Example 1 with OpenSSLEngine
use of org.apache.harmony.xnet.provider.jsse.OpenSSLEngine in project android_frameworks_base by ParanoidAndroid.
the class KeyChain method getPrivateKey.
/**
* Returns the {@code PrivateKey} for the requested alias, or null
* if no there is no result.
*
* @param alias The alias of the desired private key, typically
* returned via {@link KeyChainAliasCallback#alias}.
* @throws KeyChainException if the alias was valid but there was some problem accessing it.
*/
public static PrivateKey getPrivateKey(Context context, String alias) throws KeyChainException, InterruptedException {
if (alias == null) {
throw new NullPointerException("alias == null");
}
KeyChainConnection keyChainConnection = bind(context);
try {
final IKeyChainService keyChainService = keyChainConnection.getService();
final String keyId = keyChainService.requestPrivateKey(alias);
if (keyId == null) {
throw new KeyChainException("keystore had a problem");
}
final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
return engine.getPrivateKeyById(keyId);
} catch (RemoteException e) {
throw new KeyChainException(e);
} catch (RuntimeException e) {
// only certain RuntimeExceptions can be propagated across the IKeyChainService call
throw new KeyChainException(e);
} catch (InvalidKeyException e) {
throw new KeyChainException(e);
} finally {
keyChainConnection.close();
}
}
Also used :
OpenSSLEngine(org.apache.harmony.xnet.provider.jsse.OpenSSLEngine)
RemoteException(android.os.RemoteException)
InvalidKeyException(java.security.InvalidKeyException)
Example 2 with OpenSSLEngine
use of org.apache.harmony.xnet.provider.jsse.OpenSSLEngine in project android_frameworks_base by ParanoidAndroid.
the class AndroidKeyPairGenerator method generateKeyPair.
/**
* Generate a KeyPair which is backed by the Android keystore service. You
* must call {@link KeyPairGenerator#initialize(AlgorithmParameterSpec)}
* with an {@link KeyPairGeneratorSpec} as the {@code params}
* argument before calling this otherwise an {@code IllegalStateException}
* will be thrown.
* <p>
* This will create an entry in the Android keystore service with a
* self-signed certificate using the {@code params} specified in the
* {@code initialize(params)} call.
*
* @throws IllegalStateException when called before calling
* {@link KeyPairGenerator#initialize(AlgorithmParameterSpec)}
* @see java.security.KeyPairGeneratorSpi#generateKeyPair()
*/
@Override
public KeyPair generateKeyPair() {
if (mKeyStore == null || mSpec == null) {
throw new IllegalStateException("Must call initialize with an android.security.KeyPairGeneratorSpec first");
}
if (((mSpec.getFlags() & KeyStore.FLAG_ENCRYPTED) != 0) && (mKeyStore.state() != KeyStore.State.UNLOCKED)) {
throw new IllegalStateException("Android keystore must be in initialized and unlocked state " + "if encryption is required");
}
final String alias = mSpec.getKeystoreAlias();
Credentials.deleteAllTypesForAlias(mKeyStore, alias);
final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, mSpec.getFlags())) {
throw new IllegalStateException("could not generate key in keystore");
}
final PrivateKey privKey;
final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
try {
privKey = engine.getPrivateKeyById(privateKeyAlias);
} catch (InvalidKeyException e) {
throw new RuntimeException("Can't get key", e);
}
final byte[] pubKeyBytes = mKeyStore.getPubkey(privateKeyAlias);
final PublicKey pubKey;
try {
final KeyFactory keyFact = KeyFactory.getInstance("RSA");
pubKey = keyFact.generatePublic(new X509EncodedKeySpec(pubKeyBytes));
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("Can't instantiate RSA key generator", e);
} catch (InvalidKeySpecException e) {
throw new IllegalStateException("keystore returned invalid key encoding", e);
}
final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setPublicKey(pubKey);
certGen.setSerialNumber(mSpec.getSerialNumber());
