1adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/* 2adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Licensed to the Apache Software Foundation (ASF) under one or more 3adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * contributor license agreements. See the NOTICE file distributed with 4adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * this work for additional information regarding copyright ownership. 5adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * The ASF licenses this file to You under the Apache License, Version 2.0 6adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * (the "License"); you may not use this file except in compliance with 7adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the License. You may obtain a copy of the License at 8adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 9adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * http://www.apache.org/licenses/LICENSE-2.0 10adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 11adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Unless required by applicable law or agreed to in writing, software 12adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * distributed under the License is distributed on an "AS IS" BASIS, 13adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * See the License for the specific language governing permissions and 15adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * limitations under the License. 16adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 17adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 18adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectpackage java.security; 19adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 20adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.io.IOException; 21adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.io.InputStream; 22adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.io.OutputStream; 23adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.cert.Certificate; 24adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.cert.CertificateException; 25adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.util.Date; 26adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.util.Enumeration; 27adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport javax.crypto.SecretKey; 28adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport javax.security.auth.callback.CallbackHandler; 29adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport javax.security.auth.callback.PasswordCallback; 30adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 31adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/** 32adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@code KeyStoreSpi} is the Service Provider Interface (SPI) definition for 33adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@link KeyStore}. 342f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 35adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @see KeyStore 36adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 37adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectpublic abstract class KeyStoreSpi { 38adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 39adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 40adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the key with the given alias, using the password to recover the 41adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * key from the store. 422f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 43adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 44adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the entry. 45adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param password 46adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the password used to recover the key. 47adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return the key with the specified alias, or {@code null} if the 48adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * specified alias is not bound to an entry. 49adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws NoSuchAlgorithmException 50adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the algorithm for recovering the key is not available. 51adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws UnrecoverableKeyException 52adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the key can not be recovered. 53adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 54adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract Key engineGetKey(String alias, char[] password) 55adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throws NoSuchAlgorithmException, UnrecoverableKeyException; 56adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 57adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 58adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the certificate chain for the entry with the given alias. 592f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 60adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 61adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the entry 62adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return the certificate chain for the entry with the given alias, or 63adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@code null} if the specified alias is not bound to an entry. 64adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 65adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract Certificate[] engineGetCertificateChain(String alias); 66adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 67adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 68adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the trusted certificate for the entry with the given alias. 692f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 70adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 71adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the entry. 72adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return the trusted certificate for the entry with the given alias, or 73adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@code null} if the specified alias is not bound to an entry. 74adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 75adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract Certificate engineGetCertificate(String alias); 76adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 77adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 78adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the creation date of the entry with the given alias. 792f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 80adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 81adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the entry. 82adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return the creation date, or {@code null} if the specified alias is not 83adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * bound to an entry. 84adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 85adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract Date engineGetCreationDate(String alias); 86adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 87adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 88adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Associates the given alias with the key, password and certificate chain. 89adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * <p> 90adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * If the specified alias already exists, it will be reassigned. 912f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 92adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 93adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the key. 94adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param key 95adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the key. 96adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param password 97adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the password. 98adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param chain 99adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the certificate chain. 100adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws KeyStoreException 101adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the specified key can not be protected, or if this 102adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * operation fails for another reason. 103adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws IllegalArgumentException 104adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if {@code key} is a {@code PrivateKey} and {@code chain} does 105adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * not contain any certificates. 106adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 107adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract void engineSetKeyEntry(String alias, Key key, 108adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project char[] password, Certificate[] chain) throws KeyStoreException; 109adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 110adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 111adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Associates the given alias with a key and a certificate chain. 112adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * <p> 113adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * If the specified alias already exists, it will be reassigned. 1142f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 115adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 116adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the key. 117adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param key 118adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the key in an encoded format. 119adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param chain 120adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the certificate chain. 121adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws KeyStoreException 122adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if this operation fails. 123adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws IllegalArgumentException 124adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if {@code key} is a {@code PrivateKey} and {@code chain} 125adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * does. 126adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 127adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract void engineSetKeyEntry(String alias, byte[] key, 128adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project Certificate[] chain) throws KeyStoreException; 129adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 130adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 131adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Associates the given alias with a certificate. 132adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * <p> 133adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * If the specified alias already exists, it will be reassigned. 1342f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 135adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 136adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the certificate. 137adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param cert 138adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the certificate. 139adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws KeyStoreException 140adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if an existing alias is not associated to an entry containing 141adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * a trusted certificate, or this method fails for any other 142adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * reason. 143adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 144adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract void engineSetCertificateEntry(String alias, 145adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project Certificate cert) throws KeyStoreException; 146adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 147adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 148adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Deletes the entry identified with the given alias from this {@code 149adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * KeyStoreSpi}. 1502f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 151adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 152adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the entry. 153adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws KeyStoreException 154adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the entry can not be deleted. 155adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 156adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract void engineDeleteEntry(String alias) 157adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throws KeyStoreException; 158adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 159adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 160adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns an {@code Enumeration} over all alias names stored in this 161adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@code KeyStoreSpi}. 1622f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 163adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return an {@code Enumeration} over all alias names stored in this 164adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@code KeyStoreSpi}. 165adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 166adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract Enumeration<String> engineAliases(); 167adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 168adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 169adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Indicates whether the given alias is present in this {@code KeyStoreSpi}. 1702f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 171adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 172adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias of an entry. 173adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return {@code true} if the alias exists, {@code false} otherwise. 174adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 175adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract boolean engineContainsAlias(String alias); 176adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 177adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 178adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the number of entries stored in this {@code KeyStoreSpi}. 1792f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 180adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return the number of entries stored in this {@code KeyStoreSpi}. 181adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 182adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract int engineSize(); 183adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 184adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 185adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Indicates whether the specified alias is associated with either a 186adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@link KeyStore.PrivateKeyEntry} or a {@link KeyStore.SecretKeyEntry}. 1872f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 188adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 189adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias of an entry. 190adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return {@code true} if the given alias is associated with a key entry. 191adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 192adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract boolean engineIsKeyEntry(String alias); 193adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 194adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 195adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Indicates whether the specified alias is associated with a 196adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@link KeyStore.TrustedCertificateEntry}. 1972f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 198adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 199adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias of an entry. 200adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return {@code true} if the given alias is associated with a certificate 201adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * entry. 202adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 203adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract boolean engineIsCertificateEntry(String alias); 204adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 205adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 206adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the alias associated with the first entry whose certificate 207adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * matches the specified certificate. 2082f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 209adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param cert 210adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the certificate to find the associated entry's alias for. 211adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return the alias or {@code null} if no entry with the specified 212adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * certificate can be found. 213adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 214adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract String engineGetCertificateAlias(Certificate cert); 215adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 216adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 217adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Writes this {@code KeyStoreSpi} to the specified {@code OutputStream}. 218adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * The data written to the {@code OutputStream} is protected by the 219adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * specified password. 2202f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 221adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param stream 222adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the {@code OutputStream} to write the store's data to. 223adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param password 224adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the password to protect the data. 225adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws IOException 226adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if a problem occurred while writing to the stream. 227adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws NoSuchAlgorithmException 228adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the required algorithm is not available. 229adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws CertificateException 230adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the an exception occurred while storing the certificates 231adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * of this code {@code KeyStoreSpi}. 232adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 233adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract void engineStore(OutputStream stream, char[] password) 234adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throws IOException, NoSuchAlgorithmException, CertificateException; 235adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 236adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 237adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Stores this {@code KeyStoreSpi} using the specified {@code 238adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * LoadStoreParameter}. 2392f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 240adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param param 241adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the {@code LoadStoreParameter} that specifies how to store 242adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * this {@code KeyStoreSpi}, maybe {@code null}. 243adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws IOException 244adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if a problem occurred while writing to the stream. 245adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws NoSuchAlgorithmException 246adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the required algorithm is not available. 247adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws CertificateException 248adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the an exception occurred while storing the certificates 249adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * of this code {@code KeyStoreSpi}. 250adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws IllegalArgumentException 251adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the given {@link KeyStore.LoadStoreParameter} is not 252adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * recognized. 253adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 254adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public void engineStore(KeyStore.LoadStoreParameter param) 255adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throws IOException, NoSuchAlgorithmException, CertificateException { 256897538a36c18f4db8f9f68ee566aec0bda842e9fElliott Hughes throw new UnsupportedOperationException(); 257adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 258adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 259adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 260adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Loads this {@code KeyStoreSpi} from the given {@code InputStream}. 261adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Utilizes the given password to verify the stored data. 2622f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 263adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param stream 264adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the {@code InputStream} to load this {@code KeyStoreSpi}'s 265adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * data from. 266adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param password 267adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the password to verify the stored data, maybe {@code null}. 268adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws IOException 269adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if a problem occurred while reading from the stream. 270adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws NoSuchAlgorithmException 271adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the required algorithm is not available. 272adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws CertificateException 273adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the an exception occurred while loading the certificates 274adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * of this code {@code KeyStoreSpi}. 275adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 276adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public abstract void engineLoad(InputStream stream, char[] password) 277adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throws IOException, NoSuchAlgorithmException, CertificateException; 278adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 279adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 280adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Loads this {@code KeyStoreSpi} using the specified {@code 281adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * LoadStoreParameter}. 2822f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 283adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param param 284adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the {@code LoadStoreParameter} that specifies how to load this 285adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@code KeyStoreSpi}, maybe {@code null}. 286adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws IOException 287adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if a problem occurred while reading from the stream. 288adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws NoSuchAlgorithmException 289adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the required algorithm is not available. 290adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws CertificateException 291adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the an exception occurred while loading the certificates 292adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * of this code {@code KeyStoreSpi}. 293adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws IllegalArgumentException 294adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the given {@link KeyStore.LoadStoreParameter} is not 295adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * recognized. 296adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 297adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public void engineLoad(KeyStore.LoadStoreParameter param) 298adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throws IOException, NoSuchAlgorithmException, CertificateException { 299adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (param == null) { 300adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project engineLoad(null, null); 301adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 302adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 303adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project char[] pwd; 304adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project KeyStore.ProtectionParameter pp = param.getProtectionParameter(); 305adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (pp instanceof KeyStore.PasswordProtection) { 306adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 307adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project pwd = ((KeyStore.PasswordProtection) pp).getPassword(); 308adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project engineLoad(null, pwd); 309adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 310adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (IllegalStateException e) { 311adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throw new IllegalArgumentException(e); 312adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 313adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 314adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (pp instanceof KeyStore.CallbackHandlerProtection) { 315adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 316adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project pwd = getPasswordFromCallBack(pp); 317adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project engineLoad(null, pwd); 318adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 319adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (UnrecoverableEntryException e) { 320adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throw new IllegalArgumentException(e); 321adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 322adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 323e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom throw new UnsupportedOperationException("protectionParameter is neither PasswordProtection " 324e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom + "nor CallbackHandlerProtection instance"); 325adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 326adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 327adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 328adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the {@code Entry} with the given alias, using the specified 329adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@code ProtectionParameter}. 