a2a4bb3b309789fb50a15443a60b4039bc75250b |
20-Mar-2018 |
Eran Messeri <eranm@google.com> |
Inform the user about the implications of installing a CA certificate Tell users that installing a CA certificate potentially allows the issuer of said CA certificate to intercept all traffic to the device. Broadly, users that install a CA certificate via the settings menu should understand what the certificate is capable of doing. However, apps can trigger the intent for installing a CA certificate and may trick an unsuspecting user into installing a CA certificate without telling the user what that implies. Notify the user that the CA certificate can be used for intercepting traffic if it's installed for 'VPN and apps' (a system CA). It should be noted that since N, Android apps no longer trust locally-installed CA certificates by default. However, many apps (such as Chrome) intentionally opt-in to trusting such certificates. See https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html for more context. Bug: 73757661 Test: Manually Change-Id: Ibbd28faad763ba29651d4ed3b00caead3d7ad18f
ertInstaller.java
|
e3da75d1d60441b8f778bbd8f3da963c14c26111 |
27-Feb-2018 |
Adam Vartanian <flooey@google.com> |
Merge "Limit cert file reading to 10MiB." am: ae1a16bd41 am: 3500e1ce00 am: 451eb26688 Change-Id: Ibf5ca6147628f6bcdba0e1c1305b5113679997e8
|
c8a7fa4a04aecb884f9dc5e88b714df9b715eb9e |
23-Feb-2018 |
Adam Vartanian <flooey@google.com> |
Limit cert file reading to 10MiB. We read the entire cert file into memory when installing it, so reading without a limit will cause OutOfMemoryErrors if the file is sufficiently large. This is not a security problem (if someone can trick the user into installing new certificates, crashing the cert installer dialog is by far the least impactful thing they could do), but it's nice to not crash. Bug: 32320490 Test: manual testing Change-Id: Ib8dbfe06304481fd682297c680841705b8c4ad7c
ertInstallerMain.java
|
2d206b21a7f8bf60ac5d3d20d058192330889440 |
15-Oct-2017 |
mukesh agrawal <quiche@google.com> |
WiFiInstaller: catch exceptions on both delete paths am: 881958d4b9 am: f3ba2e7812 Change-Id: Id0043d9ffb740b8dbe27779712fec7ceace94c11
|
881958d4b9d28e8723c70a51bec3b9f1544d8e77 |
12-Oct-2017 |
mukesh agrawal <quiche@google.com> |
WiFiInstaller: catch exceptions on both delete paths WiFiInstaller provides the ability to automatically install a Passpoint configuration, if that configuration is served using the 'application/x-wifi-config' MIME type. Before installing the configuration, WiFiInstaller reads the configuration data into memory, and then attempts to delete the file. If the file was provided using the DocumentsContract API, then a failure to delete will be caught and logged. The installation of the configuration can still succeed. If, however, the file was provided using a ContentResolver, then a deletion failure causes the install process to fail. When Chrome is used to download a Passpoint configuration from a Passpoint provider, we see that the install reliably fails. The failure occurs because the config file is a) not provided using a DocumentsContract, and b) can not be deleted. To resolve the failure, we handle a failure to delete a ContentResovler-provided config the same way that we handle a failure to delete a DocumentsContract-provided config. Namely: catch the exception, log the failure, and continue to install the config. We will work separately to determine why this problem is only now surfacing. (We suspect some change in the way that Chrome provides the file to WiFiInstaller.) BUG: 66971720 Test: manual Manual test ----------- 1. flash build with changes onto device 2. open passpoint.boingo.com in chrome 3. scroll to bottom of page 4. tap 'Create Profile' 5. enter username and password from bug 6. tap 'Download Profile' 7. see 'Chrome needs storage access...' prompt 8. tap 'CONTINUE' 9. see 'Allow Chrome...' prompt 10. tap 'ALLOW' 11. see 'Install Wi-Fi credentials' prompt 12. tap 'INSTALL' 13. see 'Credentials installed' dialog 14. adb logcat -d | grep 'could not delete' 10-12 17:23:23.759 17030 17030 E WifiInstaller: could not delete document content://com.android.chrome.FileProvider/downloads/BoingoPasspointProfile (last step confirms that this patch was necessary) Change-Id: I5cc4ac9cec8d6942f64ede696ccac3a6d9204922
iFiInstaller.java
|
15b2079f70c047f64a33188ce35ecdeccb59ae65 |
22-Jun-2017 |
Daichi Hirono <hirono@google.com> |
Add config to switch auto-approval for user cert If a device does not have the lock screen, the auto-approval feature needs to be disabled to pass CTS verifier tests, because there is no way to show the cert notification after auto-approved. Bug: 34111731, 62387735 Test: Ca Cert Notification Test Change-Id: I55a0afc9573e1762547bb2a264fa01c5ffc2e077
redentialHelper.java
|
ce2f732baab55688df7f1700898336b714c8ef23 |
24-Apr-2017 |
Rubin Xu <rubinxu@google.com> |
Fix crash in CertInstaller Create dialog view before accessing its subview. Bug: 37295281 Test: Manually install malformed pkcs12 files from the bug above. Change-Id: I3a8eb039707b4ea8a1ce6c7cafe4eb0541499515
ertInstaller.java
redentialHelper.java
|
12e6eea983e5b077b28a67b421327335324aee39 |
13-Mar-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "WiFiInstaller: update usage of WifiManager#addOrUpdatePasspointConfiguration"
