• Home
  • History
  • Annotate
  • only in /frameworks/base/keystore/
History log of /frameworks/base/keystore/
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
dc8bc1160cd97ca113636ca2b4adda21e031b5bd 12-Sep-2014 Shawn Willden <swillden@google.com> Correct test data size in keystore signing and verification tests.

The test is sending too much data to be signed, which should actually
fail, and does on Volantis. Apparently the other keymaster implementors
do something to pass it, because shamu and hammerhead pass, but the test
is wrong.

Change-Id: Ic616a551567d64f5d87d9607ceb08afa7be74f9d
ests/src/android/security/KeyStoreTest.java
26408ccd8e852d947e58021792bfc3b315e5948d 08-Sep-2014 Bernhard Bauer <bauerb@google.com> Add DevicePolicyManager PrivateKey mgmt

Additional device policy API to install keypairs to the keychain
silently.

Bug: 15065444
Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
ava/android/security/IKeyChainService.aidl
f0ae135049048424bceccb0799b12377181b25f0 18-Aug-2014 Zoltan Szatmary-Ban <szatmz@google.com> Extend IKeyChainService AIDL with CACert retrieval

Bug:16029580
Change-Id: I41a3bd2f3bd95550e59f1d0d0acd0e765d7b62d7
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
f0246a8a14d69680d1776620e75a485cf963e574 13-Aug-2014 Robin Lee <rgl@google.com> Keep managed profile keystores in sync with owner

Fixes setting a keyguard password for keystore in a multi-user setup
while we're at it.

Bug: 16233206.
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
ava/android/security/KeyStore.java
3291de8f6c8bc7ffa5992a2a5a5c2cf8bb0adf4b 15-Aug-2014 Zoltan Szatmary-Ban <szatmz@google.com> Revert "Revert "Revert "Revert "Revert "Update Trusted Credentials screen in settings"""""

This reverts commit c9249c69813c6fb889d71d84583c67ae2942e6de.

Change-Id: I5504fddaf7b18efb73cd6c76678b3b39ce9b0229
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
f8d72cc14f70f5af13342c4c7b107a8ab60dfe23 15-Aug-2014 Zoltan Szatmary-Ban <szatmz@google.com> Revert "Revert "Revert "Revert "Update Trusted Credentials screen in settings""""

This reverts commit 87efe74e092236c372d3b6909009641123aa416a.

This should be fine now with all the dependency CLs +2-ed


Change-Id: I96ad14ad5ff81e6b5391035cb6c5a62339c6cc40
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
f75aadc028f2e79541a269bf2c74dcb3482e2ec7 15-Aug-2014 Narayan Kamath <narayan@google.com> Revert "Revert "Revert "Update Trusted Credentials screen in settings"""

This reverts commit 19c8ce291e89a9ef1442a20e1feab421b11536d7.

Change-Id: Ie5a5571127311e0a29f314c0566e779cfe940b53
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
1e7bc0def8c62b91d3eb985a51bec54063ce83f5 15-Aug-2014 Zoltan Szatmary-Ban <szatmz@google.com> Revert "Revert "Update Trusted Credentials screen in settings""

This reverts commit 0f0de0bdd021bad5f85fdb0399a4ea91a1611e25.

Change-Id: Ia3d0907e3d7c2ec42d64e45f60e3dfaffb932c3d
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
678e3ecc937c00969830700dffb42fb1ee232f7c 07-Aug-2014 Zoltan Szatmary-Ban <szatmz@google.com> Revert "Update Trusted Credentials screen in settings"

This reverts commit 4fde5aa9fab931d9becfc49f7d7b8526ad5640d9.

Change-Id: I581c38d64e9829b0079bafa42615f2aa0bf64763
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
1386627335a79dd02fb34db344e63ca3abfce013 15-Jul-2014 Zoltan Szatmary-Ban <szatmz@google.com> Update Trusted Credentials screen in settings

Trusted credentials for both the primary user and its managed profiles are shown
on the Trusted Credentials fragment. All functionalities (e.g. disabling/enabling
of certificates) remain available.

Bug: 16029580

Change-Id: Ia92ae02d8c572bf4a3be172f6c255726cefc0fa1
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
aab72f3b0ab740e12b4a2576a99852081529feb5 19-Jun-2014 Robin Lee <rgl@google.com> Merge "Revert "Revert "Publish DevicePolicyManager CA certificate APIs"""
306fe08ce2b06671336e67a87afaa0851f0105eb 19-Jun-2014 Robin Lee <rgl@google.com> Revert "Revert "Publish DevicePolicyManager CA certificate APIs""

This reverts commit 792b270dbdc980cfe04e8d461bf00a1f45b5e936.

Change-Id: I18c7e0eca39868230cd8e4f4bbeb3c44ff9e8b78
ava/android/security/KeyChain.java
2b5e917026fe4e6dec8712ee24bdffee8d62ab33 18-Jun-2014 Robin Lee <rgl@google.com> Revert "Publish DevicePolicyManager CA certificate APIs"

This reverts commit 5260bf69946563dc47c17e7441b352adfce384c5.

Change-Id: I5e44fdac8a7375576b25171f58e31a1fa0e3c569
ava/android/security/KeyChain.java
6d3912e2ef75a7794ac44839eef2569086cae104 18-Jun-2014 Robin Lee <rgl@google.com> Merge "Revert "Publish DevicePolicyManager CA certificate APIs""
b12f1778d612a53e6b40e6d5873be1ccff2e52a5 17-Jun-2014 Robin Lee <rgl@google.com> Merge "Publish DevicePolicyManager CA certificate APIs"
837304f6f6ae37dc475fa6e0e620f1c2321f2e11 11-Jun-2014 Robin Lee <rgl@google.com> Publish DevicePolicyManager CA certificate APIs

Exposes these methods:
- hasCaCertInstalled
- hasAnyCaCertsInstalled
- installCaCert
- uninstallCaCert

Allows device and profile owners to perform some certificate management
including querying for and enabling/disabling specific CA certificates.

Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
ava/android/security/KeyChain.java
e37da759c521b156f0f2f8fecaa3cb52969674e2 11-Jun-2014 Robert Ly <robertly@google.com> am b1cb5aab: am 748856f2: am a7ddd029: am 80e84e2d: am f3cecfa2: am 55d525b2: am 716cc7dc: Add documentation for AndroidKeyStore

* commit 'b1cb5aabeb68815715eed423f1f9a7edb9a3e938':
Add documentation for AndroidKeyStore
80e84e2db92ba190c6c517dd4c71cd12c0adb249 10-Jun-2014 Robert Ly <robertly@google.com> am f3cecfa2: am 55d525b2: am 716cc7dc: Add documentation for AndroidKeyStore

* commit 'f3cecfa2185ef5622992b21da8204b8b6590ef2d':
Add documentation for AndroidKeyStore
f3cecfa2185ef5622992b21da8204b8b6590ef2d 10-Jun-2014 Robert Ly <robertly@google.com> am 55d525b2: am 716cc7dc: Add documentation for AndroidKeyStore

* commit '55d525b26b716351625798675afe69c6cf43cf5a':
Add documentation for AndroidKeyStore
716cc7dcac1bb9279326ab92a78a246b3a70de4e 08-May-2014 Robert Ly <robertly@google.com> Add documentation for AndroidKeyStore

Add exposition about the use cases for AndroidKeyStore and links to the
API sample application for different use cases.

Bug: 8608817
Change-Id: Ic4ce9405781c92f12687895b28c671661ea5524f
ava/android/security/KeyPairGeneratorSpec.java
ava/android/security/KeyStoreParameter.java
a365906e670c89674fb3383b5bcb33e682910c29 18-Mar-2014 Kenny Root <kroot@google.com> Use the correct package name for CHOOSER

Bug: 13013106
Change-Id: I1f715de18e7108274f5a98234376d48c2d329438
ava/android/security/KeyChain.java
1a88d834e8f7d21e714121c011fec82369a2e9f1 07-Feb-2014 Kenny Root <kroot@google.com> KeyChain: add explicit package for getPrivateKey

Bug: 9964538
Change-Id: If67c1938e9506d4fa81b241bcbce2193d1b194ef
ava/android/security/KeyChain.java
6090995951c6e2e4dcf38102f01793f8a94166e1 19-Nov-2013 John Spurlock <jspurlock@google.com> Remove unused imports from frameworks/base.

