Remove old keystore and related files.
diff --git a/keystore/java/android/security/CertTool.java b/keystore/java/android/security/CertTool.java
deleted file mode 100644
index 88d6e3d..0000000
--- a/keystore/java/android/security/CertTool.java
+++ /dev/null
@@ -1,357 +0,0 @@
-/*
- * Copyright (C) 2009 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security;
-
-import android.content.Context;
-import android.content.Intent;
-import android.security.Keystore;
-import android.text.TextUtils;
-import android.util.Log;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.util.ArrayList;
-
-/**
- * The CertTool class provides the functions to list the certs/keys,
- * generate the certificate request(csr) and store certificates into
- * keystore.
- *
- * {@hide}
- */
-public class CertTool {
- static {
- System.loadLibrary("certtool_jni");
- }
-
- /** Keystore namespace for CA certificates. */
- public static final String CA_CERTIFICATE = "CACERT";
-
- /** Keystore namespace for user certificates. */
- public static final String USER_CERTIFICATE = "USRCERT";
-
- /** Keystore namespace for user private keys. */
- public static final String USER_KEY = "USRKEY";
-
- /** Action string for adding certificates to keystore. */
- public static final String ACTION_ADD_CREDENTIAL =
- "android.security.ADD_CREDENTIAL";
-
- /** Action string for installing certificates to keystore from sdcard. */
- public static final String ACTION_INSTALL_CERT_FROM_SDCARD =
- "android.security.INSTALL_CERT_FROM_SDCARD";
-
- /** Dialog title for adding a CA certificate. */
- public static final String TITLE_CA_CERT = "CA Certificate";
-
- /** Dialog title for adding a user certificate. */
- public static final String TITLE_USER_CERT = "User Certificate";
-
- /** Dialog title for adding a user private key. */
- public static final String TITLE_PRIVATE_KEY = "Private Key";
-
- /** Dialog title for adding a PKCS12 keystore. */
- public static final String TITLE_PKCS12_KEYSTORE = "PKCS12 Keystore";
-
- public static final int INCORRECT_PKCS12_PASSPHRASE = -100;
-
- /**
- * The builder class for building an add-credential-to-keystore intent.
- */
- public static class AddCredentialIntentBuilder {
- private Intent mIntent;
- private int mCount;
-
- /**
- * Creates a builder to build a add-credential-to-keystore intent.
- *
- * @param title title of the dialog for adding this credential
- * @param descriptions description strings to show on the dialog
- */
- public AddCredentialIntentBuilder(String title,
- String... descriptions) {
- Intent intent = new Intent(ACTION_ADD_CREDENTIAL);
- intent.putExtra(KEY_TITLE, title);
-
- int i = 0;
- for (String description : descriptions) {
- intent.putExtra(KEY_DESCRIPTION + (i++), description);
- }
- mIntent = intent;
- }
-
- /**
- * Adds credential data to the intent.
- *
- * @param namespace the namespace of the keystore to add the credential
- * data to
- * @param data the credential data
- * @return this builder
- */
- public AddCredentialIntentBuilder addCredential(String namespace,
- byte[] data) {
- mIntent.putExtra(KEY_NAMESPACE + mCount, namespace);
- mIntent.putExtra(KEY_ITEM + mCount, data);
- mCount++;
- return this;
- }
-
- /** Returns the intent. */
- public Intent build() {
- return mIntent;
- }
- }
-
- /**
- * Request for adding credential data to keystore.
- */
- public static class AddCredentialRequest {
- private Intent mIntent;
-
- /**
- * Creates an add-credential-data-to-keystore request.
- *
- * @param intent an add-credential-data-to-keystore intent
- * @see AddCredentialIntentBuilder
- */
- public AddCredentialRequest(Intent intent) {
- mIntent = intent;
- }
-
- /** Returns the dialog title. */
- public String getTitle() {
- return mIntent.getStringExtra(KEY_TITLE);
- }
-
- /**
- * Returns the i'th credential data.
- * @return the data or null if not exists
- */
- public byte[] getDataAt(int i) {
- return mIntent.getByteArrayExtra(KEY_ITEM + i);
- }
-
- /**
- * Returns the namespace of the i'th credential data.
