Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 23c438d711c15541312dbb5a83548967874f9ccb^! / .
commit23c438d711c15541312dbb5a83548967874f9ccb[log] [tgz]
authorEran Messeri <eranm@google.com>Thu Nov 23 17:20:52 2017 +0000
committerEran Messeri <eranm@google.com>Thu Nov 23 17:59:36 2017 +0000
tree83b5160da7a62def6f3d014964fc53042926d83d
parent78252a23d6d38e4b1c938fef3d7b1dc6b7dfbe05 [diff]
KeyChain: Provide public & private keys

In order for the DevicePolicyManager to provide key generation
functionality, it has to return both the private and public keys
in form of a KeyPair.

Since the KeyChainService will perform the key generation on behalf
of the DevicePolicyManager (so that KeyChain will be the owner of
the generated keys outright), the DevicePolicyManager needs a way
to get both the private and public key representations from KeyChain.

A getKeyPair method is added that gets the private and public
key pair associated with a given alias from Keystore.
The getPrivateKey now delegates to the getKeyPair method and returns
only the private key.

Tested using existing CTS tests.

Bug: 63388672
Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
Change-Id: I06b8511acd2049a0053ec8893de6de7429f7c92e

diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index 3fe730f..2daf733 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java

@@ -40,6 +40,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.Closeable;
+import java.security.KeyPair;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.UnrecoverableKeyException;
@@ -418,6 +419,18 @@
     @Nullable @WorkerThread
     public static PrivateKey getPrivateKey(@NonNull Context context, @NonNull String alias)
             throws KeyChainException, InterruptedException {
+        KeyPair keyPair = getKeyPair(context, alias);
+        if (keyPair != null) {
+            return keyPair.getPrivate();
+        }
+
+        return null;
+    }
+
+    /** @hide */
+    @Nullable @WorkerThread
+    public static KeyPair getKeyPair(@NonNull Context context, @NonNull String alias)
+            throws KeyChainException, InterruptedException {
         if (alias == null) {
             throw new NullPointerException("alias == null");
         }
@@ -439,7 +452,7 @@
             return null;
         } else {
             try {
-                return AndroidKeyStoreProvider.loadAndroidKeyStorePrivateKeyFromKeystore(
+                return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(
                         KeyStore.getInstance(), keyId, KeyStore.UID_SELF);
             } catch (RuntimeException | UnrecoverableKeyException e) {
                 throw new KeyChainException(e);