LineageOS/android_development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Switch Android Keystore sample code to new API." into mnc-dev

Browse Source
This commit is contained in:
Alex Klyubin
2015-05-20 15:39:46 +00:00
committed by Android (Google) Code Review
parent 612501674e 62ff695bdc
commit 42f634299d
1 changed files with 15 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
samples/ApiDemos/src/com/example/android/apis/security/KeyStoreUsage.java
View File

@@ -23,7 +23,8 @@ import android.content.Context;
import android.database.DataSetObserver; import android.database.DataSetObserver;
import android.os.AsyncTask; import android.os.AsyncTask;
import android.os.Bundle; import android.os.Bundle;
import android.security.KeyPairGeneratorSpec; import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
import android.util.Base64; import android.util.Base64;
import android.util.Log; import android.util.Log;
import android.view.View; import android.view.View;
@@ -55,8 +56,6 @@ import java.security.SignatureException;
import java.security.UnrecoverableEntryException; import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.List; import java.util.List;
@@ -305,24 +304,18 @@ public class KeyStoreUsage extends Activity {
try { try {
// BEGIN_INCLUDE(generate) // BEGIN_INCLUDE(generate)
/* /*
* Generate a new entry in the KeyStore by using the * Generate a new EC key pair entry in the Android Keystore by
* KeyPairGenerator API. We have to specify the attributes for a * using the KeyPairGenerator API. The private key can only be
* self-signed X.509 certificate here so the KeyStore can attach * used for signing or verification and only with SHA-256 or
* the public key part to it. It can be replaced later with a * SHA-512 as the message digest.
* certificate signed by a Certificate Authority (CA) if needed.
*/ */
Calendar cal = Calendar.getInstance(); KeyPairGenerator kpg = KeyPairGenerator.getInstance(
Date now = cal.getTime(); KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
cal.add(Calendar.YEAR, 1); kpg.initialize(new KeyGenParameterSpec.Builder(
Date end = cal.getTime(); alias,
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore"); .setDigests(KeyProperties.DIGEST_SHA256,
kpg.initialize(new KeyPairGeneratorSpec.Builder(getApplicationContext()) KeyProperties.DIGEST_SHA512)
.setAlias(alias)
.setStartDate(now)
.setEndDate(end)
.setSerialNumber(BigInteger.valueOf(1))
.setSubject(new X500Principal("CN=test1"))
.build()); .build());
KeyPair kp = kpg.generateKeyPair(); KeyPair kp = kpg.generateKeyPair();
@@ -371,7 +364,7 @@ public class KeyStoreUsage extends Activity {
Log.w(TAG, "Not an instance of a PrivateKeyEntry"); Log.w(TAG, "Not an instance of a PrivateKeyEntry");
return null; return null;
} }
Signature s = Signature.getInstance("SHA256withRSA"); Signature s = Signature.getInstance("SHA256withECDSA");
s.initSign(((PrivateKeyEntry) entry).getPrivateKey()); s.initSign(((PrivateKeyEntry) entry).getPrivateKey());
s.update(data); s.update(data);
byte[] signature = s.sign(); byte[] signature = s.sign();
@@ -442,7 +435,7 @@ public class KeyStoreUsage extends Activity {
Log.w(TAG, "Not an instance of a PrivateKeyEntry"); Log.w(TAG, "Not an instance of a PrivateKeyEntry");
return false; return false;
} }
Signature s = Signature.getInstance("SHA256withRSA"); Signature s = Signature.getInstance("SHA256withECDSA");
s.initVerify(((PrivateKeyEntry) entry).getCertificate()); s.initVerify(((PrivateKeyEntry) entry).getCertificate());
s.update(data); s.update(data);
boolean valid = s.verify(signature); boolean valid = s.verify(signature);