- * @return the namespace string or null if missing
- */
- public String getNamespaceAt(int i) {
- return mIntent.getStringExtra(KEY_NAMESPACE + i);
- }
-
- /** Returns the descriptions of the credential data. */
- public String[] getDescriptions() {
- ArrayList<String> list = new ArrayList<String>();
- for (int i = 0; ; i++) {
- String s = mIntent.getStringExtra(KEY_DESCRIPTION + i);
- if (s == null) break;
- list.add(s);
- }
- return list.toArray(new String[list.size()]);
- }
- }
-
- private static final String KEY_TITLE = "typeName";
- private static final String KEY_ITEM = "item";
- private static final String KEY_NAMESPACE = "namespace";
- private static final String KEY_DESCRIPTION = "description";
-
- private static final String TAG = "CertTool";
- private static final String UNKNOWN = "Unknown";
- private static final String ISSUER_NAME = "Issuer Name:";
- private static final String DISTINCT_NAME = "Distinct Name:";
-
- private static final String KEYNAME_DELIMITER = "_";
- private static final Keystore sKeystore = Keystore.getInstance();
-
- private native int getPkcs12Handle(byte[] data, String password);
- private native String getPkcs12Certificate(int handle);
- private native String getPkcs12PrivateKey(int handle);
- private native String popPkcs12CertificateStack(int handle);
- private native void freePkcs12Handle(int handle);
- private native String generateCertificateRequest(int bits, String challenge);
- private native boolean isPkcs12Keystore(byte[] data);
- private native int generateX509Certificate(byte[] data);
- private native boolean isCaCertificate(int handle);
- private native String getIssuerDN(int handle);
- private native String getCertificateDN(int handle);
- private native String getPrivateKeyPEM(int handle);
- private native void freeX509Certificate(int handle);
-
- private static CertTool sSingleton = null;
-
- private CertTool() { }
-
- public static final CertTool getInstance() {
- if (sSingleton == null) {
- sSingleton = new CertTool();
- }
- return sSingleton;
- }
-
- /**
- * Gets the full key to retrieve the user private key from the keystore.
- * @see #getAllUserCertificateKeys()
- */
- public String getUserPrivateKey(String key) {
- return USER_KEY + KEYNAME_DELIMITER + key;
- }
-
- /**
- * Gets the full key to retrieve the user certificate from the keystore.
- * @see #getAllUserCertificateKeys()
- */
- public String getUserCertificate(String key) {
- return USER_CERTIFICATE + KEYNAME_DELIMITER + key;
- }
-
- /**
- * Gets the full key to retrieve the CA certificate from the keystore.
- * @see #getAllCaCertificateKeys()
- */
- public String getCaCertificate(String key) {
- return CA_CERTIFICATE + KEYNAME_DELIMITER + key;
- }
-
- /**
- * Gets all the keys to the user certificates/private keys stored in the
- * keystore.
- * @see #getUserCertificate(String)
- * @see #getUserPrivateKey(String)
- */
- public String[] getAllUserCertificateKeys() {
- return sKeystore.listKeys(USER_KEY);
- }
-
- /**
- * Gets all the keys to the CA certificates stored in the keystore.
- * @see #getCaCertificate(String)
- */
- public String[] getAllCaCertificateKeys() {
- return sKeystore.listKeys(CA_CERTIFICATE);
- }
-
- public String[] getSupportedKeyStrenghs() {
- return new String[] {"High Grade", "Medium Grade"};
- }
-
- private int getKeyLength(int index) {
- if (index == 0) return 2048;
- return 1024;
- }
-
- /**
- * Generates a key pair.
- *
- * @param keyStrengthIndex index to the array of supported key strengths;
- * see {@link #getSupportedKeyStrenghs()}
- * @param challenge the challenge string for generating the pair
- * @param dirName (not used)
- * @return a certificate request from the resulted public key
- */
- public String generateKeyPair(int keyStrengthIndex, String challenge,
- String dirName) {
- return generateCertificateRequest(getKeyLength(keyStrengthIndex),
- challenge);
- }
-
- private int extractAndStoreKeysFromPkcs12(int handle, String keyname) {
- int ret, i = 0;
- String pemData;
-
- if ((pemData = getPkcs12Certificate(handle)) != null) {
- if ((ret = sKeystore.put(USER_CERTIFICATE, keyname, pemData)) != 0) {
- return ret;
- }
- }
- if ((pemData = getPkcs12PrivateKey(handle)) != null) {
- if ((ret = sKeystore.put(USER_KEY, keyname, pemData)) != 0) {
- return ret;
- }
- }
- if ((pemData = this.popPkcs12CertificateStack(handle)) != null) {
- if ((ret = sKeystore.put(CA_CERTIFICATE, keyname, pemData)) != 0) {
- return ret;
- }
- }
- return 0;
- }
-
- /** Adds a PKCS12 keystore to the keystore. */
- public int addPkcs12Keystore(byte[] p12Data, String password,
- String keyname) {
- int handle, ret;
- Log.i("CertTool", "addPkcs12Keystore()");
-
- if ((handle = getPkcs12Handle(p12Data, password)) == 0) {
- return INCORRECT_PKCS12_PASSPHRASE;
- }
- ret = extractAndStoreKeysFromPkcs12(handle, keyname);
- freePkcs12Handle(handle);
- return ret;
- }
-
- /**
- * Adds a certificate to the keystore.
