26408ccd8e852d947e58021792bfc3b315e5948d |
08-Sep-2014 |
Bernhard Bauer <bauerb@google.com> |
Add DevicePolicyManager PrivateKey mgmt Additional device policy API to install keypairs to the keychain silently. Bug: 15065444 Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
KeyChainService.aidl
|
f0ae135049048424bceccb0799b12377181b25f0 |
18-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Extend IKeyChainService AIDL with CACert retrieval Bug:16029580 Change-Id: I41a3bd2f3bd95550e59f1d0d0acd0e765d7b62d7
KeyChainService.aidl
eyChain.java
|
f0246a8a14d69680d1776620e75a485cf963e574 |
13-Aug-2014 |
Robin Lee <rgl@google.com> |
Keep managed profile keystores in sync with owner Fixes setting a keyguard password for keystore in a multi-user setup while we're at it. Bug: 16233206. Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
eyStore.java
|
3291de8f6c8bc7ffa5992a2a5a5c2cf8bb0adf4b |
15-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Revert "Revert "Revert "Revert "Update Trusted Credentials screen in settings""""" This reverts commit c9249c69813c6fb889d71d84583c67ae2942e6de. Change-Id: I5504fddaf7b18efb73cd6c76678b3b39ce9b0229
KeyChainService.aidl
eyChain.java
|
f8d72cc14f70f5af13342c4c7b107a8ab60dfe23 |
15-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Revert "Revert "Revert "Update Trusted Credentials screen in settings"""" This reverts commit 87efe74e092236c372d3b6909009641123aa416a. This should be fine now with all the dependency CLs +2-ed Change-Id: I96ad14ad5ff81e6b5391035cb6c5a62339c6cc40
KeyChainService.aidl
eyChain.java
|
f75aadc028f2e79541a269bf2c74dcb3482e2ec7 |
15-Aug-2014 |
Narayan Kamath <narayan@google.com> |
Revert "Revert "Revert "Update Trusted Credentials screen in settings""" This reverts commit 19c8ce291e89a9ef1442a20e1feab421b11536d7. Change-Id: Ie5a5571127311e0a29f314c0566e779cfe940b53
KeyChainService.aidl
eyChain.java
|
1e7bc0def8c62b91d3eb985a51bec54063ce83f5 |
15-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Revert "Update Trusted Credentials screen in settings"" This reverts commit 0f0de0bdd021bad5f85fdb0399a4ea91a1611e25. Change-Id: Ia3d0907e3d7c2ec42d64e45f60e3dfaffb932c3d
KeyChainService.aidl
eyChain.java
|
678e3ecc937c00969830700dffb42fb1ee232f7c |
07-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Update Trusted Credentials screen in settings" This reverts commit 4fde5aa9fab931d9becfc49f7d7b8526ad5640d9. Change-Id: I581c38d64e9829b0079bafa42615f2aa0bf64763
KeyChainService.aidl
eyChain.java
|
1386627335a79dd02fb34db344e63ca3abfce013 |
15-Jul-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Update Trusted Credentials screen in settings Trusted credentials for both the primary user and its managed profiles are shown on the Trusted Credentials fragment. All functionalities (e.g. disabling/enabling of certificates) remain available. Bug: 16029580 Change-Id: Ia92ae02d8c572bf4a3be172f6c255726cefc0fa1
KeyChainService.aidl
eyChain.java
|
aab72f3b0ab740e12b4a2576a99852081529feb5 |
19-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "Revert "Publish DevicePolicyManager CA certificate APIs"""
|
306fe08ce2b06671336e67a87afaa0851f0105eb |
19-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Revert "Publish DevicePolicyManager CA certificate APIs"" This reverts commit 792b270dbdc980cfe04e8d461bf00a1f45b5e936. Change-Id: I18c7e0eca39868230cd8e4f4bbeb3c44ff9e8b78
eyChain.java
|
2b5e917026fe4e6dec8712ee24bdffee8d62ab33 |
18-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Publish DevicePolicyManager CA certificate APIs" This reverts commit 5260bf69946563dc47c17e7441b352adfce384c5. Change-Id: I5e44fdac8a7375576b25171f58e31a1fa0e3c569
eyChain.java
|
6d3912e2ef75a7794ac44839eef2569086cae104 |
18-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Revert "Publish DevicePolicyManager CA certificate APIs""
|
b12f1778d612a53e6b40e6d5873be1ccff2e52a5 |
17-Jun-2014 |
Robin Lee <rgl@google.com> |
Merge "Publish DevicePolicyManager CA certificate APIs"
|
837304f6f6ae37dc475fa6e0e620f1c2321f2e11 |
11-Jun-2014 |
Robin Lee <rgl@google.com> |
Publish DevicePolicyManager CA certificate APIs Exposes these methods: - hasCaCertInstalled - hasAnyCaCertsInstalled - installCaCert - uninstallCaCert Allows device and profile owners to perform some certificate management including querying for and enabling/disabling specific CA certificates. Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
eyChain.java
|
e37da759c521b156f0f2f8fecaa3cb52969674e2 |
11-Jun-2014 |
Robert Ly <robertly@google.com> |
am b1cb5aab: am 748856f2: am a7ddd029: am 80e84e2d: am f3cecfa2: am 55d525b2: am 716cc7dc: Add documentation for AndroidKeyStore * commit 'b1cb5aabeb68815715eed423f1f9a7edb9a3e938': Add documentation for AndroidKeyStore
|
80e84e2db92ba190c6c517dd4c71cd12c0adb249 |
10-Jun-2014 |
Robert Ly <robertly@google.com> |
am f3cecfa2: am 55d525b2: am 716cc7dc: Add documentation for AndroidKeyStore * commit 'f3cecfa2185ef5622992b21da8204b8b6590ef2d': Add documentation for AndroidKeyStore
|
f3cecfa2185ef5622992b21da8204b8b6590ef2d |
10-Jun-2014 |
Robert Ly <robertly@google.com> |
am 55d525b2: am 716cc7dc: Add documentation for AndroidKeyStore * commit '55d525b26b716351625798675afe69c6cf43cf5a': Add documentation for AndroidKeyStore
|
716cc7dcac1bb9279326ab92a78a246b3a70de4e |
08-May-2014 |
Robert Ly <robertly@google.com> |
Add documentation for AndroidKeyStore Add exposition about the use cases for AndroidKeyStore and links to the API sample application for different use cases. Bug: 8608817 Change-Id: Ic4ce9405781c92f12687895b28c671661ea5524f
eyPairGeneratorSpec.java
eyStoreParameter.java
|
a365906e670c89674fb3383b5bcb33e682910c29 |
18-Mar-2014 |
Kenny Root <kroot@google.com> |
Use the correct package name for CHOOSER Bug: 13013106 Change-Id: I1f715de18e7108274f5a98234376d48c2d329438
eyChain.java
|
1a88d834e8f7d21e714121c011fec82369a2e9f1 |
