| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
KeyStore.delKey was replaced by KeyStore.delete, and KeyStore.saw was
replaced by KeyStore.list.
Bug: 18088752
Change-Id: I45eae9d252dc304f9d8d6fa8bfd1a9729ef090b3
|
| |
|
|
|
|
|
|
|
| |
Uri provides a stronger guarantee of well-formedness and lets apps do
nice extra things like specifying scheme etc. without twisting any
expectations.
Bug: 20820034
Change-Id: Ia6bbedb74765444920b667d643fb7e1eb6a7292b
|
| |
|
|
|
|
|
| |
The caller's uid is also acquired at an earlier stage to make mistakes a
little less likely.
Change-Id: Icbf6e2e97cb6301b968b3eb8b3f9a46331f7983e
|
| |
|
|
|
|
|
|
|
|
| |
Query device policy for a suggested certificate before showing any
kind of selection UI. The RPC call is made at the same time as
retrieving and listing certificates so performance impact should be
relatively small.
Bug: 15065444
Change-Id: I0729b435c218b7991e6cb5faedefb7900577afcc
|
| |\
| |
| |
| |
| | |
* commit 'dfeaab7419362fd0dd0aaaa1b123323947f7be36':
Call local finish(String) on cancel
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change I439592b2236261fa683484cd5c3ba26795aece47 to honor "Cancel"
button presses caused a call directly into finish() instead of the local
finish(String) which does some extra administrivia.
Bug: 18381187
Bug: https://code.google.com/p/android/issues/detail?id=79208
Change-Id: Ica7f52ce3afa82d95ea5cc3cb15c9ac7b734cf93
|
| |/
|
|
|
|
|
| |
Stops the "Calling a method in the system process without a qualified
user" warning we get due to KeyChain running under the system's uid.
Bug: 18028613
Change-Id: I4d0c61a8423f81cb35b1cf41d96ed235edb9ce65
|
| |
|
|
|
|
| |
BUG=15065444
Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
|
| |
|
|
|
|
|
|
| |
CACerts from TrustedCertificateStore can now be retrieved via KeyChainService.
This allows for specifying the user whose certs we want to query.
Bug: 16029580
Change-Id: I8d7b24fd4664df5de03852c8166f7994f094cb93
|
| |
|
|
|
|
|
|
|
| |
Now copies what keystore does - any requests coming from non-owner
userIds were being broken by aliases having the wrong UID prefixed
onto them.
Bug: 17323993
Change-Id: Iece3b6aa17701347299abefeaa0fcdbb59e97154
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
This reverts commit 031612ec11a5bd212a1cdcb824576d5542270b2d.
Change-Id: I1e12574f3481c392e885bf12e2f9f847b11c799d
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Trusted credentials for both the primary user and its managed profiles are shown
on the Trusted Credentials fragment. All functionalities (e.g. disabling/enabling
of certificates) remain available.
Bug: 16029580
Change-Id: I306715d6a1248111ee74c4ae036a02b1a5dc4255
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
When the user refuses to set up a lockscreen password, pressing Cancel
wasn't honored the first time because onResume was still called after
onActivityResult. Instead set the state in onActivityResult and call
finish in onResume.
(cherry picked from commit 6ba32f209ee230b7ffff7f6884360b23ea1b3c18)
Bug: 13962060
Change-Id: I439592b2236261fa683484cd5c3ba26795aece47
|
| |
|
|
|
| |
Bug: 15989622
Change-Id: If151d267e06da015dac197bec66f3b933cef1584
|
| |
|
|
|
|
|
|
|
| |
After the user has unlocked the credential store, we need to return
to State.INITIAL that results in always showing the chooser dialog
when resuming.
Bug: 11438552
Change-Id: I17703e786e20e9f7351d40557816db52d6b8920d
|
| |
|
|
| |
Change-Id: I0631ff6d12323496cdbb08c93f93cf65c933ed75
|
| |
|
|
| |
Change-Id: Ib9a9af88a280a5442989a8199218a7ba82ce9e25
|
| |
|
|
|
|
|
| |
The KeyChainService would incorrectly report that the KeyChain
was locked when it was really uninitialized. Fix error message.
