1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security; 18 19 import com.android.org.conscrypt.OpenSSLEngine; 20 import com.android.org.conscrypt.OpenSSLKeyHolder; 21 22 import android.util.Log; 23 24 import java.io.ByteArrayInputStream; 25 import java.io.IOException; 26 import java.io.InputStream; 27 import java.io.OutputStream; 28 import java.security.InvalidKeyException; 29 import java.security.Key; 30 import java.security.KeyStore.Entry; 31 import java.security.KeyStore.PrivateKeyEntry; 32 import java.security.KeyStore.ProtectionParameter; 33 import java.security.KeyStore; 34 import java.security.KeyStoreException; 35 import java.security.KeyStoreSpi; 36 import java.security.NoSuchAlgorithmException; 37 import java.security.PrivateKey; 38 import java.security.UnrecoverableKeyException; 39 import java.security.cert.Certificate; 40 import java.security.cert.CertificateEncodingException; 41 import java.security.cert.CertificateException; 42 import java.security.cert.CertificateFactory; 43 import java.security.cert.X509Certificate; 44 import java.util.ArrayList; 45 import java.util.Collection; 46 import java.util.Collections; 47 import java.util.Date; 48 import java.util.Enumeration; 49 import java.util.HashSet; 50 import java.util.Iterator; 51 import java.util.Set; 52 53 /** 54 * A java.security.KeyStore interface for the Android KeyStore. An instance of 55 * it can be created via the {@link java.security.KeyStore#getInstance(String) 56 * KeyStore.getInstance("AndroidKeyStore")} interface. This returns a 57 * java.security.KeyStore backed by this "AndroidKeyStore" implementation. 58 * <p> 59 * This is built on top of Android's keystore daemon. The convention of alias 60 * use is: 61 * <p> 62 * PrivateKeyEntry will have a Credentials.USER_PRIVATE_KEY as the private key, 63 * Credentials.USER_CERTIFICATE as the first certificate in the chain (the one 64 * that corresponds to the private key), and then a Credentials.CA_CERTIFICATE 65 * entry which will have the rest of the chain concatenated in BER format. 66 * <p> 67 * TrustedCertificateEntry will just have a Credentials.CA_CERTIFICATE entry 68 * with a single certificate. 69 * 70 * @hide 71 */ 72 public class AndroidKeyStore extends KeyStoreSpi { 73 public static final String NAME = "AndroidKeyStore"; 74 75 private android.security.KeyStore mKeyStore; 76 77 @Override engineGetKey(String alias, char[] password)78 public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, 79 UnrecoverableKeyException { 80 if (!isKeyEntry(alias)) { 81 return null; 82 } 83 84 final OpenSSLEngine engine = OpenSSLEngine.getInstance("keystore"); 85 try { 86 return engine.getPrivateKeyById(Credentials.USER_PRIVATE_KEY + alias); 87 } catch (InvalidKeyException e) { 88 UnrecoverableKeyException t = new UnrecoverableKeyException("Can't get key"); 89 t.initCause(e); 90 throw t; 91 } 92 } 93 94 @Override engineGetCertificateChain(String alias)95 public Certificate[] engineGetCertificateChain(String alias) { 96 if (alias == null) { 97 throw new NullPointerException("alias == null"); 98 } 99 100 final X509Certificate leaf = (X509Certificate) engineGetCertificate(alias); 101 if (leaf == null) { 102 return null; 103 } 104 105 final Certificate[] caList; 106 107 final byte[] caBytes = mKeyStore.get(Credentials.CA_CERTIFICATE + alias); 108 if (caBytes != null) { 109 final Collection<X509Certificate> caChain = toCertificates(caBytes); 110 111 caList = new Certificate[caChain.size() + 1]; 112 113 final Iterator<X509Certificate> it = caChain.iterator(); 114 int i = 1; 115 while (it.hasNext()) { 116 caList[i++] = it.next(); 117 } 118 } else { 119 caList = new