07-Feb-2014 |
Kenny Root <kroot@google.com> |
KeyChain: add explicit package for getPrivateKey Bug: 9964538 Change-Id: If67c1938e9506d4fa81b241bcbce2193d1b194ef
eyChain.java
|
6090995951c6e2e4dcf38102f01793f8a94166e1 |
19-Nov-2013 |
John Spurlock <jspurlock@google.com> |
Remove unused imports from frameworks/base. Change-Id: Ia1f99bd2c1105b0b0f70aa614f1f4a67b2840906
ndroidKeyPairGenerator.java
redentials.java
eyChainAliasCallback.java
eyStoreParameter.java
ystemKeyStore.java
|
b91773bce1126d28a93f73fbef18f3a79245f24e |
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. Bug: 10600582 Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb
eyChain.java
eyStore.java
|
c222ddd07ff9c65c682fd82f8534a9d7dea796cd |
03-Sep-2013 |
Kenny Root <kroot@google.com> |
Unhide functions to allow ECDSA support Bug: 10600582 Change-Id: Ic710807d7e771737521e0abd83af2f666ec1199c
eyPairGeneratorSpec.java
|
a39859889b7de0ad3190386cc732fa4bdcbe5504 |
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types (cherry picked from commit f64386fc26efeb245fd90fabaa47b8c8bf9b4613) Bug: 10600582 Change-Id: I88dfcc8ca602f55fad54bd8bf043aee460c0de24
ndroidKeyPairGenerator.java
eyPairGeneratorSpec.java
eyStore.java
|
da51e68e582ffa017543982297c831680d201a91 |
09-Aug-2013 |
Maggie Benthall <mbenthall@google.com> |
Add methods for managing CAs to DevicePolicyManager(Service) Guard install/uninstall by enforcing that the caller have the new system-only permission MANAGE_CA_CERTIFICATES. Also include API methods for asking whether there are any User CA certs installed, or if one by a particular name is installed in the keystore. CA certs will be installed via KeyChain into the TrustedCertificateStore. Bug: 8232670 Change-Id: I17b47a452e72eb4fe556dc6db823a46c6e854be8
eyChain.java
|
a920f25fe55fc9afc7640902a200f19ce278588b |
29-Jun-2013 |
Elliott Hughes <enh@google.com> |
resolved conflicts for merge of fca0f92e to stage-aosp-master Change-Id: I4791f0ffa324a313b8390fbde6d8f82f716ecf74
|
d396a448b2e36e29598c954b64bfddef73f3fae0 |
29-Jun-2013 |
Elliott Hughes <enh@google.com> |
Switch frameworks/base over from @hidden Charsets to public StandardCharsets. Bug: 3484927 Change-Id: I5d136d2ee629588538602766a182ae14ce5fc63c
redentials.java
|
5f851a89b6a90db206d0e2fa63a60229e2bfcda6 |
07-May-2013 |
Kenny Root <kroot@google.com> |
am cd1de394: Merge "Track change in NativeCrypto" * commit 'cd1de3940d9c389b6e69a7040c67d3abb8458ad2': Track change in NativeCrypto
|
4b30e3391bda250975b43af43bad58c98fa73f84 |
07-May-2013 |
Kenny Root <kroot@google.com> |
Track change in NativeCrypto Change-Id: Ic04d4ac5218795fc226f1751b6ae4db1ae73a930
eyChain.java
|
e9ae6822a80cb1f3bd13c785f1727c03d35da52e |
30-Apr-2013 |
Kenny Root <kroot@google.com> |
resolved conflicts for merge of 1f6e789b to jb-mr2-dev-plus-aosp Change-Id: I06c05d637613215b6d83df3e29cd495f6a5a0176
|
12e752225aa96888358294be0d725d499a1c9f03 |
24-Apr-2013 |
Kenny Root <kroot@google.com> |
Track change to JSSE provider Change-Id: I35e824e47ad758ab6408e91e2ba5dcda053a82f5
ndroidKeyPairGenerator.java
ndroidKeyStore.java
eyChain.java
|
1c219f619291ba818bc2542390a2988539d94ed0 |
19-Apr-2013 |
Kenny Root <kroot@google.com> |
Rename API AndroidKey* -> Key* Bug: 8657552 Change-Id: Id9102b7c2c2f6d27fba7645f0629750cfe1eb510
ndroidKeyPairGenerator.java
ndroidKeyPairGeneratorSpec.java
ndroidKeyStore.java
ndroidKeyStoreParameter.java
ndroidKeyStoreProvider.java
eyPairGeneratorSpec.java
eyStoreParameter.java
|
bf2147669e295384df17b50afc53a4d450b05bdd |
10-Apr-2013 |
Kenny Root <kroot@google.com> |
AndroidKeyStore: Add encrypted flag Add the encrypted flag for the KeyPairGenerator and the KeyStore so that applications can choose to allow entries when there is no lockscreen. (partial cherry pick from commit 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3) Bug: 8122243 Change-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e
ndroidKeyPairGenerator.java
ndroidKeyPairGeneratorSpec.java
ndroidKeyStore.java
ndroidKeyStoreParameter.java
ndroidKeyStoreProvider.java
eyStore.java
|
4622351159b51bf072fe12833b574cf38f9400c8 |
10-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. (cherry picked from commit a3788b00bb221e20abdd42f747d2af419e0a088c) Bug: 8122243 Change-Id: Ifc1c64743651b23a4eace208ade0176af47ea989
eyStore.java
|
e7cf8c230208beef0c3a5f83a1e1d2c36ac5ca12 |
13-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: remove old APIs Remove the APIs that don't specify the flags so callers know what they're getting. Bug: 8122243 Change-Id: Ifaef6fb1d16010237c01f9d11f2053bb6b3980c0
eyStore.java
|
2eeda7286f3c7cb79f7eb71ae6464cad213d12a3 |
10-Apr-2013 |
Kenny Root <kroot@google.com> |
AndroidKeyStore: Add encrypted flag Add the encrypted flag for the KeyPairGenerator and the KeyStore so that applications can choose to allow entries when there is no lockscreen. Bug: 8122243 Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
ndroidKeyPairGenerator.java
ndroidKeyPairGeneratorSpec.java
ndroidKeyStore.java
ndroidKeyStoreParameter.java
ndroidKeyStoreProvider.java
eyStore.java
|
a3788b00bb221e20abdd42f747d2af419e0a088c |
10-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. Bug: 8122243 Change-Id: If9af0d992d68edec006e630c687df3d03a7c9608
eyStore.java
|
8b51475c97f8f2742047976283afbe1f9ef9fcbf |
04-Feb-2013 |
Kenny Root <kroot@google.com> |
Revert "Remove AndroidKeyStore from API" This reverts commit ce24985ad636c38b6ee01ec9cdecfb038bfeaeb6. Change-Id: I02d6492c8db869619694c7209bb37522a7ec5a29
ndroidKeyPairGeneratorSpec.java
|
d72317abd79ddf95d48c8f35bf1070900ff55b5e |
02-Apr-2013 |
Kenny Root <kroot@google.com> |
Remove keystore entries when package removed Add a hook into PackageManagerService so that when app IDs are completely removed, we erase all entries from keystore for those UIDs that have gone away. (cherry picked from commit 95e3ee3971915b323e5c13dcfe3b12a4180850cd) Bug: 3020069 Change-Id: I374258ccc103f8cb3e238f2bf0d1afda0659db94
