Install client cert chain as CA_CERTIFICATE in keystore

CA_CERTIFICATE should store the cert chain minus the leaf cert. Bug: 18239590 Change-Id: Ie05715ea07ba71bcf206050af461bc478a9ce643
author: Rubin Xu <rubinxu@google.com> 2016-03-23 12:37:10 +0000
committer: Rubin Xu <rubinxu@google.com> 2016-03-24 14:14:25 +0000
commit: 8714f06db21f7db391db5e6d126bcac9447e6592 (patch)
tree: f18b31fac946a39f70a6539a84c16bc45de0ffdf
parent: 9686ec6f53fe1f59efb5781dbdb3b22a4b24d3a8 (diff)
download: KeyChain-8714f06db21f7db391db5e6d126bcac9447e6592.tar.gz
1 files changed, 26 insertions, 1 deletions
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java
index 8ba71ac..1627655 100644
--- a/src/com/android/keychain/KeyChainService.java
+++ b/src/com/android/keychain/KeyChainService.java
@@ -120,6 +120,11 @@ public class KeyChainService extends IntentService {
             return mKeyStore.get(Credentials.USER_CERTIFICATE + alias);
         }
 
+        @Override public byte[] getCaCertificates(String alias) {
+            checkArgs(alias);
+            return mKeyStore.get(Credentials.CA_CERTIFICATE + alias);
+        }
+
         private void checkArgs(String alias) {
             if (alias == null) {
                 throw new NullPointerException("alias == null");
@@ -151,8 +156,17 @@ public class KeyChainService extends IntentService {
             broadcastStorageChange();
         }
 
+        /**
+         * Install a key pair to the keystore.
+         *
+         * @param privateKey The private key associated with the client certificate
+         * @param userCertificate The client certificate to be installed
+         * @param userCertificateChain The rest of the chain for the client certificate
+         * @param alias The alias under which the key pair is installed
+         * @return Whether the operation succeeded or not.
+         */
         @Override public boolean installKeyPair(byte[] privateKey, byte[] userCertificate,
-                String alias) {
+                byte[] userCertificateChain, String alias) {
             checkCertInstallerOrSystemCaller();
             if (!mKeyStore.isUnlocked()) {
                 Log.e(TAG, "Keystore is " + mKeyStore.state().toString() + ". Credentials cannot"
@@ -175,6 +189,17 @@ public class KeyChainService extends IntentService {
                 }
                 return false;
             }
+            if (userCertificateChain != null && userCertificateChain.length > 0) {
+                if (!mKeyStore.put(Credentials.CA_CERTIFICATE + alias, userCertificateChain, -1,
+                        KeyStore.FLAG_ENCRYPTED)) {
+                    Log.e(TAG, "Failed to import certificate chain" + userCertificateChain);
+                    if (!removeKeyPair(alias)) {
+                        Log.e(TAG, "Failed to clean up key chain after certificate chain"
+                                + " importing failed");
+                    }
+                    return false;
+                }
+            }
             broadcastStorageChange();
             return true;
         }
author	Rubin Xu <rubinxu@google.com>	2016-03-23 12:37:10 +0000
committer	Rubin Xu <rubinxu@google.com>	2016-03-24 14:14:25 +0000
commit	8714f06db21f7db391db5e6d126bcac9447e6592 (patch)
tree	f18b31fac946a39f70a6539a84c16bc45de0ffdf
parent	9686ec6f53fe1f59efb5781dbdb3b22a4b24d3a8 (diff)
download	KeyChain-8714f06db21f7db391db5e6d126bcac9447e6592.tar.gz