|
839309913316a9a768f51700d662bb232e9acf90 |
09-Mar-2017 |
Ben Lin <linben@google.com> |
Update DocumentsContract call to ensure thrown Exceptions are handled. Test: Build compiles properly. Bug: 36023174 Change-Id: I3dcb3def5877d4a4c5ba4d12ec60ccb4b77426ea
iFiInstaller.java
|
b421a4a14c2f7b72b47b2e8c30999c8a8805fa07 |
06-Mar-2017 |
Peter Qiu <zqiu@google.com> |
WiFiInstaller: update usage of WifiManager#addOrUpdatePasspointConfiguration WifiManager#addOrUpdatePasspointConfiguration is updated to return void and throw exception on failure instead of a boolean, so update the callsite accordingly. Bug: 35856174 Test: make -j32 Change-Id: Id56ee82916397a26432a22addfb59ffddddefe79
iFiInstaller.java
|
ce31c594ff0e3a82923d719a03940293422ac02b |
02-Feb-2017 |
Peter Qiu <zqiu@google.com> |
WiFiInstaller: Passpoint API rename update ConfigBuilder has been renamed to ConfigParser to avoid confusions with the builder pattern used in the Framework API. So update the callsite accordingly. Bug: 34862444 Test: None Change-Id: I71d61a7e6c0a44b7004ca83f927eda008d02cb25
iFiInstaller.java
|
15eb8cad9a117e7e3d2bf37d44bc721df3c56019 |
25-Jan-2017 |
Peter Qiu <zqiu@google.com> |
WifiInstaller: use updated PasspointConfiguration APIs PasspointConfiguration APIs are updated to use private variables with public accessor methods instead of public variables. So update the code to use the accessor methods instead of using variables directly. Bug: 34627062 Test: make -j32 Change-Id: I96e06a16440eba02ea2d39db1ef5a0e5016e0f7a
iFiInstaller.java
|
a88d7852fdca57f52cd91b912be445f042ef4901 |
16-Dec-2016 |
Peter Qiu <zqiu@google.com> |
WifiInstaller: Passpoint configuration API update WifiManager#addPasspointConfiguration is renamed to WifiManager#addOrUpdatePasspointConfiguration. So update the callsite accordingly. Bug: 33587910 Test: make -j32 Change-Id: I29c64ee5ee68db5449d0e46c90436e8555e672e4
iFiInstaller.java
|
54a13951da47e32f10e6f108f311f4f3d542eb63 |
25-Oct-2016 |
Peter Qiu <zqiu@google.com> |
WifiInstaller: use new Passpoint API New API is added to WifiManager for provisioning Passpoint configurations, so use that API instead of using the API for adding Wifi networks. Additional changes: - Remove the restriction on only allowing the installation when WiFi is enabled, since the new APIs have no such limitation and the installation of a configuration should not depend on the state of the WiFi. - Previously, the configuration file deletion was done by the parser (in WifiService). This doesn't make sense since the configuration data file is owned by the app not the parser. So instead, the file will be deleted by the app (WifiInstaller). Bug: 32282288 Test: Download and install a Boingo profile Change-Id: I4af737f25cbe2e5c815a9abe83f98cc13970a2cc
iFiInstaller.java
|
89703ddeb050ce3f7163948574e1152fbd949ff7 |
14-Jun-2016 |
Rubin Xu <rubinxu@google.com> |
Skip non KeyEntry from PKCS12 file during extraction. Change-Id: I76880fc3a39c092cfc007450f59c477a2bdaf48e Fix: 29315994
redentialHelper.java
|
38856d6bd1acc648b18aceb9af4d68e25f314fb6 |
13-Apr-2016 |
Victor Chang <vichang@google.com> |
Approve CA certs automatically in CertInstaller - Since the cert is installed by real user, the cert is approved by the user - It avoids cert pending approval notification posted by DPM - Also, show screenlock only it has ca certs Test: - if no screenlock, it doesn't ask user to unlock. User will be asked to set a screenlock after naming the cert - work chanllenge is shown if the cert is installed from work profile Bug: 28161447 Change-Id: I3eea305fc6d8023f7a30a1644b7b0c2a873a3b75
ertInstaller.java
redentialHelper.java
til.java
|
5e8156f9c9ed774b570154b0bb61a9e543ba8c3d |
23-Mar-2016 |
Rubin Xu <rubinxu@google.com> |
When installing client cert, do not add CA certs to trusted credentials Bug: 18239590 Change-Id: I10b056c3bb86fdc371e92f0b2313425f9d1e125f
ertInstaller.java
redentialHelper.java
|
55e502076150f9ccde2af7e2c5e0ad4468b10c26 |
21-Mar-2016 |
Aga Wronska <agawronska@google.com> |
Add back DocumentsContract.EXTRA_SHOW_ADVANCED flag, because it was brought back to DocuemtnsUI Revert "Fix build break from removal of DocumentsContract.EXTRA_SHOW_ADVANCED" This reverts commit d31bf9e911fd006736ce74b870d0cad4896ff5f9. Bug: 27683276 Change-Id: I92c631461f0201552d2df39e3347af9b2b6b3d71
ertInstallerMain.java
|
1cfd4a00b6caffcddf94c1c8e07ec1fe726c636e |
02-Mar-2016 |
George Mount <mount@google.com> |
Fix build break from removal of DocumentsContract.EXTRA_SHOW_ADVANCED Change-Id: Ibd4b5e5f01042c3b126499f98020606327faa10d
ertInstallerMain.java
|
1925ce864d3e465ed6f5259aa035401e8d937a70 |
22-Feb-2016 |
Robin Lee <rgl@google.com> |
Merge "Skip password dialog if PKCS#12 has no password" into nyc-dev
|
6f511d4f1c698350f3e2bffcd6d7a90d01eb47cd |
22-Feb-2016 |
Robin Lee <rgl@google.com> |
Trust CA certificates added for the whole OS only Excludes any CA certificates installed for wifi-only from being used for anything else. Does not take effect retroactively against certs which were already installed. The CAs will continue to be saved to a part of the keystore accessible by services running under WIFI_UID. Bug: 26324357 Bug: 25780055 Change-Id: Ifeb9daf24c9f9a22b2b2daf247d5622c707c9885
