7de56669876ed330f0ab4e603619273de1f51048 |
|
17-Apr-2013 |
Kenny Root <kroot@google.com> |
Add spinner to select Wi-Fi For the regular installation path, we now need to show a spinner so we don't regress from previous behavior where we can install certs for wifi from the main installation screen. You can also get to this from the Wi-Fi AP list, so only show it when the intended use is ambiguous. Bug: 8600545 Change-Id: I8e9c905ff84142ed7c1f50bf77eb3fb5574f8df1
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
53622fc40b88047a1bc1f2dd6c97a5ad8e8c8f66 |
|
28-Mar-2013 |
Kenny Root <kroot@google.com> |
Add ability to install credentials as other UID We need the ability to install from the system UID to wifi UID to explicitly bind WiFi credentials to the WiFi profile. This adds the ability for Wifi Settings to invoke installation of a PKCS12 file for the wifi UID. Bug: 8183258 Change-Id: I26970e563d68311b60dcdc78cd529322c5807368
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
99b10f59dd827314bd7fc124d6d0a84c56351ce2 |
|
05-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Tracking upgrade to bouncycastle 1.47 Change-Id: Ic6744ae517ab1d3b49de45edd05979dd164bfade
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
f4616bf8c0b3bff8863d627c3c003fa9234cb225 |
|
31-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Broader support for KeyChain.EXTRA_NAME Previously EXTRA_NAME only supplied the default name when used with KeyChain.EXTRA_CERTIFICATE. It now also provides the default name with KeyChain.EXTRA_PKCS12, overriding the value found within the PKCS#12 file. In addition, will be used as the default alias name when credentials are installed from external storage as opposed to via an extra. Bug: 6129421 Change-Id: I63c06a866fc62bfa56636011b766d3dcae7764bd
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
7d99ba835013491e9d3d540a937e5e0a742b1ab4 |
|
08-Mar-2012 |
Kenny Root <kroot@google.com> |
Convert to new KeyStore format The keystore no longer stores private keys in the clear, so it shouldn't have its private key material in PEM. It will just be an opaque handle for a private key. Change-Id: I939169338d0f7dc39743c9904166454f2cad49cc
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
77e1f401b283429aab853c2324da574dc293ab42 |
|
22-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Restore installation of CAs from PKCS#12 files Bug: 5037971 Change-Id: I35770bc5f536ee4ceb51c5fac655e7e5b9b8d89d
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
00736f76392c742e9c72c51f158ad7020f22524c |
|
29-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Tracking move to KeyChain credential installation API Bug: 3497064 Change-Id: I4d49354f4687f95d8239ea98d79bd61d06c4ce82
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
2942ff86b52c8a12c5d137d94ce4a21300575887 |
|
07-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Move CredentialHelper.convertToPem to frameworks/base for reuse by KeyChain Change-Id: I96d5a23201c070a7d0ce8856d189e54e3b05e3bd
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
c8150af204ffd38ac46635ff8793261045490ea2 |
|
03-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Remove local reuse in CredentialHelper.isCa While reviewing to isCa to understand how the NullPointerException handling changed since Honeycomb, rewrite isCa to be clearer about reusing local variables to be clearer about what is what and when. Change-Id: Icf0c3d08666e2be18da4f12f93e92ab998d18fd7
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
2aa55a29f1384da5fc574646c936760b67c205c9 |
|
31-May-2011 |
Brian Carlstrom <bdc@google.com> |
Integrating keystore with keyguard (Part 2 of 4) Summary: frameworks/base keystore rewrite keyguard integration with keystore on keyguard entry or keyguard change KeyStore API simplification packages/apps/Settings Removed com.android.credentials.SET_PASSWORD intent support Added keyguard requirement for keystore use packages/apps/CertInstaller Tracking KeyStore API changes Fix for NPE in CertInstaller when certificate lacks basic constraints packages/apps/KeyChain Tracking KeyStore API changes Details: frameworks/base Move keystore from C to C++ while rewriting password implementation. Removed global variables. Added many comments. cmds/keystore/Android.mk cmds/keystore/keystore.h cmds/keystore/keystore.c => cmds/keystore/keystore.cpp cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp Changed saveLockPattern and saveLockPassword to notify the keystore on changes so that the keystore master key can be reencrypted when the keyguard changes. core/java/com/android/internal/widget/LockPatternUtils.java Changed unlock screens to pass values for keystore unlock or initialization policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java KeyStore API changes - renamed test() to state(), which now return a State enum - made APIs with byte[] key arguments private - added new KeyStore.isEmpty used to determine if a keyguard is required keystore/java/android/security/KeyStore.java In addition to tracking KeyStore API changes, added new testIsEmpty and improved some existing tests to validate expect values. keystore/tests/src/android/security/KeyStoreTest.java packages/apps/Settings Removing com.android.credentials.SET_PASSWORD intent with the removal of the ability to set an explicit keystore password now that the keyguard value is used. Changed to ensure keyguard is enabled for keystore install or unlock. Cleaned up interwoven dialog handing into discrete dialog helper classes. AndroidManifest.xml src/com/android/settings/CredentialStorage.java Remove layout for entering new password res/layout/credentials_dialog.xml Remove enable credentials checkbox res/xml/security_settings_misc.xml src/com/android/settings/SecuritySettings.java Added ability to specify minimum quality key to ChooseLockGeneric Activity. Used by CredentialStorage, but could also be used by CryptKeeperSettings. Changed ChooseLockGeneric to understand minimum quality for keystore in addition to DPM and device encryption. src/com/android/settings/ChooseLockGeneric.java Changed to use getActivePasswordQuality from getKeyguardStoredPasswordQuality based on experience in CredentialStorage. Removed bogus class javadoc. src/com/android/settings/CryptKeeperSettings.java Tracking KeyStore API changes src/com/android/settings/vpn/VpnSettings.java src/com/android/settings/wifi/WifiSettings.java Removing now unused string resources res/values-af/strings.xml res/values-am/strings.xml res/values-ar/strings.xml res/values-bg/strings.xml res/values-ca/strings.xml res/values-cs/strings.xml res/values-da/strings.xml res/values-de/strings.xml res/values-el/strings.xml res/values-en-rGB/strings.xml res/values-es-rUS/strings.xml res/values-es/strings.xml res/values-fa/strings.xml res/values-fi/strings.xml res/values-fr/strings.xml res/values-hr/strings.xml res/values-hu/strings.xml res/values-in/strings.xml res/values-it/strings.xml res/values-iw/strings.xml res/values-ja/strings.xml res/values-ko/strings.xml res/values-lt/strings.xml res/values-lv/strings.xml res/values-ms/strings.xml res/values-nb/strings.xml res/values-nl/strings.xml res/values-pl/strings.xml res/values-pt-rPT/strings.xml res/values-pt/strings.xml res/values-rm/strings.xml res/values-ro/strings.xml res/values-ru/strings.xml res/values-sk/strings.xml res/values-sl/strings.xml res/values-sr/strings.xml res/values-sv/strings.xml res/values-sw/strings.xml res/values-th/strings.xml res/values-tl/strings.xml res/values-tr/strings.xml res/values-uk/strings.xml res/values-vi/strings.xml res/values-zh-rCN/strings.xml res/values-zh-rTW/strings.xml res/values-zu/strings.xml res/values/strings.xml packages/apps/CertInstaller Tracking KeyStore API changes src/com/android/certinstaller/CertInstaller.java Fix for NPE in CertInstaller when certificate lacks basic constraints src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Tracking KeyStore API changes src/com/android/keychain/KeyChainActivity.java src/com/android/keychain/KeyChainService.java support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java tests/src/com/android/keychain/tests/KeyChainServiceTest.java Change-Id: I280f54b9305c3b5549ae2dfc8eb890493806cc78
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
59f9a2721b1917c74e53f28f9d24e26e29fe0221 |
|
12-May-2011 |
Brian Carlstrom <bdc@google.com> |
Make CertInstaller installed CA certs trusted by applications via default TrustManager (3 of 6) frameworks/base Adding IKeyChainService APIs for CertInstaller and Settings use keystore/java/android/security/IKeyChainService.aidl libcore Improve exceptions to include more information luni/src/main/java/javax/security/auth/x500/X500Principal.java Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods. Added support for adding user CAs in a separate directory for system. Added support for removing system CAs by placing a copy in a sytem directory luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash to make sure the implementing algorithms doe not change since TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to 1.0.0) luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Extensive test of new TrustedCertificateStore behavior luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java TestKeyStore improvements - Refactored TestKeyStore to provide simpler createCA method (and internal createCertificate) - Cleaned up to remove use of BouncyCastle specific X509Principal in the TestKeyStore API when the public X500Principal would do. - Cleaned up TestKeyStore support methods to not throw Exception to remove need for static blocks for catch clauses in tests. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Added private PKIXParameters contructor for use by IndexedPKIXParameters to avoid wart of having to lookup and pass a TrustAnchor to satisfy the super-class sanity check. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java luni/src/main/java/java/security/cert/PKIXParameters.java packages/apps/CertInstaller Change CertInstaller to call IKeyChainService.installCertificate for CA certs to pass them to the KeyChainServiceTest which will make them available to all apps through the TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask. src/com/android/certinstaller/CertInstaller.java Added installCaCertsToKeyChain and hasCaCerts accessor for use by CertInstaller. Use hasUserCertificate() internally. Cleanup coding style. src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Added MANAGE_ACCOUNTS so that IKeyChainService.reset implementation can remove KeyChain accounts. AndroidManifest.xml Implement new IKeyChainService methods: - Added IKeyChainService.installCaCertificate to install certs provided by CertInstaller using the TrustedCertificateStore. - Added IKeyChainService.reset to allow Settings to remove the KeyChain accounts so that any app granted access to keystore credentials are revoked when the keystore is reset. src/com/android/keychain/KeyChainService.java packages/apps/Settings Changed com.android.credentials.RESET credential reset action to also call IKeyChainService.reset to remove any installed user CAs and remove KeyChain accounts to have AccountManager revoke credential granted to private keys removed during the RESET. src/com/android/settings/CredentialStorage.java Added toast text value for failure case res/values/strings.xml system/core Have init create world readable /data/misc/keychain to allow apps to access user added CA certificates installed by the CertInstaller. rootdir/init.rc Change-Id: Idc4e6dd927cf829268a684061e14412623f89d80
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
1415616fbef76346e586b927fada32f6ccdc6091 |
|
25-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Tracking jarjar of org.bouncycastle to com.android.org.bouncycastle Bug: 3086427 Change-Id: Ic1a08a990af04263dab98853174fe5cfaeb5c219
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
192624b5076b440b3cb78d4332402a21c93a6b07 |
|
20-Jan-2011 |
Chia-chi Yeh <chiachi@android.com> |
Update the intent path. Change-Id: I1a1d8c2acce19d6db98d3a0950743aab3d4af46e
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
9e7d5195f12519206a4febb72c9a7c053a69bc20 |
|
25-Nov-2010 |
Jean-Baptiste Queru <jbq@google.com> |
am 93f11ccc: am 9193d8bc: Merge "code cleanup : unused import statement, local vars and static finals." * commit '93f11ccc2a6b85ff30ebb38fbc11d2d0ea464ab6': code cleanup : unused import statement, local vars and static finals.
|
93f11ccc2a6b85ff30ebb38fbc11d2d0ea464ab6 |
|
25-Nov-2010 |
Jean-Baptiste Queru <jbq@google.com> |
am 9193d8bc: Merge "code cleanup : unused import statement, local vars and static finals." * commit '9193d8bcca6a02f92250ed4796908c6561c32945': code cleanup : unused import statement, local vars and static finals.
|
3e17f9f04b9f7d153757bfd2f34a5fe60698adcb |
|
06-Nov-2010 |
Mohammad Shamsi <m.h.shams@gmail.com> |
code cleanup : unused import statement, local vars and static finals. Change-Id: I49b96ce37385989fb2208cecbf4cddcdd0e0d240
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
20b4c01ac3dbdc67e424c98a29e7abbfbd1ced3a |
|
26-Oct-2010 |
John Huang <jsh@google.com> |
am 95ae8966: Merge "Use explicit intent for installing system credentials" into gingerbread
|
6ed6d465ff2b460e5517db3c7136a417dc77b410 |
|
26-Oct-2010 |
Hung-ying Tyan <tyanh@google.com> |
Use explicit intent for installing system credentials Bug: 3020049 Change-Id: Iae999db70ee1a4e12d660c9335232b2429b8a5db
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
8eeadc240ebdeb5274035b3d1158d8e907897970 |
|
09-Jun-2010 |
Hung-ying Tyan <tyanh@google.com> |
CertInstaller: fix crash on invalid certificate Change-Id: I527c328b76b66357fec6127b79f314c8ebf90b7c
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|
3e722cadf66802194267460fe5de77e6c18530eb |
|
15-Oct-2009 |
Hung-ying Tyan <tyanh@google.com> |
An overhaul on certinstaller. * Fix state handling, identifying first-time-only execution etc. * Fix the case where more than one alias exists in a pkcs12 keystore. (http://b/issue?id=2202474) * Improve UX: go ahead to install when there's only one cert file on SD card. * Improve UX: make background transparent when not browsing files. * Break the code into multiple activies and helper classes.
/packages/apps/CertInstaller/src/com/android/certinstaller/CredentialHelper.java
|