-// Copyright 2013 The Chromium Authors. All rights reserved.
+// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package org.chromium.net;
-import android.util.Log;
-
import org.chromium.base.CalledByNative;
import org.chromium.base.JNINamespace;
-import java.lang.reflect.Method;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.Signature;
-import java.security.interfaces.DSAKey;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.ECKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.RSAKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.spec.ECParameterSpec;
-
+/**
+ * Specifies all the dependencies from the native OpenSSL engine on an Android KeyStore.
+ */
@JNINamespace("net::android")
-public class AndroidKeyStore {
-
- private static final String TAG = "AndroidKeyStore";
-
- ////////////////////////////////////////////////////////////////////
- //
- // Message signing support.
+public interface AndroidKeyStore {
/**
* Returns the public modulus of a given RSA private key as a byte
* big-endian representation of a BigInteger.
*/
@CalledByNative
- public static byte[] getRSAKeyModulus(PrivateKey key) {
- if (key instanceof RSAKey) {
- return ((RSAKey) key).getModulus().toByteArray();
- } else {
- Log.w(TAG, "Not a RSAKey instance!");
- return null;
- }
- }
+ byte[] getRSAKeyModulus(AndroidPrivateKey key);
/**
* Returns the 'Q' parameter of a given DSA private key as a byte
* a big-endian representation of a BigInteger.
*/
@CalledByNative
- public static byte[] getDSAKeyParamQ(PrivateKey key) {
- if (key instanceof DSAKey) {
- DSAParams params = ((DSAKey) key).getParams();
- return params.getQ().toByteArray();
- } else {
- Log.w(TAG, "Not a DSAKey instance!");
- return null;
- }
- }
+ byte[] getDSAKeyParamQ(AndroidPrivateKey key);
/**
* Returns the 'order' parameter of a given ECDSA private key as a
* This is a big-endian representation of a BigInteger.
*/
@CalledByNative
- public static byte[] getECKeyOrder(PrivateKey key) {
- if (key instanceof ECKey) {
- ECParameterSpec params = ((ECKey) key).getParams();
- return params.getOrder().toByteArray();
- } else {
- Log.w(TAG, "Not an ECKey instance!");
- return null;
- }
- }
+ byte[] getECKeyOrder(AndroidPrivateKey key);
/**
* Returns the encoded data corresponding to a given PrivateKey.
* @return encoded key as PKCS#8 byte array, can be null.
*/
@CalledByNative
- public static byte[] getPrivateKeyEncodedBytes(PrivateKey key) {
- return key.getEncoded();
- }
+ byte[] getPrivateKeyEncodedBytes(AndroidPrivateKey key);
/**
* Sign a given message with a given PrivateKey object. This method
* message must be a hash and the function shall compute a direct
* DSA/ECDSA signature for it.
*
- * @param privateKey The PrivateKey handle.
+ * @param key The PrivateKey handle.
* @param message The message to sign.
* @return signature as a byte buffer.
*
* getOpenSSLHandleForPrivateKey() below for work-around.
*/
@CalledByNative
- public static byte[] rawSignDigestWithPrivateKey(PrivateKey privateKey,
- byte[] message) {
- // Get the Signature for this key.
- Signature signature = null;
- // Hint: Algorithm names come from:
- // http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html
- try {
- if (privateKey instanceof RSAPrivateKey) {
- // IMPORTANT: Due to a platform bug, this will throw NoSuchAlgorithmException
- // on Android 4.0.x and 4.1.x. Fixed in 4.2 and higher.
- // See https://android-review.googlesource.com/#/c/40352/
- signature = Signature.getInstance("NONEwithRSA");
- } else if (privateKey instanceof DSAPrivateKey) {
- signature = Signature.getInstance("NONEwithDSA");
- } else if (privateKey instanceof ECPrivateKey) {
- signature = Signature.getInstance("NONEwithECDSA");
- }
- } catch (NoSuchAlgorithmException e) {
- ;
- }
-
- if (signature == null) {
- Log.e(TAG, "Unsupported private key algorithm: " + privateKey.getAlgorithm());
- return null;
- }
-
- // Sign the message.
- try {
- signature.initSign(privateKey);
- signature.update(message);
- return signature.sign();
- } catch (Exception e) {
- Log.e(TAG, "Exception while signing message with " + privateKey.getAlgorithm() +
- " private key: " + e);
- return null;
- }
- }
+ byte[] rawSignDigestWithPrivateKey(AndroidPrivateKey key, byte[] message);
/**
* Return the type of a given PrivateKey object. This is an integer
* that maps to one of the values defined by org.chromium.net.PrivateKeyType,
* which is itself auto-generated from net/android/private_key_type_list.h
- * @param privateKey The PrivateKey handle
+ * @param key The PrivateKey handle
* @return key type, or PrivateKeyType.INVALID if unknown.