ertInstaller.java
redentialHelper.java
|
69f2f0bd44b702debf8503236fcf3dc1a9eb26c5 |
12-Feb-2016 |
Robin Lee <rgl@google.com> |
Skip password dialog if PKCS#12 has no password Just an extra unnecessary step for the user, eg. in the case of a file generated locally just as an interchange format. Bug: 27155157 Change-Id: Iafb948172e6a8d33b1742a06e5d0c69dc0658d78
ertInstaller.java
redentialHelper.java
|
aff933748edf3d4e9ea0a5ed6adc03fdbb748207 |
12-Jan-2016 |
Jan Nordqvist <jannq@google.com> |
Drop checks for locked WiFi key store when installing keys/certs. The security provided by the PIN lock is not considered to provide any added value over disk encryption for the protection of the WiFi key store. In addition the PIN lock is major hurdle for onboarding 802.1X users who do need a trust cert installed. BUG=25887356 Change-Id: Ifb8004679ab6b1f155751ff18e29be27e4dce65f
iFiInstaller.java
|
33c079a90b605b550b04915be70217f7a3fe61b6 |
13-Oct-2015 |
Vinod Krishnan <vinodkrishnan@google.com> |
Nemo CTS: Call the right class for SSL Bug: 24305493 Change-Id: I9486c96aa531f72ae7dee1282903bc96eb7faf1c
ertInstaller.java
redentialHelper.java
|
909641b23712b9066b514442b236dfc47c1e3279 |
05-Aug-2015 |
Sanket Padawe <sanketpadawe@google.com> |
Offload time consuming task to background while installing HS profile. + Avoid Wifi api calls when wifi is disabled. Bug: 22921398 Change-Id: I21b0db5b2926c4bbd5473d84855ec1ef2e83734b
iFiInstaller.java
|
fb90c6fc3726b1bcfdbb2bd3db03c731a5316790 |
01-Aug-2015 |
Jan Nordqvist <jannq@google.com> |
Added logging in a few error paths for wifi config installation. Bug: 22790527 Change-Id: I8f4bb40a572ae4e7f855e4bf4b028f9b889c5af1
iFiInstaller.java
|
580c5f5ab98c391d113db67c6a304e4dd179f508 |
09-Jul-2015 |
Jan Nordqvist <jannq@google.com> |
Allowing rewrite of Passpoint credential. Bug: 21779835 Change-Id: I5b551f332f6d487896359147137cb1fc605b109a
iFiInstaller.java
|
e44e990b25d2d29062c9cb9cd160a6361f71e6fe |
23-Jun-2015 |
Jan Nordqvist <jannq@google.com> |
Fixed missing white-space. Change-Id: Ie2a5eb7367b79d6c38a2af7bddd82fbc5bee3a26
iFiInstaller.java
|
477d2ea4810dea406ffb285f778186e40e871018 |
23-Jun-2015 |
Sanket Padawe <sanketpadawe@google.com> |
Merge "Add dialog when installing HS 2.0 credentials while wifi is off." into mnc-dev
|
66177c3dfd449df65b3fdafdd2921c38c6385db4 |
23-Jun-2015 |
Sanket Padawe <sanketpadawe@google.com> |
Add dialog when installing HS 2.0 credentials while wifi is off. Bug: 22010833 Change-Id: Ic59fbf7ec197bc4431508c7d1d495c047c0e20cc
redentialsInstallDialog.java
iFiInstaller.java
|
0694d5c4498466208bb21df6197787a6c12c7fba |
23-Jun-2015 |
Jan Nordqvist <jannq@google.com> |
Catching runtime exception in WifiInstaller. Bug: 21958895 Change-Id: Ia483c9307e653e88d7d6050ef70963093f1b5f2b
iFiInstaller.java
|
a1e4110e70501f98c05a4a3c3c2832f32c48607b |
03-Jun-2015 |
Vinit Deshpande <vinitd@google.com> |
am 756c09a..655de81 from mirror-m-wireless-internal-release 655de81 EXTRA_MIME_TYPES is String[], not Object[]. Change-Id: I906d281e7f2a87be127aa281eb79098adbc66996
|
122def31973a25d878f33ce59288792aea27a32d |
14-May-2015 |
Sanket Padawe <sanketpadawe@google.com> |
Hotspot 2.0 credential UI code Bug: 20182930 Change-Id: Iaac91833555f399acf8746ba11dd3007022205bd
redentialsInstallDialog.java
iFiInstaller.java
|
655de814c465f4e20cfb122cf4c6d9a5670562aa |
18-Apr-2015 |
Jeff Sharkey <jsharkey@android.com> |
EXTRA_MIME_TYPES is String[], not Object[]. Bug: 20299782 Change-Id: I532225717c913ecc340edfdfe8fc974c778d495b Cherry pick from master. b/20126912
ertInstallerMain.java
|
62d9c4356a79c4d1ddf0621c8707bd0141365b63 |
24-Apr-2015 |
Etan Cohen <etancohen@google.com> |
Merge commit '7c543b7' into merge2
|
756c09a808d0bc6cb3e4144a7c56b0391ef7ee11 |
24-Apr-2015 |
Jan Nordqvist <jannq@google.com> |
Removed some logging. Change-Id: I946091ae1a1aecc34fc890564b9d98fe6d1872f1
ertInstallerMain.java
iFiInstaller.java
|
324ea236c2dfdc0593b0047eddf3a37dff1cb3fb |
18-Apr-2015 |
Jeff Sharkey <jsharkey@android.com> |
EXTRA_MIME_TYPES is String[], not Object[]. Bug: 20299782 Change-Id: I532225717c913ecc340edfdfe8fc974c778d495b
ertInstallerMain.java
|
7c543b71d8b60d2e2885c361ef73481c8f1eb27f |
17-Apr-2015 |
Jan Nordqvist <jannq@google.com> |
Changed logging tag. Change-Id: Ibdfeed92805bde4cd7ac0a7ffdd239cb467cbbfd
iFiInstaller.java
|
8eca13babaafda875ad715c716371513002ed31e |
16-Apr-2015 |
Jan Nordqvist <jannq@google.com> |
Launching PIN entry dialog if keystore access is required and the keystore is locked. Change-Id: I723f741176fb776e8791bd4f838140d109139493
iFiInstaller.java
|
994932f1949316fe5520d6c690e6bd9b49b88ba6 |
26-Mar-2015 |
Jan Nordqvist <jannq@google.com> |
Basic WiFi config installer app. Change-Id: I12e26955f4057db7a1772eacfec6ce9fa58f4437
ertInstallerMain.java
iFiInstaller.java
|
b34887b7eea710fe6897e6e4f4f1994c710c9ad3 |
11-Sep-2014 |
Sungsoo Lim <sungsoo@google.com> |
Fix build Change-Id: Idf9385e3f4f844fabd795fc634740f929497a19b
ertInstallerMain.java
|
2482baf745fb3cd9aca6aff8b29fe13adde622e5 |
11-Sep-2014 |
Kenny Root <kroot@google.com> |
am b3f3f024: am 9fa804c6: am 26e6becc: am 69506291: resolved conflicts for merge of 48d20b70 to klp-dev * commit 'b3f3f024fc092114421e70b5b0f40c49d586fd48': Check component class instead of action
|
695062916d4fdc01efbf7e4e925ff1fea636f8c3 |
