Gitiles
Code Review Sign In
gerrit.witaqua.org / frameworks_base / 69ddab4575ff684c533c995e07ca15fe18543fc0 / . / keystore / java / android / security / Credentials.java
blob: b233ff6f3c05100b82fdaaeca3d09908456b7499 [file] [log] [blame]
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19import android.content.ActivityNotFoundException;
20import android.content.Context;
21import android.content.Intent;
22import android.util.Log;
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]23import com.android.org.bouncycastle.openssl.PEMReader;
24import com.android.org.bouncycastle.openssl.PEMWriter;
25import java.io.ByteArrayInputStream;
26import java.io.ByteArrayOutputStream;
27import java.io.IOException;
28import java.io.InputStreamReader;
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]29import java.io.ObjectOutputStream;
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]30import java.io.OutputStreamWriter;
31import java.io.Reader;
32import java.io.Writer;
33import java.nio.charset.Charsets;
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]34import java.security.KeyPair;
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]35import java.security.cert.X509Certificate;
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]36import java.util.ArrayList;
37import java.util.List;
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]38
39/**
40 * {@hide}
41 */
42public class Credentials {
43 private static final String LOGTAG = "Credentials";
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]44
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]45 public static final String INSTALL_ACTION = "android.credentials.INSTALL";
46
Brian Carlstrom4a9e1a22011-04-22 15:45:22 -0700[diff] [blame]47 public static final String UNLOCK_ACTION = "com.android.credentials.UNLOCK";
48
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]49 /** Key prefix for CA certificates. */
50 public static final String CA_CERTIFICATE = "CACERT_";
51
52 /** Key prefix for user certificates. */
53 public static final String USER_CERTIFICATE = "USRCERT_";
54
55 /** Key prefix for user private keys. */
56 public static final String USER_PRIVATE_KEY = "USRPKEY_";
57
58 /** Key prefix for VPN. */
59 public static final String VPN = "VPN_";
60
61 /** Key prefix for WIFI. */
62 public static final String WIFI = "WIFI_";
63
Jeff Sharkey69ddab42012-08-25 00:05:46 -0700[diff] [blame^]64 /** Key containing suffix of lockdown VPN profile. */
65 public static final String LOCKDOWN_VPN = "LOCKDOWN_VPN";
66
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]67 /** Data type for public keys. */
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]68 public static final String EXTRA_PUBLIC_KEY = "KEY";
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]69
70 /** Data type for private keys. */
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]71 public static final String EXTRA_PRIVATE_KEY = "PKEY";
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]72
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]73 // historically used by Android
74 public static final String EXTENSION_CRT = ".crt";
75 public static final String EXTENSION_P12 = ".p12";
76 // commonly used on Windows
77 public static final String EXTENSION_CER = ".cer";
78 public static final String EXTENSION_PFX = ".pfx";
79
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]80 /**
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]81 * Intent extra: name for the user's private key.
82 */
83 public static final String EXTRA_USER_PRIVATE_KEY_NAME = "user_private_key_name";
84
85 /**
86 * Intent extra: data for the user's private key in PEM-encoded PKCS#8.
87 */
88 public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data";
89
90 /**
91 * Intent extra: name for the user's certificate.
92 */
93 public static final String EXTRA_USER_CERTIFICATE_NAME = "user_certificate_name";
94
95 /**
96 * Intent extra: data for the user's certificate in PEM-encoded X.509.
97 */
98 public static final String EXTRA_USER_CERTIFICATE_DATA = "user_certificate_data";
99
100 /**
101 * Intent extra: name for CA certificate chain
102 */
103 public static final String EXTRA_CA_CERTIFICATES_NAME = "ca_certificates_name";
104
105 /**
106 * Intent extra: data for CA certificate chain in PEM-encoded X.509.