eyStore.java
|
95e3ee3971915b323e5c13dcfe3b12a4180850cd |
02-Apr-2013 |
Kenny Root <kroot@google.com> |
Remove keystore entries when package removed Add a hook into PackageManagerService so that when app IDs are completely removed, we erase all entries from keystore for those UIDs that have gone away. Bug: 3020069 Change-Id: Id4b1d51a5fa4c418865055635a84bebcf5b65ec8
eyStore.java
|
5b7e90ac937857c10a3d49b244ec75ca539b9a22 |
02-Apr-2013 |
Kenny Root <kroot@google.com> |
Add API to query KeyChain algorithm support, pt. 2 Late-breaking comments on API name. Revised. Bug: 7095660 Change-Id: I7224d9c8a4f84a272360ede78a18bfb72d8aeb77
eyChain.java
|
bf556ac636a39c1d0fe5451a921b88400dd1c695 |
02-Apr-2013 |
Kenny Root <kroot@google.com> |
Add API to query KeyChain algorithm support Bug: 7095660 Change-Id: Ia87caaa33bc01b032130811833f0a3c4f75b62d4
eyChain.java
|
5cb5cec6a4a4d5432d4ce6468c12de9508db1633 |
29-Mar-2013 |
Kenny Root <kroot@google.com> |
KeyStore: add API to query storage type Add an API to keystore daemon to query what kind of storage is currently in use. (cherry picked from commit a738e2a1aee26e0be3944c11820724aeca313f83) Change-Id: I52c84449a27b1cefc49372a6406b7132c2bbddee
eyStore.java
|
a738e2a1aee26e0be3944c11820724aeca313f83 |
29-Mar-2013 |
Kenny Root <kroot@google.com> |
KeyStore: add API to query storage type Add an API to keystore daemon to query what kind of storage is currently in use. Change-Id: I5a83ae92250ca63b691dcf1beb8b3e1703797745
eyStore.java
|
acb0b5b220b2cb15f5a800a356bb25f47252a6ea |
28-Mar-2013 |
Kenny Root <kroot@google.com> |
AndroidKeyStore: add Builder for param spec Change-Id: I13403197e1ac7ac607efa10979eb73bde0135a2a
ndroidKeyPairGeneratorSpec.java
|
3e7be43e2555bbdfe311dcbd9a36f7f05321a2d8 |
28-Mar-2013 |
Kenny Root <kroot@google.com> |
Add ability to install credentials as other UID We need the ability to install from the system UID to wifi UID to explicitly bind WiFi credentials to the WiFi profile. This adds the ability for Wifi Settings to invoke installation of a PKCS12 file for the wifi UID. Bug: 8183258 Change-Id: I652b7e6fa93deda6d6d310be33f224e5a356c787
redentials.java
|
5f1d965f7d7e1df50981ffed8faa11fbcc17ca22 |
21-Mar-2013 |
Kenny Root <kroot@google.com> |
KeyStore: change migrate to duplicate After discussion, it was determined that duplicate would be less disruptive and it still fit in the current HAL model. Change-Id: I2f9cae48d38ec7146511e876450fa39fc92cda55
eyStore.java
|
bd79419ef84ae31f3765721b50aa413fa462d1d1 |
20-Mar-2013 |
Kenny Root <kroot@google.com> |
KeyStore: add "migrate" command To support the WiFi service, we need to support migration from the system UID to the wifi UID. This adds a command to achieve the migration. Bug: 8122243 Change-Id: I65f7a91504c1d2a2aac22b9c3051adffd28d66c1
eyStore.java
|
78ad849163a7b01073b46fbd7d818392720005d1 |
14-Feb-2013 |
Kenny Root <kroot@google.com> |
KeyStore: add API to uid versions In previous commits, we added the ability to specify which UID we want to target on certain operations. This commit adds the ability to reach those binder calls from the KeyStore class. Also fix a problem where saw() was not reading all the values returned via the Binder call. This changes the semantics to return a null instead of failing silently when it's not possible to search. Change-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4
ndroidKeyStore.java
eyStore.java
|
b9594ce9ebb3f5f303a280f04312ae5754ce3560 |
14-Feb-2013 |
Kenny Root <kroot@google.com> |
KeyStore: stop using state() Change-Id: I721974fd95f8d1ab06a3fd1bbb4c9b4d9d1d7752
eyStore.java
|
b0f4b8a7d2662e8cc63dae1001175bf72bca1539 |
14-Feb-2013 |
Kenny Root <kroot@google.com> |
Merge "Track keystore binder changes"
|
0150e48200a967aead3c2ac6f1283ae2df54c305 |
14-Feb-2013 |
Kenny Root <kroot@google.com> |
KeyChain: return null instead of throw The API documentation says it will return null if the key isn't found. We get null back from the keystore daemon when it can't retrieve the data, so just return null back to the API caller. Change-Id: I42248bd50cbc5f76864bd762aae3faab1c50529d
eyChain.java
|
e151f281d527f4bea5cbdf4219d5e0507a6668b0 |
14-Feb-2013 |
Kenny Root <kroot@google.com> |
Track keystore binder changes Change-Id: Id6133be059a8a0901d16355a9152e40e4a255454
eyStore.java
|
887c523646012f4f0b63f5ffd0a1e9ebc3c2bdf1 |
05-Feb-2013 |
Kenny Root <kroot@google.com> |
am 74637db2: Merge "AndroidKeyStore: return error code on error" # Via Gerrit Code Review (1) and Kenny Root (1) * commit '74637db21eb0b3c0167378e2b5c866fdc02e51f2': AndroidKeyStore: return error code on error
|
e66769ad5194cb4533d1087416a2e804ac384285 |
05-Feb-2013 |
Kenny Root <kroot@google.com> |
AndroidKeyStore: return error code on error Instead of blindly multiplying return value by 1000 to convert to milliseconds, check to see if it's an error condition first. Change-Id: I8eab1e7a86d78c13458fcbbc79d590e452fc9791
eyStore.java
|
516fab2404f550aca03b3774bd5b279d4e69dd9f |
05-Feb-2013 |
Kenny Root <kroot@google.com> |
am 133c5f5e: Merge "AndroidKeyStore: fix tests" # Via Gerrit Code Review (1) and Kenny Root (1) * commit '133c5f5e91e72cff1a9a3a4903a0efc96b39165b': AndroidKeyStore: fix tests
|
8b58c52bf4cc276165b1857eb4087eabde7b6477 |
04-Feb-2013 |
Kenny Root <kroot@google.com> |
AndroidKeyStore: fix tests Change-Id: I65fd8ba27af57ea8fd27c8e08c9c1201f32c494d
eyStore.java
|
a647281109584d96ba2265c0faa14432deeb9815 |
26-Jan-2013 |
Kenny Root <kroot@google.com> |
am 2e99d3c9: am ebb61ca2: Merge "Track libcore changes for OpenSSLKey" # Via Android Git Automerger (1) and others * commit '2e99d3c9646861ca92faf6708c18e36c7530fd93': Track libcore changes for OpenSSLKey
|
cc1fc6b6adc1edc2acaa42205b4ec5ca00bfd353 |
22-Jan-2013 |
Kenny Root <kroot@google.com> |
