From 54e03afcfe34e9875efa56650c1af3ebc8f58a89 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 7 Aug 2012 10:04:26 -0700 Subject: Use TrustedCertificateStore for chain building Move chain building to TrustedCertificateStore since it has more information about the certificates. Change-Id: I3030e94eb1abb8a2047a4151bdaad9922706dd0f --- keystore/java/android/security/KeyChain.java | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) (limited to 'keystore') diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 483ccb2..31c38d5 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -26,20 +26,16 @@ import android.os.Looper; import android.os.RemoteException; import java.io.ByteArrayInputStream; import java.io.Closeable; -import java.io.IOException; import java.security.InvalidKeyException; -import java.security.KeyPair; import java.security.Principal; import java.security.PrivateKey; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; -import java.util.ArrayList; import java.util.List; import java.util.concurrent.BlockingQueue; import java.util.concurrent.LinkedBlockingQueue; -import libcore.util.Objects; import org.apache.harmony.xnet.provider.jsse.OpenSSLEngine; import org.apache.harmony.xnet.provider.jsse.TrustedCertificateStore; @@ -341,20 +337,9 @@ public final class KeyChain { try { IKeyChainService keyChainService = keyChainConnection.getService(); byte[] certificateBytes = keyChainService.getCertificate(alias); - List chain = new ArrayList(); - chain.add(toCertificate(certificateBytes)); TrustedCertificateStore store = new TrustedCertificateStore(); - for (int i = 0; true; i++) { - X509Certificate cert = chain.get(i); - if (Objects.equal(cert.getSubjectX500Principal(), cert.getIssuerX500Principal())) { - break; - } - X509Certificate issuer = store.findIssuer(cert); - if (issuer == null) { - break; - } - chain.add(issuer); - } + List chain = store + .getCertificateChain(toCertificate(certificateBytes)); return chain.toArray(new X509Certificate[chain.size()]); } catch (RemoteException e) { throw new KeyChainException(e); -- cgit v1.1