Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / b7ffb764370805aa0734d2f31bc2def34df04d86 / . / keystore / java / android / security / Credentials.java
blob: 6830a7487dbc860015ed8196eb2356d20053cb69 [file] [log] [blame]
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19import android.content.ActivityNotFoundException;
20import android.content.Context;
21import android.content.Intent;
22import android.util.Log;
Shawn Willden8d8c7472016-02-02 08:27:39 -0700[diff] [blame]23
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]24import com.android.org.bouncycastle.util.io.pem.PemObject;
25import com.android.org.bouncycastle.util.io.pem.PemReader;
26import com.android.org.bouncycastle.util.io.pem.PemWriter;
Shawn Willden8d8c7472016-02-02 08:27:39 -0700[diff] [blame]27
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]28import java.io.ByteArrayInputStream;
29import java.io.ByteArrayOutputStream;
30import java.io.IOException;
31import java.io.InputStreamReader;
32import java.io.OutputStreamWriter;
33import java.io.Reader;
34import java.io.Writer;
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]35import java.nio.charset.StandardCharsets;
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]36import java.security.KeyPair;
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]37import java.security.cert.Certificate;
38import java.security.cert.CertificateEncodingException;
39import java.security.cert.CertificateException;
40import java.security.cert.CertificateFactory;
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]41import java.security.cert.X509Certificate;
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]42import java.util.ArrayList;
43import java.util.List;
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]44
45/**
46 * {@hide}
47 */
48public class Credentials {
49 private static final String LOGTAG = "Credentials";
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]50
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]51 public static final String INSTALL_ACTION = "android.credentials.INSTALL";
52
Kenny Root3e7be432013-03-28 09:25:51 -0700[diff] [blame]53 public static final String INSTALL_AS_USER_ACTION = "android.credentials.INSTALL_AS_USER";
54
Brian Carlstrom4a9e1a22011-04-22 15:45:22 -0700[diff] [blame]55 public static final String UNLOCK_ACTION = "com.android.credentials.UNLOCK";
56
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]57 /** Key prefix for CA certificates. */
58 public static final String CA_CERTIFICATE = "CACERT_";
59
60 /** Key prefix for user certificates. */
61 public static final String USER_CERTIFICATE = "USRCERT_";
62
63 /** Key prefix for user private keys. */
64 public static final String USER_PRIVATE_KEY = "USRPKEY_";
65
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]66 /** Key prefix for user secret keys. */
67 public static final String USER_SECRET_KEY = "USRSKEY_";
68
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]69 /** Key prefix for VPN. */
70 public static final String VPN = "VPN_";
71
72 /** Key prefix for WIFI. */
73 public static final String WIFI = "WIFI_";
74
Jeff Sharkey69ddab42012-08-25 00:05:46 -0700[diff] [blame]75 /** Key containing suffix of lockdown VPN profile. */
76 public static final String LOCKDOWN_VPN = "LOCKDOWN_VPN";
77
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]78 /** Data type for public keys. */
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]79 public static final String EXTRA_PUBLIC_KEY = "KEY";
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]80
81 /** Data type for private keys. */
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]82 public static final String EXTRA_PRIVATE_KEY = "PKEY";
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]83
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]84 // historically used by Android
85 public static final String EXTENSION_CRT = ".crt";
86 public static final String EXTENSION_P12 = ".p12";
87 // commonly used on Windows
88 public static final String EXTENSION_CER = ".cer";
89 public static final String EXTENSION_PFX = ".pfx";
90
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]91 /**
Kenny Root3e7be432013-03-28 09:25:51 -0700[diff] [blame]92 * Intent extra: install the certificate bundle as this UID instead of
93 * system.
94 */
95 public static final String EXTRA_INSTALL_AS_UID = "install_as_uid";
96
97 /**
Kenny Root5423e682011-11-14 08:43:13 -0800[diff] [blame]98 * Intent extra: name for the user's private key.
99 */
100 public static final String EXTRA_USER_PRIVATE_KEY_NAME = "user_private_key_name";
101
102 /**
103 * Intent extra: data for the user's private key in PEM-encoded PKCS#8.
104 */
105 public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data";
106
107 /**
108 * Intent extra: name for the user's certificate.
