| ce24985ad636c38b6ee01ec9cdecfb038bfeaeb6 |
15-Sep-2012 |
Kenny Root <kroot@google.com> |
Remove AndroidKeyStore from API
Change-Id: Ibe09d78e5a5b86604f01144f344525bff94c2dde
ndroidKeyPairGeneratorSpec.java
|
| 0efca17105d112a0ff568602831b22bdafa00433 |
05-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Tracking upgrade to bouncycastle 1.47
Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
redentials.java
|
| a4640c082c8ccf66ebfb50ace5747409ab6aee55 |
31-Aug-2012 |
Kenny Root <kroot@google.com> |
Add some NullPointerExceptions to AndroidKeyStore
Existing KeyStore implementations throw NullPointerExceptions beacuse
the KeyStoreSpi doesn't check these arguments for null. Add in checks so
we don't accidentally check some bogus values.
Also switch a RuntimeException to a KeyStoreException
Change-Id: I18f4d4474d607cb2057ea8069b901e0992275e78
ndroidKeyStore.java
|
| 69ddab4575ff684c533c995e07ca15fe18543fc0 |
25-Aug-2012 |
Jeff Sharkey <jsharkey@android.com> |
Always-on VPN.
Adds support for always-on VPN profiles, also called "lockdown." When
enabled, LockdownVpnTracker manages the netd firewall to prevent
unencrypted traffic from leaving the device. It creates narrow rules
to only allow traffic to the selected VPN server. When an egress
network becomes available, LockdownVpnTracker will try bringing up
the VPN connection, and will reconnect if disconnected.
ConnectivityService augments any NetworkInfo based on the lockdown
VPN status to help apps wait until the VPN is connected.
This feature requires that VPN profiles use an IP address for both
VPN server and DNS. It also blocks non-default APN access when
enabled. Waits for USER_PRESENT after boot to check KeyStore status.
Bug: 5756357
Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
redentials.java
|
| 802768dd86c4e8a933dbfbac2e9f1a1daa5f93fa |
22-Aug-2012 |
Kenny Root <kroot@google.com> |
Add ability to replace chain for PrivateKeyEntry
For the AndroidKeyStore API, allow entries to have their certificate
chain replaced without destroying the underlying PrivateKey. Since
entries are backed by unexportable private keys, requiring them to be
supplied again doesn't make sense and is impossible.
Change-Id: I629ce2a625315c8d8020a082892650ac5eba22ae
ndroidKeyStore.java
redentials.java
|
| db026710ec0adcf7f72dfb24c65d38a882ee26d8 |
20-Aug-2012 |
Kenny Root <kroot@google.com> |
Add KeyPairGenerator for Android keystore
This allows end-users to generate keys in the keystore without the
private part of the key ever needing to leave the device. The generation
process also generates a self-signed certificate.
Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
ndroidKeyPairGenerator.java
ndroidKeyPairGeneratorSpec.java
ndroidKeyStore.java
ndroidKeyStoreProvider.java
redentials.java
ackage.html
|
| e29df16cb57b69995df597e8a6d95d986c1c43fc |
10-Aug-2012 |
Kenny Root <kroot@google.com> |
Add AndroidKeyStore provider for KeyStore API
This introduces a public API for the Android keystore that is accessible
via java.security.KeyStore API. This allows programs to store
PrivateKeyEntry and TrustedCertificateEntry items visible only to
themselves.
Future work should include:
* Implement KeyStore.CallbackHandlerProtection parameter to allow the
caller to request that the keystore daemon unlock itself via the
system password input dialog.
* Implement SecretKeyEntry once that support is in keystore daemon
Change-Id: I382ffdf742d3f9f7647c5f5a429244a340b6bb0a
ndroidKeyStore.java
ndroidKeyStoreProvider.java
|
| 473c712b19bad992ab4eafcd43175fdce77b913d |
18-Aug-2012 |
Kenny Root <kroot@google.com> |
Add getmtime to Android KeyStore API
java.security.KeyStore requires that you be able to get the creation
date for any given entry. We'll approximate that through using the mtime
of the file in the keystore.
Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f
eyStore.java
|
| 54e03afcfe34e9875efa56650c1af3ebc8f58a89 |
07-Aug-2012 |
Kenny Root <kroot@google.com> |
Use TrustedCertificateStore for chain building
Move chain building to TrustedCertificateStore since it has more
information about the certificates.
Change-Id: I3030e94eb1abb8a2047a4151bdaad9922706dd0f
eyChain.java
|
| 5b1f037829bff93877a6257db69f4e7723a27e20 |
31-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Change KeyStore to use Modified UTF-8 to match NativeCrypto
Bug: http://code.google.com/p/android/issues/detail?id=35141
Bug: 6869713
Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
eyStore.java
|
| 5423e68d5dbe048ec6f042cce52a33f94184e9fb |
14-Nov-2011 |
Kenny Root <kroot@google.com> |
Add signing to keystore
Change the keystore to keep the private keys in keystore. When returned,
it uses the OpenSSL representation of the key to allow users to use it
in various operations through the OpenSSL ENGINE that connects to
keystore.
Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
redentials.java
KeyChainService.aidl
eyChain.java
eyStore.java
|
| 1cedb47e18a3acb322914e1963285882dc77d9ba |
15-Mar-2012 |
Selim Gurun <sgurun@google.com> |
Merge "Make the credential storage change action public."
|
| fcdccac49067e4cc60567ee93ccf1b62e74477fb |
02-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Remove obsolete KeyChain references to USE_CREDENTIALS (2 of 2)
Change-Id: Ic8a22ce3a9010b8378af044e611bf787e15f6227
eyChain.java
|
| e57319ff880c43b44aaab4905dc8997d97827520 |
17-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Make the credential storage change action public.
Bug: 6009802
When the credential storage changes, (adding/removing certs,
resetting the storage, enabling/disabling trusted CAs, etc), the
applications that use the storage has to be made aware of the
fact that the storage changed, so they can clear any cached state,
close connections or take any other actions. Internally, this
applies to webview. However, applications, potentially including
3rd party browsers, also need this information.
Change-Id: I765b97a3f38f45247ee3f6e127b490388d373847
eyChain.java
|
| 93ba4fedebb78ba47c24e8472c8960ea8fdc933a |
14-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Act on credential storage updates.
Bug: 6009802
Cherry pick fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
Listen to credential storage updates and clean state when necessary.
Change-Id: I2c63e6771e9373da8b39781fdcf3d21583c4e3b2
eyChain.java
|
| 43e41580e4c700e970cc5e62180a767ab424da6d |
16-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Revert "Act on credential storage updates."
This reverts commit fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
eyChain.java
|
| fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1 |
14-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Act on credential storage updates.
Bug: 6009802
Listen to credential storage updates and clean state when necessary.
Change-Id: I48f2e7d6e036882c2b4a29fbd357ca018fd4e4c7
eyChain.java
|
| ab8b84ad3847788d83da557606aa27d4102e6b52 |
13-Jul-2011 |
Fred Quintana <fredq@google.com> |
Make the KeyChain handled its own grants rather than having
AccountManagerService handle them.
Change-Id: I89d272b22766f85019c1f947153d69e6dbb74c68
KeyChainService.aidl
eyChain.java
|
| 74e6bd7b7783fb506d7525e9ba40aac980745eaf |
06-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Merge "New KeyChain API for credential installation"
|
| db93b78385d694402760ad63de0795f3902030d9 |
01-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Build cert chain in KeyChain.getCertificateChain
Bug: 4970298
Change-Id: Id91391233528edc2a4da5ebe92ec85d381f170de
eyChain.java
|
| ca43c458ad0ee8cfa7f5eabc8ba1a65ae473976b |
30-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
New KeyChain API for credential installation
Bug: 3497064
Change-Id: Ie5c20e87a436b7ab66258d08b719ab8bb1f1d86d
eyChain.java
|
| a00a2b33ccc6bc079c3ee57a938f62947b48a001 |
29-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
KeyChain API for credential installation
Bug: 3497064
Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
redentials.java
eyChain.java
|
| 6da00334478df64921b68fcbb45c9d1eef6f35bd |
27-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Moving ssl_certificate layout, resources, and helper code to SslCertificate
Add IKeyChainService.deleteCaCertificate
Change-Id: If42341bc732efcfe4f958c00cdd6c0fec11a3c75
KeyChainService.aidl
|
| 67c30dfe8e4bff11a4660ac23e8679b5deb59457 |
24-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5)
frameworks/base
Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply
preferred choice to be selected in chooser. This allows Email
settings to highlight the current choice when allowing user to
change settings.