11-Sep-2014 |
Kenny Root <kroot@google.com> |
resolved conflicts for merge of 48d20b70 to klp-dev Change-Id: Ie07b8ef90a2447f26cdef5b30169793416bfbc0c
|
19d80c1b3e5410202e94884db0a76fc8f9574c57 |
19-Jun-2014 |
Julia Reynolds <juliacr@google.com> |
Merge "Block certificate installation if user restriction enabled."
|
5aac53173509f394e67acd75b98c4d0731c86f76 |
08-May-2014 |
Kenny Root <kroot@google.com> |
Check component class instead of action Ensure the called intent was filtered for permission by ActivityManagerService by checking the ComponentName instead of the action. (cherry picked from commit 38a956408f45c9a7cbb48b79c67257b9207fda30) Bug: 14441285 Change-Id: I3a848ef2375ddfa7c9b35389524419993a6b3693
ertInstallerMain.java
|
b7fe475f26f62a2d6d846922a0ff3ea8f823d735 |
12-Jun-2014 |
Julia Reynolds <juliacr@google.com> |
Block certificate installation if user restriction enabled. Bug: 14081992 Change-Id: Ic7f04cc3555144512ca100b31d77ddec15e28546
ertInstallerMain.java
|
38a956408f45c9a7cbb48b79c67257b9207fda30 |
08-May-2014 |
Kenny Root <kroot@google.com> |
Check component class instead of action Ensure the called intent was filtered for permission by ActivityManagerService by checking the ComponentName instead of the action. Bug: 14441285 Change-Id: I3a848ef2375ddfa7c9b35389524419993a6b3693
ertInstallerMain.java
|
88ded90b784beb372c49b1187ee69bdd4595cd10 |
25-Oct-2013 |
Jeff Sharkey <jsharkey@android.com> |
Pick certificates using OPEN_DOC intent. Instead of blindly scanning just primary internal storage, use the new DocumentsUI intents to let the user select certificates from any storage backend. This includes both primary and secondary external storage devices. Bug: 11354402 Change-Id: Ia0b4bf1b30c83eb1a64b070cd2f99ad5e6498786
ertFile.java
ertFileList.java
ertInstallerMain.java
|
7de56669876ed330f0ab4e603619273de1f51048 |
17-Apr-2013 |
Kenny Root <kroot@google.com> |
Add spinner to select Wi-Fi For the regular installation path, we now need to show a spinner so we don't regress from previous behavior where we can install certs for wifi from the main installation screen. You can also get to this from the Wi-Fi AP list, so only show it when the intended use is ambiguous. Bug: 8600545 Change-Id: I8e9c905ff84142ed7c1f50bf77eb3fb5574f8df1
ertInstaller.java
redentialHelper.java
|
c3d5df9307977f27ca4048055f003282a7095ee8 |
13-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: remove old APIs Remove the call sites that don't have the flags specified. This is to ensure that callers know what flags they're setting. Bug: 8122243 Change-Id: I4b7a8b9327cde5cbfe30c28870f8c31376a5b690
ertInstaller.java
|
8823287fa10d30e3ebacf4a60befbef2a8cdef31 |
08-Apr-2013 |
Kenny Root <kroot@google.com> |
Allow multiuser use of keystore Since keystore has been refactored to let muliple users use it simultaneously, we can remove all the restrictions put into place to prevent it. (cherry picked from commit 89f8f9ab58947ba67f95c5784dc4288bf78a2fdf) Bug: 7249554 Change-Id: I05e8804e35d762ad473d1649fdba34e4182a2c68
ertInstaller.java
|
53622fc40b88047a1bc1f2dd6c97a5ad8e8c8f66 |
28-Mar-2013 |
Kenny Root <kroot@google.com> |
Add ability to install credentials as other UID We need the ability to install from the system UID to wifi UID to explicitly bind WiFi credentials to the WiFi profile. This adds the ability for Wifi Settings to invoke installation of a PKCS12 file for the wifi UID. Bug: 8183258 Change-Id: I26970e563d68311b60dcdc78cd529322c5807368
ertFile.java
ertFileList.java
ertInstallerMain.java
redentialHelper.java
|
5d45af7ce08042bae0ff7523fe894eac1c0ebc52 |
14-Feb-2013 |
Kenny Root <kroot@google.com> |
KeyStore: stop using state() Change-Id: I22daeb0f9873854af789a74ac3c7da2a32e34475
ertInstaller.java
|
fba4bf924c4655024d6175523f3112fc09e7affc |
16-Sep-2012 |
Kenny Root <kroot@google.com> |
Do not allow non-primary user to install certs Change-Id: If0896215a4fe1fc0d982a74bd6fee8551e4671fd
ertInstaller.java
|
99b10f59dd827314bd7fc124d6d0a84c56351ce2 |
05-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Tracking upgrade to bouncycastle 1.47 Change-Id: Ic6744ae517ab1d3b49de45edd05979dd164bfade
redentialHelper.java
|
83df03c8f5d61d37e2fda501c67937f970b7af0c |
16-Apr-2012 |
Brian Carlstrom <bdc@google.com> |
Allow empty passwords when installing from a PKCS#12 file Bug: http://code.google.com/p/android/issues/detail?id=28189 Change-Id: I6ce96eba0e7e583e49a17179d3f3c66df5f13a29
ertInstaller.java
|
f4616bf8c0b3bff8863d627c3c003fa9234cb225 |
31-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Broader support for KeyChain.EXTRA_NAME Previously EXTRA_NAME only supplied the default name when used with KeyChain.EXTRA_CERTIFICATE. It now also provides the default name with KeyChain.EXTRA_PKCS12, overriding the value found within the PKCS#12 file. In addition, will be used as the default alias name when credentials are installed from external storage as opposed to via an extra. Bug: 6129421 Change-Id: I63c06a866fc62bfa56636011b766d3dcae7764bd
ertFile.java
ertInstallerMain.java
redentialHelper.java
|
7d99ba835013491e9d3d540a937e5e0a742b1ab4 |
08-Mar-2012 |
Kenny Root <kroot@google.com> |
Convert to new KeyStore format The keystore no longer stores private keys in the clear, so it shouldn't have its private key material in PEM. It will just be an opaque handle for a private key. Change-Id: I939169338d0f7dc39743c9904166454f2cad49cc
