From acb0b5b220b2cb15f5a800a356bb25f47252a6ea Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Thu, 28 Mar 2013 15:05:03 -0700 Subject: AndroidKeyStore: add Builder for param spec Change-Id: I13403197e1ac7ac607efa10979eb73bde0135a2a --- .../security/AndroidKeyPairGeneratorSpec.java | 144 ++++++++++++++++++++- 1 file changed, 140 insertions(+), 4 deletions(-) (limited to 'keystore/java/android/security/AndroidKeyPairGeneratorSpec.java') diff --git a/keystore/java/android/security/AndroidKeyPairGeneratorSpec.java b/keystore/java/android/security/AndroidKeyPairGeneratorSpec.java index 79a763024c93..83faf356f2d5 100644 --- a/keystore/java/android/security/AndroidKeyPairGeneratorSpec.java +++ b/keystore/java/android/security/AndroidKeyPairGeneratorSpec.java @@ -28,10 +28,28 @@ import java.util.Date; import javax.security.auth.x500.X500Principal; /** - * This provides the required parameters needed for initializing the KeyPair - * generator that works with - * Android KeyStore - * facility. + * This provides the required parameters needed for initializing the + * {@code KeyPairGenerator} that works with Android KeyStore facility. The + * Android KeyStore facility is accessed through a + * {@link java.security.KeyPairGenerator} API using the + * {@code AndroidKeyPairGenerator} provider. The {@code context} passed in may + * be used to pop up some UI to ask the user to unlock or initialize the Android + * keystore facility. + *

+ * After generation, the {@code keyStoreAlias} is used with the + * {@link java.security.KeyStore#getEntry(String, java.security.KeyStore.ProtectionParameter)} + * interface to retrieve the {@link PrivateKey} and its associated + * {@link Certificate} chain. + *

+ * The KeyPair generator will create a self-signed certificate with the subject + * as its X.509v3 Subject Distinguished Name and as its X.509v3 Issuer + * Distinguished Name along with the other parameters specified with the + * {@link Builder}. + *

+ * The self-signed certificate may be replaced at a later time by a certificate + * signed by a real Certificate Authority. + * * @hide */ public class AndroidKeyPairGeneratorSpec implements AlgorithmParameterSpec { @@ -74,6 +92,7 @@ public class AndroidKeyPairGeneratorSpec implements AlgorithmParameterSpec { * period * @throws IllegalArgumentException when any argument is {@code null} or * {@code endDate} is before {@code startDate}. + * @hide should be built with AndroidKeyPairGeneratorSpecBuilder */ public AndroidKeyPairGeneratorSpec(Context context, String keyStoreAlias, X500Principal subjectDN, BigInteger serialNumber, Date startDate, Date endDate) { @@ -142,4 +161,121 @@ public class AndroidKeyPairGeneratorSpec implements AlgorithmParameterSpec { Date getEndDate() { return mEndDate; } + + /** + * Builder class for {@link AndroidKeyPairGeneratorSpec} objects. + *

+ * This will build a parameter spec for use with the Android KeyStore facility. + *

+ * The required fields must be filled in with the builder. + *

+ * Example: + * + * 

+     * Calendar start = new Calendar();
+     * Calendar end = new Calendar();
+     * end.add(1, Calendar.YEAR);
+     *
+     * AndroidKeyPairGeneratorSpec spec = new AndroidKeyPairGeneratorSpec.Builder(mContext)
+     *         .setAlias("myKey")
+     *         .setSubject(new X500Principal("CN=myKey"))
+     *         .setSerial(BigInteger.valueOf(1337))
+     *         .setStartDate(start.getTime())
+     *         .setEndDate(end.getTime())
+     *         .build();
+     *
+ */ + public static class Builder { + private final Context mContext; + + private String mKeystoreAlias; + + private X500Principal mSubjectDN; + + private BigInteger mSerialNumber; + + private Date mStartDate; + + private Date mEndDate; + + public Builder(Context context) { + if (context == null) { + throw new NullPointerException("context == null"); + } + mContext = context; + } + + /** + * Sets the alias to be used to retrieve the key later from a + * {@link java.security.KeyStore} instance using the + * {@code AndroidKeyStore} provider. + */ + public Builder setAlias(String alias) { + if (alias == null) { + throw new NullPointerException("alias == null"); + } + mKeystoreAlias = alias; + return this; + } + + /** + * Sets the subject used for the self-signed certificate of the + * generated key pair. + */ + public Builder setSubject(X500Principal subject) { + if (subject == null) { + throw new NullPointerException("subject == null"); + } + mSubjectDN = subject; + return this; + } + + /** + * Sets the serial number used for the self-signed certificate of the + * generated key pair. + */ + public Builder setSerialNumber(BigInteger serialNumber) { + if (serialNumber == null) { + throw new NullPointerException("serialNumber == null"); + } + mSerialNumber = serialNumber; + return this; + } + + /** + * Sets the start of the validity period for the self-signed certificate + * of the generated key pair. + */ + public Builder setStartDate(Date startDate) { + if (startDate == null) { + throw new NullPointerException("startDate == null"); + } + mStartDate = startDate; + return this; + } + + /** + * Sets the end of the validity period for the self-signed certificate + * of the generated key pair. + */ + public Builder setEndDate(Date endDate) { + if (endDate == null) { + throw new NullPointerException("endDate == null"); + } + mEndDate = endDate; + return this; + } + + /** + * Builds the instance of the {@code AndroidKeyPairGeneratorSpec}. + * + * @throws IllegalArgumentException if a required field is missing + * @return built instance of {@code AndroidKeyPairGeneratorSpec} + */ + public AndroidKeyPairGeneratorSpec build() { + return new AndroidKeyPairGeneratorSpec(mContext, mKeystoreAlias, mSubjectDN, + mSerialNumber, mStartDate, mEndDate); + } + } } -- cgit v1.2.3