| 7eeab2cdd99f84ecef12ebbb92e0731b26508da1 |
|
19-Apr-2017 |
phweiss <phweiss@google.com> |
Implement CACert queries in SecurityController
Cherry-pick note:
testCACertLoader() was flaky, so this cherry-pick contains
two attempted fixes and a CL that disables the test. The original commit
messages of the squashed CLs are below.
Merged-In: I3b9cc3d85c9f49d0a892613b63d1fba184ab647e
Implement CACert queries in SecurityController
Queries are run (on a AsyncTask) when user is switched and when
ACTION_TRUST_STORE_CHANGED is broadcasted. Otherwise, the result is cached
in the SecurityController.
Bug: 37535489
Test: runtest --path frameworks/base/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java
Change-Id: I3b9cc3d85c9f49d0a892613b63d1fba184ab647e
Increase timeout for flaky testCACertLoader()
Bug: 37535489
Bug: 38045871
Test: runtest --path frameworks/base/packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java
Change-Id: I5778082973af7c6d4d719b83e334fec552b0a89e
Fix flaky SecurityControllerTest.testCaCertLoader
Fixes: 38108698
Test: runtest -c .statusbar.policy.SecurityControllerTest systemui
Change-Id: I6029a09984b72599622f0df57187a20aba4dab30
Disable flaky test
Test: treehugger
Bug: 38118260
Change-Id: I05c6504acee6a787e1cc5071bed0118388963212
(cherry picked from commit e375fc441cc889890d1cff5bc771039bb65f08ef)
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 0f3f60b576aedc78524d50da3dadada2201e63c2 |
|
25-Apr-2017 |
Jeff Sharkey <jsharkey@android.com> |
Fix some issues found by new doclava linter.
Add missing API annotations for permissions and SdkConstants, and
invoke doclava with new "-android" flag.
Test: make -j32 offline-sdk-docs
Bug: 37526420
Change-Id: I970bb2655eb568fd25004636f134c794663a6c33
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 8b651bf7d54f23549c8a7baa27dbed38a35465e4 |
|
23-Mar-2017 |
Chad Brubaker <cbrubaker@google.com> |
Fix ACTION_STORAGE_CHANGED doc
The deprecation note was not quite correct.
Change-Id: I15231881bbf1ee1ee4d342bff74280d7e9807ac0
Fixes: 36493384
Test: builds
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 7f5c91c6bce6a8ff2414549219a321a98a98ab31 |
|
08-Feb-2017 |
Robin Lee <rgl@google.com> |
MonitoringCertTask no longer relies on software.device_admin
Added a test to validate that it still works the way it should before
and after the change.
Bug: 33258404
Bug: 35196414
Fix: 35129745
Test: runtest -x services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
Test: also manual, instructions:
Test: (1) Disable software.device_admin from tablet_core_hardware, rebuild.
Test: (2) Install CA cert. Notification should appear.
Test: (3) Reboot. Notification should still be there.
Change-Id: Id992725c1844a2fffbde4d8acaba531e99f853ad
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| dea66146038a28e9c7da2ad04a6119cfd83de2f8 |
|
16-Nov-2016 |
Shawn Willden <swillden@google.com> |
Test for null context in getPrivateKey
In N, passing a null context to getPrivateKey provoked a
NullPointerException, which is validated by a CTS test. In commit
28d68b1 this behavior was changed (inadvertently, I believe) causing
getPrivateKey to wrap the NPE in a KeyChainException. This CL restores
the previous behavior, fixing the test and avoiding breaking any apps
that were catching the NPE.
Test: Fixing broken test
Change-Id: Icb0c75b03efc478b7310998cf3e7108a2c419107
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 0a17db1cc5942ea000ca87bb72853de57a15ec64 |
|
04-Nov-2016 |
Jeff Sharkey <jsharkey@android.com> |
Detect non-oneway calls leaving system_server.
To protect system stability, any Binder calls leaving the
system_server must carefully be performed using FLAG_ONEWAY (or
the 'oneway' verb in AIDL) which prevents the call from blocking
indefinitely on the remote process.
In this CL, the system_server uses the new Binder.setWarnOnBlocking()
method to enable detection by default for all remote Binder
interfaces. It can also use Binder.allowBlocking() to allow
blocking calls on certain remote interfaces that have been
determined to be safe.
