drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_frameworks_base/keystore/java/android/security/Credentials.java

239 lines
8.3 KiB
Java
Raw Normal View History

Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
/*
* Copyright (C) 2009 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security;
import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.util.Log;
Tracking upgrade to bouncycastle 1.47 Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
2012-09-04 23:01:07 -07:00
import com.android.org.bouncycastle.util.io.pem.PemObject;
import com.android.org.bouncycastle.util.io.pem.PemReader;
import com.android.org.bouncycastle.util.io.pem.PemWriter;
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
2011-06-07 13:45:33 -07:00
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Reader;
import java.io.Writer;
Switch frameworks/base over from @hidden Charsets to public StandardCharsets. Bug: 3484927 Change-Id: I5d136d2ee629588538602766a182ae14ce5fc63c
2013-06-28 16:24:48 -07:00
import java.nio.charset.StandardCharsets;
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
import java.security.KeyPair;
Tracking upgrade to bouncycastle 1.47 Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
2012-09-04 23:01:07 -07:00
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
Add signing to keystore Change the keystore to keep the private keys in keystore. When returned, it uses the OpenSSL representation of the key to allow users to use it in various operations through the OpenSSL ENGINE that connects to keystore. Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
2011-11-14 08:43:13 -08:00
import java.security.cert.X509Certificate;
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
2011-06-07 13:45:33 -07:00
import java.util.ArrayList;
import java.util.List;
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
/**
* {@hide}
*/
public class Credentials {
private static final String LOGTAG = "Credentials";
KeyStore: add java interface.
2009-09-21 11:53:59 +08:00
public static final String INSTALL_ACTION = "android.credentials.INSTALL";
Add ability to install credentials as other UID We need the ability to install from the system UID to wifi UID to explicitly bind WiFi credentials to the WiFi profile. This adds the ability for Wifi Settings to invoke installation of a PKCS12 file for the wifi UID. Bug: 8183258 Change-Id: I652b7e6fa93deda6d6d310be33f224e5a356c787
2013-03-28 09:25:51 -07:00
public static final String INSTALL_AS_USER_ACTION = "android.credentials.INSTALL_AS_USER";
Expose Credentials.UNLOCK_ACTION for callers that want to use startActivityForResult Change-Id: I729b2d8257bda3e7ff7858741ebd5415404880e7
2011-04-22 15:45:22 -07:00
public static final String UNLOCK_ACTION = "com.android.credentials.UNLOCK";
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
/** Key prefix for CA certificates. */
public static final String CA_CERTIFICATE = "CACERT_";
/** Key prefix for user certificates. */
public static final String USER_CERTIFICATE = "USRCERT_";
/** Key prefix for user private keys. */
public static final String USER_PRIVATE_KEY = "USRPKEY_";
/** Key prefix for VPN. */
public static final String VPN = "VPN_";
/** Key prefix for WIFI. */
public static final String WIFI = "WIFI_";
Always-on VPN. Adds support for always-on VPN profiles, also called "lockdown." When enabled, LockdownVpnTracker manages the netd firewall to prevent unencrypted traffic from leaving the device. It creates narrow rules to only allow traffic to the selected VPN server. When an egress network becomes available, LockdownVpnTracker will try bringing up the VPN connection, and will reconnect if disconnected. ConnectivityService augments any NetworkInfo based on the lockdown VPN status to help apps wait until the VPN is connected. This feature requires that VPN profiles use an IP address for both VPN server and DNS. It also blocks non-default APN access when enabled. Waits for USER_PRESENT after boot to check KeyStore status. Bug: 5756357 Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
2012-08-25 00:05:46 -07:00
/** Key containing suffix of lockdown VPN profile. */
public static final String LOCKDOWN_VPN = "LOCKDOWN_VPN";
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
/** Data type for public keys. */
KeyChain API for credential installation Bug: 3497064 Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
2011-06-29 10:42:35 -07:00
public static final String EXTRA_PUBLIC_KEY = "KEY";
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
/** Data type for private keys. */
KeyChain API for credential installation Bug: 3497064 Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
2011-06-29 10:42:35 -07:00
public static final String EXTRA_PRIVATE_KEY = "PKEY";
