History log of /packages/apps/Settings/src/com/android/settings/CredentialStorage.java
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
6c0a193050747c760a01934a6c1bb204f933ad3e 30-Sep-2013 Vinit Deshapnde <vinitd@google.com> Fix EAP-TLS reconnect after reboot issue

After a reboot, KeyStore is locked, and certificates encrypted with user
PIN are not accessible. So statemachines are not able to connect to
EAP-TLS networks. This change makes the problem less severe by

1. Not signing certificates with user PIN on devices with hardware backed
KeyStore.
2. Issuing a reconnect upon first USER_PRESENT event.

This means HH (which has a hardware backed keystore) will connect to
EAP-TLS networks without requiring user intervention; and other devices
will automatically connect to those networks after user punches PIN.

Bug: 10325089

Change-Id: I023d60e58d8214152f051bd9ec84b85b702d829a
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
14415168b170bd20ec158a2c40feb70a9f888c3c 13-Apr-2013 Kenny Root <kroot@google.com> Remove old KeyStore API call sites

Remove the call sites that don't have the flags specified. This is to
ensure that callers know what flags they're setting.

Bug: 8122243
Change-Id: I59e38efbab6ad60a905ce8678a340da2088b19c9
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
c5550c2012c505dfb27d9a8da8ecb4787f366283 08-Apr-2013 Kenny Root <kroot@google.com> Allow multiuser use of keystore

Since keystore has been refactored to let muliple users use it
simultaneously, we can remove all the restrictions put into place to
prevent it.

(cherry picked from commit cc48b0104e4d81592055a578a33f2a59f29bf907)

Bug: 7249554
Change-Id: I419474151380c29e49e50451befbbdf3af65b175
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
7422474c72b05517287fb0c226d1170cb11a064d 28-Mar-2013 Kenny Root <kroot@google.com> Add ability to install credentials as other UID

We need the ability to install from the system UID to wifi UID
to explicitly bind WiFi credentials to the WiFi profile. This adds the
ability for Wifi Settings to invoke installation of a PKCS12 file for
the wifi UID.

Bug: 8183258
Change-Id: I357c4387baf7e2f6fd6acc9046d9e6b52fdd4bb0
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
cf008c28b871d4167e5aa19191ca691fb988f8fd 16-Sep-2012 Kenny Root <kroot@google.com> Do not allow non-primary user to install certs

Change-Id: Iefc2970ae23d8ce7d30717add211c01cde251c8d
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
eefa61ed2e8583f659e868f3057f195d7cb2bb11 13-Aug-2012 Jean-Baptiste Queru <jbq@google.com> Merge "Settings: Use ICS alert drawable"
e7c53b1c9e48c6f997c47a0ca9a2f190ecbbf586 31-May-2012 Björn Lundén <blunden2@gmail.com> Settings: Use ICS alert drawable

Point to the correct holo alert drawable.

Change-Id: Ia15aaa028c8371cb2478baeecd2da31520c43a5d
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
81d7a806a6403cd98a0c6dd0ba7288d728382144 01-May-2012 Brian Carlstrom <bdc@google.com> Do not reuse master_clear_gesture_* strings for credential installation confirmation

Bug: http://code.google.com/p/android/issues/detail?id=29367
Change-Id: I3b651bc84f22b48d651802115600ab4e256bb3a6
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
b50b15cdbed31e35c2c7f3cbaa7ce06a3feb3a6f 21-Mar-2012 Kenny Root <kroot@google.com> Convert to new KeyStore format

keystore no longer stores private key material in the clear. It needs to
use an opaque handle for the private key material and then keystore will
sign the data on the requester's behalf instead of returning the key
material.

