diff options
| author | Kenny Root <kroot@google.com> | 2012-08-21 15:23:35 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2012-08-22 13:03:30 -0700 |
| commit | 802768dd86c4e8a933dbfbac2e9f1a1daa5f93fa (patch) | |
| tree | a90458054c943c102152dbc0c061a83d52c1c70c /keystore/java/android/security/Credentials.java | |
| parent | 6479ecd1b24e9d5a5636130cb4b0c353b396ff0e (diff) | |
Add ability to replace chain for PrivateKeyEntry
For the AndroidKeyStore API, allow entries to have their certificate
chain replaced without destroying the underlying PrivateKey. Since
entries are backed by unexportable private keys, requiring them to be
supplied again doesn't make sense and is impossible.
Change-Id: I629ce2a625315c8d8020a082892650ac5eba22ae
Diffstat (limited to 'keystore/java/android/security/Credentials.java')
| -rw-r--r-- | keystore/java/android/security/Credentials.java | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index 72332ebd0273..f6bf4321bc67 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -197,7 +197,20 @@ public class Credentials { * don't use a conditional here. */ return keystore.delKey(Credentials.USER_PRIVATE_KEY + alias) - | keystore.delete(Credentials.USER_CERTIFICATE + alias) + | deleteCertificateTypesForAlias(keystore, alias); + } + + /** + * Delete all types (private key, certificate, CA certificate) for a + * particular {@code alias}. All three can exist for any given alias. + * Returns {@code true} if there was at least one of those types. + */ + static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) { + /* + * Make sure every certificate type is deleted. There can be two types, + * so don't use a conditional here. + */ + return keystore.delete(Credentials.USER_CERTIFICATE + alias) | keystore.delete(Credentials.CA_CERTIFICATE + alias); } } |