certGen.setSubjectDN(mSpec.getSubjectDN());
certGen.setIssuerDN(mSpec.getSubjectDN());
certGen.setNotBefore(mSpec.getStartDate());
certGen.setNotAfter(mSpec.getEndDate());
certGen.setSignatureAlgorithm("sha1WithRSA");
final X509Certificate cert;
try {
cert = certGen.generate(privKey);
} catch (Exception e) {
Credentials.deleteAllTypesForAlias(mKeyStore, alias);
throw new IllegalStateException("Can't generate certificate", e);
}
byte[] certBytes;
try {
certBytes = cert.getEncoded();
} catch (CertificateEncodingException e) {
Credentials.deleteAllTypesForAlias(mKeyStore, alias);
throw new IllegalStateException("Can't get encoding of certificate", e);
}
if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, certBytes, KeyStore.UID_SELF, mSpec.getFlags())) {
Credentials.deleteAllTypesForAlias(mKeyStore, alias);
throw new IllegalStateException("Can't store certificate in AndroidKeyStore");
}
return new KeyPair(pubKey, privKey);
}
Also used :
KeyPair(java.security.KeyPair)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
X509Certificate(java.security.cert.X509Certificate)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
OpenSSLEngine(org.apache.harmony.xnet.provider.jsse.OpenSSLEngine)
KeyFactory(java.security.KeyFactory)
Example 3 with OpenSSLEngine
use of org.apache.harmony.xnet.provider.jsse.OpenSSLEngine in project android_frameworks_base by ParanoidAndroid.
the class AndroidKeyStoreTest method generateCertificate.
@SuppressWarnings("deprecation")
private static X509Certificate generateCertificate(android.security.KeyStore keyStore, String alias, BigInteger serialNumber, X500Principal subjectDN, Date notBefore, Date notAfter) throws Exception {
final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias;
final PrivateKey privKey;
final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore");
try {
privKey = engine.getPrivateKeyById(privateKeyAlias);
} catch (InvalidKeyException e) {
throw new RuntimeException("Can't get key", e);
}
final byte[] pubKeyBytes = keyStore.getPubkey(privateKeyAlias);
final PublicKey pubKey;
try {
final KeyFactory keyFact = KeyFactory.getInstance("RSA");
pubKey = keyFact.generatePublic(new X509EncodedKeySpec(pubKeyBytes));
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("Can't instantiate RSA key generator", e);
} catch (InvalidKeySpecException e) {
throw new IllegalStateException("keystore returned invalid key encoding", e);
}
final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setPublicKey(pubKey);
certGen.setSerialNumber(serialNumber);
certGen.setSubjectDN(subjectDN);
certGen.setIssuerDN(subjectDN);
certGen.setNotBefore(notBefore);
certGen.setNotAfter(notAfter);
certGen.setSignatureAlgorithm("sha1WithRSA");
final X509Certificate cert = certGen.generate(privKey);
return cert;
}
Also used :
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
X509Certificate(java.security.cert.X509Certificate)
X509V3CertificateGenerator(com.android.org.bouncycastle.x509.X509V3CertificateGenerator)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
OpenSSLEngine(org.apache.harmony.xnet.provider.jsse.OpenSSLEngine)
KeyFactory(java.security.KeyFactory)
Aggregations
InvalidKeyException (java.security.InvalidKeyException)3
OpenSSLEngine (org.apache.harmony.xnet.provider.jsse.OpenSSLEngine)3
X509V3CertificateGenerator (com.android.org.bouncycastle.x509.X509V3CertificateGenerator)2
KeyFactory (java.security.KeyFactory)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
PrivateKey (java.security.PrivateKey)2
PublicKey (java.security.PublicKey)2
X509Certificate (java.security.cert.X509Certificate)2
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)2
X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)2
RemoteException (android.os.RemoteException)1
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1
KeyPair (java.security.KeyPair)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1