- *
- * @param data the certificate data
- * @param context the context to send an add-credential-to-keystore intent
- */
- public synchronized void addCertificate(byte[] data, Context context) {
- int handle;
- Intent intent = null;
-
- Log.i("CertTool", "addCertificate()");
- if (isPkcs12Keystore(data)) {
- intent = prepareIntent(TITLE_PKCS12_KEYSTORE, UNKNOWN, UNKNOWN)
- .addCredential(USER_KEY, data).build();
- } else if ((handle = generateX509Certificate(data)) != 0) {
- String issuer = getIssuerDN(handle);
- String distinctName = getCertificateDN(handle);
- String privateKeyPEM = getPrivateKeyPEM(handle);
- if (isCaCertificate(handle)) {
- intent = prepareIntent(TITLE_CA_CERT, issuer, distinctName)
- .addCredential(CA_CERTIFICATE, data).build();
- } else {
- AddCredentialIntentBuilder builder =
- prepareIntent(TITLE_USER_CERT, issuer, distinctName)
- .addCredential(USER_CERTIFICATE, data);
- if (!TextUtils.isEmpty(privateKeyPEM)) {
- builder.addCredential(USER_KEY, privateKeyPEM.getBytes());
- }
- intent = builder.build();
- }
- freeX509Certificate(handle);
- }
- if (intent != null) {
- context.startActivity(intent);
- } else {
- Log.w("CertTool", "incorrect data for addCertificate()");
- }
- }
-
- private AddCredentialIntentBuilder prepareIntent(
- String title, String issuer, String distinctName) {
- return new AddCredentialIntentBuilder(title, ISSUER_NAME + issuer,
- DISTINCT_NAME + distinctName);
- }
-}
diff --git a/keystore/java/android/security/Keystore.java b/keystore/java/android/security/Keystore.java
deleted file mode 100644
index b47ae12..0000000
--- a/keystore/java/android/security/Keystore.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (C) 2009 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security;
-
-/**
- * The Keystore class provides the functions to list the certs/keys in keystore.
- * {@hide}
- */
-
-public abstract class Keystore {
- /** Action to unlock (or initialize) the keystore. */
- public static final String ACTION_UNLOCK_CREDENTIAL_STORAGE =
- "android.security.UNLOCK_CREDENTIAL_STORAGE";
-
- // Keystore States
- public static final int BOOTUP = 0;
- public static final int UNINITIALIZED = 1;
- public static final int LOCKED = 2;
- public static final int UNLOCKED = 3;
-
- private static final String TAG = "Keystore";
- private static final String[] NOTFOUND = new String[0];
-
- public static Keystore getInstance() {
- return new FileKeystore();
- }
-
- public abstract int lock();
- public abstract int unlock(String password);
- public abstract int getState();
- public abstract int changePassword(String oldPassword, String newPassword);
- public abstract int setPassword(String firstPassword);
- public abstract String[] listKeys(String namespace);
- public abstract int put(String namespace, String keyname, String value);
- public abstract String get(String namespace, String keyname);
- public abstract int remove(String namespace, String keyname);
- public abstract int reset();
-
- private static class FileKeystore extends Keystore {
- private static final String SERVICE_NAME = "keystore";
- private static final String CA_CERTIFICATE = "CaCertificate";
- private static final String USER_CERTIFICATE = "UserCertificate";
- private static final String USER_KEY = "UserPrivateKey";
- private static final ServiceCommand mServiceCommand =
- new ServiceCommand(SERVICE_NAME);
-
- @Override
- public int lock() {
- Reply result = mServiceCommand.execute(ServiceCommand.LOCK);
- return (result != null) ? result.returnCode : -1;
- }
-
- @Override
- public int unlock(String password) {
- Reply result = mServiceCommand.execute(ServiceCommand.UNLOCK,
- password);
- return (result != null) ? result.returnCode : -1;
- }
-
- @Override
- public int getState() {
- Reply result = mServiceCommand.execute(ServiceCommand.GET_STATE);
