Gitiles
Code Review Sign In
gerrit.witaqua.org / frameworks_base / 3876b1be27e3aefde9a72eb2e4f856e94fc5f946 / . / keystore / java / android / security / Credentials.java
blob: c8333c87c69cbbdced82002fa356a3abf32c5abf [file] [log] [blame]
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19import android.content.ActivityNotFoundException;
20import android.content.Context;
21import android.content.Intent;
22import android.util.Log;
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]23import com.android.org.bouncycastle.util.io.pem.PemObject;
24import com.android.org.bouncycastle.util.io.pem.PemReader;
25import com.android.org.bouncycastle.util.io.pem.PemWriter;
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]26import java.io.ByteArrayInputStream;
27import java.io.ByteArrayOutputStream;
28import java.io.IOException;
29import java.io.InputStreamReader;
30import java.io.OutputStreamWriter;
31import java.io.Reader;
32import java.io.Writer;
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]33import java.nio.charset.StandardCharsets;
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]34import java.security.KeyPair;
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]35import java.security.cert.Certificate;
36import java.security.cert.CertificateEncodingException;
37import java.security.cert.CertificateException;
38import java.security.cert.CertificateFactory;
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]39import java.security.cert.X509Certificate;
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]40import java.util.ArrayList;
41import java.util.List;
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]42
43/**
44 * {@hide}
45 */
46public class Credentials {
47 private static final String LOGTAG = "Credentials";
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]48
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]49 public static final String INSTALL_ACTION = "android.credentials.INSTALL";
50
Kenny Root3e7be432013-03-28 09:25:51 -0700[diff] [blame]51 public static final String INSTALL_AS_USER_ACTION = "android.credentials.INSTALL_AS_USER";
52
Brian Carlstrom4a9e1a22011-04-22 15:45:22 -0700[diff] [blame]53 public static final String UNLOCK_ACTION = "com.android.credentials.UNLOCK";
54
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]55 /** Key prefix for CA certificates. */
56 public static final String CA_CERTIFICATE = "CACERT_";
57
58 /** Key prefix for user certificates. */
59 public static final String USER_CERTIFICATE = "USRCERT_";
60
61 /** Key prefix for user private keys. */
62 public static final String USER_PRIVATE_KEY = "USRPKEY_";
63
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]64 /** Key prefix for user secret keys. */
65 public static final String USER_SECRET_KEY = "USRSKEY_";
66
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]67 /** Key prefix for VPN. */
68 public static final String VPN = "VPN_";
69
70 /** Key prefix for WIFI. */
71 public static final String WIFI = "WIFI_";
72
Jeff Sharkey69ddab42012-08-25 00:05:46 -0700[diff] [blame]73 /** Key containing suffix of lockdown VPN profile. */
74 public static final String LOCKDOWN_VPN = "LOCKDOWN_VPN";
75
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]76 /** Data type for public keys. */
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]77 public static final String EXTRA_PUBLIC_KEY = "KEY";
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]78
79 /** Data type for private keys. */
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]80 public static final String EXTRA_PRIVATE_KEY = "PKEY";
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]81
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]82 // historically used by Android
83 public static final String EXTENSION_CRT = ".crt";
84 public static final String EXTENSION_P12 = ".p12";
85 // commonly used on Windows
86 public static final String EXTENSION_CER = ".cer";
87 public static final String EXTENSION_PFX = ".pfx";
88
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]89 /**
Kenny Root3e7be432013-03-28 09:25:51 -0700[diff] [blame]90 * Intent extra: install the certificate bundle as this UID instead of
91 * system.
92 */
93 public static final String EXTRA_INSTALL_AS_UID = "install_as_uid";
94
95 /**
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]96 * Intent extra: name for the user's private key.
97 */
98 public static final String EXTRA_USER_PRIVATE_KEY_NAME = "user_private_key_name";
99
100 /**
101 * Intent extra: data for the user's private key in PEM-encoded PKCS#8.
102 */
103 public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data";
104
105 /**
106 * Intent extra: name for the user's certificate.
107 */
108 public static final String EXTRA_USER_CERTIFICATE_NAME = "user_certificate_name";
109
110 /**
111 * Intent extra: data for the user's certificate in PEM-encoded X.509.
112 */
113 public static final String EXTRA_USER_CERTIFICATE_DATA = "user_certificate_data";
114
115 /**
116 * Intent extra: name for CA certificate chain
117 */
118 public static final String EXTRA_CA_CERTIFICATES_NAME = "ca_certificates_name";
119
120 /**
121 * Intent extra: data for CA certificate chain in PEM-encoded X.509.
122 */
123 public static final String EXTRA_CA_CERTIFICATES_DATA = "ca_certificates_data";
124
125 /**
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]126 * Convert objects to a PEM format which is used for
127 * CA_CERTIFICATE and USER_CERTIFICATE entries.
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]128 */
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]129 public static byte[] convertToPem(Certificate... objects)
130 throws IOException, CertificateEncodingException {
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]131 ByteArrayOutputStream bao = new ByteArrayOutputStream();
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]132 Writer writer = new OutputStreamWriter(bao, StandardCharsets.US_ASCII);
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]133 PemWriter pw = new PemWriter(writer);
134 for (Certificate o : objects) {
135 pw.writeObject(new PemObject("CERTIFICATE", o.getEncoded()));
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]136 }
137 pw.close();
138 return bao.toByteArray();
139 }
140 /**
141 * Convert objects from PEM format, which is used for
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]142 * CA_CERTIFICATE and USER_CERTIFICATE entries.
