Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 91bdc7d4bed9e98db0a8d079a993cf90538e2a66 / . / keystore / java / android / security / Credentials.java
blob: 767647c699061132aef2161f2d59fa54920eda9f [file] [log] [blame]
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19import android.content.ActivityNotFoundException;
20import android.content.Context;
21import android.content.Intent;
22import android.util.Log;
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]23import com.android.org.bouncycastle.util.io.pem.PemObject;
24import com.android.org.bouncycastle.util.io.pem.PemReader;
25import com.android.org.bouncycastle.util.io.pem.PemWriter;
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]26import java.io.ByteArrayInputStream;
27import java.io.ByteArrayOutputStream;
28import java.io.IOException;
29import java.io.InputStreamReader;
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]30import java.io.ObjectOutputStream;
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]31import java.io.OutputStreamWriter;
32import java.io.Reader;
33import java.io.Writer;
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]34import java.nio.charset.StandardCharsets;
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]35import java.security.KeyPair;
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]36import java.security.cert.Certificate;
37import java.security.cert.CertificateEncodingException;
38import java.security.cert.CertificateException;
39import java.security.cert.CertificateFactory;
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]40import java.security.cert.X509Certificate;
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]41import java.util.ArrayList;
42import java.util.List;
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]43
44/**
45 * {@hide}
46 */
47public class Credentials {
48 private static final String LOGTAG = "Credentials";
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]49
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]50 public static final String INSTALL_ACTION = "android.credentials.INSTALL";
51
Kenny Root3e7be432013-03-28 09:25:51 -0700[diff] [blame]52 public static final String INSTALL_AS_USER_ACTION = "android.credentials.INSTALL_AS_USER";
53
Brian Carlstrom4a9e1a22011-04-22 15:45:22 -0700[diff] [blame]54 public static final String UNLOCK_ACTION = "com.android.credentials.UNLOCK";
55
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]56 /** Key prefix for CA certificates. */
57 public static final String CA_CERTIFICATE = "CACERT_";
58
59 /** Key prefix for user certificates. */
60 public static final String USER_CERTIFICATE = "USRCERT_";
61
62 /** Key prefix for user private keys. */
63 public static final String USER_PRIVATE_KEY = "USRPKEY_";
64
65 /** Key prefix for VPN. */
66 public static final String VPN = "VPN_";
67
68 /** Key prefix for WIFI. */
69 public static final String WIFI = "WIFI_";
70
Jeff Sharkey69ddab42012-08-25 00:05:46 -0700[diff] [blame]71 /** Key containing suffix of lockdown VPN profile. */
72 public static final String LOCKDOWN_VPN = "LOCKDOWN_VPN";
73
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]74 /** Data type for public keys. */
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]75 public static final String EXTRA_PUBLIC_KEY = "KEY";
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]76
77 /** Data type for private keys. */
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]78 public static final String EXTRA_PRIVATE_KEY = "PKEY";
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]79
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]80 // historically used by Android
81 public static final String EXTENSION_CRT = ".crt";
82 public static final String EXTENSION_P12 = ".p12";
83 // commonly used on Windows
84 public static final String EXTENSION_CER = ".cer";
85 public static final String EXTENSION_PFX = ".pfx";
86
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]87 /**
Kenny Root3e7be432013-03-28 09:25:51 -0700[diff] [blame]88 * Intent extra: install the certificate bundle as this UID instead of
89 * system.
90 */
91 public static final String EXTRA_INSTALL_AS_UID = "install_as_uid";
92
93 /**
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]94 * Intent extra: name for the user's private key.
95 */
96 public static final String EXTRA_USER_PRIVATE_KEY_NAME = "user_private_key_name";
97
98 /**
99 * Intent extra: data for the user's private key in PEM-encoded PKCS#8.
100 */
101 public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data";
102
103 /**
104 * Intent extra: name for the user's certificate.
105 */
106 public static final String EXTRA_USER_CERTIFICATE_NAME = "user_certificate_name";
107
108 /**
109 * Intent extra: data for the user's certificate in PEM-encoded X.509.
110 */
111 public static final String EXTRA_USER_CERTIFICATE_DATA = "user_certificate_data";
112
113 /**
114 * Intent extra: name for CA certificate chain
115 */
116 public static final String EXTRA_CA_CERTIFICATES_NAME = "ca_certificates_name";
117
118 /**
119 * Intent extra: data for CA certificate chain in PEM-encoded X.509.