Certificate[1]; 120 } 121 122 caList[0] = leaf; 123 124 return caList; 125 } 126 127 @Override engineGetCertificate(String alias)128 public Certificate engineGetCertificate(String alias) { 129 if (alias == null) { 130 throw new NullPointerException("alias == null"); 131 } 132 133 byte[] certificate = mKeyStore.get(Credentials.USER_CERTIFICATE + alias); 134 if (certificate != null) { 135 return toCertificate(certificate); 136 } 137 138 certificate = mKeyStore.get(Credentials.CA_CERTIFICATE + alias); 139 if (certificate != null) { 140 return toCertificate(certificate); 141 } 142 143 return null; 144 } 145 toCertificate(byte[] bytes)146 private static X509Certificate toCertificate(byte[] bytes) { 147 try { 148 final CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); 149 return (X509Certificate) certFactory 150 .generateCertificate(new ByteArrayInputStream(bytes)); 151 } catch (CertificateException e) { 152 Log.w(NAME, "Couldn't parse certificate in keystore", e); 153 return null; 154 } 155 } 156 157 @SuppressWarnings("unchecked") toCertificates(byte[] bytes)158 private static Collection<X509Certificate> toCertificates(byte[] bytes) { 159 try { 160 final CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); 161 return (Collection<X509Certificate>) certFactory 162 .generateCertificates(new ByteArrayInputStream(bytes)); 163 } catch (CertificateException e) { 164 Log.w(NAME, "Couldn't parse certificates in keystore", e); 165 return new ArrayList<X509Certificate>(); 166 } 167 } 168 getModificationDate(String alias)169 private Date getModificationDate(String alias) { 170 final long epochMillis = mKeyStore.getmtime(alias); 171 if (epochMillis == -1L) { 172 return null; 173 } 174 175 return new Date(epochMillis); 176 } 177 178 @Override engineGetCreationDate(String alias)179 public Date engineGetCreationDate(String alias) { 180 if (alias == null) { 181 throw new NullPointerException("alias == null"); 182 } 183 184 Date d = getModificationDate(Credentials.USER_PRIVATE_KEY + alias); 185 if (d != null) { 186 return d; 187 } 188 189 d = getModificationDate(Credentials.USER_CERTIFICATE + alias); 190 if (d != null) { 191 return d; 192 } 193 194 return getModificationDate(Credentials.CA_CERTIFICATE + alias); 195 } 196 197 @Override engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)198 public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) 199 throws KeyStoreException { 200 if ((password != null) && (password.length > 0)) { 201 throw new KeyStoreException("entries cannot be protected with passwords"); 202 } 203 204 if (key instanceof PrivateKey) { 205 setPrivateKeyEntry(alias, (PrivateKey) key, chain, null); 206 } else { 207 throw new KeyStoreException("Only PrivateKeys are supported"); 208 } 209 } 210 setPrivateKeyEntry(String alias, PrivateKey key, Certificate[] chain, KeyStoreParameter params)211 private void setPrivateKeyEntry(String alias, PrivateKey key, Certificate[] chain, 212 KeyStoreParameter params) throws KeyStoreException { 213 byte[] keyBytes = null; 214 215 final String pkeyAlias; 216 if (key instanceof OpenSSLKeyHolder) { 217 pkeyAlias = ((OpenSSLKeyHolder) key).getOpenSSLKey().getAlias(); 218 } else { 219 pkeyAlias = null; 220 } 221 222 final boolean shouldReplacePrivateKey; 223 if (pkeyAlias != null && pkeyAlias.startsWith(Credentials.USER_PRIVATE_KEY)) { 224 final String keySubalias = pkeyAlias.substring(Credentials.USER_PRIVATE_KEY.length()); 225 if (!alias.equals(keySubalias)) { 226 throw new KeyStoreException("Can only replace keys with same alias: " + alias 227 + " != " + keySubalias); 228 } 229 230 shouldReplacePrivateKey = false; 231 } else { 232 // Make sure the PrivateKey format is the one we support. 