Examples with CertificateException java.security.cert.CertificateException used on opensource projects

Example 86 with CertificateException

use of java.security.cert.CertificateException in project platform_frameworks_base by android.

the class LockSettingsService method setLockPasswordInternal.

private void setLockPasswordInternal(String password, String savedCredential, int userId) throws RemoteException {
    byte[] currentHandle = getCurrentHandle(userId);
    if (password == null) {
        clearUserKeyProtection(userId);
        getGateKeeperService().clearSecureUserId(userId);
        mStorage.writePasswordHash(null, userId);
        setKeystorePassword(null, userId);
        fixateNewestUserKeyAuth(userId);
        onUserLockChanged(userId);
        return;
    }
    if (isManagedProfileWithUnifiedLock(userId)) {
        // get credential from keystore when managed profile has unified lock
        try {
            savedCredential = getDecryptedPasswordForTiedProfile(userId);
        } catch (FileNotFoundException e) {
            Slog.i(TAG, "Child profile key not found");
        } catch (UnrecoverableKeyException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | CertificateException | IOException e) {
            Slog.e(TAG, "Failed to decrypt child profile key", e);
        }
    } else {
        if (currentHandle == null) {
            if (savedCredential != null) {
                Slog.w(TAG, "Saved credential provided, but none stored");
            }
            savedCredential = null;
        }
    }
    byte[] enrolledHandle = enrollCredential(currentHandle, savedCredential, password, userId);
    if (enrolledHandle != null) {
        CredentialHash willStore = new CredentialHash(enrolledHandle, CredentialHash.VERSION_GATEKEEPER);
        setUserKeyProtection(userId, password, doVerifyPassword(password, willStore, true, 0, userId, null));
        mStorage.writePasswordHash(enrolledHandle, userId);
        fixateNewestUserKeyAuth(userId);
        onUserLockChanged(userId);
    } else {
        throw new RemoteException("Failed to enroll password");
    }
}

Example 87 with CertificateException

use of java.security.cert.CertificateException in project platform_frameworks_base by android.

the class LockSettingsService method setLockPatternInternal.

private void setLockPatternInternal(String pattern, String savedCredential, int userId) throws RemoteException {
    byte[] currentHandle = getCurrentHandle(userId);
    if (pattern == null) {
        clearUserKeyProtection(userId);
        getGateKeeperService().clearSecureUserId(userId);
        mStorage.writePatternHash(null, userId);
        setKeystorePassword(null, userId);
        fixateNewestUserKeyAuth(userId);
        onUserLockChanged(userId);
        return;
    }
    if (isManagedProfileWithUnifiedLock(userId)) {
        // get credential from keystore when managed profile has unified lock
        try {
            savedCredential = getDecryptedPasswordForTiedProfile(userId);
        } catch (UnrecoverableKeyException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | CertificateException | IOException e) {
            if (e instanceof FileNotFoundException) {
                Slog.i(TAG, "Child profile key not found");
            } else {
                Slog.e(TAG, "Failed to decrypt child profile key", e);
            }
        }
    } else {
        if (currentHandle == null) {
            if (savedCredential != null) {
                Slog.w(TAG, "Saved credential provided, but none stored");
            }
            savedCredential = null;
        }
    }
    byte[] enrolledHandle = enrollCredential(currentHandle, savedCredential, pattern, userId);
    if (enrolledHandle != null) {
        CredentialHash willStore = new CredentialHash(enrolledHandle, CredentialHash.VERSION_GATEKEEPER);
        setUserKeyProtection(userId, pattern, doVerifyPattern(pattern, willStore, true, 0, userId, null));
        mStorage.writePatternHash(enrolledHandle, userId);
        fixateNewestUserKeyAuth(userId);
        onUserLockChanged(userId);
    } else {
        throw new RemoteException("Failed to enroll pattern");
    }
}

Example 88 with CertificateException

use of java.security.cert.CertificateException in project platform_frameworks_base by android.

the class PackageManagerService method getUidForVerifier.

private int getUidForVerifier(VerifierInfo verifierInfo) {
    synchronized (mPackages) {
        final PackageParser.Package pkg = mPackages.get(verifierInfo.packageName);
        if (pkg == null) {
            return -1;
        } else if (pkg.mSignatures.length != 1) {
            Slog.i(TAG, "Verifier package " + verifierInfo.packageName + " has more than one signature; ignoring");
            return -1;
        }
        /*
             * If the public key of the package's signature does not match
             * our expected public key, then this is a different package and
             * we should skip.
             */
        final byte[] expectedPublicKey;
        try {
            final Signature verifierSig = pkg.mSignatures[0];
            final PublicKey publicKey = verifierSig.getPublicKey();
            expectedPublicKey = publicKey.getEncoded();
        } catch (CertificateException e) {
            return -1;
        }
        final byte[] actualPublicKey = verifierInfo.publicKey.getEncoded();
        if (!Arrays.equals(actualPublicKey, expectedPublicKey)) {
            Slog.i(TAG, "Verifier package " + verifierInfo.packageName + " does not have the expected public key; ignoring");
            return -1;
        }
        return pkg.applicationInfo.uid;
    }
}

Example 89 with CertificateException

use of java.security.cert.CertificateException in project platform_frameworks_base by android.

the class Signature method bounce.

/**
     * Bounce the given {@link Signature} through a decode/encode cycle.
     *
     * @throws CertificateException if the before/after length differs
     *             substantially, usually a signal of something fishy going on.
     * @hide
     */
public static Signature bounce(CertificateFactory cf, Signature s) throws CertificateException {
    final InputStream is = new ByteArrayInputStream(s.mSignature);
    final X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
    final Signature sPrime = new Signature(cert.getEncoded());
    if (Math.abs(sPrime.mSignature.length - s.mSignature.length) > 2) {
        throw new CertificateException("Bounced cert length looks fishy; before " + s.mSignature.length + ", after " + sPrime.mSignature.length);
    }
    return sPrime;
}

Example 90 with CertificateException

use of java.security.cert.CertificateException in project platform_frameworks_base by android.

the class DevicePolicyManager method getInstalledCaCerts.

/**
     * Returns all CA certificates that are currently trusted, excluding system CA certificates.
     * If a user has installed any certificates by other means than device policy these will be
     * included too.
     *
     * @param admin Which {@link DeviceAdminReceiver} this request is associated with, or
     *              {@code null} if calling from a delegated certificate installer.
     * @return a List of byte[] arrays, each encoding one user CA certificate.
     * @throws SecurityException if {@code admin} is not {@code null} and not a device or profile
     *         owner.
     */
public List<byte[]> getInstalledCaCerts(@Nullable ComponentName admin) {
    List<byte[]> certs = new ArrayList<byte[]>();
    throwIfParentInstance("getInstalledCaCerts");
    if (mService != null) {
        try {
            mService.enforceCanManageCaCerts(admin);
            final TrustedCertificateStore certStore = new TrustedCertificateStore();
            for (String alias : certStore.userAliases()) {
                try {
                    certs.add(certStore.getCertificate(alias).getEncoded());
                } catch (CertificateException ce) {
                    Log.w(TAG, "Could not encode certificate: " + alias, ce);
                }
            }
        } catch (RemoteException re) {
            throw re.rethrowFromSystemServer();
        }
    }
    return certs;
}