Change-Id: Ia1f99bd2c1105b0b0f70aa614f1f4a67b2840906
ava/android/security/AndroidKeyPairGenerator.java
ava/android/security/Credentials.java
ava/android/security/KeyChainAliasCallback.java
ava/android/security/KeyStoreParameter.java
ava/android/security/SystemKeyStore.java
b91773bce1126d28a93f73fbef18f3a79245f24e 05-Sep-2013 Kenny Root <kroot@google.com> Add argument to binder call to check key types

Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.

Bug: 10600582
Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb
ava/android/security/KeyChain.java
ava/android/security/KeyStore.java
c222ddd07ff9c65c682fd82f8534a9d7dea796cd 03-Sep-2013 Kenny Root <kroot@google.com> Unhide functions to allow ECDSA support

Bug: 10600582
Change-Id: Ic710807d7e771737521e0abd83af2f666ec1199c
ava/android/security/KeyPairGeneratorSpec.java
a39859889b7de0ad3190386cc732fa4bdcbe5504 16-Aug-2013 Kenny Root <kroot@google.com> Add support for DSA and ECDSA key types

(cherry picked from commit f64386fc26efeb245fd90fabaa47b8c8bf9b4613)

Bug: 10600582
Change-Id: I88dfcc8ca602f55fad54bd8bf043aee460c0de24
ava/android/security/AndroidKeyPairGenerator.java
ava/android/security/KeyPairGeneratorSpec.java
ava/android/security/KeyStore.java
ests/src/android/security/AndroidKeyPairGeneratorTest.java
ests/src/android/security/AndroidKeyStoreTest.java
ests/src/android/security/KeyPairGeneratorSpecTest.java
ests/src/android/security/KeyStoreTest.java
da51e68e582ffa017543982297c831680d201a91 09-Aug-2013 Maggie Benthall <mbenthall@google.com> Add methods for managing CAs to DevicePolicyManager(Service)

Guard install/uninstall by enforcing that the caller have the new system-only permission MANAGE_CA_CERTIFICATES.
Also include API methods for asking whether there are any User CA certs
installed, or if one by a particular name is installed in the keystore.

CA certs will be installed via KeyChain into the TrustedCertificateStore.

Bug: 8232670

Change-Id: I17b47a452e72eb4fe556dc6db823a46c6e854be8
ava/android/security/KeyChain.java
a920f25fe55fc9afc7640902a200f19ce278588b 29-Jun-2013 Elliott Hughes <enh@google.com> resolved conflicts for merge of fca0f92e to stage-aosp-master

Change-Id: I4791f0ffa324a313b8390fbde6d8f82f716ecf74
d396a448b2e36e29598c954b64bfddef73f3fae0 29-Jun-2013 Elliott Hughes <enh@google.com> Switch frameworks/base over from @hidden Charsets to public StandardCharsets.

Bug: 3484927
Change-Id: I5d136d2ee629588538602766a182ae14ce5fc63c
ava/android/security/Credentials.java
ests/src/android/security/KeyStoreTest.java
5f851a89b6a90db206d0e2fa63a60229e2bfcda6 07-May-2013 Kenny Root <kroot@google.com> am cd1de394: Merge "Track change in NativeCrypto"

* commit 'cd1de3940d9c389b6e69a7040c67d3abb8458ad2':
Track change in NativeCrypto
4b30e3391bda250975b43af43bad58c98fa73f84 07-May-2013 Kenny Root <kroot@google.com> Track change in NativeCrypto

Change-Id: Ic04d4ac5218795fc226f1751b6ae4db1ae73a930
ava/android/security/KeyChain.java
e9ae6822a80cb1f3bd13c785f1727c03d35da52e 30-Apr-2013 Kenny Root <kroot@google.com> resolved conflicts for merge of 1f6e789b to jb-mr2-dev-plus-aosp

Change-Id: I06c05d637613215b6d83df3e29cd495f6a5a0176
12e752225aa96888358294be0d725d499a1c9f03 24-Apr-2013 Kenny Root <kroot@google.com> Track change to JSSE provider

Change-Id: I35e824e47ad758ab6408e91e2ba5dcda053a82f5
ava/android/security/AndroidKeyPairGenerator.java
ava/android/security/AndroidKeyStore.java
ava/android/security/KeyChain.java
ests/Android.mk
ests/src/android/security/AndroidKeyStoreTest.java
1c219f619291ba818bc2542390a2988539d94ed0 19-Apr-2013 Kenny Root <kroot@google.com> Rename API AndroidKey* -> Key*

Bug: 8657552
Change-Id: Id9102b7c2c2f6d27fba7645f0629750cfe1eb510
ava/android/security/AndroidKeyPairGenerator.java
ava/android/security/AndroidKeyPairGeneratorSpec.java
ava/android/security/AndroidKeyStore.java
ava/android/security/AndroidKeyStoreParameter.java
ava/android/security/AndroidKeyStoreProvider.java
ava/android/security/KeyPairGeneratorSpec.java
ava/android/security/KeyStoreParameter.java
ests/src/android/security/AndroidKeyPairGeneratorSpecTest.java
ests/src/android/security/AndroidKeyPairGeneratorTest.java
ests/src/android/security/AndroidKeyStoreTest.java
ests/src/android/security/KeyPairGeneratorSpecTest.java
bf2147669e295384df17b50afc53a4d450b05bdd 10-Apr-2013 Kenny Root <kroot@google.com> AndroidKeyStore: Add encrypted flag

Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.

(partial cherry pick from commit 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3)

Bug: 8122243
Change-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e
ava/android/security/AndroidKeyPairGenerator.java
ava/android/security/AndroidKeyPairGeneratorSpec.java
ava/android/security/AndroidKeyStore.java
ava/android/security/AndroidKeyStoreParameter.java
ava/android/security/AndroidKeyStoreProvider.java
ava/android/security/KeyStore.java
ests/src/android/security/AndroidKeyPairGeneratorSpecTest.java
ests/src/android/security/AndroidKeyPairGeneratorTest.java
ests/src/android/security/AndroidKeyStoreTest.java
4622351159b51bf072fe12833b574cf38f9400c8 10-Apr-2013 Kenny Root <kroot@google.com> keystore: Add flag for blobs to be unencrypted

In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.

(cherry picked from commit a3788b00bb221e20abdd42f747d2af419e0a088c)

Bug: 8122243
Change-Id: Ifc1c64743651b23a4eace208ade0176af47ea989
ava/android/security/KeyStore.java
e7cf8c230208beef0c3a5f83a1e1d2c36ac5ca12 13-Apr-2013 Kenny Root <kroot@google.com> keystore: remove old APIs

Remove the APIs that don't specify the flags so callers know what
they're getting.

Bug: 8122243
Change-Id: Ifaef6fb1d16010237c01f9d11f2053bb6b3980c0
ava/android/security/KeyStore.java
b2c0ff64d8ff92dab53e969a44fa12427d145952 13-Apr-2013 Kenny Root <kroot@google.com> Remove old KeyStore call sites

Remove the call sites that don't have the flags specified. This is to
ensure that callers know what flags they're setting.

Bug: 8122243
Change-Id: Ifbd178fddbf8dbd8f7b821ea739a20d056ef9fa7
ests/src/android/security/AndroidKeyStoreTest.java
ests/src/android/security/KeyStoreTest.java
2eeda7286f3c7cb79f7eb71ae6464cad213d12a3 10-Apr-2013 Kenny Root <kroot@google.com> AndroidKeyStore: Add encrypted flag

Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.

Bug: 8122243
Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
ava/android/security/AndroidKeyPairGenerator.java
ava/android/security/AndroidKeyPairGeneratorSpec.java
ava/android/security/AndroidKeyStore.java
ava/android/security/AndroidKeyStoreParameter.java
ava/android/security/AndroidKeyStoreProvider.java
ava/android/security/KeyStore.java
ests/src/android/security/AndroidKeyPairGeneratorSpecTest.java
ests/src/android/security/AndroidKeyPairGeneratorTest.java
ests/src/android/security/AndroidKeyStoreTest.java
a3788b00bb221e20abdd42f747d2af419e0a088c 10-Apr-2013 Kenny Root <kroot@google.com> keystore: Add flag for blobs to be unencrypted

In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.