This CL adds the 'oneway' verb to several interfaces and methods
where it should have been added, and marks a handful of system
ContentProviders as being safe to call into. Also, we assume that
any services obtained from ServiceManager are part of the core
OS, and are okay to make blocking calls to.
Test: builds, boots, runs with minimal logs triggered
Bug: 32715088
Change-Id: Ide476e120cb40436a94b7faf7615c943d691f4c0
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 8910bf2ca0a10d13f6b63301f157567ccefc36eb |
|
24-Aug-2016 |
Rubin Xu <rubinxu@google.com> |
Merge "Handle null packageName in PendingIntentRecord" into nyc-mr1-dev am: 6acd5e7361 am: 2f6eecbed0
am: f38514ccd6
Change-Id: I1071a92b4ff74a57bf94c9b6aad9df4fb3852072
|
| c378aabddad75b0c3a2e18afe0c8a649e864dc93 |
|
23-Aug-2016 |
Robin Lee <rgl@google.com> |
Documentation warning against short-lived Contexts
am: da23618043
Change-Id: Ie6e4c05d8d9a273f0f529c2be79f3df4a856fedb
|
| da23618043667e9cee680688b7413f65b400516e |
|
12-Aug-2016 |
Robin Lee <rgl@google.com> |
Documentation warning against short-lived Contexts
It's better to use an Application Context rather than hoping the
activity won't be destroyed in another thread (because it will).
Change-Id: I9bf842d0d7dbedcc509a4a314d23a9a6cfca4d48
Fix: 29873669
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 28d68b14566f1f7f5ceb7cff2b1b31212f83ed1e |
|
22-Jul-2016 |
Robin Lee <rgl@google.com> |
Unbind from KeyChainService before RPCing to keystore
This leaves the binder connection open for far too long, which keeps
the keychain app alive longer than necessary.
Bug: 29873669
Change-Id: I037c2b91400202ba6a474819867df16b6342ec0d
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| bea9e036f546f34c2066d3aaa9e8173a2720ab99 |
|
26-Jul-2016 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix incorrect @link in ACTION_STORAGE_CHANGED comment"
|
| dbf01c12d0b9f3fe3b3262529a97e4fe294f5eb8 |
|
25-Jul-2016 |
Chad Brubaker <cbrubaker@google.com> |
Fix incorrect @link in ACTION_STORAGE_CHANGED comment
Change-Id: Ibfca8651a55e32e9caed96b04e5a40dc6ebc3019
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| f04a663d6a06404d000274d551f5e43fca02d88b |
|
25-Jul-2016 |
Robin Lee <rgl@google.com> |
Force application context for KeyChain bindings
Bug: 29873669
Change-Id: I68c11ab19a169498045bbc23bc8fe6a2f46be031
(cherry picked from commit 43e235c0d55fce8ff845c0249a414a1b2daa5b10)
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 43e235c0d55fce8ff845c0249a414a1b2daa5b10 |
|
25-Jul-2016 |
Robin Lee <rgl@google.com> |
Force application context for KeyChain bindings
Bug: 29873669
Change-Id: I68c11ab19a169498045bbc23bc8fe6a2f46be031
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 721afae8f1deb2e064d0f973ec3304a07b3e9739 |
|
08-Jul-2016 |
Chad Brubaker <cbrubaker@google.com> |
Mention target API limits for ACTION_STORAGE_CHANGED
Bug: 28450538
Change-Id: I9c69f9d0bdda5b69aec2dc3014a612d84082dc64
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 4de59ef3238c4bf4b8c994b83be2c703ffad2a5b |
|
02-May-2016 |
Chad Brubaker <cbrubaker@google.com> |
Deprecate ACTION_STORAGE_CHANGED
ACTION_STORAGE_CHANGED is too noisy and fires on too many events. It has
been split into ACTION_KEYCHAIN_CHANGED for
addition/modification/removal of user certificates and keys,
ACTION_TRUST_STORE_CHANGED for changes the the user added and system CA
stores on the device and ACTION_KEY_ACCESS_CHANGED for changes to key
grants.