Change-Id: I128f7fee9a0b8b41e215edf38699c1441e6f6344
|
| |\ |
|
| | |
| |
| |
| | |
Change-Id: I531ca8fbf8c7008383488cba1dd73f59537edb01
|
| |/
|
|
|
| |
Bug: 6084556
Change-Id: Ic53accced363af743f214cf6fc3995def9394c1d
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug: 6009802
Cherry pick 0cb57ed171d7898f5f052e86e485771cbcbadcd8
When credential storage changes (adding/deleting a user CA) or
reset, send a broadcast intent so user can update any cached
credential storage state.
Change-Id: I3a3e93a0408e6db281e850268fe688182bfa4aa7
|
| |
|
| |
This reverts commit 0cb57ed171d7898f5f052e86e485771cbcbadcd8
|
| |
|
|
|
|
|
|
|
|
| |
Bug: 6009802
When credential storage changes (adding/deleting a user CA) or
reset, send a broadcast intent so user can update any cached
credential storage state.
Change-Id: Ie88fa4e86647ba52521b207258b860154a96c7dc
|
| |
|
|
|
|
| |
AccountManagerService handle them.
Change-Id: I44d437d5d8100e3c79415862186bc2908cd15537
|
| |
|
|
| |
Change-Id: I4635b6f30c95e00182f4705748cbdf1ee136272a
|
| |
|
|
|
| |
Bug: 4982227
Change-Id: Ie72a3b1ae3329e0e97476e159cde47fc3c757489
|
| |
|
|
|
|
|
| |
Now that the system user can read values from keystore, the keychain user is unneeded.
Bug: 4970237
Change-Id: I5b998ce29c2b32d8014c9ec1814c1e0837951cb5
|
| |
|
|
|
|
|
|
|
|
|
| |
The AbstractAccountAuthenticator methods that take an
AccountAuthenticatorResponse argument expect the receipient either
return a non-null value immediately or later on call the
AccountAuthenticatorResponse. Returning null for presumably uncalled
methods led to surprises when they were invoked from unexpected
contexts such as Settings, leading to a hang on "Add Account".
Change-Id: I0f7b2667c4fd4632921f2e2bed10266dd6662720
|
| |
|
|
| |
Change-Id: I71bb31516fab1dc26d3dda538c1cac85e00a9e24
|
| |
|
|
|
|
|
|
|
| |
Move content from top of KeyChainActivity dialog to ListView header.
Move content from bottom of KeyChainActivity dialog to ListView footer.
This allows all the KeyChainActivity content to be viewed on non-tablet devices.
Bug: 4972528
Change-Id: I0f8fabd930c3aa46d6b47110fedce8fa6274a8be
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using showDialog, the framework manged the dialog for me. So on
rotation, it skiped onResume and right to onCreateDialog but then the
mCertificateAdapter was null. I considered showing the list first, and
filling in the content later, more like I do
TrustedCredentialsSettings. However, here the dialog content is
different if there are no entries.
To fix, I just don't use showDialog. Then onResume is called and I
recreate the dialog the same way in both cases.
Bug: 4967378
Change-Id: I306e3a32069dce4e00864be79b50e081869851d5
|
| |
|
|
|
|
| |
Allow system to call KeyChainService.installCaCertificate
Change-Id: Idd3d97d7972f066368079f6b996cf2bc658cca4f
|
| |
|
|
| |
Change-Id: I2b77a343508d6e38a3d25ebc0c24d1df5da2f5d5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
frameworks/base
Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply
preferred choice to be selected in chooser. This allows Email
settings to highlight the current choice when allowing user to
change settings.
keystore/java/android/security/KeyChain.java
api/current.txt
Implemented KeyChain functionality to pass host and port
information to KeyChainActivity for display.
keystore/java/android/security/KeyChain.java
KeyChain now sends a PendingIntent as part of the Intent it sends
to the KeyChainActivity which can be used to identify the caller
in reliable way.
keystore/java/android/security/KeyChain.java
Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse.