- return (result != null) ? result.returnCode : -1;
- }
-
- @Override
- public int changePassword(String oldPassword, String newPassword) {
- Reply result = mServiceCommand.execute(ServiceCommand.PASSWD,
- oldPassword, newPassword);
- return (result != null) ? result.returnCode : -1;
- }
-
- @Override
- public int setPassword(String firstPassword) {
- Reply result = mServiceCommand.execute(ServiceCommand.PASSWD,
- firstPassword);
- return (result != null) ? result.returnCode : -1;
- }
-
- @Override
- public String[] listKeys(String namespace) {
- Reply result = mServiceCommand.execute(ServiceCommand.LIST_KEYS,
- namespace);
- if ((result == null) || (result.returnCode != 0) ||
- (result.len == 0)) {
- return NOTFOUND;
- }
- return new String(result.data, 0, result.len).split("\\s+");
- }
-
- @Override
- public int put(String namespace, String keyname, String value) {
- Reply result = mServiceCommand.execute(ServiceCommand.PUT_KEY,
- namespace, keyname, value);
- return (result != null) ? result.returnCode : -1;
- }
-
- @Override
- public String get(String namespace, String keyname) {
- Reply result = mServiceCommand.execute(ServiceCommand.GET_KEY,
- namespace, keyname);
- return (result != null) ? ((result.returnCode != 0) ? null :
- new String(result.data, 0, result.len)) : null;
- }
-
- @Override
- public int remove(String namespace, String keyname) {
- Reply result = mServiceCommand.execute(ServiceCommand.REMOVE_KEY,
- namespace, keyname);
- return (result != null) ? result.returnCode : -1;
- }
-
- @Override
- public int reset() {
- Reply result = mServiceCommand.execute(ServiceCommand.RESET);
- return (result != null) ? result.returnCode : -1;
- }
- }
-}
diff --git a/keystore/jni/Android.mk b/keystore/jni/Android.mk
deleted file mode 100644
index 92c2d6d..0000000
--- a/keystore/jni/Android.mk
+++ /dev/null
@@ -1,31 +0,0 @@
-LOCAL_PATH:= $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_SRC_FILES:= \
- cert.c certtool.c
-
-LOCAL_C_INCLUDES += \
- $(JNI_H_INCLUDE) \
- external/openssl/include
-
-LOCAL_SHARED_LIBRARIES := \
- libcutils \
- libnativehelper \
- libutils \
- libcrypto
-
-ifeq ($(TARGET_SIMULATOR),true)
-ifeq ($(TARGET_OS),linux)
-ifeq ($(TARGET_ARCH),x86)
-LOCAL_LDLIBS += -lpthread -ldl -lrt -lssl
-endif
-endif
-endif
-
-ifeq ($(WITH_MALLOC_LEAK_CHECK),true)
- LOCAL_CFLAGS += -DMALLOC_LEAK_CHECK
-endif
-
-LOCAL_MODULE:= libcerttool_jni
-
-include $(BUILD_SHARED_LIBRARY)
diff --git a/keystore/jni/cert.c b/keystore/jni/cert.c
deleted file mode 100644
index 90f872e..0000000
--- a/keystore/jni/cert.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/*
-**
-** Copyright 2009, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#define LOG_TAG "CertTool"
-
-#include <stdio.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#include <openssl/rsa.h>
-#include <openssl/x509v3.h>
-#include <cutils/log.h>
-
-#include "cert.h"
-
-static PKEY_STORE pkey_store[KEYGEN_STORE_SIZE];
-static int store_index = 0;
-
-static char emsg[][30] = {
- "",
- STR(ERR_INVALID_KEY_LENGTH),
- STR(ERR_CONSTRUCT_NEW_DATA),
- STR(ERR_RSA_KEYGEN),
- STR(ERR_X509_PROCESS),
- STR(ERR_SPKAC_TOO_LONG),
- STR(ERR_INVALID_ARGS),
-};
-
-static void save_in_store(EVP_PKEY *pkey)
-{
- EVP_PKEY *newpkey = EVP_PKEY_new();
- RSA *rsa = EVP_PKEY_get1_RSA(pkey);
- EVP_PKEY_set1_RSA(newpkey, rsa);
- PKEY_STORE_free(pkey_store[store_index]);
- pkey_store[store_index].key_len = i2d_RSA_PUBKEY(rsa, &pkey_store[store_index].public_key);
- pkey_store[store_index++].pkey = newpkey;
- store_index %= KEYGEN_STORE_SIZE;
- RSA_free(rsa);
-}
-
-static EVP_PKEY *get_pkey_from_store(X509 *cert)
-{
- int i, key_len;
- unsigned char *buf = NULL;
- if ((key_len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf)) == 0) {
- return NULL;
- }
- for (i = 0 ; i < KEYGEN_STORE_SIZE ; ++i) {