ACTION_STORAGE_CHANGED will only be sent to applications targeting N
and below. Applications targeting future releases should use the new
broadcasts.
Bug:28450538
Change-Id: I34ff838e9858db65f7308ca2b0f7d652c48fae17
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| b43659170824dd8d753d9249fe6ccfd37c6221ae |
|
23-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
Add DevicePolicyManager API to install a client cert chain.
When installing a keypair the caller will have the option to specify a
certificate chain which will later be returned to whoever requests access
to the keypair via KeyChain.
Bug: 18239590
Change-Id: Id21ef026e31537db38d891cb9b712dd4fe7159c7
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 21bcbc54dd6b1f029f4973bef27c20e55d057432 |
|
29-Feb-2016 |
Robin Lee <rgl@google.com> |
Guard against null component when binding KeyChain
If keychain is removed from a device, there will be no sensible
resolution and client apps will bind to whatever is available.
Doesn't affect system apps which are forcibly prevented from wildcard
binding.
Bug: 27475655
Change-Id: Ide1aab3778e12f0b9a96662deb297a76d2f4997f
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 3a435f03906778677b846baa7ebedadd3119e892 |
|
21-Dec-2015 |
Robin Lee <rgl@google.com> |
Return null on getPrivateKey failure not exception
According to documentation:
Returns the {@code PrivateKey} for the requested alias, or null if
there is no result.
@throws KeyChainException if the alias was valid but there was some
problem accessing it.
@throws IllegalStateException if called from the main thread.
In this case the alias doesn't exist or isn't visible to the caller so
they should get null back instead of KeyChainException.
Change-Id: Ied5603ac6aefbcef79050f24c2aa7ee8f386be0b
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 71fbb81b14958b80fe55738607740c6630e4e9da |
|
30-Nov-2015 |
Neil Fuller <nfuller@google.com> |
Fix @code escapes
The body of {@code} must not be HTML escaped. This is one of
several changes that fix the source in conjunction with a
doclava fix.
Bug: 25757239
Change-Id: Ib38a0fa2dd2a3d68e467f78a812071e763d7e881
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 3876b1be27e3aefde9a72eb2e4f856e94fc5f946 |
|
09-Sep-2015 |
Alex Klyubin <klyubin@google.com> |
Support cross-UID access from AndroidKeyStore.
This is meant for exposing the pre-existing cross-UID access to keys
backed by the keystore service via higher-level JCA API. For example,
this lets system_server use Wi-Fi or VPN UID keys via JCA API.
To obtain a JCA AndroidKeyStore KeyStore for another UID, use the
hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).
To generate a key owned by another UID, invoke setUid(uid) on
KeyGenParameterSpec.Builder.
This CL does not change the security policy, such as which UID can
access/modify which UIDs' keys. The policy is that only certain system
UIDs are permitted to access keys of certain other system UIDs.
Bug: 23978113
Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 59e3baa8ab08c4da270023540ba15268c87e0d67 |
|
30-Jun-2015 |
Robin Lee <rgl@google.com> |
KeyChain: annotate with @WorkerThread
Several methods need to be called off the main UI thread. This is
the first documentation of that requirement.
Bug: 19440165
Change-Id: I0303011c0ded6ec1efa92119c1e02a8a39b14a59
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 4a0ff7ca984d29bd34b02e54441957cad65e8b53 |
|
09-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Android Keystore keys are no longer backed by Conscrypt.
This switches Android Keystore asymmetric keys from being backed by
Conscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE
which talks to keystore via the old KeyStore API) to being backed by
the AndroidKeyStore Provider which talks to keystore via the new
KeyStore API. In effect, this switches asymmetric crypto offered by
Android Keystore from old Keystore API to new KeyStore API, enabling
all the new features such as enforcement of authorizations on key use.
Some algorithms offered by Android Keystore, such as RSA with OAEP
or PSS padding schemes, are not supported by other providers. This
complicates matters because Android Keystore only supports public key
operations if the corresponding private key is in the keystore. Thus,
Android Keystore can only offer these operations for its own public
keys only. This requires AndroidKeyStore to use its own subclasses of
PublicKey everywhere. The ugliest place is where it needs to return
its own subclass of X509Certificate only to be able to return its
own subclass of PublicKey from Certificate.getPublicKey().