keystore/java/android/security/KeyChain.java
api/current.txt
Implemented KeyChain functionality to pass host and port
information to KeyChainActivity for display.
keystore/java/android/security/KeyChain.java
KeyChain now sends a PendingIntent as part of the Intent it sends
to the KeyChainActivity which can be used to identify the caller
in reliable way.
keystore/java/android/security/KeyChain.java
Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse.
Added Credentials.install variant with no value for use from KeyChainActivity
keystore/java/android/security/Credentials.java
packages/apps/CertInstaller
Source of extension constants now in Credentials
src/com/android/certinstaller/CertFile.java
packages/apps/Browser
Have browser supply host and port information to KeyChain.choosePrivateKeyAlias
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/browser/Tab.java
packages/apps/Email
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/email/view/CertificateSelector.java
packages/apps/KeyChain
KeyChain now depends on bouncycastle X509Name for formatting
X500Principals, since the 4 X500Principal formatting options could
not format emailAddress attributes in a human readable way and its
the most important attribute to display for client certificates in
most cases.
Android.mk
Changing the UI to a dialog, make the activity style transparent.
AndroidManifest.xml
res/values/styles.xml
Layout for chooser dialog
res/layout/cert_chooser.xml
Layout for list items in chooser
res/layout/cert_item.xml
New resources for dialog including comments for translators.
res/values/strings.xml
New dialog based KeyChainActivity. Now also shows requesting app
and requesting server. Now can preselect a specified alias. New
link directly to CertInstaller.
src/com/android/keychain/KeyChainActivity.java
Fix KeyChainTestActivity to work with TestKeyStore changes that
were causing network activity on the UI to look up the name of
localhost. Also track KeyChain.choosePrivateKeyAlias API change.
tests/src/com/android/keychain/tests/KeyChainTestActivity.java
Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
redentials.java
eyChain.java
|
| 42f6528b988e3ae320cda63a2bd63d30d9e56183 |
10-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
New KeyChain API for application access to keystore credentials
The KeyChain API is Currently in use by Browser and validated by Email
for client certificate authentication.
Change-Id: Ifeab416be594457a05747406e31656e71795cb53
eyChain.java
eyChainAliasCallback.java
eyChainException.java
|
| 93201f545b67da15cb69830a5988810aef52c0b2 |
10-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
KeyChain API refinements
Change-Id: I177ab4642e6cd1aa13526c14f0a707175fd79655
KeyChainAliasCallback.aidl
KeyChainAliasResponse.aidl
eyChain.java
eyChainAliasCallback.java
eyChainAliasResponse.java
eyChainException.java
|
| 9d7faa91be6661eccf73494f1ab96ae9a28d42d7 |
07-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Change KeyChain to assume PEM encoded keystore entries
Summary:
- Changed KeyChain to assume PEM encoded keystore entries
- Moved convertToPem from CertInstaller for reuse with other Credentials helpers
- Added convertFromPem for use decoding keystore entries
Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
redentials.java
eyChain.java
|
| 7e4b1a488dd02c4bf6156379e36834e9e01c5b1b |
02-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Restore ResponseCodes for use with getLastError
Change-Id: I41b5bc9cbb6c05672c92d5864e889fd2b0186141
eyStore.java
|
| 5cfee3fabb3482c6a6df1c8b6f21e843cf214527 |
31-May-2011 |
Brian Carlstrom <bdc@google.com> |
Integrating keystore with keyguard (Part 1 of 4)
Summary:
frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification
packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use
packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints
packages/apps/KeyChain
Tracking KeyStore API changes
Details:
frameworks/base
Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.
cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp
Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.
core/java/com/android/internal/widget/LockPatternUtils.java
Changed unlock screens to pass values for keystore unlock or initialization
policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java
KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required
keystore/java/android/security/KeyStore.java
In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.
keystore/tests/src/android/security/KeyStoreTest.java
packages/apps/Settings
Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.