3302f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 331adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 332adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias of the requested entry. 333adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param protParam 334adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the {@code ProtectionParameter}, used to protect the requested 335adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * entry, maybe {@code null}. 336adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return he {@code Entry} with the given alias, using the specified 337adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * {@code ProtectionParameter}. 338adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws NoSuchAlgorithmException 339adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the required algorithm is not available. 340adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws UnrecoverableEntryException 341adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the entry can not be recovered. 342adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws KeyStoreException 343adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if this operation fails 344adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 345adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public KeyStore.Entry engineGetEntry(String alias, 346adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project KeyStore.ProtectionParameter protParam) throws KeyStoreException, 347adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project NoSuchAlgorithmException, UnrecoverableEntryException { 348adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (!engineContainsAlias(alias)) { 349adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return null; 350adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 351adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (engineIsCertificateEntry(alias)) { 352adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return new KeyStore.TrustedCertificateEntry( 353adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project engineGetCertificate(alias)); 354adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 355adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project char[] passW = null; 356adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (protParam != null) { 357adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (protParam instanceof KeyStore.PasswordProtection) { 358adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 359adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project passW = ((KeyStore.PasswordProtection) protParam) 360adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project .getPassword(); 361adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (IllegalStateException ee) { 362897538a36c18f4db8f9f68ee566aec0bda842e9fElliott Hughes throw new KeyStoreException("Password was destroyed", ee); 363adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 364adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } else if (protParam instanceof KeyStore.CallbackHandlerProtection) { 365adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project passW = getPasswordFromCallBack(protParam); 366adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } else { 367e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom throw new UnrecoverableEntryException("ProtectionParameter object is not " 368e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom + "PasswordProtection: " + protParam); 369adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 370adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 371adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (engineIsKeyEntry(alias)) { 372e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom Key key = engineGetKey(alias, passW); 373e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom if (key instanceof PrivateKey) { 374e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom return new KeyStore.PrivateKeyEntry((PrivateKey) key, 375e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom engineGetCertificateChain(alias)); 376e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom } 377e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom if (key instanceof SecretKey) { 378e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom return new KeyStore.SecretKeyEntry((SecretKey) key); 379adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 380adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 381897538a36c18f4db8f9f68ee566aec0bda842e9fElliott Hughes throw new NoSuchAlgorithmException("Unknown KeyStore.Entry object"); 382adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 383adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 384adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 385adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Stores the given {@code Entry} in this {@code KeyStoreSpi} and associates 386adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the entry with the given {@code alias}. The entry is protected by the 387adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * specified {@code ProtectionParameter}. 388adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * <p> 389adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * If the specified alias already exists, it will be reassigned. 3902f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 391adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 392adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the entry. 393adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param entry 394adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the entry to store. 395adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param protParam 396adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the {@code ProtectionParameter} to protect the entry. 397adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws KeyStoreException 398adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if this operation fails. 399adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 400adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public void engineSetEntry(String alias, KeyStore.Entry entry, 401adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project KeyStore.ProtectionParameter protParam) throws KeyStoreException { 402adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (entry == null) { 403897538a36c18f4db8f9f68ee566aec0bda842e9fElliott Hughes throw new KeyStoreException("entry == null"); 404adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 405adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 406adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (engineContainsAlias(alias)) { 407adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project engineDeleteEntry(alias); 408adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 409adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 410adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (entry instanceof KeyStore.TrustedCertificateEntry) { 411adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project KeyStore.TrustedCertificateEntry trE = (KeyStore.TrustedCertificateEntry) entry; 412adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project engineSetCertificateEntry(alias, trE.getTrustedCertificate()); 413adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 414adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 415adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 416adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project char[] passW = null; 417d951031b428eb2885dca51e0484d5d29e0caad44Brian Carlstrom if (protParam != null) { 418d951031b428eb2885dca51e0484d5d29e0caad44Brian Carlstrom if (protParam instanceof KeyStore.PasswordProtection) { 419d951031b428eb2885dca51e0484d5d29e0caad44Brian Carlstrom try { 420d951031b428eb2885dca51e0484d5d29e0caad44Brian Carlstrom passW = ((KeyStore.PasswordProtection) protParam).getPassword(); 421d951031b428eb2885dca51e0484d5d29e0caad44Brian Carlstrom } catch (IllegalStateException ee) { 