Bug: 18088752
Bug: 19284418
Bug: 20912868
Change-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 469cbf5156ad54650726ade59f2ee5aa01359ec2 |
|
04-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Deprecate KeyChain.isBoundKeyAlgorithm.
This is bad API. There was never a guarantee that when this method
returns true for a key algorithm (e.g., RSA or EC), then all keys of
that type will be imported into secure hardware. For example, the
secure hardware may reject a key if it's of unsupported size or uses
an unsupported public exponent or EC curve. In that case, the key
will be imported into keystore/KeyChain without being backed by secure
hardware.
Bug: 18088752
Change-Id: I8daa574a2e703a347d09d93401cd1ea2d0162ed9
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 39087b1cec6a54e96ab9eafe8317952720790533 |
|
05-May-2015 |
Robin Lee <rgl@google.com> |
Replace String host:port/url args with Uri arg
Uri provides a stronger guarantee of well-formedness and lets apps do
nice extra things like specifying scheme etc. without twisting any
expectations.
Bug: 20820034
Change-Id: Ia6bbedb74765444920b667d643fb7e1eb6a7292b
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 3f8d4d840894468f2be8a5b56ff266cef2d71c50 |
|
13-May-2015 |
Alex Klyubin <klyubin@google.com> |
New AndroidKeyStore API in android.security.keystore.
This CL addresses the comments from API Council about Android KeyStore
KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter:
1. These abstractions should not take or hold references to Context.
2. The Builders of these abstractions should take all mandatory
parameters in their constructors rather than expose them as
setters -- only optional paratemers should be exposed via setters.
These comments cannot be addressed without deprecation in the already
launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of
deprecating just the getContext methods and Builder constructors, this
CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and
KeyStoreParameter as a whole and exposing all of the AndroidKeyStore
API in the new package android.security.keystore. This enables this CL
to correct all of the accrued design issues with KeyPairGeneratorSpec
(e.g., naming of certificate-related methods) and KeyStoreParameter.
This also makes the transition to API Level M more clear for existing
users of the AndroidKeyStore API. These users will only have to deal
with the new always-mandatory parameters (e.g., purposes) and
sometimes-mandatory (e.g., digests, block modes, paddings) if they
switch to the new API. Prior to this CL they would've had to deal with
this if they invoked any of the new methods of KeyPairGeneratorSpec
or KeyStoreParameter introduced in API Level M.
This CL rips out all the new API introduced into KeyPairGeneratorSpec
and KeyStoreParameter classes for Android M, thus reverting these
classes to the API launched in L MR1. This is because the new API is
now in android.security.keystore.KeyGenParameterSpec and KeyProtection
respectively.
Bug: 21039983
Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 622fd932fd33c6e86c86c8a24082674ad077a810 |
|
12-May-2015 |
Alex Klyubin <klyubin@google.com> |
Flatten KeyStoreKeyProperties constants.
This moves constants/flags declared in inner classes of
KeyStoreKeyProperties into KeyStoreKeyProperties, as requested by API
Council.
Bug: 21039983
Change-Id: I84a3c983e13644a027bed9f605ab8044220a352c
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 54bb1596e470144932943046ec7a99551d020ba0 |
|
11-May-2015 |
Alex Klyubin <klyubin@google.com> |
Add NonNull and Nullable annotations to AndroidKeyStore API.
This is to enable Android Lint and Android Studio to flag nullness
issues at compile time.
Bug: 18088752
Change-Id: I21033b8fcdd989d08c89b50685e47fbb9c74acbf
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 4d5443f37f2bc58be8d22ed50024c39a5a1fbc8f |
|
07-May-2015 |
Alex Klyubin <klyubin@google.com> |
Define String constants for AndroidKeyStore crypto.
This defines the String enum values based on JCA standard names for
key algorithm, block mode, padding schemes, and digests. This should
make it safer to interact with AndroidKeyStore code that uses JCA
strings. This was requested by API Council.
Bug: 18088752
Change-Id: I241d9225a13b85479d0a84e49d0a98cbc77e5817
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 3798ed5e0b56ab03e7022a9922b50a4a25474033 |
|
03-Feb-2015 |
Robin Lee <rgl@google.com> |
Device Policy API to choose a private key silently
Support for certificate chooser (keychain) to first query a profile
owner (if one exists) for a silent credentials grant which will be
passed back to the caller as an alias.