- if ((key_len == pkey_store[i].key_len) &&
- memcmp(buf, pkey_store[i].public_key, key_len) == 0) {
- break;
- }
- }
- free(buf);
- return (i == KEYGEN_STORE_SIZE) ? NULL : pkey_store[i].pkey;
-}
-
-int gen_csr(int bits, const char *challenge, char reply[REPLY_MAX])
-{
- int len, ret_code = 0;
- BIGNUM *bn = NULL;
- char *spkstr = NULL;
- EVP_PKEY *pkey = NULL;
- RSA *rsa = NULL;
- NETSCAPE_SPKI *req = NULL;
-
- if (challenge == NULL) {
- ret_code = ERR_INVALID_ARGS;
- goto err;
- }
-
- if ((bits != KEYLENGTH_MEDIUM) && (bits != KEYLENGTH_MAXIMUM)) {
- ret_code = ERR_INVALID_KEY_LENGTH;
- goto err;
- }
-
- if (((pkey = EVP_PKEY_new()) == NULL) ||
- ((req = NETSCAPE_SPKI_new()) == NULL) ||
- ((rsa = RSA_new()) == NULL) || ((bn = BN_new()) == NULL)) {
- ret_code = ERR_CONSTRUCT_NEW_DATA;
- goto err;
- }
-
- if (!BN_set_word(bn, RSA_F4) ||
- !RSA_generate_key_ex(rsa, bits, bn, NULL) ||
- !EVP_PKEY_assign_RSA(pkey, rsa)) {
- ret_code = ERR_RSA_KEYGEN;
- goto err;
- }
-
- rsa = NULL;
- ASN1_STRING_set(req->spkac->challenge, challenge, (int)strlen(challenge));
- NETSCAPE_SPKI_set_pubkey(req, pkey);
- NETSCAPE_SPKI_sign(req, pkey, EVP_md5());
- spkstr = NETSCAPE_SPKI_b64_encode(req);
-
- if ((strlcpy(reply, spkstr, REPLY_MAX)) < REPLY_MAX) {
- save_in_store(pkey);
- } else {
- ret_code = ERR_SPKAC_TOO_LONG;
- }
-
-err:
- if (rsa) RSA_free(rsa);
- if (bn) BN_free(bn);
- if (req) NETSCAPE_SPKI_free(req);
- if (pkey) EVP_PKEY_free(pkey);
- if (spkstr) OPENSSL_free(spkstr);
- if ((ret_code > 0) && (ret_code < ERR_MAXIMUM)) LOGE(emsg[ret_code]);
- return -ret_code;
-}
-
-PKCS12 *get_p12_handle(const char *buf, int bufLen)
-{
- BIO *bp = NULL;
- PKCS12 *p12 = NULL;
-
- if (!buf || (bufLen < 1) || (buf[0] != 48)) goto err;
-
- bp = BIO_new(BIO_s_mem());
- if (!bp) goto err;
-
- if (!BIO_write(bp, buf, bufLen)) goto err;
-
- p12 = d2i_PKCS12_bio(bp, NULL);
-
-err:
- if (bp) BIO_free(bp);
- return p12;
-}
-
-PKCS12_KEYSTORE *get_pkcs12_keystore_handle(const char *buf, int bufLen,
- const char *passwd)
-{
- PKCS12_KEYSTORE *p12store = NULL;
- EVP_PKEY *pkey = NULL;
- X509 *cert = NULL;
- STACK_OF(X509) *certs = NULL;
- PKCS12 *p12 = get_p12_handle(buf, bufLen);
-
- if (p12 == NULL) return NULL;
- if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
- LOGE("Can not parse PKCS12 content");
- PKCS12_free(p12);
- return NULL;
- }
- if ((p12store = malloc(sizeof(PKCS12_KEYSTORE))) == NULL) {
- if (cert) X509_free(cert);
- if (pkey) EVP_PKEY_free(pkey);
- if (certs) sk_X509_free(certs);
- }
- p12store->p12 = p12;
- p12store->pkey = pkey;
- p12store->cert = cert;
- p12store->certs = certs;
- return p12store;
-}
-
-void free_pkcs12_keystore(PKCS12_KEYSTORE *p12store)
-{
- if (p12store != NULL) {
- if (p12store->cert) X509_free(p12store->cert);
- if (p12store->pkey) EVP_PKEY_free(p12store->pkey);
- if (p12store->certs) sk_X509_free(p12store->certs);
- free(p12store);
- }
-}
-
-int is_pkcs12(const char *buf, int bufLen)
-{
- int ret = 0;
- PKCS12 *p12 = get_p12_handle(buf, bufLen);
- if (p12 != NULL) ret = 1;
- PKCS12_free(p12);
- return ret;
-}
-
-static int convert_to_pem(void *data, int is_cert, char *buf, int size)
-{
- int len = 0;
- BIO *bio = NULL;
-
- if (data == NULL) return -1;
-
- if ((bio = BIO_new(BIO_s_mem())) == NULL) goto err;
- if (is_cert) {
- if ((len = PEM_write_bio_X509(bio, (X509*)data)) == 0) {
- goto err;
- }
- } else {
- if ((len = PEM_write_bio_PrivateKey(bio, (EVP_PKEY *)data, NULL,
- NULL, 0, NULL, NULL)) == 0) {
- goto err;
- }
- }
- if (len < size && (len = BIO_read(bio, buf, size - 1)) > 0) {
- buf[len] = 0;
- }
-err:
- if (bio) BIO_free(bio);
- return len;
-}
-
-int get_pkcs12_certificate(PKCS12_KEYSTORE *p12store, char *buf, int size)
-{
- if ((p12store != NULL) && (p12store->cert != NULL)) {
- int len = convert_to_pem((void*)p12store->cert, 1, buf, size);
