diff options
author | Kenny Root <kroot@google.com> | 2012-03-27 20:42:00 -0700 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2012-03-27 20:42:00 -0700 |
commit | b9bae2cd234ed07d72cf73616d15774860eac023 (patch) | |
tree | 17ea66e1c2a69d42c4b9366d6391ac77e41003cd | |
parent | 9c2b71c70b3086784f6d26d601dc3e9212c228b3 (diff) | |
parent | 6f1f03bcae70792bbd8bc0aecb90c7b9c43b76b5 (diff) | |
download | android_packages_apps_KeyChain-b9bae2cd234ed07d72cf73616d15774860eac023.tar.gz android_packages_apps_KeyChain-b9bae2cd234ed07d72cf73616d15774860eac023.tar.bz2 android_packages_apps_KeyChain-b9bae2cd234ed07d72cf73616d15774860eac023.zip |
Merge "Convert to new KeyStore format"
4 files changed, 33 insertions, 19 deletions
diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java index 1ab3ad3..8d26643 100644 --- a/src/com/android/keychain/KeyChainService.java +++ b/src/com/android/keychain/KeyChainService.java @@ -25,7 +25,9 @@ import android.database.Cursor; import android.database.DatabaseUtils; import android.database.sqlite.SQLiteDatabase; import android.database.sqlite.SQLiteOpenHelper; +import android.os.Binder; import android.os.IBinder; +import android.os.Process; import android.security.Credentials; import android.security.IKeyChainService; import android.security.KeyChain; @@ -82,15 +84,30 @@ public class KeyChainService extends IntentService { private final TrustedCertificateStore mTrustedCertificateStore = new TrustedCertificateStore(); - @Override public byte[] getPrivateKey(String alias) { - return getKeyStoreEntry(Credentials.USER_PRIVATE_KEY, alias); + @Override + public String requestPrivateKey(String alias) { + checkArgs(alias); + + final String keystoreAlias = Credentials.USER_PRIVATE_KEY + alias; + final int uid = Binder.getCallingUid(); + if (!mKeyStore.grant(keystoreAlias, uid)) { + return null; + } + + final StringBuilder sb = new StringBuilder(); + sb.append(Process.SYSTEM_UID); + sb.append('_'); + sb.append(keystoreAlias); + + return sb.toString(); } @Override public byte[] getCertificate(String alias) { - return getKeyStoreEntry(Credentials.USER_CERTIFICATE, alias); + checkArgs(alias); + return mKeyStore.get(Credentials.USER_CERTIFICATE + alias); } - private byte[] getKeyStoreEntry(String type, String alias) { + private void checkArgs(String alias) { if (alias == null) { throw new NullPointerException("alias == null"); } @@ -102,12 +119,6 @@ public class KeyChainService extends IntentService { throw new IllegalStateException("uid " + callingUid + " doesn't have permission to access the requested alias"); } - String key = type + alias; - byte[] bytes = mKeyStore.get(key); - if (bytes == null) { - return null; - } - return bytes; } private boolean isKeyStoreUnlocked() { diff --git a/support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl b/support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl index ba85b68..0921f2e 100644 --- a/support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl +++ b/support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl @@ -33,6 +33,7 @@ interface IKeyChainServiceTestSupport { boolean keystoreReset(); boolean keystorePassword(String password); boolean keystorePut(String key, in byte[] value); + boolean keystoreImportKey(String key, in byte[] value); void revokeAppPermission(int uid, String alias); void grantAppPermission(int uid, String alias); } diff --git a/support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java b/support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java index 9216d67..843c18c 100644 --- a/support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java +++ b/support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java @@ -43,6 +43,10 @@ public class KeyChainServiceTestSupport extends Service { Log.d(TAG, "keystorePut"); return mKeyStore.put(key, value); } + @Override public boolean keystoreImportKey(String key, byte[] value) { + Log.d(TAG, "keystoreImport"); + return mKeyStore.importKey(key, value); + } @Override public void revokeAppPermission(final int uid, final String alias) throws RemoteException { diff --git a/tests/src/com/android/keychain/tests/KeyChainServiceTest.java b/tests/src/com/android/keychain/tests/KeyChainServiceTest.java index 1da100c..e8236aa 100644 --- a/tests/src/com/android/keychain/tests/KeyChainServiceTest.java +++ b/tests/src/com/android/keychain/tests/KeyChainServiceTest.java @@ -172,16 +172,16 @@ public class KeyChainServiceTest extends Service { Certificate intermediate2 = pke2.getCertificateChain()[1]; Certificate root2 = TestKeyStore.getServer().getRootCertificate("RSA"); - assertTrue(mSupport.keystorePut(alias1Pkey, - Credentials.convertToPem(pke1.getPrivateKey()))); + assertTrue(mSupport.keystoreImportKey(alias1Pkey, + pke1.getPrivateKey().getEncoded())); assertTrue(mSupport.keystorePut(alias1Cert, Credentials.convertToPem(pke1.getCertificate()))); assertTrue(mSupport.keystorePut(alias1ICert, Credentials.convertToPem(intermediate1))); assertTrue(mSupport.keystorePut(alias1RCert, Credentials.convertToPem(root1))); - assertTrue(mSupport.keystorePut(alias2Pkey, - Credentials.convertToPem(pke2.getPrivateKey()))); + assertTrue(mSupport.keystoreImportKey(alias2Pkey, + pke2.getPrivateKey().getEncoded())); assertTrue(mSupport.keystorePut(alias2Cert, Credentials.convertToPem(pke2.getCertificate()))); assertTrue(mSupport.keystorePut(alias2ICert, @@ -204,10 +204,8 @@ public class KeyChainServiceTest extends Service { mSupport.grantAppPermission(getApplicationInfo().uid, alias1); // don't grant alias2, so it can be done manually with KeyChainTestActivity Log.d(TAG, "test_KeyChainService positive testing"); - byte[] privateKey = mService.getPrivateKey(alias1); - assertNotNull(privateKey); - assertEquals(Arrays.toString(Credentials.convertToPem(pke1.getPrivateKey())), - Arrays.toString(privateKey)); + assertNotNull("Requesting private key should succeed", + mService.requestPrivateKey(alias1)); byte[] certificate = mService.getCertificate(alias1); assertNotNull(certificate); @@ -217,7 +215,7 @@ public class KeyChainServiceTest extends Service { Log.d(TAG, "test_KeyChainService negative testing"); mSupport.revokeAppPermission(getApplicationInfo().uid, alias2); try { - mService.getPrivateKey(alias2); + mService.requestPrivateKey(alias2); fail(); } catch (IllegalStateException expected) { } |