Bug: 15065444
Change-Id: I0729b435c218b7991e6cb5faedefb7900577afcc
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| cd2329dbfa5aef82c38ffa36a478bbaf5088af92 |
|
15-Jan-2015 |
Alex Klyubin <klyubin@google.com> |
Remove DSA support from Android KeyStore and KeyChain.
We're switching from OpenSSL to BoringSSL which does not support DSA.
Bug: 17409664
Change-Id: Id9b52666ba9ef234076105c925610b5b312988a5
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 9d2d6b6b4b1b16221cbd857703cd6301c6bf873c |
|
26-Nov-2014 |
Kenny Root <kroot@google.com> |
Track change to Conscrypt
Change-Id: I8814fd0720acf09332927f184fdd9b2cdac4f413
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| f0ae135049048424bceccb0799b12377181b25f0 |
|
18-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Extend IKeyChainService AIDL with CACert retrieval
Bug:16029580
Change-Id: I41a3bd2f3bd95550e59f1d0d0acd0e765d7b62d7
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 3291de8f6c8bc7ffa5992a2a5a5c2cf8bb0adf4b |
|
15-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Revert "Revert "Revert "Revert "Update Trusted Credentials screen in settings"""""
This reverts commit c9249c69813c6fb889d71d84583c67ae2942e6de.
Change-Id: I5504fddaf7b18efb73cd6c76678b3b39ce9b0229
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| f8d72cc14f70f5af13342c4c7b107a8ab60dfe23 |
|
15-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Revert "Revert "Revert "Update Trusted Credentials screen in settings""""
This reverts commit 87efe74e092236c372d3b6909009641123aa416a.
This should be fine now with all the dependency CLs +2-ed
Change-Id: I96ad14ad5ff81e6b5391035cb6c5a62339c6cc40
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| f75aadc028f2e79541a269bf2c74dcb3482e2ec7 |
|
15-Aug-2014 |
Narayan Kamath <narayan@google.com> |
Revert "Revert "Revert "Update Trusted Credentials screen in settings"""
This reverts commit 19c8ce291e89a9ef1442a20e1feab421b11536d7.
Change-Id: Ie5a5571127311e0a29f314c0566e779cfe940b53
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 1e7bc0def8c62b91d3eb985a51bec54063ce83f5 |
|
15-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Revert "Update Trusted Credentials screen in settings""
This reverts commit 0f0de0bdd021bad5f85fdb0399a4ea91a1611e25.
Change-Id: Ia3d0907e3d7c2ec42d64e45f60e3dfaffb932c3d
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 678e3ecc937c00969830700dffb42fb1ee232f7c |
|
07-Aug-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Revert "Update Trusted Credentials screen in settings"
This reverts commit 4fde5aa9fab931d9becfc49f7d7b8526ad5640d9.
Change-Id: I581c38d64e9829b0079bafa42615f2aa0bf64763
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 1386627335a79dd02fb34db344e63ca3abfce013 |
|
15-Jul-2014 |
Zoltan Szatmary-Ban <szatmz@google.com> |
Update Trusted Credentials screen in settings
Trusted credentials for both the primary user and its managed profiles are shown
on the Trusted Credentials fragment. All functionalities (e.g. disabling/enabling
of certificates) remain available.
Bug: 16029580
Change-Id: Ia92ae02d8c572bf4a3be172f6c255726cefc0fa1
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 306fe08ce2b06671336e67a87afaa0851f0105eb |
|
19-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Revert "Publish DevicePolicyManager CA certificate APIs""
This reverts commit 792b270dbdc980cfe04e8d461bf00a1f45b5e936.
Change-Id: I18c7e0eca39868230cd8e4f4bbeb3c44ff9e8b78
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 2b5e917026fe4e6dec8712ee24bdffee8d62ab33 |
|
18-Jun-2014 |
Robin Lee <rgl@google.com> |
Revert "Publish DevicePolicyManager CA certificate APIs"
This reverts commit 5260bf69946563dc47c17e7441b352adfce384c5.
