diff options
| author | yfriedman@chromium.org <yfriedman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-15 00:54:27 +0000 |
|---|---|---|
| committer | yfriedman@chromium.org <yfriedman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-02-15 00:54:27 +0000 |
| commit | 2816e1f32ac606e9d41f687f3fa2f71c247104f3 (patch) | |
| tree | 31aaa750dc826fd75e34aec856b8be19e1b6167c /net/android/keystore.cc | |
| parent | 55d19d36967458d8bfbbf16ef38ce1576f92eb04 (diff) | |
| download | chromium_src-2816e1f32ac606e9d41f687f3fa2f71c247104f3.zip chromium_src-2816e1f32ac606e9d41f687f3fa2f71c247104f3.tar.gz chromium_src-2816e1f32ac606e9d41f687f3fa2f71c247104f3.tar.bz2 | |
Refactoring AndroidKeyStore to support a KeyStore running in another process
This CL does a number of things:
1) Extracts an AndroidKeyStore interface which specifies the API needed by the
native OpenSSL engine from an AndroidKeyStore. Also changes from using
PrivateKey to AndroidPrivateKey to provide a layer of indirection needed for a
remote PrivateKey
2) Renames the previous AndroidKeyStore to AndroidKeyStoreLocalImpl as it's
used for interacting with an in-process Android KeyStore
3) Provides a new class AndroidKeyStoreRemoteImpl and corresponding
IAndroidKeyStoreRemote.aidl that together specify the interface and interaction
with a remote process managing an Android KeyStore
4) Alters the PKCS11-based authentication flow to only use out a remote Android
KeyStore
5) Adds a new method to the previous AndroidKeyStore interface to facilitate
clean up of remote keys
BUG=341500
CONTRIBUTOR=ppi@chromium.org
R=bulach@chromium.org, klobag@chromium.org
TBR=rsleevi
NOTRY=true
Review URL: https://codereview.chromium.org/166143002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@251461 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/android/keystore.cc')
| -rw-r--r-- | net/android/keystore.cc | 51 |
1 files changed, 39 insertions, 12 deletions
diff --git a/net/android/keystore.cc b/net/android/keystore.cc index a3d8cc1..cefd4f4 100644 --- a/net/android/keystore.cc +++ b/net/android/keystore.cc @@ -9,8 +9,8 @@ #include "base/android/jni_android.h" #include "base/android/jni_array.h" #include "base/logging.h" - #include "jni/AndroidKeyStore_jni.h" +#include "net/android/android_private_key.h" using base::android::AttachCurrentThread; using base::android::HasException; @@ -28,7 +28,9 @@ bool GetRSAKeyModulus( JNIEnv* env = AttachCurrentThread(); ScopedJavaLocalRef<jbyteArray> modulus_ref = - Java_AndroidKeyStore_getRSAKeyModulus(env, private_key_ref); + Java_AndroidKeyStore_getRSAKeyModulus(env, + GetKeyStore(private_key_ref).obj(), + private_key_ref); if (modulus_ref.is_null()) return false; @@ -41,7 +43,10 @@ bool GetDSAKeyParamQ(jobject private_key_ref, JNIEnv* env = AttachCurrentThread(); ScopedJavaLocalRef<jbyteArray> q_ref = - Java_AndroidKeyStore_getDSAKeyParamQ(env, private_key_ref); + Java_AndroidKeyStore_getDSAKeyParamQ( + env, + GetKeyStore(private_key_ref).obj(), + private_key_ref); if (q_ref.is_null()) return false; @@ -54,7 +59,11 @@ bool GetECKeyOrder(jobject private_key_ref, JNIEnv* env = AttachCurrentThread(); ScopedJavaLocalRef<jbyteArray> order_ref = - Java_AndroidKeyStore_getECKeyOrder(env, private_key_ref); + Java_AndroidKeyStore_getECKeyOrder( + env, + GetKeyStore(private_key_ref).obj(), + private_key_ref); + if (order_ref.is_null()) return false; @@ -62,12 +71,15 @@ bool GetECKeyOrder(jobject private_key_ref, return true; } -bool GetPrivateKeyEncodedBytes(jobject private_key, +bool GetPrivateKeyEncodedBytes(jobject private_key_ref, std::vector<uint8>* result) { JNIEnv* env = AttachCurrentThread(); ScopedJavaLocalRef<jbyteArray> encoded_ref = - Java_AndroidKeyStore_getPrivateKeyEncodedBytes(env, private_key); + Java_AndroidKeyStore_getPrivateKeyEncodedBytes( + env, + GetKeyStore(private_key_ref).obj(), + private_key_ref); if (encoded_ref.is_null()) return false; @@ -91,7 +103,10 @@ bool RawSignDigestWithPrivateKey( // Invoke platform API ScopedJavaLocalRef<jbyteArray> signature_ref = Java_AndroidKeyStore_rawSignDigestWithPrivateKey( - env, private_key_ref, digest_ref.obj()); + env, + GetKeyStore(private_key_ref).obj(), + private_key_ref, + digest_ref.obj()); if (HasException(env) || signature_ref.is_null()) return false; @@ -100,14 +115,16 @@ bool RawSignDigestWithPrivateKey( return true; } -PrivateKeyType GetPrivateKeyType(jobject private_key) { +PrivateKeyType GetPrivateKeyType(jobject private_key_ref) { JNIEnv* env = AttachCurrentThread(); int type = Java_AndroidKeyStore_getPrivateKeyType( - env, private_key); + env, + GetKeyStore(private_key_ref).obj(), + private_key_ref); return static_cast<PrivateKeyType>(type); } -EVP_PKEY* GetOpenSSLSystemHandleForPrivateKey(jobject private_key) { +EVP_PKEY* GetOpenSSLSystemHandleForPrivateKey(jobject private_key_ref) { JNIEnv* env = AttachCurrentThread(); // Note: the pointer is passed as a jint here because that's how it // is stored in the Java object. Java doesn't have a primitive type @@ -117,11 +134,21 @@ EVP_PKEY* GetOpenSSLSystemHandleForPrivateKey(jobject private_key) { // Given that this routine shall only be called on Android < 4.2, // this won't be a problem in the far future (e.g. when Android gets // ported to 64-bit environments, if ever). - int pkey = - Java_AndroidKeyStore_getOpenSSLHandleForPrivateKey(env, private_key); + int pkey = Java_AndroidKeyStore_getOpenSSLHandleForPrivateKey( + env, + GetKeyStore(private_key_ref).obj(), + private_key_ref); return reinterpret_cast<EVP_PKEY*>(pkey); } +void ReleaseKey(jobject private_key_ref) { + JNIEnv* env = AttachCurrentThread(); + Java_AndroidKeyStore_releaseKey(env, + GetKeyStore(private_key_ref).obj(), + private_key_ref); + env->DeleteGlobalRef(private_key_ref); +} + bool RegisterKeyStore(JNIEnv* env) { return RegisterNativesImpl(env); } |