05dc9f764c9d399add8b7495e680f66d098c55eb |
|
22-Feb-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add API for checking which CA certs were installed by the DO/PO With this API, the system can determine whether a CA cert was installed by the user or the user's DO/PO. Bug: 32692748 Test: unit tests (see DevicePolicyManagerTest.java for invocation) Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases Change-Id: I3bcae5ac18ec2b110154184fc515df804fd73da6
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
abaa0695c5361b36a7a2cdbe87c77bf60be20af7 |
|
20-Feb-2017 |
Robin Lee <rgl@google.com> |
Delete ParcelableString, add StringParceledListSlice Both inherit from package private BaseParceledListSlice. This is still bad, but it's not as bad. The existing code that uses this can just do Foo.bar().getList() now instead of having to marshal to and from an oddball type at either end as well. In the longer term ParceledListSlice<> should be eliminated, but it's not clear how far into the future that is going to happen. Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java Test: runtest -x core/tests/coretests/src/android/content/pm/ParceledListSliceTest.java Change-Id: Ie69b96b5215d6e04990f6d31345772cdfee21d78
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
b43659170824dd8d753d9249fe6ccfd37c6221ae |
|
23-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Add DevicePolicyManager API to install a client cert chain. When installing a keypair the caller will have the option to specify a certificate chain which will later be returned to whoever requests access to the keypair via KeyChain. Bug: 18239590 Change-Id: Id21ef026e31537db38d891cb9b712dd4fe7159c7
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
fbc65644b9bda216699f5f1f883d6dfa2668e545 |
|
03-Aug-2015 |
Robin Lee <rgl@google.com> |
DevicePolicy API to remove an installed KeyPair The keypair is specified by alias and removed via a call to the KeyChainService, which will have installed the pair in the first place. Bug: 22541933 Change-Id: I37317e7c22e89816156e6e9a7abf4c5a59e8440a
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
26408ccd8e852d947e58021792bfc3b315e5948d |
|
08-Sep-2014 |
Bernhard Bauer <bauerb@google.com> |
Add DevicePolicyManager PrivateKey mgmt Additional device policy API to install keypairs to the keychain silently. Bug: 15065444 Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
f0ae135049048424bceccb0799b12377181b25f0 |
|
18-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Extend IKeyChainService AIDL with CACert retrieval Bug:16029580 Change-Id: I41a3bd2f3bd95550e59f1d0d0acd0e765d7b62d7
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
3291de8f6c8bc7ffa5992a2a5a5c2cf8bb0adf4b |
|
15-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Revert "Revert "Revert "Revert "Update Trusted Credentials screen in settings""""" This reverts commit c9249c69813c6fb889d71d84583c67ae2942e6de. Change-Id: I5504fddaf7b18efb73cd6c76678b3b39ce9b0229
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
f8d72cc14f70f5af13342c4c7b107a8ab60dfe23 |
|
15-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Revert "Revert "Revert "Update Trusted Credentials screen in settings"""" This reverts commit 87efe74e092236c372d3b6909009641123aa416a. This should be fine now with all the dependency CLs +2-ed Change-Id: I96ad14ad5ff81e6b5391035cb6c5a62339c6cc40
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
f75aadc028f2e79541a269bf2c74dcb3482e2ec7 |
|
15-Aug-2014 |
Narayan Kamath <narayan@google.com> |
Revert "Revert "Revert "Update Trusted Credentials screen in settings""" This reverts commit 19c8ce291e89a9ef1442a20e1feab421b11536d7. Change-Id: Ie5a5571127311e0a29f314c0566e779cfe940b53
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
1e7bc0def8c62b91d3eb985a51bec54063ce83f5 |
|
15-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Revert "Update Trusted Credentials screen in settings"" This reverts commit 0f0de0bdd021bad5f85fdb0399a4ea91a1611e25. Change-Id: Ia3d0907e3d7c2ec42d64e45f60e3dfaffb932c3d
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
678e3ecc937c00969830700dffb42fb1ee232f7c |
|
07-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Update Trusted Credentials screen in settings" This reverts commit 4fde5aa9fab931d9becfc49f7d7b8526ad5640d9. Change-Id: I581c38d64e9829b0079bafa42615f2aa0bf64763
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
1386627335a79dd02fb34db344e63ca3abfce013 |
|
15-Jul-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Update Trusted Credentials screen in settings Trusted credentials for both the primary user and its managed profiles are shown on the Trusted Credentials fragment. All functionalities (e.g. disabling/enabling of certificates) remain available. Bug: 16029580 Change-Id: Ia92ae02d8c572bf4a3be172f6c255726cefc0fa1
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
5423e68d5dbe048ec6f042cce52a33f94184e9fb |
|
14-Nov-2011 |
Kenny Root <kroot@google.com> |
Add signing to keystore Change the keystore to keep the private keys in keystore. When returned, it uses the OpenSSL representation of the key to allow users to use it in various operations through the OpenSSL ENGINE that connects to keystore. Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
ab8b84ad3847788d83da557606aa27d4102e6b52 |
|
13-Jul-2011 |
Fred Quintana <fredq@google.com> |
Make the KeyChain handled its own grants rather than having AccountManagerService handle them. Change-Id: I89d272b22766f85019c1f947153d69e6dbb74c68