- return (len == 0) ? -1 : 0;
- }
- return -1;
-}
-
-int get_pkcs12_private_key(PKCS12_KEYSTORE *p12store, char *buf, int size)
-{
- if ((p12store != NULL) && (p12store->pkey != NULL)) {
- int len = convert_to_pem((void*)p12store->pkey, 0, buf, size);
- return (len == 0) ? -1 : 0;
- }
- return -1;
-}
-
-int pop_pkcs12_certs_stack(PKCS12_KEYSTORE *p12store, char *buf, int size)
-{
- X509 *cert = NULL;
- int len = 0;
-
- if ((p12store != NULL) && (p12store->certs != NULL)) {
- while (((cert = sk_X509_pop(p12store->certs)) != NULL) && (len < size)) {
- int s = convert_to_pem((void*)cert, 1, buf + len, size - len);
- if (s == 0) {
- LOGE("buffer size is too small. len=%d size=%d\n", len, size);
- return -1;
- }
- len += s;
- X509_free(cert);
- }
- return (len == 0) ? -1 : 0;
- }
- return -1;
-}
-
-X509* parse_cert(const char *buf, int bufLen)
-{
- X509 *cert = NULL;
- BIO *bp = NULL;
-
- if(!buf || bufLen < 1)
- return NULL;
-
- bp = BIO_new(BIO_s_mem());
- if (!bp) goto err;
-
- if (!BIO_write(bp, buf, bufLen)) goto err;
-
- cert = PEM_read_bio_X509(bp, NULL, NULL, NULL);
- if (!cert) {
- BIO_free(bp);
- if((bp = BIO_new(BIO_s_mem())) == NULL) goto err;
-
- if(!BIO_write(bp, (char *) buf, bufLen)) goto err;
- cert = d2i_X509_bio(bp, NULL);
- }
-
-err:
- if (bp) BIO_free(bp);
- return cert;
-}
-
-static int get_distinct_name(X509_NAME *dname, char *buf, int size)
-{
- int i, len;
- char *p, *name;
-
- if (X509_NAME_oneline(dname, buf, size) == NULL) {
- return -1;
- }
- name = strstr(buf, "/CN=");
- p = name = name ? (name + 4) : buf;
- while (*p != 0) {
- if (*p == ' ') *p = '_';
- if (*p == '/') {
- *p = 0;
- break;
- }
- ++p;
- }
- return 0;
-}
-
-int get_cert_name(X509 *cert, char *buf, int size)
-{
- if (!cert) return -1;
- return get_distinct_name(X509_get_subject_name(cert), buf, size);
-}
-
-int get_issuer_name(X509 *cert, char *buf, int size)
-{
- if (!cert) return -1;
- return get_distinct_name(X509_get_issuer_name(cert), buf, size);
-}
-
-int is_ca_cert(X509 *cert)
-{
- int ret = 0;
- BASIC_CONSTRAINTS *bs = (BASIC_CONSTRAINTS *)
- X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
- if (bs != NULL) ret = bs->ca;
- if (bs) BASIC_CONSTRAINTS_free(bs);
- return ret;
-}
-
-int get_private_key_pem(X509 *cert, char *buf, int size)
-{
- int len = 0;
- BIO *bio = NULL;
- EVP_PKEY *pkey = get_pkey_from_store(cert);
-
- if (pkey == NULL) return -1;
-
- bio = BIO_new(BIO_s_mem());
- if ((bio = BIO_new(BIO_s_mem())) == NULL) goto err;
- if (!PEM_write_bio_PrivateKey(bio, pkey, NULL,NULL,0,NULL, NULL)) {
- goto err;
- }
- if ((len = BIO_read(bio, buf, size - 1)) > 0) {
- buf[len] = 0;
- }
-err:
- if (bio) BIO_free(bio);
- return (len == 0) ? -1 : 0;
-}
diff --git a/keystore/jni/cert.h b/keystore/jni/cert.h
deleted file mode 100644
index a9e1a9e..0000000
--- a/keystore/jni/cert.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
-**
-** Copyright 2009, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#ifndef __CERT_H__
-#define __CERT_H__
-
-#define ANDROID_KEYSTORE "Android Keystore"
-#define KEYGEN_STORE_SIZE 5
-#define KEYLENGTH_MEDIUM 1024
-#define KEYLENGTH_MAXIMUM 2048
-#define MAX_CERT_NAME_LEN 128
-#define MAX_PEM_LENGTH 4096
-#define REPLY_MAX MAX_PEM_LENGTH
-
-
-#define STR(token) #token
-#define ERR_INVALID_KEY_LENGTH 1
-#define ERR_CONSTRUCT_NEW_DATA 2
-#define ERR_RSA_KEYGEN 3
-#define ERR_X509_PROCESS 4
-#define ERR_SPKAC_TOO_LONG 5
-#define ERR_INVALID_ARGS 6
-#define ERR_MAXIMUM 7
-
-typedef struct {
- EVP_PKEY *pkey;
- unsigned char *public_key;
- int key_len;
-} PKEY_STORE;
-
-typedef struct {
- PKCS12 *p12;
- EVP_PKEY *pkey;
- X509 *cert;
- STACK_OF(X509) *certs;
-} PKCS12_KEYSTORE;
-
-#define PKEY_STORE_free(x) { \
- if(x.pkey) EVP_PKEY_free(x.pkey); \
- if(x.public_key) free(x.public_key); \
-}
-
-#define nelem(x) (sizeof (x) / sizeof *(x))
