PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch VPN to use keystore ENGINE

Browse Source 
The VPN client will no longer receive the private key material directly
from the caller. Instead it will use the keystore OpenSSL ENGINE to
request that keystore does private key operations on its behalf.

We only pass the keystore key alias to the private key instead of the
private key itself now.

Change-Id: I4ea2abda5ab7dec7d7ef5f451b96fef5bc92d811
This commit is contained in:
Kenny Root
2012-03-21 14:59:32 -07:00
parent eff40f4daf
commit 455a911df3
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/com/android/settings/vpn2/VpnSettings.java
View File

@@ -360,9 +360,12 @@ public class VpnSettings extends SettingsPreferenceFragment implements
String caCert = ""; String caCert = "";
String serverCert = ""; String serverCert = "";
if (!profile.ipsecUserCert.isEmpty()) { if (!profile.ipsecUserCert.isEmpty()) {
byte[] value = mKeyStore.get(Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert); /*
privateKey = (value == null) ? null : new String(value, Charsets.UTF_8); * VPN has a special exception in keystore to allow it to use system
value = mKeyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecUserCert); * UID certs.
*/
privateKey = Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert;
byte[] value = mKeyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecUserCert);
userCert = (value == null) ? null : new String(value, Charsets.UTF_8); userCert = (value == null) ? null : new String(value, Charsets.UTF_8);
} }
if (!profile.ipsecCaCert.isEmpty()) { if (!profile.ipsecCaCert.isEmpty()) {