Change-Id: I5e44fdac8a7375576b25171f58e31a1fa0e3c569
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 837304f6f6ae37dc475fa6e0e620f1c2321f2e11 |
|
11-Jun-2014 |
Robin Lee <rgl@google.com> |
Publish DevicePolicyManager CA certificate APIs
Exposes these methods:
- hasCaCertInstalled
- hasAnyCaCertsInstalled
- installCaCert
- uninstallCaCert
Allows device and profile owners to perform some certificate management
including querying for and enabling/disabling specific CA certificates.
Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| a365906e670c89674fb3383b5bcb33e682910c29 |
|
18-Mar-2014 |
Kenny Root <kroot@google.com> |
Use the correct package name for CHOOSER
Bug: 13013106
Change-Id: I1f715de18e7108274f5a98234376d48c2d329438
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 1a88d834e8f7d21e714121c011fec82369a2e9f1 |
|
07-Feb-2014 |
Kenny Root <kroot@google.com> |
KeyChain: add explicit package for getPrivateKey
Bug: 9964538
Change-Id: If67c1938e9506d4fa81b241bcbce2193d1b194ef
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| b91773bce1126d28a93f73fbef18f3a79245f24e |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| da51e68e582ffa017543982297c831680d201a91 |
|
09-Aug-2013 |
Maggie Benthall <mbenthall@google.com> |
Add methods for managing CAs to DevicePolicyManager(Service)
Guard install/uninstall by enforcing that the caller have the new system-only permission MANAGE_CA_CERTIFICATES.
Also include API methods for asking whether there are any User CA certs
installed, or if one by a particular name is installed in the keystore.
CA certs will be installed via KeyChain into the TrustedCertificateStore.
Bug: 8232670
Change-Id: I17b47a452e72eb4fe556dc6db823a46c6e854be8
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| cfba6a07fd24559bfb6bb51007520b8ca3cd5c48 |
|
07-May-2013 |
Kenny Root <kroot@google.com> |
Track change in NativeCrypto
(cherry picked from commit 4b30e3391bda250975b43af43bad58c98fa73f84)
Change-Id: I9eed3895d78c6906f7d29d325075cf1df48fd123
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| e9ae6822a80cb1f3bd13c785f1727c03d35da52e |
|
30-Apr-2013 |
Kenny Root <kroot@google.com> |
resolved conflicts for merge of 1f6e789b to jb-mr2-dev-plus-aosp
Change-Id: I06c05d637613215b6d83df3e29cd495f6a5a0176
|
| 12e752225aa96888358294be0d725d499a1c9f03 |
|
24-Apr-2013 |
Kenny Root <kroot@google.com> |
Track change to JSSE provider
Change-Id: I35e824e47ad758ab6408e91e2ba5dcda053a82f5
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 5b7e90ac937857c10a3d49b244ec75ca539b9a22 |
|
02-Apr-2013 |
Kenny Root <kroot@google.com> |
Add API to query KeyChain algorithm support, pt. 2
Late-breaking comments on API name. Revised.
Bug: 7095660
Change-Id: I7224d9c8a4f84a272360ede78a18bfb72d8aeb77
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| bf556ac636a39c1d0fe5451a921b88400dd1c695 |
|
02-Apr-2013 |
Kenny Root <kroot@google.com> |
Add API to query KeyChain algorithm support
Bug: 7095660
Change-Id: Ia87caaa33bc01b032130811833f0a3c4f75b62d4
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 0150e48200a967aead3c2ac6f1283ae2df54c305 |
|
14-Feb-2013 |
Kenny Root <kroot@google.com> |
KeyChain: return null instead of throw
The API documentation says it will return null if the key isn't found.
We get null back from the keystore daemon when it can't retrieve the
data, so just return null back to the API caller.
Change-Id: I42248bd50cbc5f76864bd762aae3faab1c50529d
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 54e03afcfe34e9875efa56650c1af3ebc8f58a89 |
|
07-Aug-2012 |
Kenny Root <kroot@google.com> |
Use TrustedCertificateStore for chain building
Move chain building to TrustedCertificateStore since it has more
information about the certificates.
