Snap for 4511918 from 4b18d65b1d061288081ff8c31a7194816484941a to pi-release
Change-Id: Ib31eee50ea8a3915e62a6a4361d09c3b41694c4f
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java
index 8f460ec..3f695fe 100644
--- a/src/com/android/keychain/KeyChainService.java
+++ b/src/com/android/keychain/KeyChainService.java
@@ -179,6 +179,41 @@
return errorCode == KeyStore.NO_ERROR;
}
+ @Override public boolean setKeyPairCertificate(String alias, byte[] userCertificate,
+ byte[] userCertificateChain) {
+ checkSystemCaller();
+ if (!mKeyStore.isUnlocked()) {
+ Log.e(TAG, "Keystore is " + mKeyStore.state().toString() + ". Credentials cannot"
+ + " be installed until device is unlocked");
+ return false;
+ }
+
+ if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, userCertificate,
+ KeyStore.UID_SELF, KeyStore.FLAG_NONE)) {
+ Log.e(TAG, "Failed to import user certificate " + userCertificate);
+ return false;
+ }
+
+ if (userCertificateChain != null && userCertificateChain.length > 0) {
+ if (!mKeyStore.put(Credentials.CA_CERTIFICATE + alias, userCertificateChain,
+ KeyStore.UID_SELF, KeyStore.FLAG_NONE)) {
+ Log.e(TAG, "Failed to import certificate chain" + userCertificateChain);
+ if (!mKeyStore.delete(Credentials.USER_CERTIFICATE + alias)) {
+ Log.e(TAG, "Failed to clean up key chain after certificate chain"
+ + " importing failed");
+ }
+ return false;
+ }
+ } else {
+ if (!mKeyStore.delete(Credentials.CA_CERTIFICATE + alias)) {
+ Log.e(TAG, "Failed to remove CA certificate chain for alias " + alias);
+ }
+ }
+ broadcastKeychainChange();
+ broadcastLegacyStorageChange();
+ return true;
+ }
+
private void validateAlias(String alias) {
if (alias == null) {
throw new NullPointerException("alias == null");