Bug: 8122243
Change-Id: If9af0d992d68edec006e630c687df3d03a7c9608
ava/android/security/KeyStore.java
8b51475c97f8f2742047976283afbe1f9ef9fcbf 04-Feb-2013 Kenny Root <kroot@google.com> Revert "Remove AndroidKeyStore from API"

This reverts commit ce24985ad636c38b6ee01ec9cdecfb038bfeaeb6.

Change-Id: I02d6492c8db869619694c7209bb37522a7ec5a29
ava/android/security/AndroidKeyPairGeneratorSpec.java
d72317abd79ddf95d48c8f35bf1070900ff55b5e 02-Apr-2013 Kenny Root <kroot@google.com> Remove keystore entries when package removed

Add a hook into PackageManagerService so that when app IDs are
completely removed, we erase all entries from keystore for those UIDs
that have gone away.

(cherry picked from commit 95e3ee3971915b323e5c13dcfe3b12a4180850cd)

Bug: 3020069
Change-Id: I374258ccc103f8cb3e238f2bf0d1afda0659db94
ava/android/security/KeyStore.java
95e3ee3971915b323e5c13dcfe3b12a4180850cd 02-Apr-2013 Kenny Root <kroot@google.com> Remove keystore entries when package removed

Add a hook into PackageManagerService so that when app IDs are
completely removed, we erase all entries from keystore for those UIDs
that have gone away.

Bug: 3020069
Change-Id: Id4b1d51a5fa4c418865055635a84bebcf5b65ec8
ava/android/security/KeyStore.java
5b7e90ac937857c10a3d49b244ec75ca539b9a22 02-Apr-2013 Kenny Root <kroot@google.com> Add API to query KeyChain algorithm support, pt. 2

Late-breaking comments on API name. Revised.

Bug: 7095660
Change-Id: I7224d9c8a4f84a272360ede78a18bfb72d8aeb77
ava/android/security/KeyChain.java
bf556ac636a39c1d0fe5451a921b88400dd1c695 02-Apr-2013 Kenny Root <kroot@google.com> Add API to query KeyChain algorithm support

Bug: 7095660
Change-Id: Ia87caaa33bc01b032130811833f0a3c4f75b62d4
ava/android/security/KeyChain.java
5cb5cec6a4a4d5432d4ce6468c12de9508db1633 29-Mar-2013 Kenny Root <kroot@google.com> KeyStore: add API to query storage type

Add an API to keystore daemon to query what kind of storage is currently
in use.

(cherry picked from commit a738e2a1aee26e0be3944c11820724aeca313f83)

Change-Id: I52c84449a27b1cefc49372a6406b7132c2bbddee
ava/android/security/KeyStore.java
a738e2a1aee26e0be3944c11820724aeca313f83 29-Mar-2013 Kenny Root <kroot@google.com> KeyStore: add API to query storage type

Add an API to keystore daemon to query what kind of storage is currently
in use.

Change-Id: I5a83ae92250ca63b691dcf1beb8b3e1703797745
ava/android/security/KeyStore.java
acb0b5b220b2cb15f5a800a356bb25f47252a6ea 28-Mar-2013 Kenny Root <kroot@google.com> AndroidKeyStore: add Builder for param spec

Change-Id: I13403197e1ac7ac607efa10979eb73bde0135a2a
ava/android/security/AndroidKeyPairGeneratorSpec.java
ests/src/android/security/AndroidKeyPairGeneratorSpecTest.java
3e7be43e2555bbdfe311dcbd9a36f7f05321a2d8 28-Mar-2013 Kenny Root <kroot@google.com> Add ability to install credentials as other UID

We need the ability to install from the system UID to wifi UID
to explicitly bind WiFi credentials to the WiFi profile. This adds the
ability for Wifi Settings to invoke installation of a PKCS12 file for
the wifi UID.

Bug: 8183258
Change-Id: I652b7e6fa93deda6d6d310be33f224e5a356c787
ava/android/security/Credentials.java
5f1d965f7d7e1df50981ffed8faa11fbcc17ca22 21-Mar-2013 Kenny Root <kroot@google.com> KeyStore: change migrate to duplicate

After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.

Change-Id: I2f9cae48d38ec7146511e876450fa39fc92cda55
ava/android/security/KeyStore.java
ests/src/android/security/KeyStoreTest.java
bd79419ef84ae31f3765721b50aa413fa462d1d1 20-Mar-2013 Kenny Root <kroot@google.com> KeyStore: add "migrate" command

To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.

Bug: 8122243
Change-Id: I65f7a91504c1d2a2aac22b9c3051adffd28d66c1
ava/android/security/KeyStore.java
ests/src/android/security/KeyStoreTest.java
78ad849163a7b01073b46fbd7d818392720005d1 14-Feb-2013 Kenny Root <kroot@google.com> KeyStore: add API to uid versions

In previous commits, we added the ability to specify which UID we want to
target on certain operations. This commit adds the ability to reach those
binder calls from the KeyStore class.

Also fix a problem where saw() was not reading all the values returned via
the Binder call. This changes the semantics to return a null instead of
failing silently when it's not possible to search.

Change-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4
ava/android/security/AndroidKeyStore.java
ava/android/security/KeyStore.java
ests/src/android/security/AndroidKeyPairGeneratorTest.java
ests/src/android/security/KeyStoreTest.java
b9594ce9ebb3f5f303a280f04312ae5754ce3560 14-Feb-2013 Kenny Root <kroot@google.com> KeyStore: stop using state()

Change-Id: I721974fd95f8d1ab06a3fd1bbb4c9b4d9d1d7752
ava/android/security/KeyStore.java
ests/src/android/security/AndroidKeyPairGeneratorTest.java
ests/src/android/security/AndroidKeyStoreTest.java
b0f4b8a7d2662e8cc63dae1001175bf72bca1539 14-Feb-2013 Kenny Root <kroot@google.com> Merge "Track keystore binder changes"
0150e48200a967aead3c2ac6f1283ae2df54c305 14-Feb-2013 Kenny Root <kroot@google.com> KeyChain: return null instead of throw

The API documentation says it will return null if the key isn't found.
We get null back from the keystore daemon when it can't retrieve the
data, so just return null back to the API caller.

Change-Id: I42248bd50cbc5f76864bd762aae3faab1c50529d
ava/android/security/KeyChain.java
e151f281d527f4bea5cbdf4219d5e0507a6668b0 14-Feb-2013 Kenny Root <kroot@google.com> Track keystore binder changes

Change-Id: Id6133be059a8a0901d16355a9152e40e4a255454
ava/android/security/KeyStore.java
887c523646012f4f0b63f5ffd0a1e9ebc3c2bdf1 05-Feb-2013 Kenny Root <kroot@google.com> am 74637db2: Merge "AndroidKeyStore: return error code on error"

# Via Gerrit Code Review (1) and Kenny Root (1)
* commit '74637db21eb0b3c0167378e2b5c866fdc02e51f2':
AndroidKeyStore: return error code on error
e66769ad5194cb4533d1087416a2e804ac384285 05-Feb-2013 Kenny Root <kroot@google.com> AndroidKeyStore: return error code on error

Instead of blindly multiplying return value by 1000 to convert to
milliseconds, check to see if it's an error condition first.