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5) frameworks/base Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply preferred choice to be selected in chooser. This allows Email settings to highlight the current choice when allowing user to change settings. keystore/java/android/security/KeyChain.java api/current.txt Implemented KeyChain functionality to pass host and port information to KeyChainActivity for display. keystore/java/android/security/KeyChain.java KeyChain now sends a PendingIntent as part of the Intent it sends to the KeyChainActivity which can be used to identify the caller in reliable way. keystore/java/android/security/KeyChain.java Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse. Added Credentials.install variant with no value for use from KeyChainActivity keystore/java/android/security/Credentials.java packages/apps/CertInstaller Source of extension constants now in Credentials src/com/android/certinstaller/CertFile.java packages/apps/Browser Have browser supply host and port information to KeyChain.choosePrivateKeyAlias Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/browser/Tab.java packages/apps/Email Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/email/view/CertificateSelector.java packages/apps/KeyChain KeyChain now depends on bouncycastle X509Name for formatting X500Principals, since the 4 X500Principal formatting options could not format emailAddress attributes in a human readable way and its the most important attribute to display for client certificates in most cases. Android.mk Changing the UI to a dialog, make the activity style transparent. AndroidManifest.xml res/values/styles.xml Layout for chooser dialog res/layout/cert_chooser.xml Layout for list items in chooser res/layout/cert_item.xml New resources for dialog including comments for translators. res/values/strings.xml New dialog based KeyChainActivity. Now also shows requesting app and requesting server. Now can preselect a specified alias. New link directly to CertInstaller. src/com/android/keychain/KeyChainActivity.java Fix KeyChainTestActivity to work with TestKeyStore changes that were causing network activity on the UI to look up the name of localhost. Also track KeyChain.choosePrivateKeyAlias API change. tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
2011-06-24 02:13:23 -07:00
// historically used by Android
public static final String EXTENSION_CRT = ".crt";
public static final String EXTENSION_P12 = ".p12";
// commonly used on Windows
public static final String EXTENSION_CER = ".cer";
public static final String EXTENSION_PFX = ".pfx";
Add ability to install credentials as other UID We need the ability to install from the system UID to wifi UID to explicitly bind WiFi credentials to the WiFi profile. This adds the ability for Wifi Settings to invoke installation of a PKCS12 file for the wifi UID. Bug: 8183258 Change-Id: I652b7e6fa93deda6d6d310be33f224e5a356c787
2013-03-28 09:25:51 -07:00
/**
* Intent extra: install the certificate bundle as this UID instead of
* system.
*/
public static final String EXTRA_INSTALL_AS_UID = "install_as_uid";
Add signing to keystore Change the keystore to keep the private keys in keystore. When returned, it uses the OpenSSL representation of the key to allow users to use it in various operations through the OpenSSL ENGINE that connects to keystore. Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
2011-11-14 08:43:13 -08:00
/**
* Intent extra: name for the user's private key.
*/
public static final String EXTRA_USER_PRIVATE_KEY_NAME = "user_private_key_name";
/**
* Intent extra: data for the user's private key in PEM-encoded PKCS#8.
*/
public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data";
/**
* Intent extra: name for the user's certificate.
*/
public static final String EXTRA_USER_CERTIFICATE_NAME = "user_certificate_name";
/**
* Intent extra: data for the user's certificate in PEM-encoded X.509.
*/
public static final String EXTRA_USER_CERTIFICATE_DATA = "user_certificate_data";
/**
* Intent extra: name for CA certificate chain
*/
public static final String EXTRA_CA_CERTIFICATES_NAME = "ca_certificates_name";
/**
* Intent extra: data for CA certificate chain in PEM-encoded X.509.
*/
public static final String EXTRA_CA_CERTIFICATES_DATA = "ca_certificates_data";
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
2011-06-07 13:45:33 -07:00
/**
Tracking upgrade to bouncycastle 1.47 Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
2012-09-04 23:01:07 -07:00
* Convert objects to a PEM format which is used for
* CA_CERTIFICATE and USER_CERTIFICATE entries.
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
2011-06-07 13:45:33 -07:00
*/
Tracking upgrade to bouncycastle 1.47 Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
2012-09-04 23:01:07 -07:00
public static byte[] convertToPem(Certificate... objects)
throws IOException, CertificateEncodingException {
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
2011-06-07 13:45:33 -07:00
ByteArrayOutputStream bao = new ByteArrayOutputStream();
Switch frameworks/base over from @hidden Charsets to public StandardCharsets. Bug: 3484927 Change-Id: I5d136d2ee629588538602766a182ae14ce5fc63c
2013-06-28 16:24:48 -07:00
Writer writer = new OutputStreamWriter(bao, StandardCharsets.US_ASCII);
Tracking upgrade to bouncycastle 1.47 Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
2012-09-04 23:01:07 -07:00
PemWriter pw = new PemWriter(writer);
for (Certificate o : objects) {
pw.writeObject(new PemObject("CERTIFICATE", o.getEncoded()));
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
2011-06-07 13:45:33 -07:00
}
pw.close();
return bao.toByteArray();
}
/**
* Convert objects from PEM format, which is used for
Tracking upgrade to bouncycastle 1.47 Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
2012-09-04 23:01:07 -07:00
* CA_CERTIFICATE and USER_CERTIFICATE entries.