120 */
121 public static final String EXTRA_CA_CERTIFICATES_DATA = "ca_certificates_data";
122
123 /**
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]124 * Convert objects to a PEM format which is used for
125 * CA_CERTIFICATE and USER_CERTIFICATE entries.
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]126 */
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]127 public static byte[] convertToPem(Certificate... objects)
128 throws IOException, CertificateEncodingException {
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]129 ByteArrayOutputStream bao = new ByteArrayOutputStream();
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]130 Writer writer = new OutputStreamWriter(bao, StandardCharsets.US_ASCII);
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]131 PemWriter pw = new PemWriter(writer);
132 for (Certificate o : objects) {
133 pw.writeObject(new PemObject("CERTIFICATE", o.getEncoded()));
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]134 }
135 pw.close();
136 return bao.toByteArray();
137 }
138 /**
139 * Convert objects from PEM format, which is used for
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]140 * CA_CERTIFICATE and USER_CERTIFICATE entries.
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]141 */
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]142 public static List<X509Certificate> convertFromPem(byte[] bytes)
143 throws IOException, CertificateException {
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]144 ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]145 Reader reader = new InputStreamReader(bai, StandardCharsets.US_ASCII);
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]146 PemReader pr = new PemReader(reader);
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]147
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]148 CertificateFactory cf = CertificateFactory.getInstance("X509");
149
150 List<X509Certificate> result = new ArrayList<X509Certificate>();
151 PemObject o;
152 while ((o = pr.readPemObject()) != null) {
153 if (o.getType().equals("CERTIFICATE")) {
154 Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));
155 result.add((X509Certificate) c);
156 } else {
157 throw new IllegalArgumentException("Unknown type " + o.getType());
158 }
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]159 }
160 pr.close();
161 return result;
162 }
163
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]164 private static Credentials singleton;
165
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]166 public static Credentials getInstance() {
167 if (singleton == null) {
168 singleton = new Credentials();
169 }
170 return singleton;
171 }
172
173 public void unlock(Context context) {
174 try {
Brian Carlstrom4a9e1a22011-04-22 15:45:22 -0700[diff] [blame]175 Intent intent = new Intent(UNLOCK_ACTION);
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]176 context.startActivity(intent);
177 } catch (ActivityNotFoundException e) {
178 Log.w(LOGTAG, e.toString());
179 }
180 }
181
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]182 public void install(Context context) {
183 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]184 Intent intent = KeyChain.createInstallIntent();
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]185 context.startActivity(intent);
186 } catch (ActivityNotFoundException e) {
187 Log.w(LOGTAG, e.toString());
188 }
189 }
190
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]191 public void install(Context context, KeyPair pair) {
192 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]193 Intent intent = KeyChain.createInstallIntent();
194 intent.putExtra(EXTRA_PRIVATE_KEY, pair.getPrivate().getEncoded());
195 intent.putExtra(EXTRA_PUBLIC_KEY, pair.getPublic().getEncoded());
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]196 context.startActivity(intent);
197 } catch (ActivityNotFoundException e) {
198 Log.w(LOGTAG, e.toString());
199 }
200 }
201
202 public void install(Context context, String type, byte[] value) {
203 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]204 Intent intent = KeyChain.createInstallIntent();
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]205 intent.putExtra(type, value);
206 context.startActivity(intent);
207 } catch (ActivityNotFoundException e) {
208 Log.w(LOGTAG, e.toString());
209 }
210 }
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]211
212 /**
213 * Delete all types (private key, certificate, CA certificate) for a
214 * particular {@code alias}. All three can exist for any given alias.
215 * Returns {@code true} if there was at least one of those types.
216 */
217 static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) {
218 /*
219 * Make sure every type is deleted. There can be all three types, so
220 * don't use a conditional here.
221 */
222 return keystore.delKey(Credentials.USER_PRIVATE_KEY + alias)
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]223 | deleteCertificateTypesForAlias(keystore, alias);
224 }
225
226 /**
227 * Delete all types (private key, certificate, CA certificate) for a
228 * particular {@code alias}. All three can exist for any given alias.
229 * Returns {@code true} if there was at least one of those types.
230 */
231 static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) {
232 /*
233 * Make sure every certificate type is deleted. There can be two types,
234 * so don't use a conditional here.
235 */
236 return keystore.delete(Credentials.USER_CERTIFICATE + alias)
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]237 | keystore.delete(Credentials.CA_CERTIFICATE + alias);
238 }
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]239}