diff options
Diffstat (limited to 'keystore/java/android/security/AndroidKeyPairGenerator.java')
| -rw-r--r-- | keystore/java/android/security/AndroidKeyPairGenerator.java | 47 |
1 files changed, 43 insertions, 4 deletions
diff --git a/keystore/java/android/security/AndroidKeyPairGenerator.java b/keystore/java/android/security/AndroidKeyPairGenerator.java index 390e7329b971..1ab0aeb0f633 100644 --- a/keystore/java/android/security/AndroidKeyPairGenerator.java +++ b/keystore/java/android/security/AndroidKeyPairGenerator.java @@ -18,6 +18,7 @@ package android.security; import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; +import com.android.org.conscrypt.NativeCrypto; import com.android.org.conscrypt.OpenSSLEngine; import java.security.InvalidAlgorithmParameterException; @@ -33,7 +34,10 @@ import java.security.SecureRandom; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; +import java.security.spec.ECParameterSpec; import java.security.spec.InvalidKeySpecException; +import java.security.spec.RSAKeyGenParameterSpec; import java.security.spec.X509EncodedKeySpec; /** @@ -87,8 +91,12 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { Credentials.deleteAllTypesForAlias(mKeyStore, alias); + final int keyType = KeyStore.getKeyTypeForAlgorithm(mSpec.getKeyType()); + byte[][] args = getArgsForKeyType(keyType, mSpec.getAlgorithmParameterSpec()); + final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + alias; - if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, mSpec.getFlags())) { + if (!mKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF, keyType, + mSpec.getKeySize(), mSpec.getFlags(), args)) { throw new IllegalStateException("could not generate key in keystore"); } @@ -104,10 +112,10 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { final PublicKey pubKey; try { - final KeyFactory keyFact = KeyFactory.getInstance("RSA"); + final KeyFactory keyFact = KeyFactory.getInstance(mSpec.getKeyType()); pubKey = keyFact.generatePublic(new X509EncodedKeySpec(pubKeyBytes)); } catch (NoSuchAlgorithmException e) { - throw new IllegalStateException("Can't instantiate RSA key generator", e); + throw new IllegalStateException("Can't instantiate key generator", e); } catch (InvalidKeySpecException e) { throw new IllegalStateException("keystore returned invalid key encoding", e); } @@ -119,7 +127,7 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { certGen.setIssuerDN(mSpec.getSubjectDN()); certGen.setNotBefore(mSpec.getStartDate()); certGen.setNotAfter(mSpec.getEndDate()); - certGen.setSignatureAlgorithm("sha1WithRSA"); + certGen.setSignatureAlgorithm(getDefaultSignatureAlgorithmForKeyType(mSpec.getKeyType())); final X509Certificate cert; try { @@ -146,6 +154,37 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { return new KeyPair(pubKey, privKey); } + private static String getDefaultSignatureAlgorithmForKeyType(String keyType) { + if ("RSA".equalsIgnoreCase(keyType)) { + return "sha256WithRSA"; + } else if ("DSA".equalsIgnoreCase(keyType)) { + return "sha1WithDSA"; + } else if ("EC".equalsIgnoreCase(keyType)) { + return "sha256WithECDSA"; + } else { + throw new IllegalArgumentException("Unsupported key type " + keyType); + } + } + + private static byte[][] getArgsForKeyType(int keyType, AlgorithmParameterSpec spec) { + switch (keyType) { + case NativeCrypto.EVP_PKEY_RSA: + if (spec instanceof RSAKeyGenParameterSpec) { + RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) spec; + return new byte[][] { rsaSpec.getPublicExponent().toByteArray() }; + } + break; + case NativeCrypto.EVP_PKEY_DSA: + if (spec instanceof DSAParameterSpec) { + DSAParameterSpec dsaSpec = (DSAParameterSpec) spec; + return new byte[][] { dsaSpec.getG().toByteArray(), + dsaSpec.getP().toByteArray(), dsaSpec.getQ().toByteArray() }; + } + break; + } + return null; + } + @Override public void initialize(int keysize, SecureRandom random) { throw new IllegalArgumentException("cannot specify keysize with AndroidKeyPairGenerator"); |