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
2011-06-07 13:45:33 -07:00
*/
Tracking upgrade to bouncycastle 1.47 Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
2012-09-04 23:01:07 -07:00
public static List<X509Certificate> convertFromPem(byte[] bytes)
throws IOException, CertificateException {
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
2011-06-07 13:45:33 -07:00
ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
Switch frameworks/base over from @hidden Charsets to public StandardCharsets. Bug: 3484927 Change-Id: I5d136d2ee629588538602766a182ae14ce5fc63c
2013-06-28 16:24:48 -07:00
Reader reader = new InputStreamReader(bai, StandardCharsets.US_ASCII);
Tracking upgrade to bouncycastle 1.47 Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
2012-09-04 23:01:07 -07:00
PemReader pr = new PemReader(reader);
CertificateFactory cf = CertificateFactory.getInstance("X509");
List<X509Certificate> result = new ArrayList<X509Certificate>();
PemObject o;
while ((o = pr.readPemObject()) != null) {
if (o.getType().equals("CERTIFICATE")) {
Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));
result.add((X509Certificate) c);
} else {
throw new IllegalArgumentException("Unknown type " + o.getType());
}
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
2011-06-07 13:45:33 -07:00
}
pr.close();
return result;
}
KeyStore: add java interface.
2009-09-21 11:53:59 +08:00
private static Credentials singleton;
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
public static Credentials getInstance() {
if (singleton == null) {
singleton = new Credentials();
}
return singleton;
}
public void unlock(Context context) {
try {
Expose Credentials.UNLOCK_ACTION for callers that want to use startActivityForResult Change-Id: I729b2d8257bda3e7ff7858741ebd5415404880e7
2011-04-22 15:45:22 -07:00
Intent intent = new Intent(UNLOCK_ACTION);
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
context.startActivity(intent);
} catch (ActivityNotFoundException e) {
Log.w(LOGTAG, e.toString());
}
}
Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5) frameworks/base Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply preferred choice to be selected in chooser. This allows Email settings to highlight the current choice when allowing user to change settings. keystore/java/android/security/KeyChain.java api/current.txt Implemented KeyChain functionality to pass host and port information to KeyChainActivity for display. keystore/java/android/security/KeyChain.java KeyChain now sends a PendingIntent as part of the Intent it sends to the KeyChainActivity which can be used to identify the caller in reliable way. keystore/java/android/security/KeyChain.java Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse. Added Credentials.install variant with no value for use from KeyChainActivity keystore/java/android/security/Credentials.java packages/apps/CertInstaller Source of extension constants now in Credentials src/com/android/certinstaller/CertFile.java packages/apps/Browser Have browser supply host and port information to KeyChain.choosePrivateKeyAlias Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/browser/Tab.java packages/apps/Email Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/email/view/CertificateSelector.java packages/apps/KeyChain KeyChain now depends on bouncycastle X509Name for formatting X500Principals, since the 4 X500Principal formatting options could not format emailAddress attributes in a human readable way and its the most important attribute to display for client certificates in most cases. Android.mk Changing the UI to a dialog, make the activity style transparent. AndroidManifest.xml res/values/styles.xml Layout for chooser dialog res/layout/cert_chooser.xml Layout for list items in chooser res/layout/cert_item.xml New resources for dialog including comments for translators. res/values/strings.xml New dialog based KeyChainActivity. Now also shows requesting app and requesting server. Now can preselect a specified alias. New link directly to CertInstaller. src/com/android/keychain/KeyChainActivity.java Fix KeyChainTestActivity to work with TestKeyStore changes that were causing network activity on the UI to look up the name of localhost. Also track KeyChain.choosePrivateKeyAlias API change. tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
2011-06-24 02:13:23 -07:00
public void install(Context context) {
try {
KeyChain API for credential installation Bug: 3497064 Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
2011-06-29 10:42:35 -07:00
Intent intent = KeyChain.createInstallIntent();
Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5) frameworks/base Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply preferred choice to be selected in chooser. This allows Email settings to highlight the current choice when allowing user to change settings. keystore/java/android/security/KeyChain.java api/current.txt Implemented KeyChain functionality to pass host and port information to KeyChainActivity for display. keystore/java/android/security/KeyChain.java KeyChain now sends a PendingIntent as part of the Intent it sends to the KeyChainActivity which can be used to identify the caller in reliable way. keystore/java/android/security/KeyChain.java Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse. Added Credentials.install variant with no value for use from KeyChainActivity keystore/java/android/security/Credentials.java packages/apps/CertInstaller Source of extension constants now in Credentials src/com/android/certinstaller/CertFile.java packages/apps/Browser Have browser supply host and port information to KeyChain.choosePrivateKeyAlias Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/browser/Tab.java packages/apps/Email Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/email/view/CertificateSelector.java packages/apps/KeyChain KeyChain now depends on bouncycastle X509Name for formatting X500Principals, since the 4 X500Principal formatting options could not format emailAddress attributes in a human readable way and its the most important attribute to display for client certificates in most cases. Android.mk Changing the UI to a dialog, make the activity style transparent. AndroidManifest.xml res/values/styles.xml Layout for chooser dialog res/layout/cert_chooser.xml Layout for list items in chooser res/layout/cert_item.xml New resources for dialog including comments for translators. res/values/strings.xml New dialog based KeyChainActivity. Now also shows requesting app and requesting server. Now can preselect a specified alias. New link directly to CertInstaller. src/com/android/keychain/KeyChainActivity.java Fix KeyChainTestActivity to work with TestKeyStore changes that were causing network activity on the UI to look up the name of localhost. Also track KeyChain.choosePrivateKeyAlias API change. tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
2011-06-24 02:13:23 -07:00
context.startActivity(intent);
} catch (ActivityNotFoundException e) {
Log.w(LOGTAG, e.toString());
}
}
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
public void install(Context context, KeyPair pair) {
try {
KeyChain API for credential installation Bug: 3497064 Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
2011-06-29 10:42:35 -07:00
Intent intent = KeyChain.createInstallIntent();
intent.putExtra(EXTRA_PRIVATE_KEY, pair.getPrivate().getEncoded());
intent.putExtra(EXTRA_PUBLIC_KEY, pair.getPublic().getEncoded());
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
context.startActivity(intent);
} catch (ActivityNotFoundException e) {
Log.w(LOGTAG, e.toString());
}
}
public void install(Context context, String type, byte[] value) {
try {
KeyChain API for credential installation Bug: 3497064 Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
2011-06-29 10:42:35 -07:00
Intent intent = KeyChain.createInstallIntent();
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
intent.putExtra(type, value);
context.startActivity(intent);
} catch (ActivityNotFoundException e) {
Log.w(LOGTAG, e.toString());
}
}
Add KeyPairGenerator for Android keystore This allows end-users to generate keys in the keystore without the private part of the key ever needing to leave the device. The generation process also generates a self-signed certificate. Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
2012-08-20 10:48:46 -07:00
/**
* Delete all types (private key, certificate, CA certificate) for a
* particular {@code alias}. All three can exist for any given alias.
* Returns {@code true} if there was at least one of those types.
*/
static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) {
/*
* Make sure every type is deleted. There can be all three types, so
* don't use a conditional here.
*/
return keystore.delKey(Credentials.USER_PRIVATE_KEY + alias)
Add ability to replace chain for PrivateKeyEntry For the AndroidKeyStore API, allow entries to have their certificate chain replaced without destroying the underlying PrivateKey. Since entries are backed by unexportable private keys, requiring them to be supplied again doesn't make sense and is impossible. Change-Id: I629ce2a625315c8d8020a082892650ac5eba22ae
2012-08-21 15:23:35 -07:00
| deleteCertificateTypesForAlias(keystore, alias);
}
/**
* Delete all types (private key, certificate, CA certificate) for a
* particular {@code alias}. All three can exist for any given alias.
* Returns {@code true} if there was at least one of those types.
*/
static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) {
/*
* Make sure every certificate type is deleted. There can be two types,
* so don't use a conditional here.
*/
return keystore.delete(Credentials.USER_CERTIFICATE + alias)
Add KeyPairGenerator for Android keystore This allows end-users to generate keys in the keystore without the private part of the key ever needing to leave the device. The generation process also generates a self-signed certificate. Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
2012-08-20 10:48:46 -07:00
| keystore.delete(Credentials.CA_CERTIFICATE + alias);
}
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
2009-09-18 12:00:12 +08:00
}
Reference in New Issue Copy Permalink