Track libcore changes for OpenSSLKey Change-Id: I39f60c34daa9ccc633efb02988ea238a84e6bbf1
ndroidKeyStore.java
|
c41db6c9ba298c8fac5068ad2843b4aa58ecf1c5 |
04-Jan-2013 |
Scott Main <smain@google.com> |
am 834b0f3c: am 19b17b41: am 38a642e9: am 3e2479dd: Merge "docs: fix broken links and add new sitemap text file" into jb-mr1-dev * commit '834b0f3cd90679655ac1549cb427fc9475ac4a4b': docs: fix broken links and add new sitemap text file
|
188315cf8b44fb59da2d37c1d54bbc70ee3acb4e |
04-Jan-2013 |
Scott Main <smain@google.com> |
docs: fix broken links and add new sitemap text file Change-Id: If0f7967a65a6e3a444a565a2e8229a04a5265f56
ackage.html
|
6b77645aa9ac51ce33ea67adba226aaf1a6e8846 |
02-Nov-2012 |
Kenny Root <kroot@google.com> |
Switch keystore to binder Change-Id: I9fa1fc05068bee1eed3f618fb32f70cf3d4c05d4
eyStore.java
|
ce24985ad636c38b6ee01ec9cdecfb038bfeaeb6 |
15-Sep-2012 |
Kenny Root <kroot@google.com> |
Remove AndroidKeyStore from API Change-Id: Ibe09d78e5a5b86604f01144f344525bff94c2dde
ndroidKeyPairGeneratorSpec.java
|
0efca17105d112a0ff568602831b22bdafa00433 |
05-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Tracking upgrade to bouncycastle 1.47 Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
redentials.java
|
a4640c082c8ccf66ebfb50ace5747409ab6aee55 |
31-Aug-2012 |
Kenny Root <kroot@google.com> |
Add some NullPointerExceptions to AndroidKeyStore Existing KeyStore implementations throw NullPointerExceptions beacuse the KeyStoreSpi doesn't check these arguments for null. Add in checks so we don't accidentally check some bogus values. Also switch a RuntimeException to a KeyStoreException Change-Id: I18f4d4474d607cb2057ea8069b901e0992275e78
ndroidKeyStore.java
|
69ddab4575ff684c533c995e07ca15fe18543fc0 |
25-Aug-2012 |
Jeff Sharkey <jsharkey@android.com> |
Always-on VPN. Adds support for always-on VPN profiles, also called "lockdown." When enabled, LockdownVpnTracker manages the netd firewall to prevent unencrypted traffic from leaving the device. It creates narrow rules to only allow traffic to the selected VPN server. When an egress network becomes available, LockdownVpnTracker will try bringing up the VPN connection, and will reconnect if disconnected. ConnectivityService augments any NetworkInfo based on the lockdown VPN status to help apps wait until the VPN is connected. This feature requires that VPN profiles use an IP address for both VPN server and DNS. It also blocks non-default APN access when enabled. Waits for USER_PRESENT after boot to check KeyStore status. Bug: 5756357 Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
redentials.java
|
802768dd86c4e8a933dbfbac2e9f1a1daa5f93fa |
22-Aug-2012 |
Kenny Root <kroot@google.com> |
Add ability to replace chain for PrivateKeyEntry For the AndroidKeyStore API, allow entries to have their certificate chain replaced without destroying the underlying PrivateKey. Since entries are backed by unexportable private keys, requiring them to be supplied again doesn't make sense and is impossible. Change-Id: I629ce2a625315c8d8020a082892650ac5eba22ae
ndroidKeyStore.java
redentials.java
|
db026710ec0adcf7f72dfb24c65d38a882ee26d8 |
20-Aug-2012 |
Kenny Root <kroot@google.com> |
Add KeyPairGenerator for Android keystore This allows end-users to generate keys in the keystore without the private part of the key ever needing to leave the device. The generation process also generates a self-signed certificate. Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
ndroidKeyPairGenerator.java
ndroidKeyPairGeneratorSpec.java
ndroidKeyStore.java
ndroidKeyStoreProvider.java
redentials.java
ackage.html
|
e29df16cb57b69995df597e8a6d95d986c1c43fc |
10-Aug-2012 |
Kenny Root <kroot@google.com> |
Add AndroidKeyStore provider for KeyStore API This introduces a public API for the Android keystore that is accessible via java.security.KeyStore API. This allows programs to store PrivateKeyEntry and TrustedCertificateEntry items visible only to themselves. Future work should include: * Implement KeyStore.CallbackHandlerProtection parameter to allow the caller to request that the keystore daemon unlock itself via the system password input dialog. * Implement SecretKeyEntry once that support is in keystore daemon Change-Id: I382ffdf742d3f9f7647c5f5a429244a340b6bb0a
ndroidKeyStore.java
ndroidKeyStoreProvider.java
|
473c712b19bad992ab4eafcd43175fdce77b913d |
18-Aug-2012 |
Kenny Root <kroot@google.com> |
Add getmtime to Android KeyStore API java.security.KeyStore requires that you be able to get the creation date for any given entry. We'll approximate that through using the mtime of the file in the keystore. Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f
eyStore.java
|
54e03afcfe34e9875efa56650c1af3ebc8f58a89 |
07-Aug-2012 |
Kenny Root <kroot@google.com> |
Use TrustedCertificateStore for chain building Move chain building to TrustedCertificateStore since it has more information about the certificates. Change-Id: I3030e94eb1abb8a2047a4151bdaad9922706dd0f
eyChain.java
|
5b1f037829bff93877a6257db69f4e7723a27e20 |
31-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Change KeyStore to use Modified UTF-8 to match NativeCrypto Bug: http://code.google.com/p/android/issues/detail?id=35141 Bug: 6869713 Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
eyStore.java
|
5423e68d5dbe048ec6f042cce52a33f94184e9fb |
14-Nov-2011 |
Kenny Root <kroot@google.com> |
Add signing to keystore Change the keystore to keep the private keys in keystore. When returned, it uses the OpenSSL representation of the key to allow users to use it in various operations through the OpenSSL ENGINE that connects to keystore. Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
redentials.java
KeyChainService.aidl
eyChain.java
eyStore.java
|
1cedb47e18a3acb322914e1963285882dc77d9ba |
15-Mar-2012 |
Selim Gurun <sgurun@google.com> |
Merge "Make the credential storage change action public."