233 final String keyFormat = key.getFormat(); 234 if ((keyFormat == null) || (!"PKCS#8".equals(keyFormat))) { 235 throw new KeyStoreException( 236 "Only PrivateKeys that can be encoded into PKCS#8 are supported"); 237 } 238 239 // Make sure we can actually encode the key. 240 keyBytes = key.getEncoded(); 241 if (keyBytes == null) { 242 throw new KeyStoreException("PrivateKey has no encoding"); 243 } 244 245 shouldReplacePrivateKey = true; 246 } 247 248 // Make sure the chain exists since this is a PrivateKey 249 if ((chain == null) || (chain.length == 0)) { 250 throw new KeyStoreException("Must supply at least one Certificate with PrivateKey"); 251 } 252 253 // Do chain type checking. 254 X509Certificate[] x509chain = new X509Certificate[chain.length]; 255 for (int i = 0; i < chain.length; i++) { 256 if (!"X.509".equals(chain[i].getType())) { 257 throw new KeyStoreException("Certificates must be in X.509 format: invalid cert #" 258 + i); 259 } 260 261 if (!(chain[i] instanceof X509Certificate)) { 262 throw new KeyStoreException("Certificates must be in X.509 format: invalid cert #" 263 + i); 264 } 265 266 x509chain[i] = (X509Certificate) chain[i]; 267 } 268 269 final byte[] userCertBytes; 270 try { 271 userCertBytes = x509chain[0].getEncoded(); 272 } catch (CertificateEncodingException e) { 273 throw new KeyStoreException("Couldn't encode certificate #1", e); 274 } 275 276 /* 277 * If we have a chain, store it in the CA certificate slot for this 278 * alias as concatenated DER-encoded certificates. These can be 279 * deserialized by {@link CertificateFactory#generateCertificates}. 280 */ 281 final byte[] chainBytes; 282 if (chain.length > 1) { 283 /* 284 * The chain is passed in as {user_cert, ca_cert_1, ca_cert_2, ...} 285 * so we only need the certificates starting at index 1. 286 */ 287 final byte[][] certsBytes = new byte[x509chain.length - 1][]; 288 int totalCertLength = 0; 289 for (int i = 0; i < certsBytes.length; i++) { 290 try { 291 certsBytes[i] = x509chain[i + 1].getEncoded(); 292 totalCertLength += certsBytes[i].length; 293 } catch (CertificateEncodingException e) { 294 throw new KeyStoreException("Can't encode Certificate #" + i, e); 295 } 296 } 297 298 /* 299 * Serialize this into one byte array so we can later call 300 * CertificateFactory#generateCertificates to recover them. 301 */ 302 chainBytes = new byte[totalCertLength]; 303 int outputOffset = 0; 304 for (int i = 0; i < certsBytes.length; i++) { 305 final int certLength = certsBytes[i].length; 306 System.arraycopy(certsBytes[i], 0, chainBytes, outputOffset, certLength); 307 outputOffset += certLength; 308 certsBytes[i] = null; 309 } 310 } else { 311 chainBytes = null; 312 } 313 314 /* 315 * Make sure we clear out all the appropriate types before trying to 316 * write. 317 */ 318 if (shouldReplacePrivateKey) { 319 Credentials.deleteAllTypesForAlias(mKeyStore, alias); 320 } else { 321 Credentials.deleteCertificateTypesForAlias(mKeyStore, alias); 322 } 323 324 final int flags = (params == null) ? 0 : params.getFlags(); 325 326 if (shouldReplacePrivateKey 327 && !mKeyStore.importKey(Credentials.USER_PRIVATE_KEY + alias, keyBytes, 328 android.security.KeyStore.UID_SELF, flags)) { 329 Credentials.deleteAllTypesForAlias(mKeyStore, alias); 330 throw new KeyStoreException("Couldn't put private key in keystore"); 331 } else if (!mKeyStore.put(Credentials.USER_CERTIFICATE + alias, userCertBytes, 332 android.security.KeyStore.UID_SELF, flags)) { 333 Credentials.deleteAllTypesForAlias(mKeyStore, alias); 334 throw new KeyStoreException("Couldn't put certificate #1 in keystore"); 335 } else