Chung-yih Wang | 10e371f | 2009-06-10 18:45:14 +0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2009 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.security; |
| 18 | |
| 19 | /** |
| 20 | * The Keystore class provides the functions to list the certs/keys in keystore. |
| 21 | * {@hide} |
| 22 | */ |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 23 | |
Chung-yih Wang | 10e371f | 2009-06-10 18:45:14 +0800 | [diff] [blame] | 24 | public abstract class Keystore { |
| 25 | private static final String TAG = "Keystore"; |
| 26 | private static final String[] NOTFOUND = new String[0]; |
| 27 | |
| 28 | /** |
| 29 | */ |
| 30 | public static Keystore getInstance() { |
| 31 | return new FileKeystore(); |
| 32 | } |
| 33 | |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 34 | public abstract int lock(); |
| 35 | public abstract int unlock(String password); |
| 36 | public abstract int getState(); |
| 37 | public abstract int changePassword(String oldPassword, String newPassword); |
| 38 | public abstract int setPassword(String firstPassword); |
| 39 | public abstract String[] listKeys(String namespace); |
| 40 | public abstract int put(String namespace, String keyname, String value); |
| 41 | public abstract String get(String namespace, String keyname); |
| 42 | public abstract int remove(String namespace, String keyname); |
| 43 | public abstract int reset(); |
Chung-yih Wang | 10e371f | 2009-06-10 18:45:14 +0800 | [diff] [blame] | 44 | |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 45 | // TODO: for migrating to the mini-keystore, clean up from here |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 46 | /** |
| 47 | */ |
| 48 | public abstract String getCaCertificate(String key); |
| 49 | |
| 50 | /** |
| 51 | */ |
| 52 | public abstract String getUserCertificate(String key); |
| 53 | |
| 54 | /** |
| 55 | */ |
| 56 | public abstract String getUserPrivateKey(String key); |
| 57 | |
| 58 | /** |
| 59 | * Returns the array of the certificate keynames in keystore if successful. |
| 60 | * Or return an empty array if error. |
| 61 | * |
| 62 | * @return array of the certificate keynames |
| 63 | */ |
| 64 | public abstract String[] getAllUserCertificateKeys(); |
| 65 | |
| 66 | /** |
| 67 | */ |
| 68 | public abstract String[] getAllCaCertificateKeys(); |
| 69 | |
| 70 | /** |
| 71 | */ |
Hung-ying Tyan | 1d51e50 | 2009-06-16 16:14:14 +0800 | [diff] [blame] | 72 | public abstract String[] getSupportedKeyStrenghs(); |
| 73 | |
Hung-ying Tyan | 396c69c | 2009-06-16 23:51:51 +0800 | [diff] [blame] | 74 | /** |
| 75 | * Generates a key pair and returns the certificate request. |
| 76 | * @param keyStrengthIndex index to the array of supported key strengths |
| 77 | * @param challenge the challenge message in the keygen tag |
| 78 | * @param organizations the organization string, e.g., |
| 79 | * "/C=US/ST={state}/L={city}/O={company}/OU={app}/CN={hostname}" |
| 80 | * @return the certificate request |
| 81 | */ |
| 82 | public abstract String generateKeyPair( |
| 83 | int keyStrengthIndex, String challenge, String organizations); |
Hung-ying Tyan | 1d51e50 | 2009-06-16 16:14:14 +0800 | [diff] [blame] | 84 | |
Grace Kloba | 3af8e93 | 2009-06-19 15:03:46 -0700 | [diff] [blame] | 85 | public abstract void addCertificate(byte[] cert); |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 86 | // to here |
Hung-ying Tyan | 1d51e50 | 2009-06-16 16:14:14 +0800 | [diff] [blame] | 87 | |
Chung-yih Wang | 10e371f | 2009-06-10 18:45:14 +0800 | [diff] [blame] | 88 | private static class FileKeystore extends Keystore { |