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]143 */
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]144 public static List<X509Certificate> convertFromPem(byte[] bytes)
145 throws IOException, CertificateException {
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]146 ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]147 Reader reader = new InputStreamReader(bai, StandardCharsets.US_ASCII);
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]148 PemReader pr = new PemReader(reader);
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]149
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]150 CertificateFactory cf = CertificateFactory.getInstance("X509");
151
152 List<X509Certificate> result = new ArrayList<X509Certificate>();
153 PemObject o;
154 while ((o = pr.readPemObject()) != null) {
155 if (o.getType().equals("CERTIFICATE")) {
156 Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));
157 result.add((X509Certificate) c);
158 } else {
159 throw new IllegalArgumentException("Unknown type " + o.getType());
160 }
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]161 }
162 pr.close();
163 return result;
164 }
165
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]166 private static Credentials singleton;
167
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]168 public static Credentials getInstance() {
169 if (singleton == null) {
170 singleton = new Credentials();
171 }
172 return singleton;
173 }
174
175 public void unlock(Context context) {
176 try {
Brian Carlstrom4a9e1a22011-04-22 15:45:22 -0700[diff] [blame]177 Intent intent = new Intent(UNLOCK_ACTION);
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]178 context.startActivity(intent);
179 } catch (ActivityNotFoundException e) {
180 Log.w(LOGTAG, e.toString());
181 }
182 }
183
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]184 public void install(Context context) {
185 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]186 Intent intent = KeyChain.createInstallIntent();
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]187 context.startActivity(intent);
188 } catch (ActivityNotFoundException e) {
189 Log.w(LOGTAG, e.toString());
190 }
191 }
192
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]193 public void install(Context context, KeyPair pair) {
194 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]195 Intent intent = KeyChain.createInstallIntent();
196 intent.putExtra(EXTRA_PRIVATE_KEY, pair.getPrivate().getEncoded());
197 intent.putExtra(EXTRA_PUBLIC_KEY, pair.getPublic().getEncoded());
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]198 context.startActivity(intent);
199 } catch (ActivityNotFoundException e) {
200 Log.w(LOGTAG, e.toString());
201 }
202 }
203
204 public void install(Context context, String type, byte[] value) {
205 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]206 Intent intent = KeyChain.createInstallIntent();
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]207 intent.putExtra(type, value);
208 context.startActivity(intent);
209 } catch (ActivityNotFoundException e) {
210 Log.w(LOGTAG, e.toString());
211 }
212 }
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]213
214 /**
215 * Delete all types (private key, certificate, CA certificate) for a
216 * particular {@code alias}. All three can exist for any given alias.
217 * Returns {@code true} if there was at least one of those types.
218 */
Alex Klyubindcdaf872015-05-13 15:57:09 -0700[diff] [blame]219 public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) {
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame^]220 return deleteAllTypesForAlias(keystore, alias, KeyStore.UID_SELF);
221 }
222
223 /**
224 * Delete all types (private key, certificate, CA certificate) for a
225 * particular {@code alias}. All three can exist for any given alias.
226 * Returns {@code true} if there was at least one of those types.
227 */
228 public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias, int uid) {
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]229 /*
230 * Make sure every type is deleted. There can be all three types, so
231 * don't use a conditional here.
232 */
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame^]233 return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid)
234 | keystore.delete(Credentials.USER_SECRET_KEY + alias, uid)
235 | deleteCertificateTypesForAlias(keystore, alias, uid);
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]236 }
237
238 /**
239 * Delete all types (private key, certificate, CA certificate) for a
240 * particular {@code alias}. All three can exist for any given alias.
241 * Returns {@code true} if there was at least one of those types.
242 */
Alex Klyubindcdaf872015-05-13 15:57:09 -0700[diff] [blame]243 public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) {
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame^]244 return deleteCertificateTypesForAlias(keystore, alias, KeyStore.UID_SELF);
245 }
246
247 /**
248 * Delete all types (private key, certificate, CA certificate) for a
249 * particular {@code alias}. All three can exist for any given alias.
250 * Returns {@code true} if there was at least one of those types.
251 */
252 public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias, int uid) {
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]253 /*
254 * Make sure every certificate type is deleted. There can be two types,
255 * so don't use a conditional here.
256 */
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame^]257 return keystore.delete(Credentials.USER_CERTIFICATE + alias, uid)
258 | keystore.delete(Credentials.CA_CERTIFICATE + alias, uid);
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]259 }
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]260
261 /**
262 * Delete private key for a particular {@code alias}.
263 * Returns {@code true} if an entry was was deleted.
264 */
265 static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias) {
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame^]266 return deletePrivateKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF);
267 }
268
269 /**
270 * Delete private key for a particular {@code alias}.
271 * Returns {@code true} if an entry was was deleted.
272 */
273 static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias, int uid) {
274 return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid);
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]275 }
276
277 /**
278 * Delete secret key for a particular {@code alias}.
279 * Returns {@code true} if an entry was was deleted.
280 */
Alex Klyubindcdaf872015-05-13 15:57:09 -0700[diff] [blame]281 public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias) {
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame^]282 return deleteSecretKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF);
283 }
284
285 /**
286 * Delete secret key for a particular {@code alias}.
287 * Returns {@code true} if an entry was was deleted.
288 */
289 public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias, int uid) {
290 return keystore.delete(Credentials.USER_SECRET_KEY + alias, uid);
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]291 }
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]292}