AndroidManifest.xml
src/com/android/settings/CredentialStorage.java
Remove layout for entering new password
res/layout/credentials_dialog.xml
Remove enable credentials checkbox
res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java
Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.
src/com/android/settings/ChooseLockGeneric.java
Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.
src/com/android/settings/CryptKeeperSettings.java
Tracking KeyStore API changes
src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java
Removing now unused string resources
res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml
packages/apps/CertInstaller
Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java
Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
eyStore.java
|
| ba1a667b1d6c95050f6c88316ac58fe9e0ff878b |
25-May-2011 |
Brian Carlstrom <bdc@google.com> |
Remove need for onActivityResult from KeyChain API
Change-Id: I97bb9db06978f6dc039d22bfee116671d7b3e336
KeyChainAliasResponse.aidl
KeyChainService.aidl
eyChain.java
eyChainAliasResponse.java
eyChainResult.java
|
| d752472d9abf03fda637d43716bc6bd632e1f5c3 |
18-May-2011 |
Brian Carlstrom <bdc@google.com> |
Move to KeyChain.bind
Change-Id: Ic3c6e0e9be9bcfdc882cf97cec38cca70b23d0a1
eyChain.java
|
| 8e9929c4d0730de4c9f01435a7cfe2db8855e24d |
17-May-2011 |
Brian Carlstrom <bdc@google.com> |
Simplify KeyChain API by removing now unneeded CA certificate lookup (1 of 3)
frameworks/base
Remove getCaCertificates and findIssuer from IKeyChainService,
these are now done via libcore's TrustedCertificateStore (as part
of the default TrustManager implementation)
keystore/java/android/security/IKeyChainService.aidl
Simplify KeyChain API. Now that the CA certificates are visible
through the default TrustManager, the KeyChain is solely focused on
retrieving PrivateKeys and their associated certificates. The
calling API for KeyChain to simply a single KeyChain.get() call
that returns a KeyChainResult, removing the need for a KeyChain
instance that needs to be closed.
keystore/java/android/security/KeyChain.java
keystore/java/android/security/KeyChainResult.java
master/libcore
Remove getDefaultIndexedPKIXParameters and
getIndexedPKIXParameters which was used as part of the prototype
of looking up CAs via the KeyChain but is obsoleted by the new
default TrustManager implementation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
packages/apps/KeyChain
Tracking simplified IKeyChainService, removing now unneeded
implementation, updating tests.
src/com/android/keychain/KeyChainService.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
tests/src/com/android/keychain/tests/KeyChainTestActivity.java
Change-Id: I847b28c2f467c85f24d2b693a2fecc1cb46426b4
KeyChainService.aidl
eyChain.java
eyChainResult.java
|
| 2627d53f65be672e9a27f735975de1bf3aebfec1 |
13-May-2011 |
Brian Carlstrom <bdc@google.com> |
Make CertInstaller installed CA certs trusted by applications via default TrustManager (1 of 6)
frameworks/base
Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl
libcore
Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java
Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directroy for system.
Added support for removeing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java
Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algortims doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java
TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
packages/apps/CertInstaller
Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.
src/com/android/certinstaller/CertInstaller.java
Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.