| 89 | private static final String SERVICE_NAME = "keystore"; |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 90 | private static final String CA_CERTIFICATE = "CaCertificate"; |
| 91 | private static final String USER_CERTIFICATE = "UserCertificate"; |
| 92 | private static final String USER_KEY = "UserPrivateKey"; |
| 93 | private static final String COMMAND_DELIMITER = " "; |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 94 | private static final ServiceCommand mServiceCommand = |
| 95 | new ServiceCommand(SERVICE_NAME); |
| 96 | |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 97 | // TODO: for migrating to the mini-keystore, start from here |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 98 | @Override |
| 99 | public String getUserPrivateKey(String key) { |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 100 | return ""; |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 101 | } |
| 102 | |
| 103 | @Override |
| 104 | public String getUserCertificate(String key) { |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 105 | return ""; |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 106 | } |
| 107 | |
| 108 | @Override |
| 109 | public String getCaCertificate(String key) { |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 110 | return ""; |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 111 | } |
| 112 | |
| 113 | @Override |
| 114 | public String[] getAllUserCertificateKeys() { |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 115 | return new String[0]; |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 116 | } |
| 117 | |
| 118 | @Override |
| 119 | public String[] getAllCaCertificateKeys() { |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 120 | return new String[0]; |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 121 | } |
| 122 | |
Hung-ying Tyan | 1d51e50 | 2009-06-16 16:14:14 +0800 | [diff] [blame] | 123 | @Override |
| 124 | public String[] getSupportedKeyStrenghs() { |
| 125 | // TODO: real implementation |
| 126 | return new String[] {"High Grade", "Medium Grade"}; |
| 127 | } |
| 128 | |
| 129 | @Override |
Hung-ying Tyan | 396c69c | 2009-06-16 23:51:51 +0800 | [diff] [blame] | 130 | public String generateKeyPair(int keyStrengthIndex, String challenge, |
| 131 | String organizations) { |
Hung-ying Tyan | 1d51e50 | 2009-06-16 16:14:14 +0800 | [diff] [blame] | 132 | // TODO: real implementation |
| 133 | return "-----BEGIN CERTIFICATE REQUEST-----" |
| 134 | + "\nMIICzjCCAbYCAQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh" |
| 135 | + "\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRYw" |
| 136 | + "\nFAYDVQQLEw1SZW1vdGUgQWNjZXNzMRAwDgYDVQQLEwdHbGFwdG9wMQ0wCwYDVQQD" |
| 137 | + "\nEwR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznwy7a16O35u" |
| 138 | + "\nODLQOw6yHAxozrrX1J+c0reiIh8GYohwKrBedFnQ/FnTls6bxY4fNHD+SZvFFgvU" |
| 139 | + "\nECBFOfRmRm7AFo51qT0t2a8qgvDLM6L1qGkmy94W28Q3OlcpF2QianHYdjyGT+Ac" |
| 140 | + "\nYDek1Zi/E/mdPzuVM/K8tkB7n8ktC0PTm1ZtdMRauE5R0WrEhWuF6In/2gy1Q/Zh" |
| 141 | + "\noy7/zQqpbPl2ouulvkx1Y3OXHM6XPNFLoHS1gH0HyAuBUokO0QmetRn6ngJSvz7e" |
| 142 | + "\nVD7QYRppGp+g4BxqaV9XSxhaaKrMs4PAld9enV51X9qjvjCRBve2QxtuJgMfGJdU" |
| 143 | + "\njGr/JweZoQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBADtxOtEseoLOVYh6sh4b" |
| 144 | + "\nWCdngK87uHn2bdGipFwKdNTxQDdxNQLAKdoGYIfbVsC1cDgFiufeNwVukxxymdnm" |
| 145 | + "\nk0GGK+0O0tZKENv8ysgfbgEsHpJH9FoR5Y5XEq1etejkcgCp59dyhrSk0DLyVm0D" |
| 146 | + "\nIfTC/nsK95H7AAGOkbbDFo2otyLNNrthYncQ9diAG0UzzLacA+86JXZmD3HyC48u" |
| 147 | + "\nI9hsivVnTTfl9afcfVAhfxbQ6HgkhZZjbjFjfABSd4v8wKlAAqK58VxCajNVOVcV" |
