Correct way to obtain JCA private key algorithm.

BUG=509068 Not all RSA/EC JCA private keys (PrivateKey instances) are instances of RSAPrivateKey/ECPrivateKey. RSAPrivateKey/ECPrivateKey instances let their clients access the underlying secret key material. Not all private keys expose their key material. For example, Android Keystore and KeyChain private keys do not. In general, private keys are guarateed to be an instance of PrivateKey and may be an instance of RSAKey/ECKey if they expose the domain parameters shared with the corresponding public key (e.g., RSA modulus or EC parameters). The correct way to obtain the algorithm of a private key is to invoke Key.getAlgorithm and compare the result (case-insensitive) to "RSA" or "EC" (see JCA Standard Names document). Prior to Android M, private keys returned by KeyChain and Android Keystore implemented the RSAPrivateKey/ECPrivateKey interfaces despite not actually exposing the underlying secret key material (i.e., RSAPrivateKey.getPrivateExponent() and ECPrivateKey.getS() returned null contrary to the contract of these two interfaces). Starting with Android M, Android Keystore and KeyChain private keys no longer implement RSAPrivateKey/ECPrivateKey interfaces. This broke client certificate handling which relied on these two interface only to find out the algorithms of private keys associated with the certificates. The fix is thus to find out the algorithm of the private key using Key.getAlgorithm() instead of instanceof. Uploading on behalf of klyubin@google.com Review URL: https://codereview.chromium.org/1230943004 Cr-Commit-Position: refs/heads/master@{#338547} (cherry picked from commit fb6fecf3aac29f32535677dca039d7e3be872fad) R=davidben@chromium.org Review URL: https://codereview.chromium.org/1233143005 . Cr-Commit-Position: refs/branch-heads/2403@{#516} Cr-Branched-From: f54b8097a9c45ed4ad308133d49f05325d6c5070-refs/heads/master@{#330231}
author: Selim Gurun <sgurun@google.com> 2015-07-14 13:47:05 -0700
committer: Selim Gurun <sgurun@google.com> 2015-07-14 20:49:08 +0000
commit: 371a0ae024c447baed7f41143dbf890d6125f87c (patch)
tree: c0aac2430f611a1ea3cc1e6a0706aca3bed5a2e1
parent: f63cd3204e31a6960c5e13dd8616d4d7e2b268e8 (diff)
download: chromium_src-371a0ae024c447baed7f41143dbf890d6125f87c.zip
chromium_src-371a0ae024c447baed7f41143dbf890d6125f87c.tar.gz
chromium_src-371a0ae024c447baed7f41143dbf890d6125f87c.tar.bz2
1 files changed, 7 insertions, 9 deletions
diff --git a/net/android/java/src/org/chromium/net/DefaultAndroidKeyStore.java b/net/android/java/src/org/chromium/net/DefaultAndroidKeyStore.java
index 3fbf60c..eeb7ab4 100644
--- a/net/android/java/src/org/chromium/net/DefaultAndroidKeyStore.java
+++ b/net/android/java/src/org/chromium/net/DefaultAndroidKeyStore.java
@@ -12,9 +12,7 @@ import java.security.PrivateKey;
 import java.security.Signature;
 import java.security.interfaces.DSAKey;
 import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPrivateKey;
 import java.security.interfaces.ECKey;
-import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.RSAKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.spec.ECParameterSpec;
@@ -98,14 +96,13 @@ public class DefaultAndroidKeyStore implements AndroidKeyStore {
         // Hint: Algorithm names come from:
         // http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html
         try {
-            if (javaKey instanceof RSAPrivateKey) {
+            String keyAlgorithm = javaKey.getAlgorithm();
+            if ("RSA".equalsIgnoreCase(keyAlgorithm)) {
                 // IMPORTANT: Due to a platform bug, this will throw NoSuchAlgorithmException
                 // on Android 4.0.x and 4.1.x. Fixed in 4.2 and higher.
                 // See https://android-review.googlesource.com/#/c/40352/
                 signature = Signature.getInstance("NONEwithRSA");
-            } else if (javaKey instanceof DSAPrivateKey) {
-                signature = Signature.getInstance("NONEwithDSA");
-            } else if (javaKey instanceof ECPrivateKey) {
+            } else if ("EC".equalsIgnoreCase(keyAlgorithm)) {
                 signature = Signature.getInstance("NONEwithECDSA");
             }
         } catch (NoSuchAlgorithmException e) {
@@ -132,9 +129,10 @@ public class DefaultAndroidKeyStore implements AndroidKeyStore {
     @Override
     public int getPrivateKeyType(AndroidPrivateKey key) {
         PrivateKey javaKey = ((DefaultAndroidPrivateKey) key).getJavaKey();
-        if (javaKey instanceof RSAPrivateKey) return PrivateKeyType.RSA;
-        if (javaKey instanceof DSAPrivateKey) return PrivateKeyType.DSA;
-        if (javaKey instanceof ECPrivateKey) {
+        String keyAlgorithm = javaKey.getAlgorithm();
+        if ("RSA".equalsIgnoreCase(keyAlgorithm)) {
+            return PrivateKeyType.RSA;
+        } else if ("EC".equalsIgnoreCase(keyAlgorithm)) {
             return PrivateKeyType.ECDSA;
         } else {
             return PrivateKeyType.INVALID;
author	Selim Gurun <sgurun@google.com>	2015-07-14 13:47:05 -0700
committer	Selim Gurun <sgurun@google.com>	2015-07-14 20:49:08 +0000
commit	371a0ae024c447baed7f41143dbf890d6125f87c (patch)
tree	c0aac2430f611a1ea3cc1e6a0706aca3bed5a2e1
parent	f63cd3204e31a6960c5e13dd8616d4d7e2b268e8 (diff)
download	chromium_src-371a0ae024c447baed7f41143dbf890d6125f87c.zip chromium_src-371a0ae024c447baed7f41143dbf890d6125f87c.tar.gz chromium_src-371a0ae024c447baed7f41143dbf890d6125f87c.tar.bz2