109 */
110 public static final String EXTRA_USER_CERTIFICATE_NAME = "user_certificate_name";
111
112 /**
113 * Intent extra: data for the user's certificate in PEM-encoded X.509.
114 */
115 public static final String EXTRA_USER_CERTIFICATE_DATA = "user_certificate_data";
116
117 /**
118 * Intent extra: name for CA certificate chain
119 */
120 public static final String EXTRA_CA_CERTIFICATES_NAME = "ca_certificates_name";
121
122 /**
123 * Intent extra: data for CA certificate chain in PEM-encoded X.509.
124 */
125 public static final String EXTRA_CA_CERTIFICATES_DATA = "ca_certificates_data";
126
127 /**
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]128 * Convert objects to a PEM format which is used for
129 * CA_CERTIFICATE and USER_CERTIFICATE entries.
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]130 */
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]131 public static byte[] convertToPem(Certificate... objects)
132 throws IOException, CertificateEncodingException {
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]133 ByteArrayOutputStream bao = new ByteArrayOutputStream();
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]134 Writer writer = new OutputStreamWriter(bao, StandardCharsets.US_ASCII);
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]135 PemWriter pw = new PemWriter(writer);
136 for (Certificate o : objects) {
137 pw.writeObject(new PemObject("CERTIFICATE", o.getEncoded()));
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]138 }
139 pw.close();
140 return bao.toByteArray();
141 }
142 /**
143 * Convert objects from PEM format, which is used for
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]144 * CA_CERTIFICATE and USER_CERTIFICATE entries.
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]145 */
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]146 public static List<X509Certificate> convertFromPem(byte[] bytes)
147 throws IOException, CertificateException {
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]148 ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
Elliott Hughesd396a442013-06-28 16:24:48 -0700[diff] [blame]149 Reader reader = new InputStreamReader(bai, StandardCharsets.US_ASCII);
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]150 PemReader pr = new PemReader(reader);
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]151
Shawn Willden8d8c7472016-02-02 08:27:39 -0700[diff] [blame]152 try {
153 CertificateFactory cf = CertificateFactory.getInstance("X509");
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]154
Shawn Willden8d8c7472016-02-02 08:27:39 -0700[diff] [blame]155 List<X509Certificate> result = new ArrayList<X509Certificate>();
156 PemObject o;
157 while ((o = pr.readPemObject()) != null) {
158 if (o.getType().equals("CERTIFICATE")) {
159 Certificate c = cf.generateCertificate(new ByteArrayInputStream(o.getContent()));
160 result.add((X509Certificate) c);
161 } else {
162 throw new IllegalArgumentException("Unknown type " + o.getType());
163 }
Brian Carlstrom0efca172012-09-04 23:01:07 -0700[diff] [blame]164 }
Shawn Willden8d8c7472016-02-02 08:27:39 -0700[diff] [blame]165 return result;
166 } finally {
167 pr.close();
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]168 }
Brian Carlstrom9d7faa92011-06-07 13:45:33 -0700[diff] [blame]169 }
170
Chia-chi Yeh44039172009-09-21 11:53:59 +0800[diff] [blame]171 private static Credentials singleton;
172
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]173 public static Credentials getInstance() {
174 if (singleton == null) {
175 singleton = new Credentials();
176 }
177 return singleton;
178 }
179
180 public void unlock(Context context) {
181 try {
Brian Carlstrom4a9e1a22011-04-22 15:45:22 -0700[diff] [blame]182 Intent intent = new Intent(UNLOCK_ACTION);
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]183 context.startActivity(intent);
184 } catch (ActivityNotFoundException e) {
185 Log.w(LOGTAG, e.toString());
186 }
187 }
188
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]189 public void install(Context context) {
190 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]191 Intent intent = KeyChain.createInstallIntent();
Brian Carlstrom67c30df2011-06-24 02:13:23 -0700[diff] [blame]192 context.startActivity(intent);
193 } catch (ActivityNotFoundException e) {
194 Log.w(LOGTAG, e.toString());
195 }
196 }
197
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]198 public void install(Context context, KeyPair pair) {
199 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]200 Intent intent = KeyChain.createInstallIntent();
201 intent.putExtra(EXTRA_PRIVATE_KEY, pair.getPrivate().getEncoded());
202 intent.putExtra(EXTRA_PUBLIC_KEY, pair.getPublic().getEncoded());
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]203 context.startActivity(intent);
204 } catch (ActivityNotFoundException e) {
205 Log.w(LOGTAG, e.toString());
206 }
207 }
208
209 public void install(Context context, String type, byte[] value) {
210 try {
Brian Carlstroma00a2b32011-06-29 10:42:35 -0700[diff] [blame]211 Intent intent = KeyChain.createInstallIntent();
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]212 intent.putExtra(type, value);
213 context.startActivity(intent);
214 } catch (ActivityNotFoundException e) {
215 Log.w(LOGTAG, e.toString());
216 }
217 }
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]218
219 /**
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]220 * Delete all types (private key, user certificate, CA certificate) for a
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]221 * particular {@code alias}. All three can exist for any given alias.