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
6da00334478df64921b68fcbb45c9d1eef6f35bd |
|
27-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Moving ssl_certificate layout, resources, and helper code to SslCertificate Add IKeyChainService.deleteCaCertificate Change-Id: If42341bc732efcfe4f958c00cdd6c0fec11a3c75
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
ba1a667b1d6c95050f6c88316ac58fe9e0ff878b |
|
25-May-2011 |
Brian Carlstrom <bdc@google.com> |
Remove need for onActivityResult from KeyChain API Change-Id: I97bb9db06978f6dc039d22bfee116671d7b3e336
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
8e9929c4d0730de4c9f01435a7cfe2db8855e24d |
|
17-May-2011 |
Brian Carlstrom <bdc@google.com> |
Simplify KeyChain API by removing now unneeded CA certificate lookup (1 of 3) frameworks/base Remove getCaCertificates and findIssuer from IKeyChainService, these are now done via libcore's TrustedCertificateStore (as part of the default TrustManager implementation) keystore/java/android/security/IKeyChainService.aidl Simplify KeyChain API. Now that the CA certificates are visible through the default TrustManager, the KeyChain is solely focused on retrieving PrivateKeys and their associated certificates. The calling API for KeyChain to simply a single KeyChain.get() call that returns a KeyChainResult, removing the need for a KeyChain instance that needs to be closed. keystore/java/android/security/KeyChain.java keystore/java/android/security/KeyChainResult.java master/libcore Remove getDefaultIndexedPKIXParameters and getIndexedPKIXParameters which was used as part of the prototype of looking up CAs via the KeyChain but is obsoleted by the new default TrustManager implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java packages/apps/KeyChain Tracking simplified IKeyChainService, removing now unneeded implementation, updating tests. src/com/android/keychain/KeyChainService.java tests/src/com/android/keychain/tests/KeyChainServiceTest.java tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I847b28c2f467c85f24d2b693a2fecc1cb46426b4
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
2627d53f65be672e9a27f735975de1bf3aebfec1 |
|
13-May-2011 |
Brian Carlstrom <bdc@google.com> |
Make CertInstaller installed CA certs trusted by applications via default TrustManager (1 of 6) frameworks/base Adding IKeyChainService APIs for CertInstaller and Settings use keystore/java/android/security/IKeyChainService.aidl libcore Improve exceptions to include more information luni/src/main/java/javax/security/auth/x500/X500Principal.java Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods. Added support for adding user CAs in a separate directroy for system. Added support for removeing system CAs by placing a copy in a sytem directory luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash to make sure the implementing algortims doe not change since TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to 1.0.0) luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Extensive test of new TrustedCertificateStore behavior luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java TestKeyStore improvements - Refactored TestKeyStore to provide simpler createCA method (and internal createCertificate) - Cleaned up to remove use of BouncyCastle specific X509Principal in the TestKeyStore API when the public X500Principal would do. - Cleaned up TestKeyStore support methods to not throw Exception to remove need for static blocks for catch clauses in tests. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java packages/apps/CertInstaller Change CertInstaller to call IKeyChainService.installCertificate for CA certs to pass them to the KeyChainServiceTest which will make them available to all apps through the TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask. src/com/android/certinstaller/CertInstaller.java Added installCaCertsToKeyChain and hasCaCerts accessor for use by CertInstaller. Use hasUserCertificate() internally. Cleanup coding style. src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Added MANAGE_ACCOUNTS so that IKeyChainService.reset implementation can remove KeyChain accounts. AndroidManifest.xml Implement new IKeyChainService methods: - Added IKeyChainService.installCaCertificate to install certs provided by CertInstaller using the TrustedCertificateStore. - Added IKeyChainService.reset to allow Settings to remove the KeyChain accounts so that any app granted access to keystore credentials are revoked when the keystore is reset. src/com/android/keychain/KeyChainService.java packages/apps/Settings Changed com.android.credentials.RESET credential reset action to also call IKeyChainService.reset to remove any installed user CAs and remove KeyChain accounts to have AccountManager revoke credential granted to private keys removed during the RESET. src/com/android/settings/CredentialStorage.java Added toast text value for failure case res/values/strings.xml system/core Have init create world readable /data/misc/keychain to allow apps to access user added CA certificates installed by the CertInstaller. rootdir/init.rc Change-Id: I2e4b169cbb35d32d97f5d6a00d988fa389eadcb2
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|
b9a07c18e678da35b4c2a618b315fa174a21e818 |
|
11-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Adding KeyChain API and IKeyChainService Change-Id: Id3eaa2d1315481f199777b50e875811e3532988a
/frameworks/base/keystore/java/android/security/IKeyChainService.aidl
|