOException e) { throw new AssertionError(e); } } -- cgit v1.1