*/
@CalledByNative
- public static int getPrivateKeyType(PrivateKey privateKey) {
- if (privateKey instanceof RSAPrivateKey)
- return PrivateKeyType.RSA;
- if (privateKey instanceof DSAPrivateKey)
- return PrivateKeyType.DSA;
- if (privateKey instanceof ECPrivateKey)
- return PrivateKeyType.ECDSA;
- else
- return PrivateKeyType.INVALID;
- }
+ int getPrivateKeyType(AndroidPrivateKey key);
/**
* Return the system EVP_PKEY handle corresponding to a given PrivateKey
- * object, obtained through reflection.
+ * object.
*
* This shall only be used when the "NONEwithRSA" signature is not
* available, as described in rawSignDigestWithPrivateKey(). I.e.
* libcore/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLRSAPrivateKey.java
* libcore/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
*
- * @param privateKey The PrivateKey handle.
+ * @param key The PrivateKey handle.
* @return The EVP_PKEY handle, as a 32-bit integer (0 if not available)
*/
@CalledByNative
- public static int getOpenSSLHandleForPrivateKey(PrivateKey privateKey) {
- // Sanity checks
- if (privateKey == null) {
- Log.e(TAG, "privateKey == null");
- return 0;
- }
- if (!(privateKey instanceof RSAPrivateKey)) {
- Log.e(TAG, "does not implement RSAPrivateKey");
- return 0;
- }
- // First, check that this is a proper instance of OpenSSLRSAPrivateKey
- // or one of its sub-classes.
- Class<?> superClass;
- try {
- superClass = Class.forName(
- "org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey");
- } catch (Exception e) {
- // This may happen if the target device has a completely different
- // implementation of the java.security APIs, compared to vanilla
- // Android. Highly unlikely, but still possible.
- Log.e(TAG, "Cannot find system OpenSSLRSAPrivateKey class: " + e);
- return 0;
- }
- if (!superClass.isInstance(privateKey)) {
- // This may happen if the PrivateKey was not created by the "AndroidOpenSSL"
- // provider, which should be the default. That could happen if an OEM decided
- // to implement a different default provider. Also highly unlikely.
- Log.e(TAG, "Private key is not an OpenSSLRSAPrivateKey instance, its class name is:" +
- privateKey.getClass().getCanonicalName());
- return 0;
- }
+ int getOpenSSLHandleForPrivateKey(AndroidPrivateKey key);
- try {
- // Use reflection to invoke the 'getOpenSSLKey()' method on
- // the private key. This returns another Java object that wraps
- // a native EVP_PKEY. Note that the method is final, so calling
- // the superclass implementation is ok.
- Method getKey = superClass.getDeclaredMethod("getOpenSSLKey");
- getKey.setAccessible(true);
- Object opensslKey = null;
- try {
- opensslKey = getKey.invoke(privateKey);
- } finally {
- getKey.setAccessible(false);
- }
- if (opensslKey == null) {
- // Bail when detecting OEM "enhancement".
- Log.e(TAG, "getOpenSSLKey() returned null");
- return 0;
- }
-
- // Use reflection to invoke the 'getPkeyContext' method on the
- // result of the getOpenSSLKey(). This is an 32-bit integer
- // which is the address of an EVP_PKEY object.
- Method getPkeyContext;
- try {
- getPkeyContext = opensslKey.getClass().getDeclaredMethod("getPkeyContext");
- } catch (Exception e) {
- // Bail here too, something really not working as expected.
- Log.e(TAG, "No getPkeyContext() method on OpenSSLKey member:" + e);
- return 0;
- }
- getPkeyContext.setAccessible(true);
- int evp_pkey = 0;
- try {
- evp_pkey = (Integer) getPkeyContext.invoke(opensslKey);
- } finally {
- getPkeyContext.setAccessible(false);
- }
- if (evp_pkey == 0) {
- // The PrivateKey is probably rotten for some reason.
- Log.e(TAG, "getPkeyContext() returned null");
- }
- return evp_pkey;
-
- } catch (Exception e) {
- Log.e(TAG, "Exception while trying to retrieve system EVP_PKEY handle: " + e);
- return 0;
- }
- }
+ /**
+ * Called when the native OpenSSL engine no longer needs access to the underlying key.
+ */
+ @CalledByNative
+ void releaseKey(AndroidPrivateKey key);
}
projects / platform / framework / web / crosswalk.git / blobdiff