Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 09960230 authored by Chung-yih Wang's avatar Chung-yih Wang
Browse files

Store CA certificate chain into one single key entry with PEM format. 

Extract all CA certificates in a PKCS12 keystore into a single entry in keystore with multiple PEMs.
parent c98d68cd

keystore/java/android/security/CertTool.java

+3 −9
Original line number Diff line number Diff line
@@ -163,17 +163,11 @@ public class CertTool { 
                return ret;

            }

        }

        while ((pemData = this.popPkcs12CertificateStack(handle)) != null) {

            if (i++ > 0) {

                if ((ret = sKeystore.put(CA_CERTIFICATE, keyname + i, pemData)) != 0) {

                    return ret;

                }

            } else {

        if ((pemData = this.popPkcs12CertificateStack(handle)) != null) {

            if ((ret = sKeystore.put(CA_CERTIFICATE, keyname, pemData)) != 0) {

                return ret;

            }

        }

        }

        return 0;

    }

keystore/jni/cert.c

+14 −8
Original line number Diff line number Diff line
@@ -212,13 +212,14 @@ static int convert_to_pem(void *data, int is_cert, char *buf, int size) 
    }

err:

    if (bio) BIO_free(bio);

    return (len == 0) ? -1 : 0;

    return len;

}



int get_pkcs12_certificate(PKCS12_KEYSTORE *p12store, char *buf, int size)

{

    if ((p12store != NULL) && (p12store->cert != NULL)) {

        return convert_to_pem((void*)p12store->cert, 1, buf, size);

        int len = convert_to_pem((void*)p12store->cert, 1, buf, size);

        return (len == 0) ? -1 : 0;

    }

    return -1;

}
@@ -226,7 +227,8 @@ int get_pkcs12_certificate(PKCS12_KEYSTORE *p12store, char *buf, int size) 
int get_pkcs12_private_key(PKCS12_KEYSTORE *p12store, char *buf, int size)

{

    if ((p12store != NULL) && (p12store->pkey != NULL)) {

        return convert_to_pem((void*)p12store->pkey, 0, buf, size);

        int len = convert_to_pem((void*)p12store->pkey, 0, buf, size);

        return (len == 0) ? -1 : 0;

    }

    return -1;

}
@@ -234,12 +236,16 @@ int get_pkcs12_private_key(PKCS12_KEYSTORE *p12store, char *buf, int size) 
int pop_pkcs12_certs_stack(PKCS12_KEYSTORE *p12store, char *buf, int size)

{

    X509 *cert = NULL;

    int len = 0;



    if ((p12store != NULL) && (p12store->certs != NULL) &&

        ((cert = sk_X509_pop(p12store->certs)) != NULL)) {

        int ret = convert_to_pem((void*)cert, 1, buf, size);

    if ((p12store != NULL) && (p12store->certs != NULL)) {

        while (((cert = sk_X509_pop(p12store->certs)) != NULL) && (len < size)) {

            int s = convert_to_pem((void*)cert, 1, buf + len, size - len);

            if (s == 0) return -1;

            len += s;

            X509_free(cert);

        return ret;

        }

        return (len == 0) ? -1 : 0;

    }

    return -1;

}