Added Credentials.install variant with no value for use from KeyChainActivity
keystore/java/android/security/Credentials.java
packages/apps/CertInstaller
Source of extension constants now in Credentials
src/com/android/certinstaller/CertFile.java
packages/apps/Browser
Have browser supply host and port information to KeyChain.choosePrivateKeyAlias
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/browser/Tab.java
packages/apps/Email
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/email/view/CertificateSelector.java
packages/apps/KeyChain
KeyChain now depends on bouncycastle X509Name for formatting
X500Principals, since the 4 X500Principal formatting options could
not format emailAddress attributes in a human readable way and its
the most important attribute to display for client certificates in
most cases.
Android.mk
Changing the UI to a dialog, make the activity style transparent.
AndroidManifest.xml
res/values/styles.xml
Layout for chooser dialog
res/layout/cert_chooser.xml
Layout for list items in chooser
res/layout/cert_item.xml
New resources for dialog including comments for translators.
res/values/strings.xml
New dialog based KeyChainActivity. Now also shows requesting app
and requesting server. Now can preselect a specified alias. New
link directly to CertInstaller.
src/com/android/keychain/KeyChainActivity.java
Fix KeyChainTestActivity to work with TestKeyStore changes that
were causing network activity on the UI to look up the name of
localhost. Also track KeyChain.choosePrivateKeyAlias API change.
tests/src/com/android/keychain/tests/KeyChainTestActivity.java
Change-Id: I6923e5bf77041500a8ebb44a7972f5d01d297263
|
| |
|
|
| |
Change-Id: Ib19f16bd7c9e9790e1183d3d2a9a84789661d7cf
|
| |
|
|
| |
Change-Id: I408fe3032d6a4d2244c3d5d590b96ef74f9c9b4e
|
| |
|
|
|
|
| |
Also add some negative permissions tests to KeyChainServiceTest
Change-Id: I17d8c5e624db71b45f70c7c46ed49b8571ce323b
|
| |
|
|
| |
Change-Id: Ic909a93b68e4791bcdf5fd40a946c9072bbef9d0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification
packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use
packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints
packages/apps/KeyChain
Tracking KeyStore API changes
Details:
frameworks/base
Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.
cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp
Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.
core/java/com/android/internal/widget/LockPatternUtils.java
Changed unlock screens to pass values for keystore unlock or initialization
policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java
KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required
keystore/java/android/security/KeyStore.java
In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.
keystore/tests/src/android/security/KeyStoreTest.java
packages/apps/Settings
Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.
AndroidManifest.xml
src/com/android/settings/CredentialStorage.java
Remove layout for entering new password
res/layout/credentials_dialog.xml
Remove enable credentials checkbox
res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java
Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.
src/com/android/settings/ChooseLockGeneric.java
Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.
src/com/android/settings/CryptKeeperSettings.java
Tracking KeyStore API changes
src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java
Removing now unused string resources
res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml
packages/apps/CertInstaller
Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java
Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
Change-Id: Id7250fdb29c8a6d52d599c39a869ab22b1cc53da
|
| |
|
|
| |
Change-Id: Idc318eb8f4ca64ea73aa6732e3d4546e7e631019
|
| |
|
|
|
|
| |
Also remove some unnecessary throws in the KeyChainService
Change-Id: I1779229957a2e700effca33e15cea2e71e73b281
|
| |
|
|
| |
Change-Id: I5824c1c2dbb0b39a2b78834167570f1e62ae8697
|
| |
|
|
| |
Change-Id: Ia5bb70c171989043c83e300376836b85a5fe155b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
frameworks/base
Remove getCaCertificates and findIssuer from IKeyChainService,
these are now done via libcore's TrustedCertificateStore (as part
of the default TrustManager implementation)
keystore/java/android/security/IKeyChainService.aidl
Simplify KeyChain API. Now that the CA certificates are visible
through the default TrustManager, the KeyChain is solely focused on
retrieving PrivateKeys and their associated certificates. The
calling API for KeyChain to simply a single KeyChain.get() call
that returns a KeyChainResult, removing the need for a KeyChain
instance that needs to be closed.
