110cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao/* 210cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * Copyright 2017 The Android Open Source Project 310cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * 410cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * Licensed under the Apache License, Version 2.0 (the "License"); 510cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * you may not use this file except in compliance with the License. 610cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * You may obtain a copy of the License at 710cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * 810cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * http://www.apache.org/licenses/LICENSE-2.0 910cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * 1010cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * Unless required by applicable law or agreed to in writing, software 1110cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * distributed under the License is distributed on an "AS IS" BASIS, 1210cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1310cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * See the License for the specific language governing permissions and 1410cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * limitations under the License. 1510cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao */ 1610cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao 1710cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raopackage com.android.server.wifi.hotspot2; 1810cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao 1910cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raoimport android.os.Environment; 2010cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raoimport android.util.Log; 2110cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao 2210cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raoimport java.io.IOException; 2310cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raoimport java.security.KeyStore; 2410cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raoimport java.security.KeyStoreException; 2510cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raoimport java.security.NoSuchAlgorithmException; 2610cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raoimport java.security.cert.CertificateException; 2710cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raoimport java.security.cert.X509Certificate; 2810cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raoimport java.util.Set; 2910cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao 3010cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao/** 3110cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * WFA Keystore 3210cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao */ 3310cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Raopublic class WfaKeyStore { 3410cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao private static final String TAG = "WfaKeyStore"; 3510cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao // The WFA Root certs are checked in to /system/ca-certificates/cacerts_wfa 3610cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao // The location on device is configured in the corresponding Android.mk 3710cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao private static final String DEFAULT_WFA_CERT_DIR = 3810cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao Environment.getRootDirectory() + "/etc/security/cacerts_wfa"; 3910cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao 4010cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao private boolean mVerboseLoggingEnabled = false; 4110cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao private KeyStore mKeyStore = null; 4210cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao 4310cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao /** 4410cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * Loads the keystore with root certificates 4510cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao */ 4610cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao public void load() { 4710cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao if (mKeyStore != null) { 4810cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao return; 4910cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao } 5010cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao int index = 0; 5110cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao try { 5210cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao mKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 5310cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao mKeyStore.load(null, null); 5410cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao Set<X509Certificate> certs = WfaCertBuilder.loadCertsFromDisk(DEFAULT_WFA_CERT_DIR); 5510cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao for (X509Certificate cert : certs) { 5610cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao mKeyStore.setCertificateEntry(String.format("%d", index), cert); 5710cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao index++; 5810cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao } 5910cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao if (index <= 0) { 6010cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao Log.wtf(TAG, "No certs loaded"); 6110cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao } 6210cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException 6310cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao | IOException e) { 6410cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao e.printStackTrace(); 6510cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao } 6610cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao } 6710cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao 6810cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao /** 6910cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * Returns the underlying keystore object 7010cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao * @return KeyStore Underlying keystore object created 7110cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao */ 7210cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao public KeyStore get() { 7310cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao return mKeyStore; 7410cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao } 7510cae9629e422c2c21f6167ef9c59a2c446d0aa3Sohani Rao} 76