History log of /packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
7de56669876ed330f0ab4e603619273de1f51048 17-Apr-2013 Kenny Root <kroot@google.com> Add spinner to select Wi-Fi

For the regular installation path, we now need to show a spinner so we
don't regress from previous behavior where we can install certs for wifi
from the main installation screen.

You can also get to this from the Wi-Fi AP list, so only show it when
the intended use is ambiguous.

Bug: 8600545
Change-Id: I8e9c905ff84142ed7c1f50bf77eb3fb5574f8df1
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
53622fc40b88047a1bc1f2dd6c97a5ad8e8c8f66 28-Mar-2013 Kenny Root <kroot@google.com> Add ability to install credentials as other UID

We need the ability to install from the system UID to wifi UID
to explicitly bind WiFi credentials to the WiFi profile. This adds the
ability for Wifi Settings to invoke installation of a PKCS12 file for
the wifi UID.

Bug: 8183258
Change-Id: I26970e563d68311b60dcdc78cd529322c5807368
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
99b10f59dd827314bd7fc124d6d0a84c56351ce2 05-Sep-2012 Brian Carlstrom <bdc@google.com> Tracking upgrade to bouncycastle 1.47

Change-Id: Ic6744ae517ab1d3b49de45edd05979dd164bfade
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
f4616bf8c0b3bff8863d627c3c003fa9234cb225 31-Mar-2012 Brian Carlstrom <bdc@google.com> Broader support for KeyChain.EXTRA_NAME

Previously EXTRA_NAME only supplied the default name when used with
KeyChain.EXTRA_CERTIFICATE. It now also provides the default name with
KeyChain.EXTRA_PKCS12, overriding the value found within the PKCS#12
file. In addition, will be used as the default alias name when
credentials are installed from external storage as opposed to via
an extra.

Bug: 6129421
Change-Id: I63c06a866fc62bfa56636011b766d3dcae7764bd
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
7d99ba835013491e9d3d540a937e5e0a742b1ab4 08-Mar-2012 Kenny Root <kroot@google.com> Convert to new KeyStore format

The keystore no longer stores private keys in the clear, so it shouldn't
have its private key material in PEM. It will just be an opaque handle
for a private key.

Change-Id: I939169338d0f7dc39743c9904166454f2cad49cc
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
77e1f401b283429aab853c2324da574dc293ab42 22-Jul-2011 Brian Carlstrom <bdc@google.com> Restore installation of CAs from PKCS#12 files
Bug: 5037971

Change-Id: I35770bc5f536ee4ceb51c5fac655e7e5b9b8d89d
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
00736f76392c742e9c72c51f158ad7020f22524c 29-Jun-2011 Brian Carlstrom <bdc@google.com> Tracking move to KeyChain credential installation API

Bug: 3497064
Change-Id: I4d49354f4687f95d8239ea98d79bd61d06c4ce82
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
2942ff86b52c8a12c5d137d94ce4a21300575887 07-Jun-2011 Brian Carlstrom <bdc@google.com> Move CredentialHelper.convertToPem to frameworks/base for reuse by KeyChain

Change-Id: I96d5a23201c070a7d0ce8856d189e54e3b05e3bd
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
c8150af204ffd38ac46635ff8793261045490ea2 03-Jun-2011 Brian Carlstrom <bdc@google.com> Remove local reuse in CredentialHelper.isCa

While reviewing to isCa to understand how the NullPointerException
handling changed since Honeycomb, rewrite isCa to be clearer about
reusing local variables to be clearer about what is what and when.

Change-Id: Icf0c3d08666e2be18da4f12f93e92ab998d18fd7
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
2aa55a29f1384da5fc574646c936760b67c205c9 31-May-2011 Brian Carlstrom <bdc@google.com> Integrating keystore with keyguard (Part 2 of 4)

Summary:

frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification

packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use

packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints

packages/apps/KeyChain
Tracking KeyStore API changes

Details:

frameworks/base

Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.

cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp

Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.

core/java/com/android/internal/widget/LockPatternUtils.java

Changed unlock screens to pass values for keystore unlock or initialization

policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java

KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required

keystore/java/android/security/KeyStore.java

In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.

keystore/tests/src/android/security/KeyStoreTest.java

packages/apps/Settings

Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.