AndroidManifest.xml
Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.
src/com/android/keychain/KeyChainService.java
packages/apps/Settings
Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.
src/com/android/settings/CredentialStorage.java
Added toast text value for failure case
res/values/strings.xml
system/core
Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.
rootdir/init.rc
Change-Id: I2e4b169cbb35d32d97f5d6a00d988fa389eadcb2
KeyChainService.aidl
|
| 4a9e1a2494f2e48b157506d7c731187907b7fd4e |
23-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Expose Credentials.UNLOCK_ACTION for callers that want to use startActivityForResult
Change-Id: I729b2d8257bda3e7ff7858741ebd5415404880e7
redentials.java
|
| b9a07c18e678da35b4c2a618b315fa174a21e818 |
11-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Adding KeyChain API and IKeyChainService
Change-Id: Id3eaa2d1315481f199777b50e875811e3532988a
KeyChainService.aidl
eyChain.java
|
| 46703b099516c383a6882815bcf9cd4df0ec538d |
07-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Tolerate missing AccountManager resource, not just missing resource name
In addition to the primary change in the subject, also some minor cleanup of javadoc, typos, CloseGuard warning, etc found while working on a new AbstractAccountAuthenticator.
Change-Id: I73f3408773a43a0021a15f8d051fd3dbbdf898a5
eyStore.java
|
| 527f01e76d07b45bdf7ba97ffee0e9b358de658c |
20-Jan-2011 |
Chia-chi Yeh <chiachi@android.com> |
Update the path of the intent to unlock keystore.
Change-Id: Ia81d0c172f2be6d04cba4db6e6798058f321605d
redentials.java
|
| 460c26e9875833dc494575b5c43f08c8baa15f34 |
12-Nov-2010 |
Elliott Hughes <enh@google.com> |
Use deliberately public API rather than org.apache cruft.
InputStreamHelper is scheduled for deletion. As a bonus, the new code is more
efficient.
Change-Id: Ied8b87fa24f8506cf748b0d4c99ee7e2ae201483
ystemKeyStore.java
|
| 8bdf5935c0db4a66ab33a10b43398d2523cfa15d |
15-Oct-2010 |
Dianne Hackborn <hackbod@google.com> |
Work on issue #3101415: Crespo apps seem to have their UID changed over time.
fsync!
Change-Id: Ie6c5397202579935ac69bf61d3e7b3081ecf269c
ystemKeyStore.java
|
| c5e630a004d144ba1d4cd1d37dd98eb70a7ec1d8 |
08-Oct-2010 |
Hung-ying Tyan <tyanh@google.com> |
Use explicit intent for installing credentials.
http://b/issue?id=3020049
Change-Id: I429c5b2c9f3b876e6197894a9437952d71d5c472
redentials.java
|
| 8d578836dc4f9fb41532b8b3dd7a6b168d6f4f9d |
10-Sep-2010 |
Rich Cannings <richc@google.com> |
Remove the use of FileInputStream.available()
Bug: 2976294
Change-Id: I34b13cedbf1d2338163ef74454817c318a3a24f5
ystemKeyStore.java
|
| 34c47c855815d731e6deb55748ff690b0ec7b53f |
09-Mar-2010 |
Nick Kralevich <nnk@google.com> |
Don't rely on the system locale for converting to/from bytes.
By default, when java converts Strings to bytes, it uses the
default system locale. This can be specified by the -Dfile.encoding
option. If no file encoding is specified, java uses ISO8859_1.
Unfortunately, not all unicode characters can be mapped to
ISO8859_1. Unmappable characters may be replaced by a byte
within ISO8859_1, which may change the meaning of the String.
This is especially problematic for password strings, and has
been used to compromise the security of passwords in the
past.
Thankfully, Android uses UTF-8 by default, so this bug doesn't
effect Android devices. However, it's recommended to explicitly
list the character set when converting to/from bytes to
avoid the potential ambiguity.
Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8
eyStore.java
|
| 1ff8fee7c8e4fcd4ef12c6c5d1055b7eccf5809b |
22-Feb-2010 |
Oscar Montemayor <oam@google.com> |
Better file permissions enforcement on system keystore.
ystemKeyStore.java
|
| d12feb97667498378a472c5a7895a9fcd8056ec5 |
06-Feb-2010 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: minor improvements.
Make constants final.
Only converts ArrayLists to arrays when necessary.
eyStore.java
|
| b62e8132df0d19a39a700324475b3df2de78e0b0 |
15-Jan-2010 |
Oscar Montemayor <oam@google.com> |
Apps on SD card.