redentialHelper.java
|
885c0a68bb4a91d461914c43c2e42a565394aa59 |
03-Feb-2012 |
Shuhrat Dehkanov <uzbmaster@gmail.com> |
Remove PKCS12_PASSWORD_DIALOG and NAME_CREDENTIAL_DIALOG in order to correctly recreate it on onCreateDialog If an empty password or name is supplied for certificate password or certificate name dialogs, respectively, showDialog is called without removing them. As a result onCreateDialog is not called leaving the dialog without visible UI to the user. Steps to reproduce: 1. Put password protected certificate to the SD card. 2. Navigate to Settings > Security and initiate certificate installation. 3. Provide an empty password and press OK. 3.1. Provide an empty name for NAME_CREDENTIAL_DIALOG related issue. Change-Id: I83ffd680313eb9c69214113d3091a70910a80ae2 Signed-off-by: Shuhrat Dehkanov <uzbmaster@gmail.com>
ertInstaller.java
iewHelper.java
|
c256369ee7fe39051f35bc9b04dfad78f9644d80 |
13-Sep-2011 |
Ben Komalo <benkomalo@google.com> |
Make cert name selected by default. This makes it easy to replace if it's a big giberrish string. Bug: 5280250 Change-Id: Iaedee686a3c56133f4e417a40f9175a194181c6c
ertInstaller.java
|
c1615f66f7dbe5a76aefca862d96e0b5a6e123ff |
22-Jul-2011 |
Ben Komalo <benkomalo@google.com> |
Handle VIEW intents for cert installer Bug: 4556536 Change-Id: I1d3b8e4b80415e2df9dfe334f0d9e195ab0e19ff
ertInstallerMain.java
|
6952ee2bb146db2979aff3cfd6d18cbdebd8a7e9 |
22-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Rotation fixes for CertInstaller When rotating, the dialog would be dismissed, which the handler took as a user negative action and called toastErrorAndFinish. Fixed by having click handlers on the buttons themselves. Bug: 5051850 Change-Id: I5f1aeb6c918b2b7b6bebf096ee25ff8247b5877d
ertInstaller.java
|
77e1f401b283429aab853c2324da574dc293ab42 |
22-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Restore installation of CAs from PKCS#12 files Bug: 5037971 Change-Id: I35770bc5f536ee4ceb51c5fac655e7e5b9b8d89d
redentialHelper.java
|
a0bdabb40db36f2adf458c32055e5c7ee817105a |
10-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Remove PKEY_MAP entry when empty Change-Id: I7a532209d906f0e2194fccaf5eafd8602f3cb57a
ertInstaller.java
|
a921a7f6b86e2564f70e841c0b10b368f6b8d495 |
07-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Canceling cert installation should not delete the file Also fix to exit CertFileList when list becomes empty Bug: 4600283 Change-Id: Ib0a27f8d2f9ee4be8da02625e9f919bcfa6e791b
ertFile.java
ertFileList.java
ertInstaller.java
|
00736f76392c742e9c72c51f158ad7020f22524c |
29-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Tracking move to KeyChain credential installation API Bug: 3497064 Change-Id: I4d49354f4687f95d8239ea98d79bd61d06c4ce82
ertFile.java
ertFileList.java
ertInstaller.java
redentialHelper.java
|
fcd5fb26acec88e98c3bedb41d4510888f7890cd |
24-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Replace KeyChainActivity placeholder UI with more polished dialog (3 of 5) frameworks/base Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply preferred choice to be selected in chooser. This allows Email settings to highlight the current choice when allowing user to change settings. keystore/java/android/security/KeyChain.java api/current.txt Implemented KeyChain functionality to pass host and port information to KeyChainActivity for display. keystore/java/android/security/KeyChain.java KeyChain now sends a PendingIntent as part of the Intent it sends to the KeyChainActivity which can be used to identify the caller in reliable way. keystore/java/android/security/KeyChain.java Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse. Added Credentials.install variant with no value for use from KeyChainActivity keystore/java/android/security/Credentials.java packages/apps/CertInstaller Source of extension constants now in Credentials src/com/android/certinstaller/CertFile.java packages/apps/Browser Have browser supply host and port information to KeyChain.choosePrivateKeyAlias Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/browser/Tab.java packages/apps/Email Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/email/view/CertificateSelector.java packages/apps/KeyChain KeyChain now depends on bouncycastle X509Name for formatting X500Principals, since the 4 X500Principal formatting options could not format emailAddress attributes in a human readable way and its the most important attribute to display for client certificates in most cases. Android.mk Changing the UI to a dialog, make the activity style transparent. AndroidManifest.xml res/values/styles.xml Layout for chooser dialog res/layout/cert_chooser.xml Layout for list items in chooser res/layout/cert_item.xml New resources for dialog including comments for translators. res/values/strings.xml New dialog based KeyChainActivity. Now also shows requesting app and requesting server. Now can preselect a specified alias. New link directly to CertInstaller. src/com/android/keychain/KeyChainActivity.java Fix KeyChainTestActivity to work with TestKeyStore changes that were causing network activity on the UI to look up the name of localhost. Also track KeyChain.choosePrivateKeyAlias API change. tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I789faaf65cb36ddc16ce8cd1e8a803b0bde745e3