Change-Id: I8eab1e7a86d78c13458fcbbc79d590e452fc9791
ava/android/security/KeyStore.java
c4a768c87e03a5e6d8b4435aaca6893546006321 05-Feb-2013 Kenny Root <kroot@google.com> am 5a720bb9: Merge "AndroidKeyStore: add key wrapping test"

# Via Gerrit Code Review (1) and Kenny Root (1)
* commit '5a720bb9b031d44e593d2054bda586ccc3752aa4':
AndroidKeyStore: add key wrapping test
516fab2404f550aca03b3774bd5b279d4e69dd9f 05-Feb-2013 Kenny Root <kroot@google.com> am 133c5f5e: Merge "AndroidKeyStore: fix tests"

# Via Gerrit Code Review (1) and Kenny Root (1)
* commit '133c5f5e91e72cff1a9a3a4903a0efc96b39165b':
AndroidKeyStore: fix tests
656f92f2c6fec008dd3131f6ec30a121b5b2a92e 04-Feb-2013 Kenny Root <kroot@google.com> AndroidKeyStore: add key wrapping test

Change-Id: Ib21ab37d22689dd87f014eaa1f7919a575367cdd
ests/src/android/security/AndroidKeyStoreTest.java
8b58c52bf4cc276165b1857eb4087eabde7b6477 04-Feb-2013 Kenny Root <kroot@google.com> AndroidKeyStore: fix tests

Change-Id: I65fd8ba27af57ea8fd27c8e08c9c1201f32c494d
ava/android/security/KeyStore.java
ests/src/android/security/AndroidKeyStoreTest.java
a647281109584d96ba2265c0faa14432deeb9815 26-Jan-2013 Kenny Root <kroot@google.com> am 2e99d3c9: am ebb61ca2: Merge "Track libcore changes for OpenSSLKey"

# Via Android Git Automerger (1) and others
* commit '2e99d3c9646861ca92faf6708c18e36c7530fd93':
Track libcore changes for OpenSSLKey
cc1fc6b6adc1edc2acaa42205b4ec5ca00bfd353 22-Jan-2013 Kenny Root <kroot@google.com> Track libcore changes for OpenSSLKey

Change-Id: I39f60c34daa9ccc633efb02988ea238a84e6bbf1
ava/android/security/AndroidKeyStore.java
c41db6c9ba298c8fac5068ad2843b4aa58ecf1c5 04-Jan-2013 Scott Main <smain@google.com> am 834b0f3c: am 19b17b41: am 38a642e9: am 3e2479dd: Merge "docs: fix broken links and add new sitemap text file" into jb-mr1-dev

* commit '834b0f3cd90679655ac1549cb427fc9475ac4a4b':
docs: fix broken links and add new sitemap text file
188315cf8b44fb59da2d37c1d54bbc70ee3acb4e 04-Jan-2013 Scott Main <smain@google.com> docs: fix broken links and add new sitemap text file

Change-Id: If0f7967a65a6e3a444a565a2e8229a04a5265f56
ava/android/security/package.html
6b77645aa9ac51ce33ea67adba226aaf1a6e8846 02-Nov-2012 Kenny Root <kroot@google.com> Switch keystore to binder

Change-Id: I9fa1fc05068bee1eed3f618fb32f70cf3d4c05d4
ava/android/security/KeyStore.java
58ed5d748c0b9b64845975ef5844ad313de7c3f6 07-Nov-2012 Kenny Root <kroot@google.com> am 768d9e1a: Merge "Correct executable bit for source files"

* commit '768d9e1a72ceee7d4a5f608776b87b62d6ce4a04':
Correct executable bit for source files
3a084af2e90849aaa8beb3a610189e3399c63ea0 07-Nov-2012 Kenny Root <kroot@google.com> Correct executable bit for source files

Many media files and source code files were marked as executable in Git.
Remove those.

Also a shell script and python script were not marked as executable.

Change-Id: Ieb51bafb46c895a21d2e83696f5a901ba752b2c5
ests/src/android/security/KeyStoreTest.java
ce24985ad636c38b6ee01ec9cdecfb038bfeaeb6 15-Sep-2012 Kenny Root <kroot@google.com> Remove AndroidKeyStore from API

Change-Id: Ibe09d78e5a5b86604f01144f344525bff94c2dde
ava/android/security/AndroidKeyPairGeneratorSpec.java
0efca17105d112a0ff568602831b22bdafa00433 05-Sep-2012 Brian Carlstrom <bdc@google.com> Tracking upgrade to bouncycastle 1.47

Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
ava/android/security/Credentials.java
a4640c082c8ccf66ebfb50ace5747409ab6aee55 31-Aug-2012 Kenny Root <kroot@google.com> Add some NullPointerExceptions to AndroidKeyStore

Existing KeyStore implementations throw NullPointerExceptions beacuse
the KeyStoreSpi doesn't check these arguments for null. Add in checks so
we don't accidentally check some bogus values.

Also switch a RuntimeException to a KeyStoreException

Change-Id: I18f4d4474d607cb2057ea8069b901e0992275e78
ava/android/security/AndroidKeyStore.java
69ddab4575ff684c533c995e07ca15fe18543fc0 25-Aug-2012 Jeff Sharkey <jsharkey@android.com> Always-on VPN.

Adds support for always-on VPN profiles, also called "lockdown." When
enabled, LockdownVpnTracker manages the netd firewall to prevent
unencrypted traffic from leaving the device. It creates narrow rules
to only allow traffic to the selected VPN server. When an egress
network becomes available, LockdownVpnTracker will try bringing up
the VPN connection, and will reconnect if disconnected.

ConnectivityService augments any NetworkInfo based on the lockdown
VPN status to help apps wait until the VPN is connected.

This feature requires that VPN profiles use an IP address for both
VPN server and DNS. It also blocks non-default APN access when
enabled. Waits for USER_PRESENT after boot to check KeyStore status.

Bug: 5756357
Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
ava/android/security/Credentials.java
802768dd86c4e8a933dbfbac2e9f1a1daa5f93fa 22-Aug-2012 Kenny Root <kroot@google.com> Add ability to replace chain for PrivateKeyEntry

For the AndroidKeyStore API, allow entries to have their certificate
chain replaced without destroying the underlying PrivateKey. Since
entries are backed by unexportable private keys, requiring them to be
supplied again doesn't make sense and is impossible.

Change-Id: I629ce2a625315c8d8020a082892650ac5eba22ae
ava/android/security/AndroidKeyStore.java
ava/android/security/Credentials.java
ests/Android.mk
ests/src/android/security/AndroidKeyStoreTest.java
db026710ec0adcf7f72dfb24c65d38a882ee26d8 20-Aug-2012 Kenny Root <kroot@google.com> Add KeyPairGenerator for Android keystore

This allows end-users to generate keys in the keystore without the
private part of the key ever needing to leave the device. The generation
process also generates a self-signed certificate.

Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
ava/android/security/AndroidKeyPairGenerator.java
ava/android/security/AndroidKeyPairGeneratorSpec.java
ava/android/security/AndroidKeyStore.java
ava/android/security/AndroidKeyStoreProvider.java
ava/android/security/Credentials.java
ava/android/security/package.html
ests/src/android/security/AndroidKeyPairGeneratorSpecTest.java
ests/src/android/security/AndroidKeyPairGeneratorTest.java
e29df16cb57b69995df597e8a6d95d986c1c43fc 10-Aug-2012 Kenny Root <kroot@google.com> Add AndroidKeyStore provider for KeyStore API

This introduces a public API for the Android keystore that is accessible
via java.security.KeyStore API. This allows programs to store
PrivateKeyEntry and TrustedCertificateEntry items visible only to
themselves.

Future work should include:

* Implement KeyStore.CallbackHandlerProtection parameter to allow the
caller to request that the keystore daemon unlock itself via the
system password input dialog.

* Implement SecretKeyEntry once that support is in keystore daemon

Change-Id: I382ffdf742d3f9f7647c5f5a429244a340b6bb0a
ava/android/security/AndroidKeyStore.java
ava/android/security/AndroidKeyStoreProvider.java
ests/src/android/security/AndroidKeyStoreTest.java
473c712b19bad992ab4eafcd43175fdce77b913d 18-Aug-2012 Kenny Root <kroot@google.com> Add getmtime to Android KeyStore API

java.security.KeyStore requires that you be able to get the creation
date for any given entry. We'll approximate that through using the mtime
of the file in the keystore.

Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f
ava/android/security/KeyStore.java
ests/src/android/security/KeyStoreTest.java
4cfb30a22ac22ce6a50d4860e467beda5c7da735 13-Aug-2012 Kenny Root <kroot@google.com> am 1ad8bf56: am f0e87175: Merge "Remove useless TestRunner"

* commit '1ad8bf5660281d624759897e0403b35b29641ba2':
Remove useless TestRunner
96ad6cb080d0721a433d2bcb201f4a4582bf1caf 10-Aug-2012 Kenny Root <kroot@google.com> Remove useless TestRunner

InstrumentationTestRunner can enumerate the test cases to run without a
special TestRunner.

Change-Id: I5a49413440ef191f28a21034a318d9a9e3f8174b
ests/AndroidManifest.xml
ests/src/android/security/KeyStoreTest.java
ests/src/android/security/KeyStoreTestRunner.java
ests/src/android/security/SystemKeyStoreTest.java
54e03afcfe34e9875efa56650c1af3ebc8f58a89 07-Aug-2012 Kenny Root <kroot@google.com> Use TrustedCertificateStore for chain building

Move chain building to TrustedCertificateStore since it has more
information about the certificates.

Change-Id: I3030e94eb1abb8a2047a4151bdaad9922706dd0f
ava/android/security/KeyChain.java
2a5b147ec8fc1235af928042bdfb78170b18067b 31-Jul-2012 Brian Carlstrom <bdc@google.com> Change KeyStore to use Modified UTF-8 to match NativeCrypto

Bug: http://code.google.com/p/android/issues/detail?id=35141
Bug: 6869713

Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
ava/android/security/KeyStore.java
ests/src/android/security/KeyStoreTest.java
5b1f037829bff93877a6257db69f4e7723a27e20 31-Jul-2012 Brian Carlstrom <bdc@google.com> Change KeyStore to use Modified UTF-8 to match NativeCrypto

Bug: http://code.google.com/p/android/issues/detail?id=35141
Bug: 6869713

Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
ava/android/security/KeyStore.java
ests/src/android/security/KeyStoreTest.java
5ea68db37fd5ad4e0ddc0745b4347e86f17f78db 18-Jul-2012 Brian Carlstrom <bdc@google.com> Improve test key names to reproduce public issue

Also fixes other unrelated test failures.

Bug: http://code.google.com/p/android/issues/detail?id=34577
Bug: 6837950

(cherry-picked from f4019af04a1fc4b16aa5972cbcbba703caa5d78d)

Change-Id: I5b32b5ccac80f04a4d0fd6b21b8caa11e42995a7
ests/src/android/security/KeyStoreTest.java
f4019af04a1fc4b16aa5972cbcbba703caa5d78d 18-Jul-2012 Brian Carlstrom <bdc@google.com> Improve test key names to reproduce public issue

Also fixes other unrelated test failures.

Bug: http://code.google.com/p/android/issues/detail?id=34577
Bug: 6837950

Change-Id: I2c5ed1cbfbe0ab6f4ddd8619696d6545be0519a8
ests/src/android/security/KeyStoreTest.java
5423e68d5dbe048ec6f042cce52a33f94184e9fb 14-Nov-2011 Kenny Root <kroot@google.com> Add signing to keystore

Change the keystore to keep the private keys in keystore. When returned,
it uses the OpenSSL representation of the key to allow users to use it
in various operations through the OpenSSL ENGINE that connects to
keystore.

Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
ava/android/security/Credentials.java
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
ava/android/security/KeyStore.java
ests/src/android/security/KeyStoreTest.java
1cedb47e18a3acb322914e1963285882dc77d9ba 15-Mar-2012 Selim Gurun <sgurun@google.com> Merge "Make the credential storage change action public."
fcdccac49067e4cc60567ee93ccf1b62e74477fb 02-Mar-2012 Brian Carlstrom <bdc@google.com> Remove obsolete KeyChain references to USE_CREDENTIALS (2 of 2)

Change-Id: Ic8a22ce3a9010b8378af044e611bf787e15f6227
ava/android/security/KeyChain.java
e57319ff880c43b44aaab4905dc8997d97827520 17-Feb-2012 Selim Gurun <sgurun@google.com> Make the credential storage change action public.

Bug: 6009802

When the credential storage changes, (adding/removing certs,
resetting the storage, enabling/disabling trusted CAs, etc), the
applications that use the storage has to be made aware of the
fact that the storage changed, so they can clear any cached state,
close connections or take any other actions. Internally, this
applies to webview. However, applications, potentially including
3rd party browsers, also need this information.

Change-Id: I765b97a3f38f45247ee3f6e127b490388d373847
ava/android/security/KeyChain.java
93ba4fedebb78ba47c24e8472c8960ea8fdc933a 14-Feb-2012 Selim Gurun <sgurun@google.com> Act on credential storage updates.

Bug: 6009802

Cherry pick fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
Listen to credential storage updates and clean state when necessary.

Change-Id: I2c63e6771e9373da8b39781fdcf3d21583c4e3b2
ava/android/security/KeyChain.java
43e41580e4c700e970cc5e62180a767ab424da6d 16-Feb-2012 Selim Gurun <sgurun@google.com> Revert "Act on credential storage updates."

This reverts commit fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
ava/android/security/KeyChain.java
fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1 14-Feb-2012 Selim Gurun <sgurun@google.com> Act on credential storage updates.

Bug: 6009802

Listen to credential storage updates and clean state when necessary.

Change-Id: I48f2e7d6e036882c2b4a29fbd357ca018fd4e4c7
ava/android/security/KeyChain.java
ab8b84ad3847788d83da557606aa27d4102e6b52 13-Jul-2011 Fred Quintana <fredq@google.com> Make the KeyChain handled its own grants rather than having
AccountManagerService handle them.

Change-Id: I89d272b22766f85019c1f947153d69e6dbb74c68
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
74e6bd7b7783fb506d7525e9ba40aac980745eaf 06-Jul-2011 Brian Carlstrom <bdc@google.com> Merge "New KeyChain API for credential installation"
db93b78385d694402760ad63de0795f3902030d9 01-Jul-2011 Brian Carlstrom <bdc@google.com> Build cert chain in KeyChain.getCertificateChain

Bug: 4970298
Change-Id: Id91391233528edc2a4da5ebe92ec85d381f170de
ava/android/security/KeyChain.java
ca43c458ad0ee8cfa7f5eabc8ba1a65ae473976b 30-Jun-2011 Brian Carlstrom <bdc@google.com> New KeyChain API for credential installation

Bug: 3497064
Change-Id: Ie5c20e87a436b7ab66258d08b719ab8bb1f1d86d
ava/android/security/KeyChain.java
a00a2b33ccc6bc079c3ee57a938f62947b48a001 29-Jun-2011 Brian Carlstrom <bdc@google.com> KeyChain API for credential installation

Bug: 3497064
Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
ava/android/security/Credentials.java
ava/android/security/KeyChain.java
bef5e5aabcb6ab440829f4418d1cbc268564eee0 28-Jun-2011 Brian Carlstrom <bdc@google.com> Add KeyStoreTest.testGet

Now that system user can read keystore, add KeyStoreTest.testGet and update other tests to use KeyStore.get

Change-Id: I364866d52c2ecf550ff26aadc6e85126318889fa
ests/src/android/security/KeyStoreTest.java
6da00334478df64921b68fcbb45c9d1eef6f35bd 27-Jun-2011 Brian Carlstrom <bdc@google.com> Moving ssl_certificate layout, resources, and helper code to SslCertificate
Add IKeyChainService.deleteCaCertificate

Change-Id: If42341bc732efcfe4f958c00cdd6c0fec11a3c75
ava/android/security/IKeyChainService.aidl
67c30dfe8e4bff11a4660ac23e8679b5deb59457 24-Jun-2011 Brian Carlstrom <bdc@google.com> Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5)

frameworks/base

Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply
preferred choice to be selected in chooser. This allows Email
settings to highlight the current choice when allowing user to
change settings.
keystore/java/android/security/KeyChain.java
api/current.txt

Implemented KeyChain functionality to pass host and port
information to KeyChainActivity for display.
keystore/java/android/security/KeyChain.java

KeyChain now sends a PendingIntent as part of the Intent it sends
to the KeyChainActivity which can be used to identify the caller
in reliable way.
keystore/java/android/security/KeyChain.java

Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse.
Added Credentials.install variant with no value for use from KeyChainActivity
keystore/java/android/security/Credentials.java

packages/apps/CertInstaller
Source of extension constants now in Credentials
src/com/android/certinstaller/CertFile.java

packages/apps/Browser
Have browser supply host and port information to KeyChain.choosePrivateKeyAlias
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/browser/Tab.java

packages/apps/Email
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/email/view/CertificateSelector.java

packages/apps/KeyChain

KeyChain now depends on bouncycastle X509Name for formatting
X500Principals, since the 4 X500Principal formatting options could
not format emailAddress attributes in a human readable way and its
the most important attribute to display for client certificates in
most cases.
Android.mk

Changing the UI to a dialog, make the activity style transparent.
AndroidManifest.xml
res/values/styles.xml

Layout for chooser dialog
res/layout/cert_chooser.xml

Layout for list items in chooser
res/layout/cert_item.xml

New resources for dialog including comments for translators.
res/values/strings.xml

New dialog based KeyChainActivity. Now also shows requesting app
and requesting server. Now can preselect a specified alias. New
link directly to CertInstaller.

src/com/android/keychain/KeyChainActivity.java

Fix KeyChainTestActivity to work with TestKeyStore changes that
were causing network activity on the UI to look up the name of
localhost. Also track KeyChain.choosePrivateKeyAlias API change.

tests/src/com/android/keychain/tests/KeyChainTestActivity.java

Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
ava/android/security/Credentials.java
ava/android/security/KeyChain.java
42f6528b988e3ae320cda63a2bd63d30d9e56183 10-Jun-2011 Brian Carlstrom <bdc@google.com> New KeyChain API for application access to keystore credentials

The KeyChain API is Currently in use by Browser and validated by Email
for client certificate authentication.

Change-Id: Ifeab416be594457a05747406e31656e71795cb53
ava/android/security/KeyChain.java
ava/android/security/KeyChainAliasCallback.java
ava/android/security/KeyChainException.java
93201f545b67da15cb69830a5988810aef52c0b2 10-Jun-2011 Brian Carlstrom <bdc@google.com> KeyChain API refinements

Change-Id: I177ab4642e6cd1aa13526c14f0a707175fd79655
ava/android/security/IKeyChainAliasCallback.aidl
ava/android/security/IKeyChainAliasResponse.aidl
ava/android/security/KeyChain.java
ava/android/security/KeyChainAliasCallback.java
ava/android/security/KeyChainAliasResponse.java
ava/android/security/KeyChainException.java
9d7faa91be6661eccf73494f1ab96ae9a28d42d7 07-Jun-2011 Brian Carlstrom <bdc@google.com> Change KeyChain to assume PEM encoded keystore entries

Summary:
- Changed KeyChain to assume PEM encoded keystore entries
- Moved convertToPem from CertInstaller for reuse with other Credentials helpers
- Added convertFromPem for use decoding keystore entries

Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
ava/android/security/Credentials.java
ava/android/security/KeyChain.java
7e4b1a488dd02c4bf6156379e36834e9e01c5b1b 02-Jun-2011 Brian Carlstrom <bdc@google.com> Restore ResponseCodes for use with getLastError

Change-Id: I41b5bc9cbb6c05672c92d5864e889fd2b0186141
ava/android/security/KeyStore.java
5cfee3fabb3482c6a6df1c8b6f21e843cf214527 31-May-2011 Brian Carlstrom <bdc@google.com> Integrating keystore with keyguard (Part 1 of 4)

Summary:

frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification

packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use

packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints

packages/apps/KeyChain
Tracking KeyStore API changes

Details:

frameworks/base

Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.

cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp

Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.

core/java/com/android/internal/widget/LockPatternUtils.java

Changed unlock screens to pass values for keystore unlock or initialization

policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java

KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required

keystore/java/android/security/KeyStore.java

In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.

keystore/tests/src/android/security/KeyStoreTest.java

packages/apps/Settings

Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.

AndroidManifest.xml
src/com/android/settings/CredentialStorage.java

Remove layout for entering new password

res/layout/credentials_dialog.xml

Remove enable credentials checkbox

res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java

Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.

src/com/android/settings/ChooseLockGeneric.java

Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.

src/com/android/settings/CryptKeeperSettings.java

Tracking KeyStore API changes

src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java

Removing now unused string resources

res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml

packages/apps/CertInstaller

Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java

Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java

Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
ava/android/security/KeyStore.java
ests/src/android/security/KeyStoreTest.java
ba1a667b1d6c95050f6c88316ac58fe9e0ff878b 25-May-2011 Brian Carlstrom <bdc@google.com> Remove need for onActivityResult from KeyChain API

Change-Id: I97bb9db06978f6dc039d22bfee116671d7b3e336
ava/android/security/IKeyChainAliasResponse.aidl
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
ava/android/security/KeyChainAliasResponse.java
ava/android/security/KeyChainResult.java
d752472d9abf03fda637d43716bc6bd632e1f5c3 18-May-2011 Brian Carlstrom <bdc@google.com> Move to KeyChain.bind

Change-Id: Ic3c6e0e9be9bcfdc882cf97cec38cca70b23d0a1
ava/android/security/KeyChain.java
8e9929c4d0730de4c9f01435a7cfe2db8855e24d 17-May-2011 Brian Carlstrom <bdc@google.com> Simplify KeyChain API by removing now unneeded CA certificate lookup (1 of 3)

frameworks/base

Remove getCaCertificates and findIssuer from IKeyChainService,
these are now done via libcore's TrustedCertificateStore (as part
of the default TrustManager implementation)

keystore/java/android/security/IKeyChainService.aidl

Simplify KeyChain API. Now that the CA certificates are visible
through the default TrustManager, the KeyChain is solely focused on
retrieving PrivateKeys and their associated certificates. The
calling API for KeyChain to simply a single KeyChain.get() call
that returns a KeyChainResult, removing the need for a KeyChain
instance that needs to be closed.

keystore/java/android/security/KeyChain.java
keystore/java/android/security/KeyChainResult.java

master/libcore

Remove getDefaultIndexedPKIXParameters and
getIndexedPKIXParameters which was used as part of the prototype
of looking up CAs via the KeyChain but is obsoleted by the new
default TrustManager implementation.

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java

packages/apps/KeyChain

Tracking simplified IKeyChainService, removing now unneeded
implementation, updating tests.

src/com/android/keychain/KeyChainService.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
tests/src/com/android/keychain/tests/KeyChainTestActivity.java

Change-Id: I847b28c2f467c85f24d2b693a2fecc1cb46426b4
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
ava/android/security/KeyChainResult.java
2627d53f65be672e9a27f735975de1bf3aebfec1 13-May-2011 Brian Carlstrom <bdc@google.com> Make CertInstaller installed CA certs trusted by applications via default TrustManager (1 of 6)

frameworks/base

Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl

libcore

Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java

Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directroy for system.
Added support for removeing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java

Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java

Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algortims doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)

luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java

TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.

support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

packages/apps/CertInstaller

Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.

src/com/android/certinstaller/CertInstaller.java

Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.

src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.

AndroidManifest.xml

Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.

src/com/android/keychain/KeyChainService.java

packages/apps/Settings

Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.

src/com/android/settings/CredentialStorage.java

Added toast text value for failure case

res/values/strings.xml

system/core

Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.

rootdir/init.rc

Change-Id: I2e4b169cbb35d32d97f5d6a00d988fa389eadcb2
ava/android/security/IKeyChainService.aidl
4a9e1a2494f2e48b157506d7c731187907b7fd4e 23-Apr-2011 Brian Carlstrom <bdc@google.com> Expose Credentials.UNLOCK_ACTION for callers that want to use startActivityForResult

Change-Id: I729b2d8257bda3e7ff7858741ebd5415404880e7
ava/android/security/Credentials.java
b9a07c18e678da35b4c2a618b315fa174a21e818 11-Apr-2011 Brian Carlstrom <bdc@google.com> Adding KeyChain API and IKeyChainService

Change-Id: Id3eaa2d1315481f199777b50e875811e3532988a
ava/android/security/IKeyChainService.aidl
ava/android/security/KeyChain.java
46703b099516c383a6882815bcf9cd4df0ec538d 07-Apr-2011 Brian Carlstrom <bdc@google.com> Tolerate missing AccountManager resource, not just missing resource name

In addition to the primary change in the subject, also some minor cleanup of javadoc, typos, CloseGuard warning, etc found while working on a new AbstractAccountAuthenticator.