Change-Id: I3030e94eb1abb8a2047a4151bdaad9922706dd0f
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 5423e68d5dbe048ec6f042cce52a33f94184e9fb |
|
14-Nov-2011 |
Kenny Root <kroot@google.com> |
Add signing to keystore
Change the keystore to keep the private keys in keystore. When returned,
it uses the OpenSSL representation of the key to allow users to use it
in various operations through the OpenSSL ENGINE that connects to
keystore.
Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 1cedb47e18a3acb322914e1963285882dc77d9ba |
|
15-Mar-2012 |
Selim Gurun <sgurun@google.com> |
Merge "Make the credential storage change action public."
|
| fcdccac49067e4cc60567ee93ccf1b62e74477fb |
|
02-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Remove obsolete KeyChain references to USE_CREDENTIALS (2 of 2)
Change-Id: Ic8a22ce3a9010b8378af044e611bf787e15f6227
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| e57319ff880c43b44aaab4905dc8997d97827520 |
|
17-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Make the credential storage change action public.
Bug: 6009802
When the credential storage changes, (adding/removing certs,
resetting the storage, enabling/disabling trusted CAs, etc), the
applications that use the storage has to be made aware of the
fact that the storage changed, so they can clear any cached state,
close connections or take any other actions. Internally, this
applies to webview. However, applications, potentially including
3rd party browsers, also need this information.
Change-Id: I765b97a3f38f45247ee3f6e127b490388d373847
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 93ba4fedebb78ba47c24e8472c8960ea8fdc933a |
|
14-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Act on credential storage updates.
Bug: 6009802
Cherry pick fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
Listen to credential storage updates and clean state when necessary.
Change-Id: I2c63e6771e9373da8b39781fdcf3d21583c4e3b2
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 43e41580e4c700e970cc5e62180a767ab424da6d |
|
16-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Revert "Act on credential storage updates."
This reverts commit fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1 |
|
14-Feb-2012 |
Selim Gurun <sgurun@google.com> |
Act on credential storage updates.
Bug: 6009802
Listen to credential storage updates and clean state when necessary.
Change-Id: I48f2e7d6e036882c2b4a29fbd357ca018fd4e4c7
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| ab8b84ad3847788d83da557606aa27d4102e6b52 |
|
13-Jul-2011 |
Fred Quintana <fredq@google.com> |
Make the KeyChain handled its own grants rather than having
AccountManagerService handle them.
Change-Id: I89d272b22766f85019c1f947153d69e6dbb74c68
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 74e6bd7b7783fb506d7525e9ba40aac980745eaf |
|
06-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Merge "New KeyChain API for credential installation"
|
| db93b78385d694402760ad63de0795f3902030d9 |
|
01-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Build cert chain in KeyChain.getCertificateChain
Bug: 4970298
Change-Id: Id91391233528edc2a4da5ebe92ec85d381f170de
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| ca43c458ad0ee8cfa7f5eabc8ba1a65ae473976b |
|
30-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
New KeyChain API for credential installation
Bug: 3497064
Change-Id: Ie5c20e87a436b7ab66258d08b719ab8bb1f1d86d
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| a00a2b33ccc6bc079c3ee57a938f62947b48a001 |
|
29-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
KeyChain API for credential installation
Bug: 3497064
Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 67c30dfe8e4bff11a4660ac23e8679b5deb59457 |
|
24-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5)
frameworks/base
Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply
preferred choice to be selected in chooser. This allows Email
settings to highlight the current choice when allowing user to
change settings.
keystore/java/android/security/KeyChain.java
api/current.txt
Implemented KeyChain functionality to pass host and port
information to KeyChainActivity for display.
keystore/java/android/security/KeyChain.java
KeyChain now sends a PendingIntent as part of the Intent it sends
to the KeyChainActivity which can be used to identify the caller
in reliable way.
keystore/java/android/security/KeyChain.java
Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse.
Added Credentials.install variant with no value for use from KeyChainActivity
keystore/java/android/security/Credentials.java
packages/apps/CertInstaller
Source of extension constants now in Credentials
src/com/android/certinstaller/CertFile.java
packages/apps/Browser
Have browser supply host and port information to KeyChain.choosePrivateKeyAlias
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/browser/Tab.java
packages/apps/Email
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/email/view/CertificateSelector.java
packages/apps/KeyChain
KeyChain now depends on bouncycastle X509Name for formatting
X500Principals, since the 4 X500Principal formatting options could
not format emailAddress attributes in a human readable way and its
the most important attribute to display for client certificates in
most cases.
