diff options
author | Kenny Root <kroot@google.com> | 2012-03-21 14:59:32 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2012-03-21 15:00:47 -0700 |
commit | 455a911df39ac0c55f80c191a1a8c11c4aa08268 (patch) | |
tree | d9cc5324ddb0a68a58eeb4c740fa87135795a1a3 /src/com/android/settings/vpn2 | |
parent | eff40f4daf6e74a75573698df2a35c3250ac5e41 (diff) | |
download | packages_apps_Settings-455a911df39ac0c55f80c191a1a8c11c4aa08268.zip packages_apps_Settings-455a911df39ac0c55f80c191a1a8c11c4aa08268.tar.gz packages_apps_Settings-455a911df39ac0c55f80c191a1a8c11c4aa08268.tar.bz2 |
Switch VPN to use keystore ENGINE
The VPN client will no longer receive the private key material directly
from the caller. Instead it will use the keystore OpenSSL ENGINE to
request that keystore does private key operations on its behalf.
We only pass the keystore key alias to the private key instead of the
private key itself now.
Change-Id: I4ea2abda5ab7dec7d7ef5f451b96fef5bc92d811
Diffstat (limited to 'src/com/android/settings/vpn2')
-rw-r--r-- | src/com/android/settings/vpn2/VpnSettings.java | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/com/android/settings/vpn2/VpnSettings.java b/src/com/android/settings/vpn2/VpnSettings.java index 975f807..5db434c 100644 --- a/src/com/android/settings/vpn2/VpnSettings.java +++ b/src/com/android/settings/vpn2/VpnSettings.java @@ -360,9 +360,12 @@ public class VpnSettings extends SettingsPreferenceFragment implements String caCert = ""; String serverCert = ""; if (!profile.ipsecUserCert.isEmpty()) { - byte[] value = mKeyStore.get(Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert); - privateKey = (value == null) ? null : new String(value, Charsets.UTF_8); - value = mKeyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecUserCert); + /* + * VPN has a special exception in keystore to allow it to use system + * UID certs. + */ + privateKey = Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert; + byte[] value = mKeyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecUserCert); userCert = (value == null) ? null : new String(value, Charsets.UTF_8); } if (!profile.ipsecCaCert.isEmpty()) { |