Change-Id: I73f3408773a43a0021a15f8d051fd3dbbdf898a5
ava/android/security/KeyStore.java
527f01e76d07b45bdf7ba97ffee0e9b358de658c 20-Jan-2011 Chia-chi Yeh <chiachi@android.com> Update the path of the intent to unlock keystore.

Change-Id: Ia81d0c172f2be6d04cba4db6e6798058f321605d
ava/android/security/Credentials.java
460c26e9875833dc494575b5c43f08c8baa15f34 12-Nov-2010 Elliott Hughes <enh@google.com> Use deliberately public API rather than org.apache cruft.

InputStreamHelper is scheduled for deletion. As a bonus, the new code is more
efficient.

Change-Id: Ied8b87fa24f8506cf748b0d4c99ee7e2ae201483
ava/android/security/SystemKeyStore.java
8bdf5935c0db4a66ab33a10b43398d2523cfa15d 15-Oct-2010 Dianne Hackborn <hackbod@google.com> Work on issue #3101415: Crespo apps seem to have their UID changed over time.

fsync!

Change-Id: Ie6c5397202579935ac69bf61d3e7b3081ecf269c
ava/android/security/SystemKeyStore.java
c5e630a004d144ba1d4cd1d37dd98eb70a7ec1d8 08-Oct-2010 Hung-ying Tyan <tyanh@google.com> Use explicit intent for installing credentials.

http://b/issue?id=3020049

Change-Id: I429c5b2c9f3b876e6197894a9437952d71d5c472
ava/android/security/Credentials.java
8d578836dc4f9fb41532b8b3dd7a6b168d6f4f9d 10-Sep-2010 Rich Cannings <richc@google.com> Remove the use of FileInputStream.available()

Bug: 2976294
Change-Id: I34b13cedbf1d2338163ef74454817c318a3a24f5
ava/android/security/SystemKeyStore.java
34c47c855815d731e6deb55748ff690b0ec7b53f 09-Mar-2010 Nick Kralevich <nnk@google.com> Don't rely on the system locale for converting to/from bytes.

By default, when java converts Strings to bytes, it uses the
default system locale. This can be specified by the -Dfile.encoding
option. If no file encoding is specified, java uses ISO8859_1.

Unfortunately, not all unicode characters can be mapped to
ISO8859_1. Unmappable characters may be replaced by a byte
within ISO8859_1, which may change the meaning of the String.
This is especially problematic for password strings, and has
been used to compromise the security of passwords in the
past.

Thankfully, Android uses UTF-8 by default, so this bug doesn't
effect Android devices. However, it's recommended to explicitly
list the character set when converting to/from bytes to
avoid the potential ambiguity.

Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8
ava/android/security/KeyStore.java
ests/src/android/security/KeyStoreTest.java
1ff8fee7c8e4fcd4ef12c6c5d1055b7eccf5809b 22-Feb-2010 Oscar Montemayor <oam@google.com> Better file permissions enforcement on system keystore.
ava/android/security/SystemKeyStore.java
64ef1ce9368985932f4cc7a06b3af585394c5cc6 10-Feb-2010 Oscar Montemayor <oam@google.com> Fix for bug 2427961 android.security.tests.SystemKeyStoreTest:testBasicAccess is failing.
Fixed issues in test.
ests/src/android/security/SystemKeyStoreTest.java
d12feb97667498378a472c5a7895a9fcd8056ec5 06-Feb-2010 Chia-chi Yeh <chiachi@android.com> KeyStore: minor improvements.

Make constants final.
Only converts ArrayLists to arrays when necessary.
ava/android/security/KeyStore.java
d02546b4151214abb2db1c88bf7debfc70bd2421 15-Jan-2010 Oscar Montemayor <oam@google.com> Apps on SD card.
Added support for retrieving and generating keys as Hex Strings.
Using keys to mount encrypted FS.
ests/src/android/security/SystemKeyStoreTest.java
b62e8132df0d19a39a700324475b3df2de78e0b0 15-Jan-2010 Oscar Montemayor <oam@google.com> Apps on SD card.
Added support for retrieving and generating keys as Hex Strings.
ava/android/security/SystemKeyStore.java
ests/src/android/security/SystemKeyStoreTest.java
8da98e30d8b2ae6e203f769dab0d6ec34cab3011 06-Jan-2010 Oscar Montemayor <oam@google.com> Apps on SD card project.
A simple keystore to store system-only key material, by leveraging file system access permissions.
ava/android/security/SystemKeyStore.java
ests/src/android/security/KeyStoreTestRunner.java
ests/src/android/security/SystemKeyStoreTest.java
f35e9663d7bdae523953185b4ad6b6f9e8e7d6ca 29-Sep-2009 Chung-yih Wang <cywang@google.com> Add unit test for the new keystore.

Since we need to test the keystore with user system in order to test
the reset(), password(), lock() and unlock(), we have to take advantage
of the ActivityUnitTestCase to run the test with the user 'system'.
ests/Android.mk
ests/AndroidManifest.xml
ests/src/android/security/KeyStoreTest.java
ests/src/android/security/KeyStoreTestRunner.java
8c596c6cce542dcd5c73e8b1aaef666757e36ec4 24-Sep-2009 Chia-chi Yeh <chiachi@android.com> KeyStore: remove classes used by old keystore.
ava/android/security/Reply.java
ava/android/security/ServiceCommand.java
f1ece5d0c16fa3e79390e41ad9bec020c77d7720 24-Sep-2009 Chia-chi Yeh <chiachi@android.com> KeyStore: return null when response code indicates an error.
ava/android/security/KeyStore.java
ec05c46ea9d1dc175b09f93df0b9fea5a43b2d5a 24-Sep-2009 Hung-ying Tyan <tyanh@google.com> Remove old keystore and related files.
ava/android/security/CertTool.java
ava/android/security/Keystore.java
ni/Android.mk
ni/cert.c
ni/cert.h
ni/certtool.c
613fcc850686dfe71cec9809c3694be9cf02cdc7 21-Sep-2009 Chia-chi Yeh <chiachi@android.com> KeyStore: rename scan() to saw().
ava/android/security/KeyStore.java
44039172627d1c15737ea73836ad375559d76211 21-Sep-2009 Chia-chi Yeh <chiachi@android.com> KeyStore: add java interface.
ava/android/security/Credentials.java
ava/android/security/KeyStore.java
9b7a3f1a6437605022568cad0b92d5006a2ab391 17-Sep-2009 Chia-chi Yeh <chiachi@android.com> Add a helper class to send out credentials.

Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
ava/android/security/Credentials.java
5b680802b6774491fbcee69e394d097d4bfcf42e 16-Sep-2009 Hung-ying Tyan <tyanh@google.com> Fix a minor bug in is_alnum_string()...

and remove some verbose logging
ava/android/security/ServiceCommand.java
a7df557aa2573a4718c7bbd069268e62bc036753 11-Sep-2009 Hung-ying Tyan <tyanh@google.com> Add tests and misc fixes on keystore.

* Refactor netkeystore.c to make client and server code testable.
* Add a client test for setting new passwd and changing passwd.
* Exclude "." and ".." from reset_keystore().
* Change ServerCommand.executeCommand() to accept variable length of
arguments and add convert() to marshalling the args to bytes.
* Keystore.java is revised accordingly.
ava/android/security/Keystore.java
ava/android/security/ServiceCommand.java
9249cc69b83c7b055ae477c4539bdc451fe7f9b9 08-Sep-2009 Hung-ying Tyan <tyanh@google.com> Add two CertTool helper classes.