ertFile.java
|
2942ff86b52c8a12c5d137d94ce4a21300575887 |
07-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Move CredentialHelper.convertToPem to frameworks/base for reuse by KeyChain Change-Id: I96d5a23201c070a7d0ce8856d189e54e3b05e3bd
redentialHelper.java
|
c8150af204ffd38ac46635ff8793261045490ea2 |
03-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Remove local reuse in CredentialHelper.isCa While reviewing to isCa to understand how the NullPointerException handling changed since Honeycomb, rewrite isCa to be clearer about reusing local variables to be clearer about what is what and when. Change-Id: Icf0c3d08666e2be18da4f12f93e92ab998d18fd7
redentialHelper.java
|
2aa55a29f1384da5fc574646c936760b67c205c9 |
31-May-2011 |
Brian Carlstrom <bdc@google.com> |
Integrating keystore with keyguard (Part 2 of 4) Summary: frameworks/base keystore rewrite keyguard integration with keystore on keyguard entry or keyguard change KeyStore API simplification packages/apps/Settings Removed com.android.credentials.SET_PASSWORD intent support Added keyguard requirement for keystore use packages/apps/CertInstaller Tracking KeyStore API changes Fix for NPE in CertInstaller when certificate lacks basic constraints packages/apps/KeyChain Tracking KeyStore API changes Details: frameworks/base Move keystore from C to C++ while rewriting password implementation. Removed global variables. Added many comments. cmds/keystore/Android.mk cmds/keystore/keystore.h cmds/keystore/keystore.c => cmds/keystore/keystore.cpp cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp Changed saveLockPattern and saveLockPassword to notify the keystore on changes so that the keystore master key can be reencrypted when the keyguard changes. core/java/com/android/internal/widget/LockPatternUtils.java Changed unlock screens to pass values for keystore unlock or initialization policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java KeyStore API changes - renamed test() to state(), which now return a State enum - made APIs with byte[] key arguments private - added new KeyStore.isEmpty used to determine if a keyguard is required keystore/java/android/security/KeyStore.java In addition to tracking KeyStore API changes, added new testIsEmpty and improved some existing tests to validate expect values. keystore/tests/src/android/security/KeyStoreTest.java packages/apps/Settings Removing com.android.credentials.SET_PASSWORD intent with the removal of the ability to set an explicit keystore password now that the keyguard value is used. Changed to ensure keyguard is enabled for keystore install or unlock. Cleaned up interwoven dialog handing into discrete dialog helper classes. AndroidManifest.xml src/com/android/settings/CredentialStorage.java Remove layout for entering new password res/layout/credentials_dialog.xml Remove enable credentials checkbox res/xml/security_settings_misc.xml src/com/android/settings/SecuritySettings.java Added ability to specify minimum quality key to ChooseLockGeneric Activity. Used by CredentialStorage, but could also be used by CryptKeeperSettings. Changed ChooseLockGeneric to understand minimum quality for keystore in addition to DPM and device encryption. src/com/android/settings/ChooseLockGeneric.java Changed to use getActivePasswordQuality from getKeyguardStoredPasswordQuality based on experience in CredentialStorage. Removed bogus class javadoc. src/com/android/settings/CryptKeeperSettings.java Tracking KeyStore API changes src/com/android/settings/vpn/VpnSettings.java src/com/android/settings/wifi/WifiSettings.java Removing now unused string resources res/values-af/strings.xml res/values-am/strings.xml res/values-ar/strings.xml res/values-bg/strings.xml res/values-ca/strings.xml res/values-cs/strings.xml res/values-da/strings.xml res/values-de/strings.xml res/values-el/strings.xml res/values-en-rGB/strings.xml res/values-es-rUS/strings.xml res/values-es/strings.xml res/values-fa/strings.xml res/values-fi/strings.xml res/values-fr/strings.xml res/values-hr/strings.xml res/values-hu/strings.xml res/values-in/strings.xml res/values-it/strings.xml res/values-iw/strings.xml res/values-ja/strings.xml res/values-ko/strings.xml res/values-lt/strings.xml res/values-lv/strings.xml res/values-ms/strings.xml res/values-nb/strings.xml res/values-nl/strings.xml res/values-pl/strings.xml res/values-pt-rPT/strings.xml res/values-pt/strings.xml res/values-rm/strings.xml res/values-ro/strings.xml res/values-ru/strings.xml res/values-sk/strings.xml res/values-sl/strings.xml res/values-sr/strings.xml res/values-sv/strings.xml res/values-sw/strings.xml res/values-th/strings.xml res/values-tl/strings.xml res/values-tr/strings.xml res/values-uk/strings.xml res/values-vi/strings.xml res/values-zh-rCN/strings.xml res/values-zh-rTW/strings.xml res/values-zu/strings.xml res/values/strings.xml packages/apps/CertInstaller Tracking KeyStore API changes src/com/android/certinstaller/CertInstaller.java Fix for NPE in CertInstaller when certificate lacks basic constraints src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Tracking KeyStore API changes src/com/android/keychain/KeyChainActivity.java src/com/android/keychain/KeyChainService.java support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java tests/src/com/android/keychain/tests/KeyChainServiceTest.java Change-Id: I280f54b9305c3b5549ae2dfc8eb890493806cc78
