History log of /packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
8714f06db21f7db391db5e6d126bcac9447e6592 23-Mar-2016 Rubin Xu <rubinxu@google.com> Install client cert chain as CA_CERTIFICATE in keystore

CA_CERTIFICATE should store the cert chain minus the leaf cert.
Bug: 18239590

Change-Id: Ie05715ea07ba71bcf206050af461bc478a9ce643
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
ba755b162012ee5bef527ba939484d868e03c357 24-Feb-2016 Robin Lee <rgl@google.com> Delete grants when keypair is removed

Otherwise the grant will linger even if another keypair is installed
with the same alias. It's better if that doesn't happen.

Bug: 27335182
Change-Id: I72491201c807e3e70f0085e6f1b364d692de8d0a
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
f44a51908d90fdc6f5febd78fef4affd971ec44b 03-Aug-2015 Robin Lee <rgl@google.com> Implement removeKeyPair

Bug: 22541933
Change-Id: I37317e7c22e89816156e6e9a7abf4c5a59e8440a
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
8847b12978fb2dc4e33599e28f163aa1d213146d 27-Jul-2015 Robin Lee <rgl@google.com> Check keystore state first for installKeyPair

Since this is available to 3rd-party apps through DevicePolicyManager,
it makes sense to explain failures with more detail.

Bug: 20486707
Change-Id: Ied1dc026f86c522c16d00a5705630348910ef679
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
44c777b623d27a75b14dd20f7f1bd102d063c651 08-Jun-2015 Alex Klyubin <klyubin@google.com> Switch from KeyStore.delKey/saw to KeyStore.delete/list.

KeyStore.delKey was replaced by KeyStore.delete, and KeyStore.saw was
replaced by KeyStore.list.

Bug: 18088752
Change-Id: I45eae9d252dc304f9d8d6fa8bfd1a9729ef090b3
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
1f00eaf6936421542f139f1066bd4656af3a8b11 16-Oct-2014 Robin Lee <rgl@google.com> Only send storage_changed intent to current user

Stops the "Calling a method in the system process without a qualified
user" warning we get due to KeyChain running under the system's uid.

Bug: 18028613
Change-Id: I4d0c61a8423f81cb35b1cf41d96ed235edb9ce65
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
d300fc59cf229dd634f317c77af12000d0f09e7c 21-Jul-2014 Bernhard Bauer <bauerb@google.com> Implement IKeychainService.installkeyPair.

BUG=15065444

Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
3d25b3144669ceb787dfd00f1e312516c8fe6173 18-Aug-2014 Zoltan Szatmary-Ban <szatmz@google.com> Implement CACert retrieval in KeyChainService

CACerts from TrustedCertificateStore can now be retrieved via KeyChainService.
This allows for specifying the user whose certs we want to query.

Bug: 16029580
Change-Id: I8d7b24fd4664df5de03852c8166f7994f094cb93
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
93772c3bc4a51019792e88c2a2e451f20895d73a 02-Sep-2014 Robin Lee <rgl@google.com> Tag keystore aliases with user-specific SYSTEM_UID

Now copies what keystore does - any requests coming from non-owner
userIds were being broken by aliases having the wrong UID prefixed
onto them.

Bug: 17323993
Change-Id: Iece3b6aa17701347299abefeaa0fcdbb59e97154
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
f94efbda865865b2fc7a394031f52c2568a37172 15-Aug-2014 Zoltan Szatmary-Ban <szatmz@google.com> Revert "Update Trusted Credentials screen in settings"

This reverts commit 031612ec11a5bd212a1cdcb824576d5542270b2d.

Change-Id: I1e12574f3481c392e885bf12e2f9f847b11c799d
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
031612ec11a5bd212a1cdcb824576d5542270b2d 15-Jul-2014 Zoltan Szatmary-Ban <szatmz@google.com> Update Trusted Credentials screen in settings

Trusted credentials for both the primary user and its managed profiles are shown
on the Trusted Credentials fragment. All functionalities (e.g. disabling/enabling
of certificates) remain available.

Bug: 16029580

Change-Id: I306715d6a1248111ee74c4ae036a02b1a5dc4255
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
3fb7449c95754dedca4220948561b5f8617b8b2c 30-Jun-2014 Julia Reynolds <juliacr@google.com> Apply user restriction to KeyChainService.