| 148 | + "\ncCzOWf6NpE7xEHCf32i8bWDP6hi0WgQcdpQwnZNKhhTLGNb23Uty6HYlJhbxexC7" |
| 149 | + "\nUoM=" |
| 150 | + "\n-----END CERTIFICATE REQUEST-----"; |
| 151 | } |
| 152 | |
| 153 | @Override |
Grace Kloba | 3af8e93 | 2009-06-19 15:03:46 -0700 | [diff] [blame] | 154 | public void addCertificate(byte[] cert) { |
Hung-ying Tyan | 1d51e50 | 2009-06-16 16:14:14 +0800 | [diff] [blame] | 155 | // TODO: real implementation |
| 156 | } |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 157 | |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 158 | // to here |
| 159 | |
| 160 | @Override |
| 161 | public int lock() { |
| 162 | Reply result = mServiceCommand.execute(ServiceCommand.LOCK, null); |
| 163 | return (result != null) ? result.returnCode : -1; |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 164 | } |
| 165 | |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 166 | @Override |
| 167 | public int unlock(String password) { |
| 168 | Reply result = mServiceCommand.execute(ServiceCommand.UNLOCK, |
| 169 | password); |
| 170 | return (result != null) ? result.returnCode : -1; |
Chung-yih Wang | 6d531bf | 2009-06-17 01:29:21 +0800 | [diff] [blame] | 171 | } |
| 172 | |
Chung-yih Wang | eec1182 | 2009-07-02 00:22:04 +0800 | [diff] [blame^] | 173 | @Override |
| 174 | public int getState() { |
| 175 | Reply result = mServiceCommand.execute(ServiceCommand.GET_STATE, |
| 176 | null); |
| 177 | return (result != null) ? result.returnCode : -1; |
| 178 | } |
| 179 | |
| 180 | @Override |
| 181 | public int changePassword(String oldPassword, String newPassword) { |
| 182 | Reply result = mServiceCommand.execute(ServiceCommand.PASSWD, |
| 183 | oldPassword + " " + newPassword); |
| 184 | return (result != null) ? result.returnCode : -1; |
| 185 | } |
| 186 | |
| 187 | @Override |
| 188 | public int setPassword(String firstPassword) { |
| 189 | Reply result = mServiceCommand.execute(ServiceCommand.PASSWD, |
| 190 | firstPassword); |
| 191 | return (result != null) ? result.returnCode : -1; |
| 192 | } |
| 193 | |
| 194 | @Override |
| 195 | public String[] listKeys(String namespace) { |
| 196 | Reply result = mServiceCommand.execute(ServiceCommand.LIST_KEYS, |
| 197 | namespace); |
| 198 | return (result != null) ? ((result.returnCode != 0) ? NOTFOUND : |
| 199 | new String(result.data, 0, result.len).split("\\s+")) |
| 200 | : NOTFOUND; |
| 201 | } |
| 202 | |
| 203 | @Override |
| 204 | public int put(String namespace, String keyname, String value) { |
| 205 | Reply result = mServiceCommand.execute(ServiceCommand.PUT_KEY, |
| 206 | namespace + " " + keyname + " " + value); |
| 207 | return (result != null) ? result.returnCode : -1; |
| 208 | } |
| 209 | |
| 210 | @Override |
| 211 | public String get(String namespace, String keyname) { |
| 212 | Reply result = mServiceCommand.execute(ServiceCommand.GET_KEY, |
| 213 | namespace + " " + keyname); |
| 214 | return (result != null) ? ((result.returnCode != 0) ? null : |
| 215 | new String(result.data, 0, result.len)) : null; |
| 216 | } |
| 217 | |
| 218 | @Override |
| 219 | public int remove(String namespace, String keyname) { |
| 220 | Reply result = mServiceCommand.execute(ServiceCommand.REMOVE_KEY, |
| 221 | namespace + " " + keyname); |
| 222 | return (result != null) ? result.returnCode : -1; |
| 223 | } |
| 224 | |
| 225 | @Override |
| 226 | public int reset() { |
| 227 | Reply result = mServiceCommand.execute(ServiceCommand.RESET, null); |
| 228 | return (result != null) ? result.returnCode : -1; |
| 229 | } |
Chung-yih Wang | 10e371f | 2009-06-10 18:45:14 +0800 | [diff] [blame] | 230 | } |
| 231 | } |