Added support for retrieving and generating keys as Hex Strings.
ystemKeyStore.java
|
| 8da98e30d8b2ae6e203f769dab0d6ec34cab3011 |
06-Jan-2010 |
Oscar Montemayor <oam@google.com> |
Apps on SD card project.
A simple keystore to store system-only key material, by leveraging file system access permissions.
ystemKeyStore.java
|
| 8c596c6cce542dcd5c73e8b1aaef666757e36ec4 |
24-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: remove classes used by old keystore.
eply.java
erviceCommand.java
|
| f1ece5d0c16fa3e79390e41ad9bec020c77d7720 |
24-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: return null when response code indicates an error.
eyStore.java
|
| ec05c46ea9d1dc175b09f93df0b9fea5a43b2d5a |
24-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Remove old keystore and related files.
ertTool.java
eystore.java
|
| 613fcc850686dfe71cec9809c3694be9cf02cdc7 |
21-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: rename scan() to saw().
eyStore.java
|
| 44039172627d1c15737ea73836ad375559d76211 |
21-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: add java interface.
redentials.java
eyStore.java
|
| 9b7a3f1a6437605022568cad0b92d5006a2ab391 |
17-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
Add a helper class to send out credentials.
Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
redentials.java
|
| 5b680802b6774491fbcee69e394d097d4bfcf42e |
16-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Fix a minor bug in is_alnum_string()...
and remove some verbose logging
erviceCommand.java
|
| a7df557aa2573a4718c7bbd069268e62bc036753 |
11-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Add tests and misc fixes on keystore.
* Refactor netkeystore.c to make client and server code testable.
* Add a client test for setting new passwd and changing passwd.
* Exclude "." and ".." from reset_keystore().
* Change ServerCommand.executeCommand() to accept variable length of
arguments and add convert() to marshalling the args to bytes.
* Keystore.java is revised accordingly.
eystore.java
erviceCommand.java
|
| 9249cc69b83c7b055ae477c4539bdc451fe7f9b9 |
08-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Add two CertTool helper classes.
Also add the unlock action string to Keystore.
ertTool.java
eystore.java
|
| 801b73f661cbdf92de94b7e552a190fcbbdc3168 |
07-Sep-2009 |
Chung-yih Wang <cywang@google.com> |
Replace the delimiter whitespace with '\0'.
+ Use '\0' as the delimiter.
+ Allow whitespace character for keystore password.
In previous implementation, we use space as the delimiter. That
will stop user from using passphrase with whitespace character.
eystore.java
|
| 09960230bf3d46ec1e7cbcfd8b07dfe007b9fa96 |
01-Sep-2009 |
Chung-yih Wang <cywang@google.com> |
Store CA certificate chain into one single key entry with PEM format.
Extract all CA certificates in a PKCS12 keystore into a single entry in keystore with multiple PEMs.
ertTool.java
|
| 20a1156c6fd30f3ec1336894d6ae7e00298ad65b |
31-Jul-2009 |
Hung-ying Tyan <tyanh@google.com> |
Make certificate-handling-related constants public
ertTool.java
|
| f1ab36f9ab82220de679ff0ca5164995b7d30214 |
05-Aug-2009 |
repo sync <cywang@google.com> |
Fix network order for marshalling in keystore interface.
This will fix the endian issue for heterogeneous architectures in keystore marshalling interface.
erviceCommand.java
|
| dc1d5704a725d207b98de1b117847297958d9148 |
03-Aug-2009 |
Chung-yih Wang <cywang@google.com> |
Fix the auto notification cleanup when vpn is disconnected.
+ add the log print if the browser give the incorrect data in addCertificate().
ertTool.java
|
| e81f51f44b4cfb8316de1d206038414ee6f6e96b |
01-Aug-2009 |
Hung-ying Tyan <tyanh@google.com> |
Change some log.i to log.d.
erviceCommand.java
|
| fd3db87e28e5b9ed186a15944234f6ff520773c6 |
28-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Support x509-user-cert mime type in browser.
