diff options
author | Zoltan Szatmary-Ban <szatmz@google.com> | 2014-08-18 10:54:19 +0100 |
---|---|---|
committer | Zoltan Szatmary-Ban <szatmz@google.com> | 2014-09-08 18:17:18 +0100 |
commit | 3d25b3144669ceb787dfd00f1e312516c8fe6173 (patch) | |
tree | cfe03400cee7079309ea56807394805e90417fe4 | |
parent | 93772c3bc4a51019792e88c2a2e451f20895d73a (diff) | |
download | android_packages_apps_KeyChain-3d25b3144669ceb787dfd00f1e312516c8fe6173.tar.gz android_packages_apps_KeyChain-3d25b3144669ceb787dfd00f1e312516c8fe6173.tar.bz2 android_packages_apps_KeyChain-3d25b3144669ceb787dfd00f1e312516c8fe6173.zip |
Implement CACert retrieval in KeyChainService
CACerts from TrustedCertificateStore can now be retrieved via KeyChainService.
This allows for specifying the user whose certs we want to query.
Bug: 16029580
Change-Id: I8d7b24fd4664df5de03852c8166f7994f094cb93
-rw-r--r-- | src/com/android/keychain/KeyChainService.java | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java index 6e77357..58531ac 100644 --- a/src/com/android/keychain/KeyChainService.java +++ b/src/com/android/keychain/KeyChainService.java @@ -21,6 +21,7 @@ import android.content.ContentValues; import android.content.Context; import android.content.Intent; import android.content.pm.PackageManager; +import android.content.pm.ParceledListSlice; import android.database.Cursor; import android.database.DatabaseUtils; import android.database.sqlite.SQLiteDatabase; @@ -35,11 +36,17 @@ import android.security.IKeyChainService; import android.security.KeyChain; import android.security.KeyStore; import android.util.Log; +import com.android.internal.util.ParcelableString; import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.cert.CertificateException; +import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.util.Set; +import java.util.List; +import java.util.ArrayList; +import java.util.Collections; import com.android.org.conscrypt.TrustedCertificateStore; @@ -229,6 +236,82 @@ public class KeyChainService extends IntentService { setGrantInternal(mDatabaseHelper.getWritableDatabase(), uid, alias, value); broadcastStorageChange(); } + + private ParceledListSlice<ParcelableString> makeAliasesParcelableSynchronised( + Set<String> aliasSet) { + List<ParcelableString> aliases = new ArrayList<ParcelableString>(aliasSet.size()); + for (String alias : aliasSet) { + ParcelableString parcelableString = new ParcelableString(); + parcelableString.string = alias; + aliases.add(parcelableString); + } + return new ParceledListSlice<ParcelableString>(aliases); + } + + @Override + public ParceledListSlice<ParcelableString> getUserCaAliases() { + synchronized (mTrustedCertificateStore) { + Set<String> aliasSet = mTrustedCertificateStore.userAliases(); + return makeAliasesParcelableSynchronised(aliasSet); + } + } + + @Override + public ParceledListSlice<ParcelableString> getSystemCaAliases() { + synchronized (mTrustedCertificateStore) { + Set<String> aliasSet = mTrustedCertificateStore.allSystemAliases(); + return makeAliasesParcelableSynchronised(aliasSet); + } + } + + @Override + public boolean containsCaAlias(String alias) { + return mTrustedCertificateStore.containsAlias(alias); + } + + @Override + public byte[] getEncodedCaCertificate(String alias, boolean includeDeletedSystem) { + synchronized (mTrustedCertificateStore) { + X509Certificate certificate = (X509Certificate) mTrustedCertificateStore + .getCertificate(alias, includeDeletedSystem); + if (certificate == null) { + Log.w(TAG, "Could not find CA certificate " + alias); + return null; + } + try { + return certificate.getEncoded(); + } catch (CertificateEncodingException e) { + Log.w(TAG, "Error while encoding CA certificate " + alias); + return null; + } + } + } + + @Override + public List<String> getCaCertificateChainAliases(String rootAlias, + boolean includeDeletedSystem) { + synchronized (mTrustedCertificateStore) { + X509Certificate root = (X509Certificate) mTrustedCertificateStore.getCertificate( + rootAlias, includeDeletedSystem); + try { + List<X509Certificate> chain = mTrustedCertificateStore.getCertificateChain( + root); + List<String> aliases = new ArrayList<String>(chain.size()); + final int n = chain.size(); + for (int i = 0; i < n; ++i) { + String alias = mTrustedCertificateStore.getCertificateAlias(chain.get(i), + true); + if (alias != null) { + aliases.add(alias); + } + } + return aliases; + } catch (CertificateException e) { + Log.w(TAG, "Error retrieving cert chain for root " + rootAlias); + return Collections.emptyList(); + } + } + } }; private boolean hasGrantInternal(final SQLiteDatabase db, final int uid, final String alias) { |