180      * private key and associated certificate chain will be installed.
548      * Returns the {@code X509Certificate} chain for the requested
551      * <strong>Note:</strong> If a certificate chain was explicitly specified when the alias was
552      * installed, this method will return that chain. If only the client certificate was specified
553      * at the installation time, this method will try to build a certificate chain using all
562      * @param alias The alias of the desired certificate chain, typically
592             // If the keypair is installed with a certificate chain by either
593             // DevicePolicyManager.installKeyPair or CertInstaller, return that chain.
595                 Collection<X509Certificate> chain = toCertificates(certChainBytes);
596                 ArrayList<X509Certificate> fullChain = new ArrayList<>(chain.size() + 1);
598                 fullChain.addAll(chain);
601                 // If there isn't a certificate chain, either due to a pre-existing keypair
602                 // installed before N, or no chain is explicitly installed under the new logic,
603                 // fall back to old behavior of constructing the chain from trusted credentials.
606                 // the cost of potentially returning extra certificate chain for new clients who
607                 // explicitly installed only the client certificate without a chain. The latter
609                 // in that sense this change introduces no regression. Besides the returned chain
610                 // is still valid so the consumer of the chain should have no problem verifying it.
612                 List<X509Certificate> chain = store.getCertificateChain(leafCert);
613                 return chain.toArray(new X509Certificate[chain.size()]);

Indexes created Sun Aug 12 02:23:12 CEST 2018