Bug: 15989622
Change-Id: If151d267e06da015dac197bec66f3b933cef1584
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
3048b6c5826b82a4ba4dbadf4cd06d00c2a80b32 24-Apr-2013 Kenny Root <kroot@google.com> Track change to JSSE provider

Change-Id: I0631ff6d12323496cdbb08c93f93cf65c933ed75
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
4ff2296cb77305468531ae0c45f90b46f942a5a3 14-Feb-2013 Kenny Root <kroot@google.com> KeyStore: stop using state()

Change-Id: Ib9a9af88a280a5442989a8199218a7ba82ce9e25
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
c8b0463643df1f1a4035d641e155f5e1cef8e1b0 22-May-2012 Nick Kralevich <nnk@google.com> KeyChainService: fix misleading error message.

The KeyChainService would incorrectly report that the KeyChain
was locked when it was really uninitialized. Fix error message.

Change-Id: I128f7fee9a0b8b41e215edf38699c1441e6f6344
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
6f1f03bcae70792bbd8bc0aecb90c7b9c43b76b5 08-Mar-2012 Kenny Root <kroot@google.com> Convert to new KeyStore format

Change-Id: I531ca8fbf8c7008383488cba1dd73f59537edb01
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
39e36e58a7fd0a4520af5467719dac73afc205b4 14-Feb-2012 Selim Gurun <sgurun@google.com> Broadcast credential storage changes.

Bug: 6009802

Cherry pick 0cb57ed171d7898f5f052e86e485771cbcbadcd8

When credential storage changes (adding/deleting a user CA) or
reset, send a broadcast intent so user can update any cached
credential storage state.

Change-Id: I3a3e93a0408e6db281e850268fe688182bfa4aa7
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
3ffb8e337e96c074ad70853cc6e4d1d5c4b03f95 16-Feb-2012 Selim Gurun <sgurun@google.com> Revert "Broadcast credential storage changes."

This reverts commit 0cb57ed171d7898f5f052e86e485771cbcbadcd8
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
0cb57ed171d7898f5f052e86e485771cbcbadcd8 14-Feb-2012 Selim Gurun <sgurun@google.com> Broadcast credential storage changes.

Bug: 6009802

When credential storage changes (adding/deleting a user CA) or
reset, send a broadcast intent so user can update any cached
credential storage state.

Change-Id: Ie88fa4e86647ba52521b207258b860154a96c7dc
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
fb2e18e112f9fb9f0620c0c0ff06377f52fe39a4 13-Jul-2011 Fred Quintana <fredq@google.com> Make the KeyChain handled its own grants rather than having
AccountManagerService handle them.

Change-Id: I44d437d5d8100e3c79415862186bc2908cd15537
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
2aff944e2f92cec7a58b30e40051aa9a3b45dd5f 01-Jul-2011 Brian Carlstrom <bdc@google.com> Moving KeyChain from keychain uid to system uid

Now that the system user can read values from keystore, the keychain user is unneeded.

Bug: 4970237
Change-Id: I5b998ce29c2b32d8014c9ec1814c1e0837951cb5
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
7037b73962c34e884467d3d4a871ecdab9797fc3 01-Jul-2011 Brian Carlstrom <bdc@google.com> Return non-null for methods with AccountAuthenticatorResponse argument

The AbstractAccountAuthenticator methods that take an
AccountAuthenticatorResponse argument expect the receipient either
return a non-null value immediately or later on call the
AccountAuthenticatorResponse. Returning null for presumably uncalled
methods led to surprises when they were invoked from unexpected
contexts such as Settings, leading to a hang on "Add Account".

Change-Id: I0f7b2667c4fd4632921f2e2bed10266dd6662720
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
43f5b77dbbff264f7f521dbf5361f07a5e253c70 27-Jun-2011 Brian Carlstrom <bdc@google.com> Add KeyChainService.deleteCaCertificate
Allow system to call KeyChainService.installCaCertificate

Change-Id: Idd3d97d7972f066368079f6b996cf2bc658cca4f
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
f5b50a4678120890d62bb07bb47cbd3f1ba4b243 10-Jun-2011 Brian Carlstrom <bdc@google.com> Tracking KeyChain API refinements

Change-Id: Ib19f16bd7c9e9790e1183d3d2a9a84789661d7cf
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
31c9afb855b0de37a27d5535f04e39dfaf48996d 08-Jun-2011 Brian Carlstrom <bdc@google.com> Throw IllegalStateException when authtoken has not been generated

Change-Id: I408fe3032d6a4d2244c3d5d590b96ef74f9c9b4e
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
e3b3390d3b1c96097c8e7cbd4c0eb51715677739 31-May-2011 Brian Carlstrom <bdc@google.com> Integrating keystore with keyguard (Part 3 of 4)

Summary:

frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification

packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use

packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints

packages/apps/KeyChain
Tracking KeyStore API changes

Details:

frameworks/base

Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.

cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp

Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.

core/java/com/android/internal/widget/LockPatternUtils.java

Changed unlock screens to pass values for keystore unlock or initialization

policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java

KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required

keystore/java/android/security/KeyStore.java

In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.

keystore/tests/src/android/security/KeyStoreTest.java

packages/apps/Settings

Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.