107 */
108 public static final String EXTRA_CA_CERTIFICATES_DATA = "ca_certificates_data";
109
110 /**
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]111 * Convert objects to a PEM format, which is used for
112 * CA_CERTIFICATE, USER_CERTIFICATE, and USER_PRIVATE_KEY
113 * entries.
114 */
115 public static byte[] convertToPem(Object... objects) throws IOException {
116 ByteArrayOutputStream bao = new ByteArrayOutputStream();
117 Writer writer = new OutputStreamWriter(bao, Charsets.US_ASCII);
118 PEMWriter pw = new PEMWriter(writer);
119 for (Object o : objects) {
120 pw.writeObject(o);
121 }
122 pw.close();
123 return bao.toByteArray();
124 }
125 /**
126 * Convert objects from PEM format, which is used for
127 * CA_CERTIFICATE, USER_CERTIFICATE, and USER_PRIVATE_KEY
128 * entries.
129 */
130 public static List<Object> convertFromPem(byte[] bytes) throws IOException {
131 ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
132 Reader reader = new InputStreamReader(bai, Charsets.US_ASCII);
133 PEMReader pr = new PEMReader(reader);
134
135 List<Object> result = new ArrayList<Object>();
136 Object o;
137 while ((o = pr.readObject()) != null) {
138 result.add(o);
139 }
140 pr.close();
141 return result;
142 }
143
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]144 private static Credentials singleton;
145
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]146 public static Credentials getInstance() {
147 if (singleton == null) {
148 singleton = new Credentials();
149 }
150 return singleton;
151 }
152
153 public void unlock(Context context) {
154 try {
Brian Carlstrom4a9e1a22011-04-22 15:45:22 -0700[diff] [blame]155 Intent intent = new Intent(UNLOCK_ACTION);
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]156 context.startActivity(intent);
157 } catch (ActivityNotFoundException e) {
158 Log.w(LOGTAG, e.toString());
159 }
160 }
161
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]162 public void install(Context context) {
163 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]164 Intent intent = KeyChain.createInstallIntent();
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]165 context.startActivity(intent);
166 } catch (ActivityNotFoundException e) {
167 Log.w(LOGTAG, e.toString());
168 }
169 }
170
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]171 public void install(Context context, KeyPair pair) {
172 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]173 Intent intent = KeyChain.createInstallIntent();
174 intent.putExtra(EXTRA_PRIVATE_KEY, pair.getPrivate().getEncoded());
175 intent.putExtra(EXTRA_PUBLIC_KEY, pair.getPublic().getEncoded());
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]176 context.startActivity(intent);
177 } catch (ActivityNotFoundException e) {
178 Log.w(LOGTAG, e.toString());
179 }
180 }
181
182 public void install(Context context, String type, byte[] value) {
183 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]184 Intent intent = KeyChain.createInstallIntent();
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]185 intent.putExtra(type, value);
186 context.startActivity(intent);
187 } catch (ActivityNotFoundException e) {
188 Log.w(LOGTAG, e.toString());
189 }
190 }
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]191
192 /**
193 * Delete all types (private key, certificate, CA certificate) for a
194 * particular {@code alias}. All three can exist for any given alias.
195 * Returns {@code true} if there was at least one of those types.
196 */
197 static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) {
198 /*
199 * Make sure every type is deleted. There can be all three types, so
200 * don't use a conditional here.
201 */
202 return keystore.delKey(Credentials.USER_PRIVATE_KEY + alias)
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]203 | deleteCertificateTypesForAlias(keystore, alias);
204 }
205
206 /**
207 * Delete all types (private key, certificate, CA certificate) for a
208 * particular {@code alias}. All three can exist for any given alias.
209 * Returns {@code true} if there was at least one of those types.
210 */
211 static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) {
212 /*
213 * Make sure every certificate type is deleted. There can be two types,
214 * so don't use a conditional here.
215 */
216 return keystore.delete(Credentials.USER_CERTIFICATE + alias)
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]217 | keystore.delete(Credentials.CA_CERTIFICATE + alias);
218 }
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]219}