70  * This is built on top of Android's keystore daemon. The convention of alias
90     public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException,
92         if (isPrivateKeyEntry(alias)) {
93             String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
96         } else if (isSecretKeyEntry(alias)) {
97             String secretKeyAlias = Credentials.USER_SECRET_KEY + alias;
107     public Certificate[] engineGetCertificateChain(String alias) {
108         if (alias == null) {
109             throw new NullPointerException("alias == null");
112         final X509Certificate leaf = (X509Certificate) engineGetCertificate(alias);
119         final byte[] caBytes = mKeyStore.get(Credentials.CA_CERTIFICATE + alias, mUid);
140     public Certificate engineGetCertificate(String alias) {
141         if (alias == null) {
142             throw new NullPointerException("alias == null");
145         byte[] encodedCert = mKeyStore.get(Credentials.USER_CERTIFICATE + alias, mUid);
147             return getCertificateForPrivateKeyEntry(alias, encodedCert);
150         encodedCert = mKeyStore.get(Credentials.CA_CERTIFICATE + alias, mUid);
155         // This entry/alias does not contain a certificate.
166     private Certificate getCertificateForPrivateKeyEntry(String alias, byte[] encodedCert) {
186         String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
195             // This KeyStore entry/alias is supposed to contain the private key corresponding to
205      * returned by the certificate contains information about the alias of the private key in
207      * find out which key alias to use. These operations cannot work without an alias.
238     private Date getModificationDate(String alias) {
239         final long epochMillis = mKeyStore.getmtime(alias, mUid);
248     public Date engineGetCreationDate(String alias) {
249         if (alias == null) {
250             throw new NullPointerException("alias == null");
253         Date d = getModificationDate(Credentials.USER_PRIVATE_KEY + alias);
258         d = getModificationDate(Credentials.USER_SECRET_KEY + alias);
263         d = getModificationDate(Credentials.USER_CERTIFICATE + alias);
268         return getModificationDate(Credentials.CA_CERTIFICATE + alias);
272     public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
279             setPrivateKeyEntry(alias, (PrivateKey) key, chain, null);
281             setSecretKeyEntry(alias, (SecretKey) key, null);
340     private void setPrivateKeyEntry(String alias, PrivateKey key, Certificate[] chain,
391          * alias as concatenated DER-encoded certificates. These can be
439             if (!alias.equals(keySubalias)) {
440                 throw new KeyStoreException("Can only replace keys with same alias: " + alias
522                 Credentials.deleteAllTypesForAlias(mKeyStore, alias, mUid);
525                         Credentials.USER_PRIVATE_KEY + alias,
538                 Credentials.deleteCertificateTypesForAlias(mKeyStore, alias, mUid);
539                 Credentials.deleteSecretKeyTypeForAlias(mKeyStore, alias, mUid);
543             int errorCode = mKeyStore.insert(Credentials.USER_CERTIFICATE + alias, userCertBytes,
551             errorCode = mKeyStore.insert(Credentials.CA_CERTIFICATE + alias, chainBytes,
561                     Credentials.deleteAllTypesForAlias(mKeyStore, alias, mUid);
563                     Credentials.deleteCertificateTypesForAlias(mKeyStore, alias, mUid);
564                     Credentials.deleteSecretKeyTypeForAlias(mKeyStore, alias, mUid);
585                 throw new KeyStoreException("KeyStore-backed secret key does not have an alias");
588                 throw new KeyStoreException("KeyStore-backed secret key has invalid alias: "
595                         + " alias: " + entryAlias + " != " + keyEntryAlias);
738     public void engineSetKeyEntry(String alias, byte[] userKey, Certificate[] chain)
744     public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException {
745         if (isKeyEntry(alias)) {
761         if (!mKeyStore.put(Credentials.CA_CERTIFICATE + alias, encoded, mUid, KeyStore.FLAG_NONE)) {
767     public void engineDeleteEntry(String alias) throws KeyStoreException {
768         if (!Credentials.deleteAllTypesForAlias(mKeyStore, alias, mUid)) {
769             throw new KeyStoreException("Failed to delete entry: " + alias);
780         for (String alias : rawAliases) {
781             final int idx = alias.indexOf('_');
782             if ((idx == -1) || (alias.length() <= idx)) {
783                 Log.e(NAME, "invalid alias: " + alias);
787             aliases.add(new String(alias.substring(idx + 1)));
799     public boolean engineContainsAlias(String alias) {
800         if (alias == null) {
801             throw new NullPointerException("alias == null");
804         return mKeyStore.contains(Credentials.USER_PRIVATE_KEY + alias, mUid)
805                 || mKeyStore.contains(Credentials.USER_SECRET_KEY + alias, mUid)
806                 || mKeyStore.contains(Credentials.USER_CERTIFICATE + alias, mUid)
807                 || mKeyStore.contains(Credentials.CA_CERTIFICATE + alias, mUid);
816     public boolean engineIsKeyEntry(String alias) {
817         return isKeyEntry(alias);
820     private boolean isKeyEntry(String alias) {
821         return isPrivateKeyEntry(alias) || isSecretKeyEntry(alias);
824     private boolean isPrivateKeyEntry(String alias) {
825         if (alias == null) {
826             throw new NullPointerException("alias == null");
829         return mKeyStore.contains(Credentials.USER_PRIVATE_KEY + alias, mUid);
832     private boolean isSecretKeyEntry(String alias) {
833         if (alias == null) {
834             throw new NullPointerException("alias == null");
837         return mKeyStore.contains(Credentials.USER_SECRET_KEY + alias, mUid);
840     private boolean isCertificateEntry(String alias) {
841         if (alias == null) {
842             throw new NullPointerException("alias == null");
845         return mKeyStore.contains(Credentials.CA_CERTIFICATE + alias, mUid);
849     public boolean engineIsCertificateEntry(String alias) {
850         return !isKeyEntry(alias) && isCertificateEntry(alias);
882             for (String alias : certAliases) {
883                 final byte[] certBytes = mKeyStore.get(Credentials.USER_CERTIFICATE + alias, mUid);
888                 nonCaEntries.add(alias);
891                     return alias;
902             for (String alias : caAliases) {
903                 if (nonCaEntries.contains(alias)) {
907                 final byte[] certBytes = mKeyStore.get(Credentials.CA_CERTIFICATE + alias, mUid);
913                     return alias;
960     public void engineSetEntry(String alias, Entry entry, ProtectionParameter param)
966         Credentials.deleteAllTypesForAlias(mKeyStore, alias, mUid);
971             engineSetCertificateEntry(alias, trE.getTrustedCertificate());
977             setPrivateKeyEntry(alias, prE.getPrivateKey(), prE.getCertificateChain(), param);
980             setSecretKeyEntry(alias, secE.getSecretKey(), param);
992      * crypto operations using public keys can find out which key alias to use. These operations
993      * require an alias.

Indexes created Thu Dec 22 05:45:36 CET 2016