|
fcdccac49067e4cc60567ee93ccf1b62e74477fb |
02-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Remove obsolete KeyChain references to USE_CREDENTIALS (2 of 2) Change-Id: Ic8a22ce3a9010b8378af044e611bf787e15f6227
eyChain.java
|
e57319ff880c43b44aaab4905dc8997d97827520 |
17-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Make the credential storage change action public. Bug: 6009802 When the credential storage changes, (adding/removing certs, resetting the storage, enabling/disabling trusted CAs, etc), the applications that use the storage has to be made aware of the fact that the storage changed, so they can clear any cached state, close connections or take any other actions. Internally, this applies to webview. However, applications, potentially including 3rd party browsers, also need this information. Change-Id: I765b97a3f38f45247ee3f6e127b490388d373847
eyChain.java
|
93ba4fedebb78ba47c24e8472c8960ea8fdc933a |
14-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Act on credential storage updates. Bug: 6009802 Cherry pick fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1 Listen to credential storage updates and clean state when necessary. Change-Id: I2c63e6771e9373da8b39781fdcf3d21583c4e3b2
eyChain.java
|
43e41580e4c700e970cc5e62180a767ab424da6d |
16-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Revert "Act on credential storage updates." This reverts commit fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
eyChain.java
|
fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1 |
14-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Act on credential storage updates. Bug: 6009802 Listen to credential storage updates and clean state when necessary. Change-Id: I48f2e7d6e036882c2b4a29fbd357ca018fd4e4c7
eyChain.java
|
ab8b84ad3847788d83da557606aa27d4102e6b52 |
13-Jul-2011 |
Fred Quintana <fredq@google.com> |
Make the KeyChain handled its own grants rather than having AccountManagerService handle them. Change-Id: I89d272b22766f85019c1f947153d69e6dbb74c68
KeyChainService.aidl
eyChain.java
|
74e6bd7b7783fb506d7525e9ba40aac980745eaf |
06-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Merge "New KeyChain API for credential installation"
|
db93b78385d694402760ad63de0795f3902030d9 |
01-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Build cert chain in KeyChain.getCertificateChain Bug: 4970298 Change-Id: Id91391233528edc2a4da5ebe92ec85d381f170de
eyChain.java
|
ca43c458ad0ee8cfa7f5eabc8ba1a65ae473976b |
30-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
New KeyChain API for credential installation Bug: 3497064 Change-Id: Ie5c20e87a436b7ab66258d08b719ab8bb1f1d86d
eyChain.java
|
a00a2b33ccc6bc079c3ee57a938f62947b48a001 |
29-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
KeyChain API for credential installation Bug: 3497064 Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
redentials.java
eyChain.java
|
6da00334478df64921b68fcbb45c9d1eef6f35bd |
27-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Moving ssl_certificate layout, resources, and helper code to SslCertificate Add IKeyChainService.deleteCaCertificate Change-Id: If42341bc732efcfe4f958c00cdd6c0fec11a3c75
KeyChainService.aidl
|
67c30dfe8e4bff11a4660ac23e8679b5deb59457 |
24-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5) frameworks/base Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply preferred choice to be selected in chooser. This allows Email settings to highlight the current choice when allowing user to change settings. keystore/java/android/security/KeyChain.java api/current.txt Implemented KeyChain functionality to pass host and port information to KeyChainActivity for display. keystore/java/android/security/KeyChain.java KeyChain now sends a PendingIntent as part of the Intent it sends to the KeyChainActivity which can be used to identify the caller in reliable way. keystore/java/android/security/KeyChain.java Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse. Added Credentials.install variant with no value for use from KeyChainActivity keystore/java/android/security/Credentials.java packages/apps/CertInstaller Source of extension constants now in Credentials src/com/android/certinstaller/CertFile.java packages/apps/Browser Have browser supply host and port information to KeyChain.choosePrivateKeyAlias Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/browser/Tab.java packages/apps/Email Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/email/view/CertificateSelector.java packages/apps/KeyChain KeyChain now depends on bouncycastle X509Name for formatting X500Principals, since the 4 X500Principal formatting options could not format emailAddress attributes in a human readable way and its the most important attribute to display for client certificates in most cases. Android.mk Changing the UI to a dialog, make the activity style transparent. AndroidManifest.xml res/values/styles.xml Layout for chooser dialog res/layout/cert_chooser.xml Layout for list items in chooser res/layout/cert_item.xml New resources for dialog including comments for translators. res/values/strings.xml New dialog based KeyChainActivity. Now also shows requesting app and requesting server. Now can preselect a specified alias. New link directly to CertInstaller. src/com/android/keychain/KeyChainActivity.java Fix KeyChainTestActivity to work with TestKeyStore changes that were causing network activity on the UI to look up the name of localhost. Also track KeyChain.choosePrivateKeyAlias API change. tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
redentials.java
eyChain.java
|
42f6528b988e3ae320cda63a2bd63d30d9e56183 |
10-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
New KeyChain API for application access to keystore credentials The KeyChain API is Currently in use by Browser and validated by Email for client certificate authentication. Change-Id: Ifeab416be594457a05747406e31656e71795cb53
eyChain.java
eyChainAliasCallback.java
eyChainException.java
|
93201f545b67da15cb69830a5988810aef52c0b2 |
10-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
KeyChain API refinements Change-Id: I177ab4642e6cd1aa13526c14f0a707175fd79655
KeyChainAliasCallback.aidl
KeyChainAliasResponse.aidl
eyChain.java
eyChainAliasCallback.java
eyChainAliasResponse.java
eyChainException.java
|
9d7faa91be6661eccf73494f1ab96ae9a28d42d7 |
07-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Change KeyChain to assume PEM encoded keystore entries Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
redentials.java
eyChain.java
|
7e4b1a488dd02c4bf6156379e36834e9e01c5b1b |
02-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Restore ResponseCodes for use with getLastError Change-Id: I41b5bc9cbb6c05672c92d5864e889fd2b0186141
eyStore.java
|
5cfee3fabb3482c6a6df1c8b6f21e843cf214527 |
31-May-2011 |
Brian Carlstrom <bdc@google.com> |
