Change KeyChain to assume PEM encoded keystore entries

Summary:
- Changed KeyChain to assume PEM encoded keystore entries
- Moved convertToPem from CertInstaller for reuse with other Credentials helpers
- Added convertFromPem for use decoding keystore entries

Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e

2 files changed, 50 insertions, 6 deletions

diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java
index 6b69b8a..fd6c22c 100644
--- a/keystore/java/android/security/Credentials.java
+++ b/keystore/java/android/security/Credentials.java
@@ -20,8 +20,19 @@ import android.content.ActivityNotFoundException;
 import android.content.Context;
 import android.content.Intent;
 import android.util.Log;
-
+import com.android.org.bouncycastle.openssl.PEMReader;
+import com.android.org.bouncycastle.openssl.PEMWriter;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Reader;
+import java.io.Writer;
+import java.nio.charset.Charsets;
 import java.security.KeyPair;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  * {@hide}
@@ -60,6 +71,40 @@ public class Credentials {
     /** Data type for PKCS12. */
     public static final String PKCS12 = "PKCS12";
 
+    /**
+     * Convert objects to a PEM format, which is used for
+     * CA_CERTIFICATE, USER_CERTIFICATE, and USER_PRIVATE_KEY
+     * entries.
+     */
+    public static byte[] convertToPem(Object... objects) throws IOException {
+        ByteArrayOutputStream bao = new ByteArrayOutputStream();
+        Writer writer = new OutputStreamWriter(bao, Charsets.US_ASCII);
+        PEMWriter pw = new PEMWriter(writer);
+        for (Object o : objects) {
+            pw.writeObject(o);
+        }
+        pw.close();
+        return bao.toByteArray();
+    }
+    /**
+     * Convert objects from PEM format, which is used for
+     * CA_CERTIFICATE, USER_CERTIFICATE, and USER_PRIVATE_KEY
+     * entries.
+     */
+    public static List<Object> convertFromPem(byte[] bytes) throws IOException {
+        ByteArrayInputStream bai = new ByteArrayInputStream(bytes);
+        Reader reader = new InputStreamReader(bai, Charsets.US_ASCII);
+        PEMReader pr = new PEMReader(reader);
+
+        List<Object> result = new ArrayList<Object>();
+        Object o;
+        while ((o = pr.readObject()) != null) {
+            result.add(o);
+        }
+        pr.close();
+        return result;
+    }
+
     private static Credentials singleton;
 
     public static Credentials getInstance() {
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index ec820cf..ba784ed 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -34,6 +34,7 @@ import java.io.ByteArrayInputStream;
 import java.io.Closeable;
 import java.io.IOException;
 import java.security.KeyFactory;
+import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
@@ -185,11 +186,9 @@ public final class KeyChain {
             throw new IllegalArgumentException("bytes == null");
         }
         try {
-            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
-            return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes));
-        } catch (NoSuchAlgorithmException e) {
-            throw new AssertionError(e);
-        } catch (InvalidKeySpecException e) {
+            KeyPair keyPair = (KeyPair) Credentials.convertFromPem(bytes).get(0);
+            return keyPair.getPrivate();
+        } catch (IOException e) {
             throw new AssertionError(e);
         }
     }