Change-Id: I836749769a8519cfc21bfdc2a3b3c8c1a01d8f05
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
0e88f4dd19a80e9e4d759595439773fb3e1f0c50 03-Jun-2011 Brian Carlstrom <bdc@google.com> Bulletproof CredentialStorage state handling

As noted by the class javadoc, CredentialStorage has seen the number
of cases to cope with grow. This change tries to address those cases.

src/com/android/settings/CredentialStorage.java

Added ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD to coordinate
additional producer and consumer.

constant declaration here, since its used by callers of
ChooseLockSettingsHelper.launchConfirmationActivity
src/com/android/settings/ChooseLockSettingsHelper.java

old producer
src/com/android/settings/ConfirmLockPassword.java
new producer (CredentialStorage wants passwords and patterns)
src/com/android/settings/ConfirmLockPattern.java
new consumer
src/com/android/settings/CredentialStorage.java
old consumer
src/com/android/settings/CryptKeeperSettings.java

Made class final and removed protected from method to make it clear
ChooseLockSettingsHelper is not to be used by subclassing.

src/com/android/settings/ChooseLockSettingsHelper.java

Change-Id: Ib2d65398fe44573168a6267a0376c3b0388b16c8
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
d4023b7cca11e33e84df39dee9e9a737efab47c2 25-May-2011 Brian Carlstrom <bdc@google.com> Integrating keystore with keyguard (Part 4 of 4)

Summary:

frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification

packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use

packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints

packages/apps/KeyChain
Tracking KeyStore API changes

Details:

frameworks/base

Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.

cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp

Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.

core/java/com/android/internal/widget/LockPatternUtils.java

Changed unlock screens to pass values for keystore unlock or initialization

policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java

KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required

keystore/java/android/security/KeyStore.java

In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.

keystore/tests/src/android/security/KeyStoreTest.java

packages/apps/Settings

Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.

AndroidManifest.xml
src/com/android/settings/CredentialStorage.java

Remove layout for entering new password

res/layout/credentials_dialog.xml

Remove enable credentials checkbox

res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java

Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.

src/com/android/settings/ChooseLockGeneric.java

Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.

src/com/android/settings/CryptKeeperSettings.java

Tracking KeyStore API changes

src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java

Removing now unused string resources

res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml

packages/apps/CertInstaller

Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java

Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java

Change-Id: I80533bf8986a92b0b99cd5fb1c4943e0f23fc1c8
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
435e45e61610bfa50ca54267a72b9ad74c9f1d41 18-May-2011 Brian Carlstrom <bdc@google.com> Move to KeyChain.bind

Change-Id: Ic12e84bdc2e391c4a08a0f854d0e0f7315fc31a3
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
9815429821832c204eaf8edebb37f4e2ff7636f0 13-May-2011 Brian Carlstrom <bdc@google.com> Make CertInstaller installed CA certs trusted by applications via default TrustManager (5 of 6)

frameworks/base

Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl

libcore

Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java

Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directory for system.
Added support for removing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java

Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java

Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algorithms doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)

luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java

TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.

support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

Added private PKIXParameters contructor for use by
IndexedPKIXParameters to avoid wart of having to lookup and pass
a TrustAnchor to satisfy the super-class sanity check.

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
luni/src/main/java/java/security/cert/PKIXParameters.java

packages/apps/CertInstaller

Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.

src/com/android/certinstaller/CertInstaller.java

Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.

src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.

AndroidManifest.xml

Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.

src/com/android/keychain/KeyChainService.java

packages/apps/Settings

Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.

src/com/android/settings/CredentialStorage.java

Added toast text value for failure case

res/values/strings.xml

system/core

Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.

rootdir/init.rc

Change-Id: Ie329aafe88f6ebe108d25382f587c933f3244e55
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java
91d65a20af2d1bfb06f32d0bd821e8558afe939d 20-Jan-2011 Chia-chi Yeh <chiachi@android.com> Extract credential storage dialogs to a new activity.

Since now SecuritySettings is a fragment, not an activity, reacting
to intents is not easier anymore. The new activity is transparent,
and it works just like a dialog. This change also refactor'ed
SecuritySettings by moving some preference construction into
security_settings_misc.xml.

Bug: 3120992
Bug: 2117436
Change-Id: I8bd3fc7faa2a31d100b8d67310f9266260cfc31d
/packages/apps/Settings/src/com/android/settings/CredentialStorage.java