if (chainBytes != null 336 && !mKeyStore.put(Credentials.CA_CERTIFICATE + alias, chainBytes, 337 android.security.KeyStore.UID_SELF, flags)) { 338 Credentials.deleteAllTypesForAlias(mKeyStore, alias); 339 throw new KeyStoreException("Couldn't put certificate chain in keystore"); 340 } 341 } 342 343 @Override engineSetKeyEntry(String alias, byte[] userKey, Certificate[] chain)344 public void engineSetKeyEntry(String alias, byte[] userKey, Certificate[] chain) 345 throws KeyStoreException { 346 throw new KeyStoreException("Operation not supported because key encoding is unknown"); 347 } 348 349 @Override engineSetCertificateEntry(String alias, Certificate cert)350 public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException { 351 if (isKeyEntry(alias)) { 352 throw new KeyStoreException("Entry exists and is not a trusted certificate"); 353 } 354 355 // We can't set something to null. 356 if (cert == null) { 357 throw new NullPointerException("cert == null"); 358 } 359 360 final byte[] encoded; 361 try { 362 encoded = cert.getEncoded(); 363 } catch (CertificateEncodingException e) { 364 throw new KeyStoreException(e); 365 } 366 367 if (!mKeyStore.put(Credentials.CA_CERTIFICATE + alias, encoded, 368 android.security.KeyStore.UID_SELF, android.security.KeyStore.FLAG_NONE)) { 369 throw new KeyStoreException("Couldn't insert certificate; is KeyStore initialized?"); 370 } 371 } 372 373 @Override engineDeleteEntry(String alias)374 public void engineDeleteEntry(String alias) throws KeyStoreException { 375 if (!isKeyEntry(alias) && !isCertificateEntry(alias)) { 376 return; 377 } 378 379 if (!Credentials.deleteAllTypesForAlias(mKeyStore, alias)) { 380 throw new KeyStoreException("No such entry " + alias); 381 } 382 } 383 getUniqueAliases()384 private Set<String> getUniqueAliases() { 385 final String[] rawAliases = mKeyStore.saw(""); 386 if (rawAliases == null) { 387 return new HashSet<String>(); 388 } 389 390 final Set<String> aliases = new HashSet<String>(rawAliases.length); 391 for (String alias : rawAliases) { 392 final int idx = alias.indexOf('_'); 393 if ((idx == -1) || (alias.length() <= idx)) { 394 Log.e(NAME, "invalid alias: " + alias); 395 continue; 396 } 397 398 aliases.add(new String(alias.substring(idx + 1))); 399 } 400 401 return aliases; 402 } 403 404 @Override engineAliases()405 public Enumeration<String> engineAliases() { 406 return Collections.enumeration(getUniqueAliases()); 407 } 408 409 @Override engineContainsAlias(String alias)410 public boolean engineContainsAlias(String alias) { 411 if (alias == null) { 412 throw new NullPointerException("alias == null"); 413 } 414 415 return mKeyStore.contains(Credentials.USER_PRIVATE_KEY + alias) 416 || mKeyStore.contains(Credentials.USER_CERTIFICATE + alias) 417 || mKeyStore.contains(Credentials.CA_CERTIFICATE + alias); 418 } 419 420 @Override engineSize()421 public int engineSize() { 422 return getUniqueAliases().size(); 423 } 424 425 @Override engineIsKeyEntry(String alias)426 public boolean engineIsKeyEntry(String alias) { 427 return isKeyEntry(alias); 428 } 429 isKeyEntry(String alias)430 private boolean isKeyEntry(String alias) { 431 if (alias == null) { 432 throw new NullPointerException("alias == null"); 433 } 434 435 return mKeyStore.contains(Credentials.USER_PRIVATE_KEY + alias); 436 } 437 isCertificateEntry(String alias)438 private boolean isCertificateEntry(String alias) { 439 if (alias == null) { 440 throw new NullPointerException("alias == null"); 441 } 442 443 return mKeyStore.contains(Credentials.CA_CERTIFICATE + alias); 444 } 445 446 @Override engineIsCertificateEntry(String alias)447 public boolean