Android.mk
Changing the UI to a dialog, make the activity style transparent.
AndroidManifest.xml
res/values/styles.xml
Layout for chooser dialog
res/layout/cert_chooser.xml
Layout for list items in chooser
res/layout/cert_item.xml
New resources for dialog including comments for translators.
res/values/strings.xml
New dialog based KeyChainActivity. Now also shows requesting app
and requesting server. Now can preselect a specified alias. New
link directly to CertInstaller.
src/com/android/keychain/KeyChainActivity.java
Fix KeyChainTestActivity to work with TestKeyStore changes that
were causing network activity on the UI to look up the name of
localhost. Also track KeyChain.choosePrivateKeyAlias API change.
tests/src/com/android/keychain/tests/KeyChainTestActivity.java
Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 42f6528b988e3ae320cda63a2bd63d30d9e56183 |
|
10-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
New KeyChain API for application access to keystore credentials
The KeyChain API is Currently in use by Browser and validated by Email
for client certificate authentication.
Change-Id: Ifeab416be594457a05747406e31656e71795cb53
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 93201f545b67da15cb69830a5988810aef52c0b2 |
|
10-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
KeyChain API refinements
Change-Id: I177ab4642e6cd1aa13526c14f0a707175fd79655
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 9d7faa91be6661eccf73494f1ab96ae9a28d42d7 |
|
07-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Change KeyChain to assume PEM encoded keystore entries
Summary:
- Changed KeyChain to assume PEM encoded keystore entries
- Moved convertToPem from CertInstaller for reuse with other Credentials helpers
- Added convertFromPem for use decoding keystore entries
Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| ba1a667b1d6c95050f6c88316ac58fe9e0ff878b |
|
25-May-2011 |
Brian Carlstrom <bdc@google.com> |
Remove need for onActivityResult from KeyChain API
Change-Id: I97bb9db06978f6dc039d22bfee116671d7b3e336
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| d752472d9abf03fda637d43716bc6bd632e1f5c3 |
|
18-May-2011 |
Brian Carlstrom <bdc@google.com> |
Move to KeyChain.bind
Change-Id: Ic3c6e0e9be9bcfdc882cf97cec38cca70b23d0a1
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| 8e9929c4d0730de4c9f01435a7cfe2db8855e24d |
|
17-May-2011 |
Brian Carlstrom <bdc@google.com> |
Simplify KeyChain API by removing now unneeded CA certificate lookup (1 of 3)
frameworks/base
Remove getCaCertificates and findIssuer from IKeyChainService,
these are now done via libcore's TrustedCertificateStore (as part
of the default TrustManager implementation)
keystore/java/android/security/IKeyChainService.aidl
Simplify KeyChain API. Now that the CA certificates are visible
through the default TrustManager, the KeyChain is solely focused on
retrieving PrivateKeys and their associated certificates. The
calling API for KeyChain to simply a single KeyChain.get() call
that returns a KeyChainResult, removing the need for a KeyChain
instance that needs to be closed.
keystore/java/android/security/KeyChain.java
keystore/java/android/security/KeyChainResult.java
master/libcore
Remove getDefaultIndexedPKIXParameters and
getIndexedPKIXParameters which was used as part of the prototype
of looking up CAs via the KeyChain but is obsoleted by the new
default TrustManager implementation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
packages/apps/KeyChain
Tracking simplified IKeyChainService, removing now unneeded
implementation, updating tests.
src/com/android/keychain/KeyChainService.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
tests/src/com/android/keychain/tests/KeyChainTestActivity.java
Change-Id: I847b28c2f467c85f24d2b693a2fecc1cb46426b4
/frameworks/base/keystore/java/android/security/KeyChain.java
|
| b9a07c18e678da35b4c2a618b315fa174a21e818 |
|
11-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Adding KeyChain API and IKeyChainService
Change-Id: Id3eaa2d1315481f199777b50e875811e3532988a
/frameworks/base/keystore/java/android/security/KeyChain.java
|