AndroidManifest.xml
src/com/android/settings/CredentialStorage.java

Remove layout for entering new password

res/layout/credentials_dialog.xml

Remove enable credentials checkbox

res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java

Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.

src/com/android/settings/ChooseLockGeneric.java

Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.

src/com/android/settings/CryptKeeperSettings.java

Tracking KeyStore API changes

src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java

Removing now unused string resources

res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml

packages/apps/CertInstaller

Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java

Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java

Change-Id: Id7250fdb29c8a6d52d599c39a869ab22b1cc53da
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
8334df75c9091a55ed57d59e396817a02f1d9085 27-May-2011 Brian Carlstrom <bdc@google.com> Tracking merge of dalvik-dev to master

Change-Id: Idc318eb8f4ca64ea73aa6732e3d4546e7e631019
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
2a85883088558f87a0eb4a88bd5531401396f5b4 26-May-2011 Brian Carlstrom <bdc@google.com> Defend KeyChainActivity again callback exceptions.

Also remove some unnecessary throws in the KeyChainService

Change-Id: I1779229957a2e700effca33e15cea2e71e73b281
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
5aeadd9be22ea51ea2d638f7090618448ecc8ac7 17-May-2011 Brian Carlstrom <bdc@google.com> Simplify KeyChain API by removing now unneeded CA certificate lookup (3 of 3)

frameworks/base

Remove getCaCertificates and findIssuer from IKeyChainService,
these are now done via libcore's TrustedCertificateStore (as part
of the default TrustManager implementation)

keystore/java/android/security/IKeyChainService.aidl

Simplify KeyChain API. Now that the CA certificates are visible
through the default TrustManager, the KeyChain is solely focused on
retrieving PrivateKeys and their associated certificates. The
calling API for KeyChain to simply a single KeyChain.get() call
that returns a KeyChainResult, removing the need for a KeyChain
instance that needs to be closed.

keystore/java/android/security/KeyChain.java
keystore/java/android/security/KeyChainResult.java

master/libcore

Remove getDefaultIndexedPKIXParameters and
getIndexedPKIXParameters which was used as part of the prototype
of looking up CAs via the KeyChain but is obsoleted by the new
default TrustManager implementation.

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java

packages/apps/KeyChain

Tracking simplified IKeyChainService, removing now unneeded
implementation, updating tests.

src/com/android/keychain/KeyChainService.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
tests/src/com/android/keychain/tests/KeyChainTestActivity.java

Change-Id: Ie2cb950783f897d87d39cc38a126068a9d68680a
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
a58db5485e7b47880d9d565b036ae8b894ffdc48 12-May-2011 Brian Carlstrom <bdc@google.com> Make CertInstaller installed CA certs trusted by applications via default TrustManager (4 of 6)

frameworks/base

Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl

libcore

Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java

Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directory for system.
Added support for removing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java

Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java

Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algorithms doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)

luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java

TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.

support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

Added private PKIXParameters contructor for use by
IndexedPKIXParameters to avoid wart of having to lookup and pass
a TrustAnchor to satisfy the super-class sanity check.

luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
luni/src/main/java/java/security/cert/PKIXParameters.java

packages/apps/CertInstaller

Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.

src/com/android/certinstaller/CertInstaller.java

Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.

src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.

AndroidManifest.xml

Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.

src/com/android/keychain/KeyChainService.java

packages/apps/Settings

Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.

src/com/android/settings/CredentialStorage.java

Added toast text value for failure case

res/values/strings.xml

system/core

Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.

rootdir/init.rc

Change-Id: I8f1c12751085ebf9b993ebd1c1419d792fd047c8
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java
3e6251dedc92654476c70bdc413f24a4b31ce6a4 11-Apr-2011 Brian Carlstrom <bdc@google.com> Adding KeyChainService and KeyChainActivity

Change-Id: I6c862d3e687cf80fb882966adb3245f2244244fe
/packages/apps/KeyChain/src/com/android/keychain/KeyChainService.java