com/android/hotspot2/osu/WiFiKeyManager.java - platform/prebuilts/fullsdk/sources/android-28 - Git at Google

 package com.android.hotspot2.osu;

 import android.util.Log;

 import java.io.IOException;
 import java.net.Socket;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;

 import javax.net.ssl.X509KeyManager;
 import javax.security.auth.x500.X500Principal;

 public class WiFiKeyManager implements X509KeyManager {
     private final KeyStore mKeyStore;
     private final Map<X500Principal, String[]> mAliases = new HashMap<>();

     public WiFiKeyManager(KeyStore keyStore) throws IOException {
         mKeyStore = keyStore;
     }

     public void enableClientAuth(List<String> issuerNames) throws GeneralSecurityException,
             IOException {

         Set<X500Principal> acceptedIssuers = new HashSet<>();
         for (String issuerName : issuerNames) {
             acceptedIssuers.add(new X500Principal(issuerName));
         }

         Enumeration<String> aliases = mKeyStore.aliases();
         while (aliases.hasMoreElements()) {
             String alias = aliases.nextElement();
             Certificate cert = mKeyStore.getCertificate(alias);
             if ((cert instanceof X509Certificate) && mKeyStore.getKey(alias, null) != null) {
                 X509Certificate x509Certificate = (X509Certificate) cert;
                 X500Principal issuer = x509Certificate.getIssuerX500Principal();
                 if (acceptedIssuers.contains(issuer)) {
                     mAliases.put(issuer, new String[]{alias, cert.getPublicKey().getAlgorithm()});
                 }
             }
         }

         if (mAliases.isEmpty()) {
             throw new IOException("No aliases match requested issuers: " + issuerNames);
         }
     }

     private static class AliasEntry implements Comparable<AliasEntry> {
         private final int mPreference;
         private final String mAlias;

         private AliasEntry(int preference, String alias) {
             mPreference = preference;
             mAlias = alias;
         }

         public int getPreference() {
             return mPreference;
         }

         public String getAlias() {
             return mAlias;
         }

         @Override
         public int compareTo(AliasEntry other) {
             return Integer.compare(getPreference(), other.getPreference());
         }
     }

     @Override
     public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) {

         Map<String, Integer> keyPrefs = new HashMap<>(keyTypes.length);
         int pref = 0;
         for (String keyType : keyTypes) {
             keyPrefs.put(keyType, pref++);
         }

         List<AliasEntry> aliases = new ArrayList<>();
         if (issuers != null) {
             for (Principal issuer : issuers) {
                 if (issuer instanceof X500Principal) {
                     String[] aliasAndKey = mAliases.get((X500Principal) issuer);
                     if (aliasAndKey != null) {
                         Integer preference = keyPrefs.get(aliasAndKey[1]);
                         if (preference != null) {
                             aliases.add(new AliasEntry(preference, aliasAndKey[0]));
                         }
                     }
                 }
             }
         } else {
             for (String[] aliasAndKey : mAliases.values()) {
                 Integer preference = keyPrefs.get(aliasAndKey[1]);
                 if (preference != null) {
                     aliases.add(new AliasEntry(preference, aliasAndKey[0]));
                 }
             }
         }
         Collections.sort(aliases);
         return aliases.isEmpty() ? null : aliases.get(0).getAlias();
     }

     @Override
     public String[] getClientAliases(String keyType, Principal[] issuers) {
         List<String> aliases = new ArrayList<>();
         if (issuers != null) {
             for (Principal issuer : issuers) {
                 if (issuer instanceof X500Principal) {
                     String[] aliasAndKey = mAliases.get((X500Principal) issuer);
                     if (aliasAndKey != null) {
                         aliases.add(aliasAndKey[0]);
                     }
                 }
             }
         } else {
             for (String[] aliasAndKey : mAliases.values()) {
                 aliases.add(aliasAndKey[0]);
             }
         }
         return aliases.isEmpty() ? null : aliases.toArray(new String[aliases.size()]);
     }

     @Override
     public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
         throw new UnsupportedOperationException();
     }

     @Override
     public String[] getServerAliases(String keyType, Principal[] issuers) {
         throw new UnsupportedOperationException();
     }

     @Override
     public X509Certificate[] getCertificateChain(String alias) {
         try {
             List<X509Certificate> certs = new ArrayList<>();
             for (Certificate certificate : mKeyStore.getCertificateChain(alias)) {
                 if (certificate instanceof X509Certificate) {
                     certs.add((X509Certificate) certificate);
                 }
             }
             return certs.toArray(new X509Certificate[certs.size()]);
         } catch (KeyStoreException kse) {
             Log.w(OSUManager.TAG, "Failed to retrieve certificates: " + kse);
             return null;
         }
     }