ertInstaller.java
redentialHelper.java
|
6b80d82a43499fcf8939c23e87a57297dfad9205 |
18-May-2011 |
Brian Carlstrom <bdc@google.com> |
Merge "Add support for .cer and .pfx for certificates and PKCS#12 files"
|
f3ece3c05b05b6780d9bee0dd90de0df891207e0 |
18-May-2011 |
Brian Carlstrom <bdc@google.com> |
Add support for .cer and .pfx for certificates and PKCS#12 files Change-Id: Ie37afbb61aa4cdc52275d661232d188db125446d
ertFile.java
|
ead4057af45c80af262613d93abd85c49ef98db2 |
18-May-2011 |
Brian Carlstrom <bdc@google.com> |
Move to KeyChain.bind Change-Id: I7040a855705b72fcf5d7477db279affa6009bc72
ertInstaller.java
|
30389d0148993679892385e007596a56ed46b6ac |
18-May-2011 |
Brian Carlstrom <bdc@google.com> |
CertInstaller should use RESULT_OK to communicate success to callers Change-Id: I6f25ffab113573169badd7cb116381f3412fbf31
ertFile.java
ertFileList.java
ertInstaller.java
ertInstallerMain.java
|
59f9a2721b1917c74e53f28f9d24e26e29fe0221 |
12-May-2011 |
Brian Carlstrom <bdc@google.com> |
Make CertInstaller installed CA certs trusted by applications via default TrustManager (3 of 6) frameworks/base Adding IKeyChainService APIs for CertInstaller and Settings use keystore/java/android/security/IKeyChainService.aidl libcore Improve exceptions to include more information luni/src/main/java/javax/security/auth/x500/X500Principal.java Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods. Added support for adding user CAs in a separate directory for system. Added support for removing system CAs by placing a copy in a sytem directory luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash to make sure the implementing algorithms doe not change since TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to 1.0.0) luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Extensive test of new TrustedCertificateStore behavior luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java TestKeyStore improvements - Refactored TestKeyStore to provide simpler createCA method (and internal createCertificate) - Cleaned up to remove use of BouncyCastle specific X509Principal in the TestKeyStore API when the public X500Principal would do. - Cleaned up TestKeyStore support methods to not throw Exception to remove need for static blocks for catch clauses in tests. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Added private PKIXParameters contructor for use by IndexedPKIXParameters to avoid wart of having to lookup and pass a TrustAnchor to satisfy the super-class sanity check. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java luni/src/main/java/java/security/cert/PKIXParameters.java packages/apps/CertInstaller Change CertInstaller to call IKeyChainService.installCertificate for CA certs to pass them to the KeyChainServiceTest which will make them available to all apps through the TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask. src/com/android/certinstaller/CertInstaller.java Added installCaCertsToKeyChain and hasCaCerts accessor for use by CertInstaller. Use hasUserCertificate() internally. Cleanup coding style. src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Added MANAGE_ACCOUNTS so that IKeyChainService.reset implementation can remove KeyChain accounts. AndroidManifest.xml Implement new IKeyChainService methods: - Added IKeyChainService.installCaCertificate to install certs provided by CertInstaller using the TrustedCertificateStore. - Added IKeyChainService.reset to allow Settings to remove the KeyChain accounts so that any app granted access to keystore credentials are revoked when the keystore is reset. src/com/android/keychain/KeyChainService.java packages/apps/Settings Changed com.android.credentials.RESET credential reset action to also call IKeyChainService.reset to remove any installed user CAs and remove KeyChain accounts to have AccountManager revoke credential granted to private keys removed during the RESET. src/com/android/settings/CredentialStorage.java Added toast text value for failure case res/values/strings.xml system/core Have init create world readable /data/misc/keychain to allow apps to access user added CA certificates installed by the CertInstaller. rootdir/init.rc Change-Id: Idc4e6dd927cf829268a684061e14412623f89d80
ertInstaller.java
redentialHelper.java
|
1415616fbef76346e586b927fada32f6ccdc6091 |
25-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Tracking jarjar of org.bouncycastle to com.android.org.bouncycastle Bug: 3086427 Change-Id: Ic1a08a990af04263dab98853174fe5cfaeb5c219
redentialHelper.java
|
192624b5076b440b3cb78d4332402a21c93a6b07 |
20-Jan-2011 |
Chia-chi Yeh <chiachi@android.com> |
Update the intent path. Change-Id: I1a1d8c2acce19d6db98d3a0950743aab3d4af46e
redentialHelper.java
|
9e7d5195f12519206a4febb72c9a7c053a69bc20 |
25-Nov-2010 |
Jean-Baptiste Queru <jbq@google.com> |
am 93f11ccc: am 9193d8bc: Merge "code cleanup : unused import statement, local vars and static finals." * commit '93f11ccc2a6b85ff30ebb38fbc11d2d0ea464ab6': code cleanup : unused import statement, local vars and static finals.
