diff options
author | Rubin Xu <rubinxu@google.com> | 2016-03-23 12:37:10 +0000 |
---|---|---|
committer | Rubin Xu <rubinxu@google.com> | 2016-03-24 14:14:25 +0000 |
commit | 8714f06db21f7db391db5e6d126bcac9447e6592 (patch) | |
tree | f18b31fac946a39f70a6539a84c16bc45de0ffdf | |
parent | 9686ec6f53fe1f59efb5781dbdb3b22a4b24d3a8 (diff) | |
download | KeyChain-8714f06db21f7db391db5e6d126bcac9447e6592.tar.gz |
Install client cert chain as CA_CERTIFICATE in keystore
CA_CERTIFICATE should store the cert chain minus the leaf cert.
Bug: 18239590
Change-Id: Ie05715ea07ba71bcf206050af461bc478a9ce643
-rw-r--r-- | src/com/android/keychain/KeyChainService.java | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java index 8ba71ac..1627655 100644 --- a/src/com/android/keychain/KeyChainService.java +++ b/src/com/android/keychain/KeyChainService.java @@ -120,6 +120,11 @@ public class KeyChainService extends IntentService { return mKeyStore.get(Credentials.USER_CERTIFICATE + alias); } + @Override public byte[] getCaCertificates(String alias) { + checkArgs(alias); + return mKeyStore.get(Credentials.CA_CERTIFICATE + alias); + } + private void checkArgs(String alias) { if (alias == null) { throw new NullPointerException("alias == null"); @@ -151,8 +156,17 @@ public class KeyChainService extends IntentService { broadcastStorageChange(); } + /** + * Install a key pair to the keystore. + * + * @param privateKey The private key associated with the client certificate + * @param userCertificate The client certificate to be installed + * @param userCertificateChain The rest of the chain for the client certificate + * @param alias The alias under which the key pair is installed + * @return Whether the operation succeeded or not. + */ @Override public boolean installKeyPair(byte[] privateKey, byte[] userCertificate, - String alias) { + byte[] userCertificateChain, String alias) { checkCertInstallerOrSystemCaller(); if (!mKeyStore.isUnlocked()) { Log.e(TAG, "Keystore is " + mKeyStore.state().toString() + ". Credentials cannot" @@ -175,6 +189,17 @@ public class KeyChainService extends IntentService { } return false; } + if (userCertificateChain != null && userCertificateChain.length > 0) { + if (!mKeyStore.put(Credentials.CA_CERTIFICATE + alias, userCertificateChain, -1, + KeyStore.FLAG_ENCRYPTED)) { + Log.e(TAG, "Failed to import certificate chain" + userCertificateChain); + if (!removeKeyPair(alias)) { + Log.e(TAG, "Failed to clean up key chain after certificate chain" + + " importing failed"); + } + return false; + } + } broadcastStorageChange(); return true; } |