     @Override
     public PrivateKey getPrivateKey(String alias) {
         try {
             return (PrivateKey) mKeyStore.getKey(alias, null);
         } catch (GeneralSecurityException gse) {
             Log.w(OSUManager.TAG, "Failed to retrieve private key: " + gse);
             return null;
         }
     }
 }
	package com.android.hotspot2.osu;

	import android.util.Log;

	import java.io.IOException;
	import java.net.Socket;
	import java.security.GeneralSecurityException;
	import java.security.KeyStore;
	import java.security.KeyStoreException;
	import java.security.Principal;
	import java.security.PrivateKey;
	import java.security.cert.Certificate;
	import java.security.cert.X509Certificate;
	import java.util.ArrayList;
	import java.util.Collections;
	import java.util.Enumeration;
	import java.util.HashMap;
	import java.util.HashSet;
	import java.util.List;
	import java.util.Map;
	import java.util.Set;

	import javax.net.ssl.X509KeyManager;
	import javax.security.auth.x500.X500Principal;

	public class WiFiKeyManager implements X509KeyManager {
	private final KeyStore mKeyStore;
	private final Map<X500Principal, String[]> mAliases = new HashMap<>();

	public WiFiKeyManager(KeyStore keyStore) throws IOException {
	mKeyStore = keyStore;
	}

	public void enableClientAuth(List<String> issuerNames) throws GeneralSecurityException,
	IOException {

	Set<X500Principal> acceptedIssuers = new HashSet<>();
	for (String issuerName : issuerNames) {
	acceptedIssuers.add(new X500Principal(issuerName));
	}

	Enumeration<String> aliases = mKeyStore.aliases();
	while (aliases.hasMoreElements()) {
	String alias = aliases.nextElement();
	Certificate cert = mKeyStore.getCertificate(alias);
	if ((cert instanceof X509Certificate) && mKeyStore.getKey(alias, null) != null) {
	X509Certificate x509Certificate = (X509Certificate) cert;
	X500Principal issuer = x509Certificate.getIssuerX500Principal();
	if (acceptedIssuers.contains(issuer)) {
	mAliases.put(issuer, new String[]{alias, cert.getPublicKey().getAlgorithm()});
	}
	}
	}

	if (mAliases.isEmpty()) {
	throw new IOException("No aliases match requested issuers: " + issuerNames);
	}
	}

	private static class AliasEntry implements Comparable<AliasEntry> {
	private final int mPreference;
	private final String mAlias;

	private AliasEntry(int preference, String alias) {
	mPreference = preference;
	mAlias = alias;
	}

	public int getPreference() {
	return mPreference;
	}

	public String getAlias() {
	return mAlias;
	}

	@Override
	public int compareTo(AliasEntry other) {
	return Integer.compare(getPreference(), other.getPreference());
	}
	}

	@Override
	public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) {

	Map<String, Integer> keyPrefs = new HashMap<>(keyTypes.length);
	int pref = 0;
	for (String keyType : keyTypes) {
	keyPrefs.put(keyType, pref++);
	}

	List<AliasEntry> aliases = new ArrayList<>();
	if (issuers != null) {
	for (Principal issuer : issuers) {
	if (issuer instanceof X500Principal) {
	String[] aliasAndKey = mAliases.get((X500Principal) issuer);
	if (aliasAndKey != null) {
	Integer preference = keyPrefs.get(aliasAndKey[1]);
	if (preference != null) {
	aliases.add(new AliasEntry(preference, aliasAndKey[0]));
	}
	}
	}
	}
	} else {
	for (String[] aliasAndKey : mAliases.values()) {
	Integer preference = keyPrefs.get(aliasAndKey[1]);
	if (preference != null) {
	aliases.add(new AliasEntry(preference, aliasAndKey[0]));
	}
	}
	}
	Collections.sort(aliases);
	return aliases.isEmpty() ? null : aliases.get(0).getAlias();
	}

	@Override
	public String[] getClientAliases(String keyType, Principal[] issuers) {
	List<String> aliases = new ArrayList<>();
	if (issuers != null) {
	for (Principal issuer : issuers) {
	if (issuer instanceof X500Principal) {
	String[] aliasAndKey = mAliases.get((X500Principal) issuer);
	if (aliasAndKey != null) {
	aliases.add(aliasAndKey[0]);
	}
	}
	}
	} else {
	for (String[] aliasAndKey : mAliases.values()) {
	aliases.add(aliasAndKey[0]);
	}
	}
	return aliases.isEmpty() ? null : aliases.toArray(new String[aliases.size()]);
	}

	@Override
	public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
	throw new UnsupportedOperationException();
	}

	@Override
	public String[] getServerAliases(String keyType, Principal[] issuers) {
	throw new UnsupportedOperationException();
	}

	@Override
	public X509Certificate[] getCertificateChain(String alias) {
	try {
	List<X509Certificate> certs = new ArrayList<>();
	for (Certificate certificate : mKeyStore.getCertificateChain(alias)) {
	if (certificate instanceof X509Certificate) {
	certs.add((X509Certificate) certificate);
	}
	}
	return certs.toArray(new X509Certificate[certs.size()]);
	} catch (KeyStoreException kse) {
	Log.w(OSUManager.TAG, "Failed to retrieve certificates: " + kse);
	return null;
	}
	}

	@Override
	public PrivateKey getPrivateKey(String alias) {
	try {
	return (PrivateKey) mKeyStore.getKey(alias, null);
	} catch (GeneralSecurityException gse) {
	Log.w(OSUManager.TAG, "Failed to retrieve private key: " + gse);
	return null;
	}
	}
	}