Integrating keystore with keyguard (Part 1 of 4) Summary: frameworks/base keystore rewrite keyguard integration with keystore on keyguard entry or keyguard change KeyStore API simplification packages/apps/Settings Removed com.android.credentials.SET_PASSWORD intent support Added keyguard requirement for keystore use packages/apps/CertInstaller Tracking KeyStore API changes Fix for NPE in CertInstaller when certificate lacks basic constraints packages/apps/KeyChain Tracking KeyStore API changes Details: frameworks/base Move keystore from C to C++ while rewriting password implementation. Removed global variables. Added many comments. cmds/keystore/Android.mk cmds/keystore/keystore.h cmds/keystore/keystore.c => cmds/keystore/keystore.cpp cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp Changed saveLockPattern and saveLockPassword to notify the keystore on changes so that the keystore master key can be reencrypted when the keyguard changes. core/java/com/android/internal/widget/LockPatternUtils.java Changed unlock screens to pass values for keystore unlock or initialization policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java KeyStore API changes - renamed test() to state(), which now return a State enum - made APIs with byte[] key arguments private - added new KeyStore.isEmpty used to determine if a keyguard is required keystore/java/android/security/KeyStore.java In addition to tracking KeyStore API changes, added new testIsEmpty and improved some existing tests to validate expect values. keystore/tests/src/android/security/KeyStoreTest.java packages/apps/Settings Removing com.android.credentials.SET_PASSWORD intent with the removal of the ability to set an explicit keystore password now that the keyguard value is used. Changed to ensure keyguard is enabled for keystore install or unlock. Cleaned up interwoven dialog handing into discrete dialog helper classes. AndroidManifest.xml src/com/android/settings/CredentialStorage.java Remove layout for entering new password res/layout/credentials_dialog.xml Remove enable credentials checkbox res/xml/security_settings_misc.xml src/com/android/settings/SecuritySettings.java Added ability to specify minimum quality key to ChooseLockGeneric Activity. Used by CredentialStorage, but could also be used by CryptKeeperSettings. Changed ChooseLockGeneric to understand minimum quality for keystore in addition to DPM and device encryption. src/com/android/settings/ChooseLockGeneric.java Changed to use getActivePasswordQuality from getKeyguardStoredPasswordQuality based on experience in CredentialStorage. Removed bogus class javadoc. src/com/android/settings/CryptKeeperSettings.java Tracking KeyStore API changes src/com/android/settings/vpn/VpnSettings.java src/com/android/settings/wifi/WifiSettings.java Removing now unused string resources res/values-af/strings.xml res/values-am/strings.xml res/values-ar/strings.xml res/values-bg/strings.xml res/values-ca/strings.xml res/values-cs/strings.xml res/values-da/strings.xml res/values-de/strings.xml res/values-el/strings.xml res/values-en-rGB/strings.xml res/values-es-rUS/strings.xml res/values-es/strings.xml res/values-fa/strings.xml res/values-fi/strings.xml res/values-fr/strings.xml res/values-hr/strings.xml res/values-hu/strings.xml res/values-in/strings.xml res/values-it/strings.xml res/values-iw/strings.xml res/values-ja/strings.xml res/values-ko/strings.xml res/values-lt/strings.xml res/values-lv/strings.xml res/values-ms/strings.xml res/values-nb/strings.xml res/values-nl/strings.xml res/values-pl/strings.xml res/values-pt-rPT/strings.xml res/values-pt/strings.xml res/values-rm/strings.xml res/values-ro/strings.xml res/values-ru/strings.xml res/values-sk/strings.xml res/values-sl/strings.xml res/values-sr/strings.xml res/values-sv/strings.xml res/values-sw/strings.xml res/values-th/strings.xml res/values-tl/strings.xml res/values-tr/strings.xml res/values-uk/strings.xml res/values-vi/strings.xml res/values-zh-rCN/strings.xml res/values-zh-rTW/strings.xml res/values-zu/strings.xml res/values/strings.xml packages/apps/CertInstaller Tracking KeyStore API changes src/com/android/certinstaller/CertInstaller.java Fix for NPE in CertInstaller when certificate lacks basic constraints src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Tracking KeyStore API changes src/com/android/keychain/KeyChainActivity.java src/com/android/keychain/KeyChainService.java support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java tests/src/com/android/keychain/tests/KeyChainServiceTest.java Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
eyStore.java
|
ba1a667b1d6c95050f6c88316ac58fe9e0ff878b |
25-May-2011 |
Brian Carlstrom <bdc@google.com> |
Remove need for onActivityResult from KeyChain API Change-Id: I97bb9db06978f6dc039d22bfee116671d7b3e336
KeyChainAliasResponse.aidl
KeyChainService.aidl
eyChain.java
eyChainAliasResponse.java
eyChainResult.java
|
d752472d9abf03fda637d43716bc6bd632e1f5c3 |
18-May-2011 |
Brian Carlstrom <bdc@google.com> |
Move to KeyChain.bind Change-Id: Ic3c6e0e9be9bcfdc882cf97cec38cca70b23d0a1
eyChain.java
|
8e9929c4d0730de4c9f01435a7cfe2db8855e24d |
17-May-2011 |
Brian Carlstrom <bdc@google.com> |
Simplify KeyChain API by removing now unneeded CA certificate lookup (1 of 3) frameworks/base Remove getCaCertificates and findIssuer from IKeyChainService, these are now done via libcore's TrustedCertificateStore (as part of the default TrustManager implementation) keystore/java/android/security/IKeyChainService.aidl Simplify KeyChain API. Now that the CA certificates are visible through the default TrustManager, the KeyChain is solely focused on retrieving PrivateKeys and their associated certificates. The calling API for KeyChain to simply a single KeyChain.get() call that returns a KeyChainResult, removing the need for a KeyChain instance that needs to be closed. keystore/java/android/security/KeyChain.java keystore/java/android/security/KeyChainResult.java master/libcore Remove getDefaultIndexedPKIXParameters and getIndexedPKIXParameters which was used as part of the prototype of looking up CAs via the KeyChain but is obsoleted by the new default TrustManager implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java packages/apps/KeyChain Tracking simplified IKeyChainService, removing now unneeded implementation, updating tests. src/com/android/keychain/KeyChainService.java tests/src/com/android/keychain/tests/KeyChainServiceTest.java tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I847b28c2f467c85f24d2b693a2fecc1cb46426b4
KeyChainService.aidl
eyChain.java
eyChainResult.java
|
2627d53f65be672e9a27f735975de1bf3aebfec1 |
13-May-2011 |
Brian Carlstrom <bdc@google.com> |