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]222 * Returns {@code true} if the alias no longer contains any types.
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]223 */
Alex Klyubindcdaf872015-05-13 15:57:09 -0700[diff] [blame]224 public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) {
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]225 return deleteAllTypesForAlias(keystore, alias, KeyStore.UID_SELF);
226 }
227
228 /**
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]229 * Delete all types (private key, user certificate, CA certificate) for a
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]230 * particular {@code alias}. All three can exist for any given alias.
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]231 * Returns {@code true} if the alias no longer contains any types.
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]232 */
233 public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias, int uid) {
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]234 /*
235 * Make sure every type is deleted. There can be all three types, so
236 * don't use a conditional here.
237 */
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]238 return deletePrivateKeyTypeForAlias(keystore, alias, uid)
239 & deleteSecretKeyTypeForAlias(keystore, alias, uid)
240 & deleteCertificateTypesForAlias(keystore, alias, uid);
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]241 }
242
243 /**
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]244 * Delete certificate types (user certificate, CA certificate) for a
245 * particular {@code alias}. Both can exist for any given alias.
246 * Returns {@code true} if the alias no longer contains either type.
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]247 */
Alex Klyubindcdaf872015-05-13 15:57:09 -0700[diff] [blame]248 public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) {
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]249 return deleteCertificateTypesForAlias(keystore, alias, KeyStore.UID_SELF);
250 }
251
252 /**
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]253 * Delete certificate types (user certificate, CA certificate) for a
254 * particular {@code alias}. Both can exist for any given alias.
255 * Returns {@code true} if the alias no longer contains either type.
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]256 */
257 public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias, int uid) {
Kenny Root802768d2012-08-21 15:23:35 -0700[diff] [blame]258 /*
259 * Make sure every certificate type is deleted. There can be two types,
260 * so don't use a conditional here.
261 */
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]262 return keystore.delete(Credentials.USER_CERTIFICATE + alias, uid)
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]263 & keystore.delete(Credentials.CA_CERTIFICATE + alias, uid);
Kenny Rootdb026712012-08-20 10:48:46 -0700[diff] [blame]264 }
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]265
266 /**
267 * Delete private key for a particular {@code alias}.
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]268 * Returns {@code true} if the entry no longer exists.
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]269 */
270 static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias) {
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]271 return deletePrivateKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF);
272 }
273
274 /**
275 * Delete private key for a particular {@code alias}.
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]276 * Returns {@code true} if the entry no longer exists.
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]277 */
278 static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias, int uid) {
279 return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid);
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]280 }
281
282 /**
283 * Delete secret key for a particular {@code alias}.
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]284 * Returns {@code true} if the entry no longer exists.
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]285 */
Alex Klyubindcdaf872015-05-13 15:57:09 -0700[diff] [blame]286 public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias) {
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]287 return deleteSecretKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF);
288 }
289
290 /**
291 * Delete secret key for a particular {@code alias}.
Robin Leee4487ea2016-02-29 17:43:54 +0000[diff] [blame]292 * Returns {@code true} if the entry no longer exists.
Alex Klyubin3876b1b2015-09-09 14:55:03 -0700[diff] [blame]293 */
294 public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias, int uid) {
295 return keystore.delete(Credentials.USER_SECRET_KEY + alias, uid);
Alex Klyubinbaf28382015-03-26 14:46:55 -0700[diff] [blame]296 }
Chia-chi Yeh9b7a3f12009-09-18 12:00:12 +0800[diff] [blame]297}