Loading keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +12 −4 Original line number Diff line number Diff line Loading @@ -515,15 +515,23 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato return generateSelfSignedCertificateWithFakeSignature(publicKey); } else { // Key can be used to sign a certificate try { return generateSelfSignedCertificateWithValidSignature( privateKey, publicKey, signatureAlgorithm); } catch (Exception e) { // Failed to generate the self-signed certificate with valid signature. Fall back // to generating a self-signed certificate with a fake signature. This is done for // all exception types because we prefer key pair generation to succeed and end up // producing a self-signed certificate with an invalid signature to key pair // generation failing. return generateSelfSignedCertificateWithFakeSignature(publicKey); } } } @SuppressWarnings("deprecation") private X509Certificate generateSelfSignedCertificateWithValidSignature( PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception { PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception { final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setPublicKey(publicKey); certGen.setSerialNumber(mSpec.getCertificateSerialNumber()); Loading keystore/java/android/security/keystore/KeyGenParameterSpec.java +2 −0 Original line number Diff line number Diff line Loading @@ -71,6 +71,8 @@ import javax.security.auth.x500.X500Principal; * <li>{@link KeyProperties#PURPOSE_SIGN},</li> * <li>operation without requiring the user to be authenticated (see * {@link Builder#setUserAuthenticationRequired(boolean)}),</li> * <li>signing/origination at this moment in time (see {@link Builder#setKeyValidityStart(Date)} * and {@link Builder#setKeyValidityForOriginationEnd(Date)}),</li> * <li>suitable digest or {@link KeyProperties#DIGEST_NONE},</li> * <li>(RSA keys only) padding scheme {@link KeyProperties#SIGNATURE_PADDING_RSA_PKCS1} or * {@link KeyProperties#ENCRYPTION_PADDING_NONE}.</li> Loading Loading
keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +12 −4 Original line number Diff line number Diff line Loading @@ -515,15 +515,23 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato return generateSelfSignedCertificateWithFakeSignature(publicKey); } else { // Key can be used to sign a certificate try { return generateSelfSignedCertificateWithValidSignature( privateKey, publicKey, signatureAlgorithm); } catch (Exception e) { // Failed to generate the self-signed certificate with valid signature. Fall back // to generating a self-signed certificate with a fake signature. This is done for // all exception types because we prefer key pair generation to succeed and end up // producing a self-signed certificate with an invalid signature to key pair // generation failing. return generateSelfSignedCertificateWithFakeSignature(publicKey); } } } @SuppressWarnings("deprecation") private X509Certificate generateSelfSignedCertificateWithValidSignature( PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception { PrivateKey privateKey, PublicKey publicKey, String signatureAlgorithm) throws Exception { final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setPublicKey(publicKey); certGen.setSerialNumber(mSpec.getCertificateSerialNumber()); Loading
keystore/java/android/security/keystore/KeyGenParameterSpec.java +2 −0 Original line number Diff line number Diff line Loading @@ -71,6 +71,8 @@ import javax.security.auth.x500.X500Principal; * <li>{@link KeyProperties#PURPOSE_SIGN},</li> * <li>operation without requiring the user to be authenticated (see * {@link Builder#setUserAuthenticationRequired(boolean)}),</li> * <li>signing/origination at this moment in time (see {@link Builder#setKeyValidityStart(Date)} * and {@link Builder#setKeyValidityForOriginationEnd(Date)}),</li> * <li>suitable digest or {@link KeyProperties#DIGEST_NONE},</li> * <li>(RSA keys only) padding scheme {@link KeyProperties#SIGNATURE_PADDING_RSA_PKCS1} or * {@link KeyProperties#ENCRYPTION_PADDING_NONE}.</li> Loading