Also add the unlock action string to Keystore.
ava/android/security/CertTool.java
ava/android/security/Keystore.java
37062b93dcb7c72919be8d33303606cdab936c11 09-Sep-2009 Chia-chi Yeh <chiachi@android.com> keystore: remove "#include <openssl/engine.h>".
ni/cert.c
801b73f661cbdf92de94b7e552a190fcbbdc3168 07-Sep-2009 Chung-yih Wang <cywang@google.com> Replace the delimiter whitespace with '\0'.

+ Use '\0' as the delimiter.
+ Allow whitespace character for keystore password.

In previous implementation, we use space as the delimiter. That
will stop user from using passphrase with whitespace character.
ava/android/security/Keystore.java
60c821c8eeca28d34fb02cf5e35dadf168e1312e 02-Sep-2009 Chung-yih Wang <cywang@google.com> Print error message if the buffer size is too small.
ni/cert.c
09960230bf3d46ec1e7cbcfd8b07dfe007b9fa96 01-Sep-2009 Chung-yih Wang <cywang@google.com> Store CA certificate chain into one single key entry with PEM format.

Extract all CA certificates in a PKCS12 keystore into a single entry in keystore with multiple PEMs.
ava/android/security/CertTool.java
ni/cert.c
d21a04c06c0d9b1cb401c30bf6da778010872957 27-Aug-2009 Android (Google) Code Review <android-gerrit@google.com> Merge change 21259 into eclair

* changes:
Make certificate-handling-related constants public
969c2eaa3ac2501931b0ce67d831262e6f3d6cf6 18-Aug-2009 Jean-Baptiste Queru <jbq@google.com> am c8ab08aa: Merge change 21124 into donut

Merge commit 'c8ab08aa86aea3b693f731c9e817eeb71ab4c1cd' into eclair

* commit 'c8ab08aa86aea3b693f731c9e817eeb71ab4c1cd':
Add license-related files
20a1156c6fd30f3ec1336894d6ae7e00298ad65b 31-Jul-2009 Hung-ying Tyan <tyanh@google.com> Make certificate-handling-related constants public
ava/android/security/CertTool.java
979b142fa508eef5a24dfc874a945f5662f2566e 13-Aug-2009 Jean-Baptiste Queru <jbq@google.com> Add license-related files

BUG=1573996
ODULE_LICENSE_APACHE2
OTICE
f1ab36f9ab82220de679ff0ca5164995b7d30214 05-Aug-2009 repo sync <cywang@google.com> Fix network order for marshalling in keystore interface.

This will fix the endian issue for heterogeneous architectures in keystore marshalling interface.
ava/android/security/ServiceCommand.java
dc1d5704a725d207b98de1b117847297958d9148 03-Aug-2009 Chung-yih Wang <cywang@google.com> Fix the auto notification cleanup when vpn is disconnected.

+ add the log print if the browser give the incorrect data in addCertificate().
ava/android/security/CertTool.java
e81f51f44b4cfb8316de1d206038414ee6f6e96b 01-Aug-2009 Hung-ying Tyan <tyanh@google.com> Change some log.i to log.d.
ava/android/security/ServiceCommand.java
fd3db87e28e5b9ed186a15944234f6ff520773c6 28-Jul-2009 Chung-yih Wang <cywang@google.com> Support x509-user-cert mime type in browser.

+ Fix the public key matching and intent parameter mismatch.
ava/android/security/CertTool.java
ni/cert.c
191452378639f1135c9591e21911ce250d140769 28-Jul-2009 Chung-yih Wang <cywang@google.com> Forgot to convert the jstring to char* in certificate request.
ni/certtool.c
719eba5bb1fbc72e3b55450f16b38a6be5640055 24-Jul-2009 Chung-yih Wang <cywang@google.com> Change to SPKAC certificate request format for keygen.
ava/android/security/CertTool.java
ni/cert.c
ni/cert.h
24988b34919d65d4e66be69ec0885154c47e85b7 22-Jul-2009 Chung-yih Wang <cywang@google.com> Cleanup the old keystore APIs.
ava/android/security/Keystore.java
22726cf8174fe00a097c89b8da397b10626cdd00 21-Jul-2009 Chung-yih Wang <cywang@google.com> Return error codes for storing the key/cert in addPkcs12Keystore()
ava/android/security/CertTool.java
c9c119e7338cab292385118229f884a88fead3a2 16-Jul-2009 Chung-yih Wang <cywang@google.com> Support addPkcs12Keystore function in CertTool library.

The function will be called from the credential storage for decoding
the pkcs12 file and saving the certs/keys into mini-keystore.
ava/android/security/CertTool.java
ni/cert.c
ni/cert.h
ni/certtool.c
699ca3f2518360ea3250ff5a0e5d39e122c64a91 04-Jul-2009 Chung-yih Wang <cywang@google.com> Add password field for WiFi configuration.

1. the certtool.h is modified for avoiding the side effect,
for saving the configuration with wpa_supplicant.
2. put the loadLibrary back in CertTool.java
3. Fix incorrect JNI declarations.
ava/android/security/CertTool.java
ni/certtool.c
bf20b9963add781a35de658f3228760015a163c9 02-Jul-2009 Chung-yih Wang <cywang@google.com> Migrate to the CertTool library.

Keystore is reimplemented and it is mainly for storing
(key, value) pair generically. The certificate related
APIs are moved to the class CertTool instead.

Updates:
Provide the getInstance() which gives the singleton.
Fix the missing construction of the BIO in cert.c.
ava/android/security/CertTool.java
ni/cert.c
116d890aea63a4191a93412f5cecf5defad25201 03-Jul-2009 Hung-ying Tyan <tyanh@google.com> Fix null data handling in ServiceCommand.writeCommand()
ava/android/security/ServiceCommand.java
fa927c046a916fceb077d1ecf2552d76e73da912 02-Jul-2009 Chung-yih Wang <cywang@google.com> Remove the null-termination for Java string compatibility.

1. Also change the keyname delimiter in CertTool.java.
2. Return NOTFOUND if the result.len==0 in the listKeys().
3. Define the keystore states in the class Keystore.
ava/android/security/CertTool.java
ava/android/security/Keystore.java
eec11827a6c06b029030f43c8d54fd871cc3347d 01-Jul-2009 Chung-yih Wang <cywang@google.com> Add CertTool for handling the keygen and certificate download.

1. Have the new Keystore for mini-keystore impelemntation.
2. Add CertTool library and jni dll for handling keygen and certificates.
3. Make Reply hidden.
4. Revert some 'incorrect' change and correct the description.
ava/android/security/CertTool.java
ava/android/security/Keystore.java
ava/android/security/Reply.java
ava/android/security/ServiceCommand.java
ni/Android.mk
ni/cert.c
ni/cert.h
ni/certtool.c
3af8e9389e008c0076b86cc6b3c6f005e7473d10 20-Jun-2009 Grace Kloba <klobag@google.com> Change addCertificate to take byte[] instead of String as we don't know the encoding.

In WebView, if we run into the certificate, we will save it to the Keystore instead of sending it to the WebKit.
ava/android/security/Keystore.java
6d531bf0513de7778c380d649bc0e554478f78f9 16-Jun-2009 Chung-yih Wang <cywang@google.com> Change the keystore APIs.

1. simplify the keypair selection in UI.
2. add the user certificate and key into the keystore for keygen feature.
ava/android/security/Keystore.java
396c69ca8d938c8705faf602b87729072bf8839c 16-Jun-2009 Hung-ying Tyan <tyanh@google.com> Change the first parameter of Keystore.generateKeyPair() to int.

* changes
change the parameter to the index to the supported key strengths
remove the exception class as it is not useful now
ava/android/security/Keystore.java
ava/android/security/UnsupportedKeyStrengthException.java
1d51e50d5d484c5d9e620b1d6736adc9aa99ae84 16-Jun-2009 Hung-ying Tyan <tyanh@google.com> Add keygen API to Keystore.
ava/android/security/Keystore.java
ava/android/security/UnsupportedKeyStrengthException.java
10e371f18247dc7fb64bfa0f0528501acc17be79 10-Jun-2009 Chung-yih Wang <cywang@google.com> Provide the Keystore feature in the framework.

-- added the keystore library for Java application.
-- changed the marshalling of the keystore function return.
ava/android/security/Keystore.java
ava/android/security/ServiceCommand.java