-
-int gen_csr(int bits, const char *organizations, char reply[REPLY_MAX]);
-PKCS12_KEYSTORE *get_pkcs12_keystore_handle(const char *buf, int bufLen,
- const char *passwd);
-int get_pkcs12_certificate(PKCS12_KEYSTORE *p12store, char *buf, int size);
-int get_pkcs12_private_key(PKCS12_KEYSTORE *p12store, char *buf, int size);
-int pop_pkcs12_certs_stack(PKCS12_KEYSTORE *p12store, char *buf, int size);
-void free_pkcs12_keystore(PKCS12_KEYSTORE *p12store);
-int is_pkcs12(const char *buf, int bufLen);
-X509 *parse_cert(const char *buf, int bufLen);
-int get_cert_name(X509 *cert, char *buf, int size);
-int get_issuer_name(X509 *cert, char *buf, int size);
-int is_ca_cert(X509 *cert);
-int get_private_key_pem(X509 *cert, char *buf, int size);
-
-#endif
diff --git a/keystore/jni/certtool.c b/keystore/jni/certtool.c
deleted file mode 100644
index b36b34a..0000000
--- a/keystore/jni/certtool.c
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
-**
-** Copyright 2009, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-#define LOG_TAG "CertTool"
-
-#include <string.h>
-#include <jni.h>
-#include <cutils/log.h>
-#include <openssl/pkcs12.h>
-#include <openssl/x509v3.h>
-
-#include "cert.h"
-
-typedef int PKCS12_KEYSTORE_FUNC(PKCS12_KEYSTORE *store, char *buf, int size);
-
-jstring
-android_security_CertTool_generateCertificateRequest(JNIEnv* env,
- jobject thiz,
- jint bits,
- jstring jChallenge)
-
-{
- int ret = -1;
- jboolean bIsCopy;
- char csr[REPLY_MAX];
- const char* challenge = (*env)->GetStringUTFChars(env, jChallenge, &bIsCopy);
-
- ret = gen_csr(bits, challenge , csr);
- (*env)->ReleaseStringUTFChars(env, jChallenge, challenge);
- if (ret == 0) return (*env)->NewStringUTF(env, csr);
- return NULL;
-}
-
-jboolean
-android_security_CertTool_isPkcs12Keystore(JNIEnv* env,
- jobject thiz,
- jbyteArray data)
-{
- int len = (*env)->GetArrayLength(env, data);
-
- if (len > 0) {
- PKCS12 *handle = NULL;
- char buf[len];
-
- (*env)->GetByteArrayRegion(env, data, 0, len, (jbyte*)buf);
- return (jboolean)is_pkcs12(buf, len);
- } else {
- return 0;
- }
-}
-
-jint
-android_security_CertTool_getPkcs12Handle(JNIEnv* env,
- jobject thiz,
- jbyteArray data,
- jstring jPassword)
-{
- jboolean bIsCopy;
- int len = (*env)->GetArrayLength(env, data);
- const char* passwd = (*env)->GetStringUTFChars(env, jPassword , &bIsCopy);
-
- if (len > 0) {
- PKCS12_KEYSTORE *handle = NULL;
- char buf[len];
-
- (*env)->GetByteArrayRegion(env, data, 0, len, (jbyte*)buf);
- handle = get_pkcs12_keystore_handle(buf, len, passwd);
- (*env)->ReleaseStringUTFChars(env, jPassword, passwd);
- return (jint)handle;
- } else {
- return 0;
- }
-}
-
-jstring call_pkcs12_ks_func(PKCS12_KEYSTORE_FUNC *func,
- JNIEnv* env,
- jobject thiz,
- jint phandle)
-{
- char buf[REPLY_MAX];
-
- if (phandle == 0) return NULL;
- if (func((PKCS12_KEYSTORE*)phandle, buf, sizeof(buf)) == 0) {
- return (*env)->NewStringUTF(env, buf);
- }
- return NULL;
-}
-
-jstring
-android_security_CertTool_getPkcs12Certificate(JNIEnv* env,
- jobject thiz,
- jint phandle)
-{
- return call_pkcs12_ks_func((PKCS12_KEYSTORE_FUNC *)get_pkcs12_certificate,
- env, thiz, phandle);
-}
-
-jstring
-android_security_CertTool_getPkcs12PrivateKey(JNIEnv* env,
- jobject thiz,
- jint phandle)
-{
- return call_pkcs12_ks_func((PKCS12_KEYSTORE_FUNC *)get_pkcs12_private_key,
- env, thiz, phandle);
-}
-
-jstring
-android_security_CertTool_popPkcs12CertificateStack(JNIEnv* env,
- jobject thiz,
- jint phandle)
-{
- return call_pkcs12_ks_func((PKCS12_KEYSTORE_FUNC *)pop_pkcs12_certs_stack,
- env, thiz, phandle);
-}
-
-void android_security_CertTool_freePkcs12Handle(JNIEnv* env,
- jobject thiz,
- jint handle)
-{
- if (handle != 0) free_pkcs12_keystore((PKCS12_KEYSTORE*)handle);
-}
-
-jint
-android_security_CertTool_generateX509Certificate(JNIEnv* env,