Make CertInstaller installed CA certs trusted by applications via default TrustManager (1 of 6) frameworks/base Adding IKeyChainService APIs for CertInstaller and Settings use keystore/java/android/security/IKeyChainService.aidl libcore Improve exceptions to include more information luni/src/main/java/javax/security/auth/x500/X500Principal.java Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods. Added support for adding user CAs in a separate directroy for system. Added support for removeing system CAs by placing a copy in a sytem directory luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash to make sure the implementing algortims doe not change since TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to 1.0.0) luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Extensive test of new TrustedCertificateStore behavior luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java TestKeyStore improvements - Refactored TestKeyStore to provide simpler createCA method (and internal createCertificate) - Cleaned up to remove use of BouncyCastle specific X509Principal in the TestKeyStore API when the public X500Principal would do. - Cleaned up TestKeyStore support methods to not throw Exception to remove need for static blocks for catch clauses in tests. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java packages/apps/CertInstaller Change CertInstaller to call IKeyChainService.installCertificate for CA certs to pass them to the KeyChainServiceTest which will make them available to all apps through the TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask. src/com/android/certinstaller/CertInstaller.java Added installCaCertsToKeyChain and hasCaCerts accessor for use by CertInstaller. Use hasUserCertificate() internally. Cleanup coding style. src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Added MANAGE_ACCOUNTS so that IKeyChainService.reset implementation can remove KeyChain accounts. AndroidManifest.xml Implement new IKeyChainService methods: - Added IKeyChainService.installCaCertificate to install certs provided by CertInstaller using the TrustedCertificateStore. - Added IKeyChainService.reset to allow Settings to remove the KeyChain accounts so that any app granted access to keystore credentials are revoked when the keystore is reset. src/com/android/keychain/KeyChainService.java packages/apps/Settings Changed com.android.credentials.RESET credential reset action to also call IKeyChainService.reset to remove any installed user CAs and remove KeyChain accounts to have AccountManager revoke credential granted to private keys removed during the RESET. src/com/android/settings/CredentialStorage.java Added toast text value for failure case res/values/strings.xml system/core Have init create world readable /data/misc/keychain to allow apps to access user added CA certificates installed by the CertInstaller. rootdir/init.rc Change-Id: I2e4b169cbb35d32d97f5d6a00d988fa389eadcb2
KeyChainService.aidl
|
4a9e1a2494f2e48b157506d7c731187907b7fd4e |
23-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Expose Credentials.UNLOCK_ACTION for callers that want to use startActivityForResult Change-Id: I729b2d8257bda3e7ff7858741ebd5415404880e7
redentials.java
|
b9a07c18e678da35b4c2a618b315fa174a21e818 |
11-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Adding KeyChain API and IKeyChainService Change-Id: Id3eaa2d1315481f199777b50e875811e3532988a
KeyChainService.aidl
eyChain.java
|
46703b099516c383a6882815bcf9cd4df0ec538d |
07-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Tolerate missing AccountManager resource, not just missing resource name In addition to the primary change in the subject, also some minor cleanup of javadoc, typos, CloseGuard warning, etc found while working on a new AbstractAccountAuthenticator. Change-Id: I73f3408773a43a0021a15f8d051fd3dbbdf898a5
eyStore.java
|
527f01e76d07b45bdf7ba97ffee0e9b358de658c |
20-Jan-2011 |
Chia-chi Yeh <chiachi@android.com> |
Update the path of the intent to unlock keystore. Change-Id: Ia81d0c172f2be6d04cba4db6e6798058f321605d
redentials.java
|
460c26e9875833dc494575b5c43f08c8baa15f34 |
12-Nov-2010 |
Elliott Hughes <enh@google.com> |
Use deliberately public API rather than org.apache cruft. InputStreamHelper is scheduled for deletion. As a bonus, the new code is more efficient. Change-Id: Ied8b87fa24f8506cf748b0d4c99ee7e2ae201483
ystemKeyStore.java
|
8bdf5935c0db4a66ab33a10b43398d2523cfa15d |
15-Oct-2010 |
Dianne Hackborn <hackbod@google.com> |
Work on issue #3101415: Crespo apps seem to have their UID changed over time. fsync! Change-Id: Ie6c5397202579935ac69bf61d3e7b3081ecf269c
ystemKeyStore.java
|
c5e630a004d144ba1d4cd1d37dd98eb70a7ec1d8 |
08-Oct-2010 |
Hung-ying Tyan <tyanh@google.com> |
Use explicit intent for installing credentials. http://b/issue?id=3020049 Change-Id: I429c5b2c9f3b876e6197894a9437952d71d5c472
redentials.java
|
8d578836dc4f9fb41532b8b3dd7a6b168d6f4f9d |
10-Sep-2010 |
Rich Cannings <richc@google.com> |
Remove the use of FileInputStream.available() Bug: 2976294 Change-Id: I34b13cedbf1d2338163ef74454817c318a3a24f5
ystemKeyStore.java
|
34c47c855815d731e6deb55748ff690b0ec7b53f |
09-Mar-2010 |
Nick Kralevich <nnk@google.com> |
Don't rely on the system locale for converting to/from bytes. By default, when java converts Strings to bytes, it uses the default system locale. This can be specified by the -Dfile.encoding option. If no file encoding is specified, java uses ISO8859_1. Unfortunately, not all unicode characters can be mapped to ISO8859_1. Unmappable characters may be replaced by a byte within ISO8859_1, which may change the meaning of the String. This is especially problematic for password strings, and has been used to compromise the security of passwords in the past. Thankfully, Android uses UTF-8 by default, so this bug doesn't effect Android devices. However, it's recommended to explicitly list the character set when converting to/from bytes to avoid the potential ambiguity. Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8
eyStore.java
|
1ff8fee7c8e4fcd4ef12c6c5d1055b7eccf5809b |
22-Feb-2010 |
Oscar Montemayor <oam@google.com> |
Better file permissions enforcement on system keystore.
ystemKeyStore.java
|
d12feb97667498378a472c5a7895a9fcd8056ec5 |
06-Feb-2010 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: minor improvements. Make constants final. Only converts ArrayLists to arrays when necessary.
eyStore.java
|
b62e8132df0d19a39a700324475b3df2de78e0b0 |
15-Jan-2010 |
Oscar Montemayor <oam@google.com> |
Apps on SD card. Added support for retrieving and generating keys as Hex Strings.
ystemKeyStore.java
|
8da98e30d8b2ae6e203f769dab0d6ec34cab3011 |
06-Jan-2010 |
Oscar Montemayor <oam@google.com> |
Apps on SD card project. A simple keystore to store system-only key material, by leveraging file system access permissions.
ystemKeyStore.java
|
8c596c6cce542dcd5c73e8b1aaef666757e36ec4 |
24-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: remove classes used by old keystore.
eply.java
erviceCommand.java
|
f1ece5d0c16fa3e79390e41ad9bec020c77d7720 |
24-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: return null when response code indicates an error.
eyStore.java
|
ec05c46ea9d1dc175b09f93df0b9fea5a43b2d5a |
24-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Remove old keystore and related files.
ertTool.java
eystore.java
|
613fcc850686dfe71cec9809c3694be9cf02cdc7 |
21-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: rename scan() to saw().
eyStore.java
|
44039172627d1c15737ea73836ad375559d76211 |
21-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: add java interface.
