Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(272)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java

Issue 11031043: Fix handling of user and CA certificates on Android. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/public/browser/content_browser_client.h ('k') | net/android/network_library.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
diff --git a/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java b/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
index 28208a76bdbdfb58be8baf453894798a362f66ff..b5645fa2b5d42aea41b3752123ba7179bed2d65e 100644
--- a/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
+++ b/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
@@ -7,6 +7,7 @@ package org.chromium.net;
import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
+import android.security.KeyChain;
import android.util.Log;
import org.chromium.base.CalledByNative;
@@ -30,19 +31,61 @@ class AndroidNetworkLibrary {
private static final String TAG = AndroidNetworkLibrary.class.getName();
/**
- * Stores the key pair into the CertInstaller application.
+ * Stores the key pair through the CertInstaller activity.
+ * @param context: current activity context.
+ * @param public_key: The public key bytes as DER-encoded SubjectPublicKeyInfo (X.509)
+ * @param private_key: The private key as DER-encoded PrivateKeyInfo (PKCS#8).
+ * @return: true on success, false on failure.
+ *
+ * Note that failure means that the function could not launch the CertInstaller
+ * activity. Whether the keys are valid or properly installed will be indicated
+ * by the CertInstaller UI itself.
*/
@CalledByNative
- static public boolean storeKeyPair(Context context, byte[] public_key, byte[] private_key) {
- // This is based on android.security.Credentials.install()
- // TODO(joth): Use KeyChain API instead of hard-coding constants here:
- // http://crbug.com/124660
+ static public boolean storeKeyPair(Context context,
+ byte[] public_key,
+ byte[] private_key) {
+ // TODO(digit): Use KeyChain official extra values to pass the public and private
+ // keys when they're available. The "KEY" and "PKEY" hard-coded constants were taken
+ // from the platform sources, since there are no official KeyChain.EXTRA_XXX definitions
+ // for them. b/5859651
+ try {
+ Intent intent = KeyChain.createInstallIntent();
+ intent.putExtra("PKEY", private_key);
+ intent.putExtra("KEY", public_key);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ context.startActivity(intent);
+ return true;
+ } catch (ActivityNotFoundException e) {
+ Log.w(TAG, "could not store key pair: " + e);
+ }
+ return false;
+ }
+
+ /**
+ * Add a user certificate, a CA certificate or PKCS#12 keychain through the
+ * system's CertInstaller activity.
+ *
+ * @param context: current activity context.
+ * @param data: certificate/keychain bytes. If is_pkcs12 is false, this must be
+ * a DER-encoded X.509 certificate. Otherwise, a PKCS#12 keychain.
+ * @param is_pkcs12: true iff the bytes correspond to a PKCS#12 keychain.
+ * @return true on success, false on failure.
+ *
+ * Note that failure only indicates that the function couldn't launch the
+ * CertInstaller activity, not that the certificate/keychain was properly
+ * installed to the keystore.
+ */
+ @CalledByNative
+ static public boolean storeCertificateOrKeychain(Context context,
+ byte[] data,
+ boolean is_pkcs12) {
try {
- Intent intent = new Intent("android.credentials.INSTALL");
- intent.setClassName("com.android.certinstaller",
- "com.android.certinstaller.CertInstallerMain");
- intent.putExtra("KEY", private_key);
- intent.putExtra("PKEY", public_key);
+ Intent intent = KeyChain.createInstallIntent();
+ if (is_pkcs12)
+ intent.putExtra(KeyChain.EXTRA_PKCS12, data);
+ else
+ intent.putExtra(KeyChain.EXTRA_CERTIFICATE, data);
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
context.startActivity(intent);
return true;
« no previous file with comments | « content/public/browser/content_browser_client.h ('k') | net/android/network_library.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698