- jobject thiz,
- jbyteArray data)
-{
- char buf[REPLY_MAX];
- int len = (*env)->GetArrayLength(env, data);
-
- if (len > REPLY_MAX) return 0;
- (*env)->GetByteArrayRegion(env, data, 0, len, (jbyte*)buf);
- return (jint) parse_cert(buf, len);
-}
-
-jboolean android_security_CertTool_isCaCertificate(JNIEnv* env,
- jobject thiz,
- jint handle)
-{
- return (handle == 0) ? (jboolean)0 : (jboolean) is_ca_cert((X509*)handle);
-}
-
-jstring android_security_CertTool_getIssuerDN(JNIEnv* env,
- jobject thiz,
- jint handle)
-{
- char issuer[MAX_CERT_NAME_LEN];
-
- if (handle == 0) return NULL;
- if (get_issuer_name((X509*)handle, issuer, MAX_CERT_NAME_LEN)) return NULL;
- return (*env)->NewStringUTF(env, issuer);
-}
-
-jstring android_security_CertTool_getCertificateDN(JNIEnv* env,
- jobject thiz,
- jint handle)
-{
- char name[MAX_CERT_NAME_LEN];
- if (handle == 0) return NULL;
- if (get_cert_name((X509*)handle, name, MAX_CERT_NAME_LEN)) return NULL;
- return (*env)->NewStringUTF(env, name);
-}
-
-jstring android_security_CertTool_getPrivateKeyPEM(JNIEnv* env,
- jobject thiz,
- jint handle)
-{
- char pem[MAX_PEM_LENGTH];
- if (handle == 0) return NULL;
- if (get_private_key_pem((X509*)handle, pem, MAX_PEM_LENGTH)) return NULL;
- return (*env)->NewStringUTF(env, pem);
-}
-
-void android_security_CertTool_freeX509Certificate(JNIEnv* env,
- jobject thiz,
- jint handle)
-{
- if (handle != 0) X509_free((X509*)handle);
-}
-
-/*
- * Table of methods associated with the CertTool class.
- */
-static JNINativeMethod gCertToolMethods[] = {
- /* name, signature, funcPtr */
- {"generateCertificateRequest", "(ILjava/lang/String;)Ljava/lang/String;",
- (void*)android_security_CertTool_generateCertificateRequest},
- {"isPkcs12Keystore", "([B)Z",
- (void*)android_security_CertTool_isPkcs12Keystore},
- {"getPkcs12Handle", "([BLjava/lang/String;)I",
- (void*)android_security_CertTool_getPkcs12Handle},
- {"getPkcs12Certificate", "(I)Ljava/lang/String;",
- (void*)android_security_CertTool_getPkcs12Certificate},
- {"getPkcs12PrivateKey", "(I)Ljava/lang/String;",
- (void*)android_security_CertTool_getPkcs12PrivateKey},
- {"popPkcs12CertificateStack", "(I)Ljava/lang/String;",
- (void*)android_security_CertTool_popPkcs12CertificateStack},
- {"freePkcs12Handle", "(I)V",
- (void*)android_security_CertTool_freePkcs12Handle},
- {"generateX509Certificate", "([B)I",
- (void*)android_security_CertTool_generateX509Certificate},
- {"isCaCertificate", "(I)Z",
- (void*)android_security_CertTool_isCaCertificate},
- {"getIssuerDN", "(I)Ljava/lang/String;",
- (void*)android_security_CertTool_getIssuerDN},
- {"getCertificateDN", "(I)Ljava/lang/String;",
- (void*)android_security_CertTool_getCertificateDN},
- {"getPrivateKeyPEM", "(I)Ljava/lang/String;",
- (void*)android_security_CertTool_getPrivateKeyPEM},
- {"freeX509Certificate", "(I)V",
- (void*)android_security_CertTool_freeX509Certificate},
-};
-
-/*
- * Register several native methods for one class.
- */
-static int registerNatives(JNIEnv* env, const char* className,
- JNINativeMethod* gMethods, int numMethods)
-{
- jclass clazz;
-
- clazz = (*env)->FindClass(env, className);
- if (clazz == NULL) {
- LOGE("Can not find class %s\n", className);
- return JNI_FALSE;
- }
-
- if ((*env)->RegisterNatives(env, clazz, gMethods, numMethods) < 0) {
- LOGE("Can not RegisterNatives\n");
- return JNI_FALSE;
- }
-
- return JNI_TRUE;
-}
-
-jint JNI_OnLoad(JavaVM* vm, void* reserved)
-{
- JNIEnv* env = NULL;
- jint result = -1;
-
-
- if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_4) != JNI_OK) {
- goto bail;
- }
-
- if (!registerNatives(env, "android/security/CertTool",
- gCertToolMethods, nelem(gCertToolMethods))) {
- goto bail;
- }
-
- /* success -- return valid version number */
- result = JNI_VERSION_1_4;
-
-bail:
- return result;
-}