engineIsCertificateEntry(String alias) { 448 return !isKeyEntry(alias) && isCertificateEntry(alias); 449 } 450 451 @Override engineGetCertificateAlias(Certificate cert)452 public String engineGetCertificateAlias(Certificate cert) { 453 if (cert == null) { 454 return null; 455 } 456 457 final Set<String> nonCaEntries = new HashSet<String>(); 458 459 /* 460 * First scan the PrivateKeyEntry types. The KeyStoreSpi documentation 461 * says to only compare the first certificate in the chain which is 462 * equivalent to the USER_CERTIFICATE prefix for the Android keystore 463 * convention. 464 */ 465 final String[] certAliases = mKeyStore.saw(Credentials.USER_CERTIFICATE); 466 if (certAliases != null) { 467 for (String alias : certAliases) { 468 final byte[] certBytes = mKeyStore.get(Credentials.USER_CERTIFICATE + alias); 469 if (certBytes == null) { 470 continue; 471 } 472 473 final Certificate c = toCertificate(certBytes); 474 nonCaEntries.add(alias); 475 476 if (cert.equals(c)) { 477 return alias; 478 } 479 } 480 } 481 482 /* 483 * Look at all the TrustedCertificateEntry types. Skip all the 484 * PrivateKeyEntry we looked at above. 485 */ 486 final String[] caAliases = mKeyStore.saw(Credentials.CA_CERTIFICATE); 487 if (certAliases != null) { 488 for (String alias : caAliases) { 489 if (nonCaEntries.contains(alias)) { 490 continue; 491 } 492 493 final byte[] certBytes = mKeyStore.get(Credentials.CA_CERTIFICATE + alias); 494 if (certBytes == null) { 495 continue; 496 } 497 498 final Certificate c = 499 toCertificate(mKeyStore.get(Credentials.CA_CERTIFICATE + alias)); 500 if (cert.equals(c)) { 501 return alias; 502 } 503 } 504 } 505 506 return null; 507 } 508 509 @Override engineStore(OutputStream stream, char[] password)510 public void engineStore(OutputStream stream, char[] password) throws IOException, 511 NoSuchAlgorithmException, CertificateException { 512 throw new UnsupportedOperationException("Can not serialize AndroidKeyStore to OutputStream"); 513 } 514 515 @Override engineLoad(InputStream stream, char[] password)516 public void engineLoad(InputStream stream, char[] password) throws IOException, 517 NoSuchAlgorithmException, CertificateException { 518 if (stream != null) { 519 throw new IllegalArgumentException("InputStream not supported"); 520 } 521 522 if (password != null) { 523 throw new IllegalArgumentException("password not supported"); 524 } 525 526 // Unfortunate name collision. 527 mKeyStore = android.security.KeyStore.getInstance(); 528 } 529 530 @Override engineSetEntry(String alias, Entry entry, ProtectionParameter param)531 public void engineSetEntry(String alias, Entry entry, ProtectionParameter param) 532 throws KeyStoreException { 533 if (entry == null) { 534 throw new KeyStoreException("entry == null"); 535 } 536 537 if (engineContainsAlias(alias)) { 538 engineDeleteEntry(alias); 539 } 540 541 if (entry instanceof KeyStore.TrustedCertificateEntry) { 542 KeyStore.TrustedCertificateEntry trE = (KeyStore.TrustedCertificateEntry) entry; 543 engineSetCertificateEntry(alias, trE.getTrustedCertificate()); 544 return; 545 } 546 547 if (param != null && !(param instanceof KeyStoreParameter)) { 548 throw new KeyStoreException( 549 "protParam should be android.security.KeyStoreParameter; was: " 550 + param.getClass().getName()); 551 } 552 553 if (entry instanceof PrivateKeyEntry) { 554 PrivateKeyEntry prE = (PrivateKeyEntry) entry; 555 setPrivateKeyEntry(alias, prE.getPrivateKey(), prE.getCertificateChain(), 556 (KeyStoreParameter) param); 557 return; 558 } 559 560 throw new KeyStoreException( 561 "Entry must be a PrivateKeyEntry or TrustedCertificateEntry; was " + entry); 562 } 563 564 } 565