keystore/java/android/security/KeyChain.java
keystore/java/android/security/KeyChainResult.java
master/libcore
Remove getDefaultIndexedPKIXParameters and
getIndexedPKIXParameters which was used as part of the prototype
of looking up CAs via the KeyChain but is obsoleted by the new
default TrustManager implementation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
packages/apps/KeyChain
Tracking simplified IKeyChainService, removing now unneeded
implementation, updating tests.
src/com/android/keychain/KeyChainService.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
tests/src/com/android/keychain/tests/KeyChainTestActivity.java
Change-Id: Ie2cb950783f897d87d39cc38a126068a9d68680a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TrustManager (4 of 6)
frameworks/base
Adding IKeyChainService APIs for CertInstaller and Settings use
keystore/java/android/security/IKeyChainService.aidl
libcore
Improve exceptions to include more information
luni/src/main/java/javax/security/auth/x500/X500Principal.java
Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
Added support for adding user CAs in a separate directory for system.
Added support for removing system CAs by placing a copy in a sytem directory
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java
Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
to make sure the implementing algorithms doe not change since
TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
1.0.0)
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Extensive test of new TrustedCertificateStore behavior
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java
TestKeyStore improvements
- Refactored TestKeyStore to provide simpler createCA method (and
internal createCertificate)
- Cleaned up to remove use of BouncyCastle specific X509Principal
in the TestKeyStore API when the public X500Principal would do.
- Cleaned up TestKeyStore support methods to not throw Exception
to remove need for static blocks for catch clauses in tests.
support/src/test/java/libcore/java/security/TestKeyStore.java
luni/src/test/java/libcore/java/security/KeyStoreTest.java
luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
Added private PKIXParameters contructor for use by
IndexedPKIXParameters to avoid wart of having to lookup and pass
a TrustAnchor to satisfy the super-class sanity check.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
luni/src/main/java/java/security/cert/PKIXParameters.java
packages/apps/CertInstaller
Change CertInstaller to call IKeyChainService.installCertificate
for CA certs to pass them to the KeyChainServiceTest which will
make them available to all apps through the
TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.
src/com/android/certinstaller/CertInstaller.java
Added installCaCertsToKeyChain and hasCaCerts accessor for use by
CertInstaller. Use hasUserCertificate() internally. Cleanup coding
style.
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Added MANAGE_ACCOUNTS so that IKeyChainService.reset
implementation can remove KeyChain accounts.
AndroidManifest.xml
Implement new IKeyChainService methods:
- Added IKeyChainService.installCaCertificate to install certs
provided by CertInstaller using the TrustedCertificateStore.
- Added IKeyChainService.reset to allow Settings to remove the
KeyChain accounts so that any app granted access to keystore
credentials are revoked when the keystore is reset.
src/com/android/keychain/KeyChainService.java
packages/apps/Settings
Changed com.android.credentials.RESET credential reset action to
also call IKeyChainService.reset to remove any installed user CAs
and remove KeyChain accounts to have AccountManager revoke
credential granted to private keys removed during the RESET.
src/com/android/settings/CredentialStorage.java
Added toast text value for failure case
res/values/strings.xml
system/core
Have init create world readable /data/misc/keychain to allow apps
to access user added CA certificates installed by the CertInstaller.
rootdir/init.rc
Change-Id: I8f1c12751085ebf9b993ebd1c1419d792fd047c8
|
|
|
Change-Id: I6c862d3e687cf80fb882966adb3245f2244244fe
|
