1adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/* 2adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Licensed to the Apache Software Foundation (ASF) under one or more 3adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * contributor license agreements. See the NOTICE file distributed with 4adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * this work for additional information regarding copyright ownership. 5adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * The ASF licenses this file to You under the Apache License, Version 2.0 6adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * (the "License"); you may not use this file except in compliance with 7adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the License. You may obtain a copy of the License at 8adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 9adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * http://www.apache.org/licenses/LICENSE-2.0 10adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 11adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Unless required by applicable law or agreed to in writing, software 12adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * distributed under the License is distributed on an "AS IS" BASIS, 13adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * See the License for the specific language governing permissions and 15adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * limitations under the License. 16adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 1738375a4d0b3d34e2babbd2f6a013976c7c439696Kenny Rootpackage org.conscrypt; 18adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 19adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.net.Socket; 20adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.KeyStore; 217365de1056414750d0a7d1fdd26025fd247f0d04Jesse Wilsonimport java.security.KeyStore.PrivateKeyEntry; 22adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.KeyStoreException; 23adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.NoSuchAlgorithmException; 24adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.Principal; 25adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.PrivateKey; 26adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.UnrecoverableEntryException; 27adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.cert.Certificate; 28adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.cert.X509Certificate; 292feeee4119506ed1511942f80fc2f7eb431afab7Elliott Hughesimport java.util.ArrayList; 306c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstromimport java.util.Arrays; 31adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.util.Enumeration; 32adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.util.Hashtable; 336c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstromimport java.util.List; 3478e3320540c8bdcbefba5ae1222ee18f6679ab33Elliott Hughesimport java.util.Locale; 35adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport javax.net.ssl.SSLEngine; 36adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport javax.net.ssl.X509ExtendedKeyManager; 37adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport javax.security.auth.x500.X500Principal; 38adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 39adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/** 40adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * KeyManager implementation. 41f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 42f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * This implementation uses hashed key store information. It works faster than retrieving all of the 43f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * data from the key store. Any key store changes, that happen after key manager was created, have 44f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * no effect. The implementation does not use peer information (host, port) that may be obtained 45f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * from socket or engine. 46f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 47adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @see javax.net.ssl.KeyManager 48f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 49adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 50adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectpublic class KeyManagerImpl extends X509ExtendedKeyManager { 51adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 52adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project // hashed key store information 53f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson private final Hashtable<String, PrivateKeyEntry> hash; 54adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 55adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 56adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Creates Key manager 57f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes * 58adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param keyStore 59adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param pwd 60adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 61adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public KeyManagerImpl(KeyStore keyStore, char[] pwd) { 62f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson this.hash = new Hashtable<String, PrivateKeyEntry>(); 63f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson final Enumeration<String> aliases; 64adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 65adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project aliases = keyStore.aliases(); 66adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (KeyStoreException e) { 67adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 68adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 69adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project for (; aliases.hasMoreElements();) { 70f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson final String alias = aliases.nextElement(); 71adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 72f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { 73f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson final KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) keyStore 74f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson .getEntry(alias, new KeyStore.PasswordProtection(pwd)); 75adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project hash.put(alias, entry); 76adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 77adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (KeyStoreException e) { 78adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project continue; 79adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (UnrecoverableEntryException e) { 80adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project continue; 81adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (NoSuchAlgorithmException e) { 82adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project continue; 83adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 84adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 85adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 86adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 878272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) { 888272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom final String[] al = chooseAlias(keyTypes, issuers); 89f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson return (al == null ? null : al[0]); 90adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 91adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 92f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { 93f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson final String[] al = chooseAlias(new String[] { keyType }, issuers); 94f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson return (al == null ? null : al[0]); 95adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 96adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 97adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public X509Certificate[] getCertificateChain(String alias) { 98adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (alias == null) { 99adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return null; 100adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 101adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (hash.containsKey(alias)) { 102f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson Certificate[] certs = hash.get(alias).getCertificateChain(); 103adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (certs[0] instanceof X509Certificate) { 104adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project X509Certificate[] xcerts = new X509Certificate[certs.length]; 105adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project for (int i = 0; i < certs.length; i++) { 106adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project xcerts[i] = (X509Certificate) certs[i]; 107adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 108adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return xcerts; 109adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 110adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 111adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return null; 112adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 113adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 114adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 115adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public String[] getClientAliases(String keyType, Principal[] issuers) { 116adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return chooseAlias(new String[] { keyType }, issuers); 117adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 118adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 119adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public String[] getServerAliases(String keyType, Principal[] issuers) { 120adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return chooseAlias(new String[] { keyType }, issuers); 121adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 122adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 123adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public PrivateKey getPrivateKey(String alias) { 124adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (alias == null) { 125adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return null; 126adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 127adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (hash.containsKey(alias)) { 128f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson return hash.get(alias).getPrivateKey(); 129adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 130adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return null; 131adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 132adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 133f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson @Override 1348272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom public String chooseEngineClientAlias(String[] keyTypes, Principal[] issuers, SSLEngine engine) { 1358272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom final String[] al = chooseAlias(keyTypes, issuers); 136f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson return (al == null ? null : al[0]); 137adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 138adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 139f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson @Override 140f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) { 141f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson final String[] al = chooseAlias(new String[] { keyType }, issuers); 142f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson return (al == null ? null : al[0]); 143adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 144adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 1458272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom private String[] chooseAlias(String[] keyTypes, Principal[] issuers) { 1468272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom if (keyTypes == null || keyTypes.length == 0) { 147adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return null; 148adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 1496c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom List<Principal> issuersList = (issuers == null) ? null : Arrays.asList(issuers); 1502feeee4119506ed1511942f80fc2f7eb431afab7Elliott Hughes ArrayList<String> found = new ArrayList<String>(); 151f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson for (Enumeration<String> aliases = hash.keys(); aliases.hasMoreElements();) { 152f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson final String alias = aliases.nextElement(); 153f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson final KeyStore.PrivateKeyEntry entry = hash.get(alias); 1546c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom final Certificate[] chain = entry.getCertificateChain(); 1556c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom final Certificate cert = chain[0]; 1566c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom final String certKeyAlg = cert.getPublicKey().getAlgorithm(); 1576c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom final String certSigAlg = (cert instanceof X509Certificate 15878e3320540c8bdcbefba5ae1222ee18f6679ab33Elliott Hughes ? ((X509Certificate) cert).getSigAlgName().toUpperCase(Locale.US) 1596c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom : null); 1608272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom for (String keyAlgorithm : keyTypes) { 1618272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom if (keyAlgorithm == null) { 1628272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom continue; 1638272b935bd238a37846ea76b8fcfe297abe1c7eeBrian Carlstrom } 16425adf29f112e58355fa0dca534783e9c02cc940bKenny Root final String sigAlgorithm; 1656c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom // handle cases like EC_EC and EC_RSA 1666c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom int index = keyAlgorithm.indexOf('_'); 1676c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom if (index == -1) { 16825adf29f112e58355fa0dca534783e9c02cc940bKenny Root sigAlgorithm = null; 1696c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom } else { 1706c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom sigAlgorithm = keyAlgorithm.substring(index + 1); 1716c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom keyAlgorithm = keyAlgorithm.substring(0, index); 1726c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom } 1736c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom // key algorithm does not match 1746c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom if (!certKeyAlg.equals(keyAlgorithm)) { 1754ae3fd787741bfe1b808f447dcb0785250024119Brian Carlstrom continue; 1766c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom } 1776c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom /* 1786c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * TODO find a more reliable test for signature 1796c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * algorithm. Unfortunately value varies with 1806c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * provider. For example for "EC" it could be 1816c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * "SHA1WithECDSA" or simply "ECDSA". 1826c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom */ 1836c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom // sig algorithm does not match 18425adf29f112e58355fa0dca534783e9c02cc940bKenny Root if (sigAlgorithm != null && certSigAlg != null 18525adf29f112e58355fa0dca534783e9c02cc940bKenny Root && !certSigAlg.contains(sigAlgorithm)) { 1866c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom continue; 1876c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom } 1886c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom // no issuers to match, just add to return list and continue 1896c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom if (issuers == null || issuers.length == 0) { 1906c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom found.add(alias); 1916c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom continue; 1926c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom } 1936c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom // check that a certificate in the chain was issued by one of the specified issuers 1948a7427fa40d7fec1eb0298e20688c5751111091fKenny Root for (Certificate certFromChain : chain) { 1956c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom if (!(certFromChain instanceof X509Certificate)) { 1966c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom // skip non-X509Certificates 1976c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom continue; 1986c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom } 1996c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom X509Certificate xcertFromChain = (X509Certificate) certFromChain; 2006c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom /* 2016c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * Note use of X500Principal from 2026c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * getIssuerX500Principal as opposed to Principal 2036c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * from getIssuerDN. Principal.equals test does 2046c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * not work in the case where 2056c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * xcertFromChain.getIssuerDN is a bouncycastle 2066c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom * org.bouncycastle.jce.X509Principal. 2076c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom */ 2086c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom X500Principal issuerFromChain = xcertFromChain.getIssuerX500Principal(); 2096c78b7b94c232063ec559436b48b33751373ecf1Brian Carlstrom if (issuersList.contains(issuerFromChain)) { 210adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project found.add(alias); 211adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 212adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 213adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 214adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 215f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson if (!found.isEmpty()) { 216f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson return found.toArray(new String[found.size()]); 217adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 218f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson return null; 219adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 220adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project} 221