422d951031b428eb2885dca51e0484d5d29e0caad44Brian Carlstrom throw new KeyStoreException("Password was destroyed", ee); 423d951031b428eb2885dca51e0484d5d29e0caad44Brian Carlstrom } 424d951031b428eb2885dca51e0484d5d29e0caad44Brian Carlstrom } else if (protParam instanceof KeyStore.CallbackHandlerProtection) { 425adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 426adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project passW = getPasswordFromCallBack(protParam); 427adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (Exception e) { 428adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throw new KeyStoreException(e); 429adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 430adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } else { 431e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom throw new KeyStoreException("protParam should be PasswordProtection or " 432e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom + "CallbackHandlerProtection"); 433adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 434adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 435adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 436adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (entry instanceof KeyStore.PrivateKeyEntry) { 437adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project KeyStore.PrivateKeyEntry prE = (KeyStore.PrivateKeyEntry) entry; 438adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project engineSetKeyEntry(alias, prE.getPrivateKey(), passW, prE 439adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project .getCertificateChain()); 440adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 441adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 442adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 443adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (entry instanceof KeyStore.SecretKeyEntry) { 444adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project KeyStore.SecretKeyEntry skE = (KeyStore.SecretKeyEntry) entry; 445adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project engineSetKeyEntry(alias, skE.getSecretKey(), passW, null); 446adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project // engineSetKeyEntry(alias, skE.getSecretKey().getEncoded(), null); 447adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return; 448adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 449adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 450e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom throw new KeyStoreException("Entry object is neither PrivateKeyObject nor SecretKeyEntry " 451e3a187163504f00c98bd75cbd8bcbdde123ae2cdBrian Carlstrom + "nor TrustedCertificateEntry: " + entry); 452adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 453adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 454adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 455adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Indicates whether the entry for the given alias is assignable to the 456adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * provided {@code Class}. 4572f9e468ed4985edfd5e351faf2089d91e561e41dElliott Hughes * 458adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param alias 459adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the alias for the entry. 460adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param entryClass 461adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the type of the entry. 462adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return {@code true} if the {@code Entry} for the alias is assignable to 463adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the specified {@code entryClass}. 464adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 465adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public boolean engineEntryInstanceOf(String alias, 466adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project Class<? extends KeyStore.Entry> entryClass) { 467adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (!engineContainsAlias(alias)) { 468adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return false; 469adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 470adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 471adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 472adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (engineIsCertificateEntry(alias)) { 473adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return entryClass 474adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project .isAssignableFrom(Class 475f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes .forName("java.security.KeyStore$TrustedCertificateEntry")); 476adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 477adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 478adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (engineIsKeyEntry(alias)) { 479adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (entryClass.isAssignableFrom(Class 480f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes .forName("java.security.KeyStore$PrivateKeyEntry"))) { 481adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return engineGetCertificate(alias) != null; 482adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 483adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 484adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (entryClass.isAssignableFrom(Class 485f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes .forName("java.security.KeyStore$SecretKeyEntry"))) { 486adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return engineGetCertificate(alias) == null; 487adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 488adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 489adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (ClassNotFoundException ignore) {} 490adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 491adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return false; 492adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 493adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 494adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /* 495adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * This method returns password which is encapsulated in 496adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * CallbackHandlerProtection object If there is no implementation of 497adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * CallbackHandler then this method returns null 498adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 499adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project static char[] getPasswordFromCallBack(KeyStore.ProtectionParameter protParam) 500adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throws UnrecoverableEntryException { 501adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 502adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (protParam == null) { 503adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return null; 504adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 505adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 506adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (!(protParam instanceof KeyStore.CallbackHandlerProtection)) { 507897538a36c18f4db8f9f68ee566aec0bda842e9fElliott Hughes throw new UnrecoverableEntryException("Incorrect ProtectionParameter"); 508adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 509adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 510897538a36c18f4db8f9f68ee566aec0bda842e9fElliott Hughes String clName = Security.getProperty("auth.login.defaultCallbackHandler"); 511adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project if (clName == null) { 512897538a36c18f4db8f9f68ee566aec0bda842e9fElliott Hughes throw new UnrecoverableEntryException("Default CallbackHandler was not defined"); 513adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 514adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 515adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 516adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project try { 517adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project Class<?> cl = Class.forName(clName); 518adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project CallbackHandler cbHand = (CallbackHandler) cl.newInstance(); 519f33eae7e84eb6d3b0f4e86b59605bb3de73009f3Elliott Hughes PasswordCallback[] pwCb = { new PasswordCallback("password: ", true) }; 520adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project cbHand.handle(pwCb); 521adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project return pwCb[0].getPassword(); 522adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } catch (Exception e) { 523adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project throw new UnrecoverableEntryException(e.toString()); 524adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 525adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 526adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project} 527