+ Fix the public key matching and intent parameter mismatch.
ertTool.java
|
| 719eba5bb1fbc72e3b55450f16b38a6be5640055 |
24-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Change to SPKAC certificate request format for keygen.
ertTool.java
|
| 24988b34919d65d4e66be69ec0885154c47e85b7 |
22-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Cleanup the old keystore APIs.
eystore.java
|
| 22726cf8174fe00a097c89b8da397b10626cdd00 |
21-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Return error codes for storing the key/cert in addPkcs12Keystore()
ertTool.java
|
| c9c119e7338cab292385118229f884a88fead3a2 |
16-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Support addPkcs12Keystore function in CertTool library.
The function will be called from the credential storage for decoding
the pkcs12 file and saving the certs/keys into mini-keystore.
ertTool.java
|
| 699ca3f2518360ea3250ff5a0e5d39e122c64a91 |
04-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Add password field for WiFi configuration.
1. the certtool.h is modified for avoiding the side effect,
for saving the configuration with wpa_supplicant.
2. put the loadLibrary back in CertTool.java
3. Fix incorrect JNI declarations.
ertTool.java
|
| bf20b9963add781a35de658f3228760015a163c9 |
02-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Migrate to the CertTool library.
Keystore is reimplemented and it is mainly for storing
(key, value) pair generically. The certificate related
APIs are moved to the class CertTool instead.
Updates:
Provide the getInstance() which gives the singleton.
Fix the missing construction of the BIO in cert.c.
ertTool.java
|
| 116d890aea63a4191a93412f5cecf5defad25201 |
03-Jul-2009 |
Hung-ying Tyan <tyanh@google.com> |
Fix null data handling in ServiceCommand.writeCommand()
erviceCommand.java
|
| fa927c046a916fceb077d1ecf2552d76e73da912 |
02-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Remove the null-termination for Java string compatibility.
1. Also change the keyname delimiter in CertTool.java.
2. Return NOTFOUND if the result.len==0 in the listKeys().
3. Define the keystore states in the class Keystore.
ertTool.java
eystore.java
|
| eec11827a6c06b029030f43c8d54fd871cc3347d |
01-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Add CertTool for handling the keygen and certificate download.
1. Have the new Keystore for mini-keystore impelemntation.
2. Add CertTool library and jni dll for handling keygen and certificates.
3. Make Reply hidden.
4. Revert some 'incorrect' change and correct the description.
ertTool.java
eystore.java
eply.java
erviceCommand.java
|
| 3af8e9389e008c0076b86cc6b3c6f005e7473d10 |
20-Jun-2009 |
Grace Kloba <klobag@google.com> |
Change addCertificate to take byte[] instead of String as we don't know the encoding.
In WebView, if we run into the certificate, we will save it to the Keystore instead of sending it to the WebKit.
eystore.java
|
| 6d531bf0513de7778c380d649bc0e554478f78f9 |
16-Jun-2009 |
Chung-yih Wang <cywang@google.com> |
Change the keystore APIs.
1. simplify the keypair selection in UI.
2. add the user certificate and key into the keystore for keygen feature.
eystore.java
|
| 396c69ca8d938c8705faf602b87729072bf8839c |
16-Jun-2009 |
Hung-ying Tyan <tyanh@google.com> |
Change the first parameter of Keystore.generateKeyPair() to int.
* changes
change the parameter to the index to the supported key strengths
remove the exception class as it is not useful now
eystore.java
nsupportedKeyStrengthException.java
|
| 1d51e50d5d484c5d9e620b1d6736adc9aa99ae84 |
16-Jun-2009 |
Hung-ying Tyan <tyanh@google.com> |
Add keygen API to Keystore.
eystore.java
nsupportedKeyStrengthException.java
|
| 10e371f18247dc7fb64bfa0f0528501acc17be79 |
10-Jun-2009 |
Chung-yih Wang <cywang@google.com> |
Provide the Keystore feature in the framework.
-- added the keystore library for Java application.
-- changed the marshalling of the keystore function return.
eystore.java
erviceCommand.java
|