1 /*
2  * Copyright 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.server.wifi.hotspot2;
18 
19 import android.os.Environment;
20 import android.util.Log;
21 
22 import java.io.IOException;
23 import java.security.KeyStore;
24 import java.security.KeyStoreException;
25 import java.security.NoSuchAlgorithmException;
26 import java.security.cert.CertificateException;
27 import java.security.cert.X509Certificate;
28 import java.util.Set;
29 
30 /**
31  * WFA Keystore
32  */
33 public class WfaKeyStore {
34     private static final String TAG = "PasspointWfaKeyStore";
35     // The WFA Root certs are checked in to /system/ca-certificates/cacerts_wfa
36     // The location on device is configured in the corresponding Android.mk
37     private static final String DEFAULT_WFA_CERT_DIR =
38             Environment.getRootDirectory() + "/etc/security/cacerts_wfa";
39 
40     private boolean mVerboseLoggingEnabled = false;
41     private KeyStore mKeyStore = null;
42 
43     /**
44      * Loads the keystore with root certificates
45      */
load()46     public void load() {
47         if (mKeyStore != null) {
48             return;
49         }
50         int index = 0;
51         try {
52             mKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
53             mKeyStore.load(null, null);
54             Set<X509Certificate> certs = WfaCertBuilder.loadCertsFromDisk(DEFAULT_WFA_CERT_DIR);
55             for (X509Certificate cert : certs) {
56                 mKeyStore.setCertificateEntry(String.format("%d", index), cert);
57                 index++;
58             }
59             if (index <= 0) {
60                 Log.wtf(TAG, "No certs loaded");
61             }
62         } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException
63                 | IOException e) {
64             e.printStackTrace();
65         }
66     }
67 
68     /**
69      * Returns the underlying keystore object
70      * @return KeyStore Underlying keystore object created
71      */
get()72     public KeyStore get() {
73         return mKeyStore;
74     }
75 }
76