redentials.java
eyStore.java
|
9b7a3f1a6437605022568cad0b92d5006a2ab391 |
17-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
Add a helper class to send out credentials. Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
redentials.java
|
5b680802b6774491fbcee69e394d097d4bfcf42e |
16-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Fix a minor bug in is_alnum_string()... and remove some verbose logging
erviceCommand.java
|
a7df557aa2573a4718c7bbd069268e62bc036753 |
11-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Add tests and misc fixes on keystore. * Refactor netkeystore.c to make client and server code testable. * Add a client test for setting new passwd and changing passwd. * Exclude "." and ".." from reset_keystore(). * Change ServerCommand.executeCommand() to accept variable length of arguments and add convert() to marshalling the args to bytes. * Keystore.java is revised accordingly.
eystore.java
erviceCommand.java
|
9249cc69b83c7b055ae477c4539bdc451fe7f9b9 |
08-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Add two CertTool helper classes. Also add the unlock action string to Keystore.
ertTool.java
eystore.java
|
801b73f661cbdf92de94b7e552a190fcbbdc3168 |
07-Sep-2009 |
Chung-yih Wang <cywang@google.com> |
Replace the delimiter whitespace with '\0'. + Use '\0' as the delimiter. + Allow whitespace character for keystore password. In previous implementation, we use space as the delimiter. That will stop user from using passphrase with whitespace character.
eystore.java
|
09960230bf3d46ec1e7cbcfd8b07dfe007b9fa96 |
01-Sep-2009 |
Chung-yih Wang <cywang@google.com> |
Store CA certificate chain into one single key entry with PEM format. Extract all CA certificates in a PKCS12 keystore into a single entry in keystore with multiple PEMs.
ertTool.java
|
20a1156c6fd30f3ec1336894d6ae7e00298ad65b |
31-Jul-2009 |
Hung-ying Tyan <tyanh@google.com> |
Make certificate-handling-related constants public
ertTool.java
|
f1ab36f9ab82220de679ff0ca5164995b7d30214 |
05-Aug-2009 |
repo sync <cywang@google.com> |
Fix network order for marshalling in keystore interface. This will fix the endian issue for heterogeneous architectures in keystore marshalling interface.
erviceCommand.java
|
dc1d5704a725d207b98de1b117847297958d9148 |
03-Aug-2009 |
Chung-yih Wang <cywang@google.com> |
Fix the auto notification cleanup when vpn is disconnected. + add the log print if the browser give the incorrect data in addCertificate().
ertTool.java
|
e81f51f44b4cfb8316de1d206038414ee6f6e96b |
01-Aug-2009 |
Hung-ying Tyan <tyanh@google.com> |
Change some log.i to log.d.
erviceCommand.java
|
fd3db87e28e5b9ed186a15944234f6ff520773c6 |
28-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Support x509-user-cert mime type in browser. + Fix the public key matching and intent parameter mismatch.
ertTool.java
|
719eba5bb1fbc72e3b55450f16b38a6be5640055 |
24-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Change to SPKAC certificate request format for keygen.
ertTool.java
|
24988b34919d65d4e66be69ec0885154c47e85b7 |
22-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Cleanup the old keystore APIs.
eystore.java
|
22726cf8174fe00a097c89b8da397b10626cdd00 |
21-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Return error codes for storing the key/cert in addPkcs12Keystore()
ertTool.java
|
c9c119e7338cab292385118229f884a88fead3a2 |
16-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Support addPkcs12Keystore function in CertTool library. The function will be called from the credential storage for decoding the pkcs12 file and saving the certs/keys into mini-keystore.
ertTool.java
|
699ca3f2518360ea3250ff5a0e5d39e122c64a91 |
04-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Add password field for WiFi configuration. 1. the certtool.h is modified for avoiding the side effect, for saving the configuration with wpa_supplicant. 2. put the loadLibrary back in CertTool.java 3. Fix incorrect JNI declarations.
ertTool.java
|
bf20b9963add781a35de658f3228760015a163c9 |
02-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Migrate to the CertTool library. Keystore is reimplemented and it is mainly for storing (key, value) pair generically. The certificate related APIs are moved to the class CertTool instead. Updates: Provide the getInstance() which gives the singleton. Fix the missing construction of the BIO in cert.c.
ertTool.java
|
116d890aea63a4191a93412f5cecf5defad25201 |
03-Jul-2009 |
Hung-ying Tyan <tyanh@google.com> |
Fix null data handling in ServiceCommand.writeCommand()
erviceCommand.java
|
fa927c046a916fceb077d1ecf2552d76e73da912 |
02-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Remove the null-termination for Java string compatibility. 1. Also change the keyname delimiter in CertTool.java. 2. Return NOTFOUND if the result.len==0 in the listKeys(). 3. Define the keystore states in the class Keystore.
ertTool.java
eystore.java
|
eec11827a6c06b029030f43c8d54fd871cc3347d |
01-Jul-2009 |
Chung-yih Wang <cywang@google.com> |
Add CertTool for handling the keygen and certificate download. 1. Have the new Keystore for mini-keystore impelemntation. 2. Add CertTool library and jni dll for handling keygen and certificates. 3. Make Reply hidden. 4. Revert some 'incorrect' change and correct the description.
ertTool.java
eystore.java
eply.java
erviceCommand.java
|
3af8e9389e008c0076b86cc6b3c6f005e7473d10 |
20-Jun-2009 |
Grace Kloba <klobag@google.com> |
Change addCertificate to take byte[] instead of String as we don't know the encoding. In WebView, if we run into the certificate, we will save it to the Keystore instead of sending it to the WebKit.
eystore.java
|
6d531bf0513de7778c380d649bc0e554478f78f9 |
16-Jun-2009 |
Chung-yih Wang <cywang@google.com> |
Change the keystore APIs. 1. simplify the keypair selection in UI. 2. add the user certificate and key into the keystore for keygen feature.
eystore.java
|
396c69ca8d938c8705faf602b87729072bf8839c |
16-Jun-2009 |
Hung-ying Tyan <tyanh@google.com> |
Change the first parameter of Keystore.generateKeyPair() to int. * changes change the parameter to the index to the supported key strengths remove the exception class as it is not useful now
eystore.java
nsupportedKeyStrengthException.java
|
1d51e50d5d484c5d9e620b1d6736adc9aa99ae84 |
16-Jun-2009 |
Hung-ying Tyan <tyanh@google.com> |
Add keygen API to Keystore.
eystore.java
nsupportedKeyStrengthException.java
|
10e371f18247dc7fb64bfa0f0528501acc17be79 |
10-Jun-2009 |
Chung-yih Wang <cywang@google.com> |
Provide the Keystore feature in the framework. -- added the keystore library for Java application. -- changed the marshalling of the keystore function return.
eystore.java
erviceCommand.java
|