|
93f11ccc2a6b85ff30ebb38fbc11d2d0ea464ab6 |
25-Nov-2010 |
Jean-Baptiste Queru <jbq@google.com> |
am 9193d8bc: Merge "code cleanup : unused import statement, local vars and static finals." * commit '9193d8bcca6a02f92250ed4796908c6561c32945': code cleanup : unused import statement, local vars and static finals.
|
3e17f9f04b9f7d153757bfd2f34a5fe60698adcb |
06-Nov-2010 |
Mohammad Shamsi <m.h.shams@gmail.com> |
code cleanup : unused import statement, local vars and static finals. Change-Id: I49b96ce37385989fb2208cecbf4cddcdd0e0d240
ertFile.java
ertFileList.java
redentialHelper.java
til.java
|
20b4c01ac3dbdc67e424c98a29e7abbfbd1ced3a |
26-Oct-2010 |
John Huang <jsh@google.com> |
am 95ae8966: Merge "Use explicit intent for installing system credentials" into gingerbread
|
6ed6d465ff2b460e5517db3c7136a417dc77b410 |
26-Oct-2010 |
Hung-ying Tyan <tyanh@google.com> |
Use explicit intent for installing system credentials Bug: 3020049 Change-Id: Iae999db70ee1a4e12d660c9335232b2429b8a5db
redentialHelper.java
|
8eeadc240ebdeb5274035b3d1158d8e907897970 |
09-Jun-2010 |
Hung-ying Tyan <tyanh@google.com> |
CertInstaller: fix crash on invalid certificate Change-Id: I527c328b76b66357fec6127b79f314c8ebf90b7c
ertInstaller.java
redentialHelper.java
|
832878cac1a136b1952de51cc2417d4e18188403 |
11-Feb-2010 |
Hung-ying Tyan <tyanh@google.com> |
Fix two certinstaller bugs. + Certinstaller does not handle key pair correctly when keystore is locked. http://b/issue?id=2351926 + Certinstaller crashes when installing from SD card where the "download" folder does not exist. + Remove redundant res IDs.
ertFile.java
ertInstaller.java
|
d674440a49f278793aa2a2bb01c231f8cea7f8c0 |
24-Oct-2009 |
Hung-ying Tyan <tyanh@google.com> |
Handling missing sd card in certinstaller. http://b/issue?id=2211438
ertFile.java
ertFileList.java
ertInstallerMain.java
til.java
|
7b4cee910e1e755d2f0468a5f79aaa97e926a3a9 |
23-Oct-2009 |
Hung-ying Tyan <tyanh@google.com> |
Add support for installing certs in PEM from SD card
ertFile.java
ertFileList.java
|
3e722cadf66802194267460fe5de77e6c18530eb |
15-Oct-2009 |
Hung-ying Tyan <tyanh@google.com> |
An overhaul on certinstaller. * Fix state handling, identifying first-time-only execution etc. * Fix the case where more than one alias exists in a pkcs12 keystore. (http://b/issue?id=2202474) * Improve UX: go ahead to install when there's only one cert file on SD card. * Improve UX: make background transparent when not browsing files. * Break the code into multiple activies and helper classes.
ertFile.java
ertFileList.java
ertInstaller.java
ertInstallerMain.java
redentialHelper.java
til.java
iewHelper.java
|
1c0ebf4585c9cf9c0a451b46bb237b92c14dfe07 |
01-Oct-2009 |
Hung-ying Tyan <tyanh@google.com> |
Fix a bug where dialog is reopened when app dies.
ertInstaller.java
|
d9cbc585f14dfde2f226fa172d335666424fd3fb |
30-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Some minor fixes. * Sdcard --> SdCard. * change some variable names to more descriptive ones. * check isFinishing() in createFileList(). * throw a toast when no pkcs12 file is found on sdcard.
ertInstaller.java
|
c87a48ac1c22403b690330f0cf7a1890f9a0c4eb |
28-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Fix the issue where cert comes later than keypair.
ertInstaller.java
|
bedff945a7dffd019035154f78018b350e47ee66 |
24-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
CertInstaller: remove wrong import entries.
ertInstaller.java
|
338b375c3a5e89edbfb235629834c9d684a3ddeb |
24-Sep-2009 |
Chung-yih Wang <cywang@google.com> |
Just change to an empty class for fixing the filename issue.
ertInstaller.java
|
6765abbeac1c2902cc4efaa55ffefb9c3221fe0e |
15-Sep-2009 |
Hung-ying Tyan <tyanh@google.com> |
Initial implementation of CertInstaller
ertInstaller.java
|