AndroidManifest.xml
src/com/android/settings/CredentialStorage.java

Remove layout for entering new password

res/layout/credentials_dialog.xml

Remove enable credentials checkbox

res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java

Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.

src/com/android/settings/ChooseLockGeneric.java

Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.

src/com/android/settings/CryptKeeperSettings.java

Tracking KeyStore API changes

src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java

Removing now unused string resources

res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml

packages/apps/CertInstaller

Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java

Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java

Change-Id: I280f54b9305c3b5549ae2dfc8eb890493806cc78
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
59f9a2721b1917c74e53f28f9d24e26e29fe0221 12-May-2011 Brian Carlstrom <bdc@google.com> Make CertInstaller installed CA certs trusted by applications via default TrustManager (3 of 6)

frameworks/base

Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl

libcore

Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java

Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directory for system.
Added support for removing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java

Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java

Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algorithms doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)

luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java

TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.

support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

Added private PKIXParameters contructor for use by
IndexedPKIXParameters to avoid wart of having to lookup and pass
a TrustAnchor to satisfy the super-class sanity check.

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
luni/src/main/java/java/security/cert/PKIXParameters.java

packages/apps/CertInstaller

Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.

src/com/android/certinstaller/CertInstaller.java

Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.

src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.

AndroidManifest.xml

Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.

src/com/android/keychain/KeyChainService.java

packages/apps/Settings

Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.

src/com/android/settings/CredentialStorage.java

Added toast text value for failure case

res/values/strings.xml

system/core

Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.

rootdir/init.rc

Change-Id: Idc4e6dd927cf829268a684061e14412623f89d80
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
1415616fbef76346e586b927fada32f6ccdc6091 25-Jan-2011 Brian Carlstrom <bdc@google.com> Tracking jarjar of org.bouncycastle to com.android.org.bouncycastle

Bug: 3086427
Change-Id: Ic1a08a990af04263dab98853174fe5cfaeb5c219
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
192624b5076b440b3cb78d4332402a21c93a6b07 20-Jan-2011 Chia-chi Yeh <chiachi@android.com> Update the intent path.

Change-Id: I1a1d8c2acce19d6db98d3a0950743aab3d4af46e
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
9e7d5195f12519206a4febb72c9a7c053a69bc20 25-Nov-2010 Jean-Baptiste Queru <jbq@google.com> am 93f11ccc: am 9193d8bc: Merge "code cleanup : unused import statement, local vars and static finals."

* commit '93f11ccc2a6b85ff30ebb38fbc11d2d0ea464ab6':
code cleanup : unused import statement, local vars and static finals.
93f11ccc2a6b85ff30ebb38fbc11d2d0ea464ab6 25-Nov-2010 Jean-Baptiste Queru <jbq@google.com> am 9193d8bc: Merge "code cleanup : unused import statement, local vars and static finals."

* commit '9193d8bcca6a02f92250ed4796908c6561c32945':
code cleanup : unused import statement, local vars and static finals.
3e17f9f04b9f7d153757bfd2f34a5fe60698adcb 06-Nov-2010 Mohammad Shamsi <m.h.shams@gmail.com> code cleanup : unused import statement, local vars and static finals.

Change-Id: I49b96ce37385989fb2208cecbf4cddcdd0e0d240
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
20b4c01ac3dbdc67e424c98a29e7abbfbd1ced3a 26-Oct-2010 John Huang <jsh@google.com> am 95ae8966: Merge "Use explicit intent for installing system credentials" into gingerbread
6ed6d465ff2b460e5517db3c7136a417dc77b410 26-Oct-2010 Hung-ying Tyan <tyanh@google.com> Use explicit intent for installing system credentials

Bug: 3020049
Change-Id: Iae999db70ee1a4e12d660c9335232b2429b8a5db
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
8eeadc240ebdeb5274035b3d1158d8e907897970 09-Jun-2010 Hung-ying Tyan <tyanh@google.com> CertInstaller: fix crash on invalid certificate

Change-Id: I527c328b76b66357fec6127b79f314c8ebf90b7c
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
3e722cadf66802194267460fe5de77e6c18530eb 15-Oct-2009 Hung-ying Tyan <tyanh@google.com> An overhaul on certinstaller.

* Fix state handling, identifying first-time-only execution etc.
* Fix the case where more than one alias exists in a pkcs12 keystore.
(http://b/issue?id=2202474)
* Improve UX: go ahead to install when there's only one cert file on SD card.
* Improve UX: make background transparent when not browsing files.
* Break the code into multiple activies and helper classes.
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java