diff options
Diffstat (limited to 'docs/html/training')
| -rw-r--r-- | docs/html/training/articles/keystore.jd | 47 | ||||
| -rw-r--r-- | docs/html/training/articles/security-gms-provider.jd | 3 | ||||
| -rw-r--r-- | docs/html/training/basics/firstapp/creating-project.jd | 5 | ||||
| -rw-r--r-- | docs/html/training/basics/firstapp/index.jd | 15 | ||||
| -rw-r--r-- | docs/html/training/basics/firstapp/running-app.jd | 20 | ||||
| -rw-r--r-- | docs/html/training/basics/network-ops/connecting.jd | 4 | ||||
| -rw-r--r-- | docs/html/training/location/location-testing.jd | 2 | ||||
| -rw-r--r-- | docs/html/training/sync-adapters/creating-stub-provider.jd | 6 | ||||
| -rw-r--r-- | docs/html/training/volley/requestqueue.jd | 8 |
9 files changed, 80 insertions, 30 deletions
diff --git a/docs/html/training/articles/keystore.jd b/docs/html/training/articles/keystore.jd index bbbda67..4005a05 100644 --- a/docs/html/training/articles/keystore.jd +++ b/docs/html/training/articles/keystore.jd @@ -26,11 +26,12 @@ page.title=Android Keystore System </div> </div> -<p>The Android Keystore system lets you store private keys - in a container to make it more difficult to extract from the - device. Once keys are in the keystore, they can be used for - cryptographic operations with the private key material remaining - non-exportable.</p> +<p>The Android Keystore system lets you store cryptographic keys in a container + to make it more difficult to extract from the device. Once keys are in the + keystore, they can be used for cryptographic operations with the key material + remaining non-exportable. Moreover, it offers facilities to restrict when and + how keys can be used, such as requiring user authentication for key use or + restricting encryption keys to be used only in certain block modes.</p> <p>The Keystore system is used by the {@link android.security.KeyChain} API as well as the Android @@ -59,7 +60,8 @@ Android Keystore Provider</h2> <p> To use this feature, you use the standard {@link java.security.KeyStore} -and {@link java.security.KeyPairGenerator} classes along with the +and {@link java.security.KeyPairGenerator} or +{@link javax.crypto.KeyGenerator} classes along with the {@code AndroidKeyStore} provider introduced in Android 4.3 (API level 18).</p> <p>{@code AndroidKeyStore} is registered as a {@link @@ -67,7 +69,9 @@ and {@link java.security.KeyPairGenerator} classes along with the java.security.KeyStore#getInstance(String) KeyStore.getInstance(type)} method and as a provider for use with the {@link java.security.KeyPairGenerator#getInstance(String, String) - KeyPairGenerator.getInstance(algorithm, provider)} method.</p> + KeyPairGenerator.getInstance(algorithm, provider)} and {@link + javax.crypto.KeyGenerator#getInstance(String, String) + KeyGenerator.getInstance(algorithm, provider)} methods.</p> <h3 id="GeneratingANewPrivateKey">Generating a New Private Key</h3> @@ -81,6 +85,11 @@ and {@link java.security.KeyPairGenerator} classes along with the {@sample development/samples/ApiDemos/src/com/example/android/apis/security/KeyStoreUsage.java generate} +<h3 id="GeneratingANewSecretKey">Generating a New Secret Key</h3> + +<p>To generate the key, use a {@link javax.crypto.KeyGenerator} with + {@link android.security.keystore.KeyGenParameterSpec}. + <h3 id="WorkingWithKeyStoreEntries">Working with Keystore Entries</h3> <p>Using the {@code AndroidKeyStore} provider takes place through @@ -105,3 +114,27 @@ and {@link java.security.KeyPairGenerator} classes along with the <p>Similarly, verify data with the {@link java.security.Signature#verify(byte[])} method:</p> {@sample development/samples/ApiDemos/src/com/example/android/apis/security/KeyStoreUsage.java verify} + +<h3 id="UserAuthentication">Requiring User Authentication For Key Use</h3> + +<p>When generating or importing a key into the {@code AndroidKeyStore} you can specify that the key +can only be used if user has been authenticated. The user is authenticated using a subset of their +secure lock screen credentials. This is a security measure which makes it possible to generate +cryptographic assertions about the user having been authenticated. + +<p>When a key is configured to require user authentication, it is also configured to operate in one +of the two modes: +<ul> +<li>User authentication is valid for a duration of time. All keys in this mode are authorized + for use as soon as the user unlocks the secure lock screen or confirms their secure lock screen + credentials using the {@link android.app.KeyguardManager#createConfirmDeviceCredentialIntent(CharSequence, CharSequence) KeyguardManager.createConfirmDeviceCredentialIntent} + flow. Each key specifies for how long the authorization remains valid for that key. Such keys + can only be generated or imported if the secure lock screen is enabled (see {@link android.app.KeyguardManager#isDeviceSecure()}). + These keys become permanently invalidated once the secure lock screen is disabled or forcibly + reset (e.g. by a Device Admin).</li> +<li>User authentication is required for every use of the key. In this mode, a specific operation + involving a specific key is authorized by the user. Currently, the only means of such + authorization is fingerprint authentication: {@link android.hardware.fingerprint.FingerprintManager#authenticate(CryptoObject, CancellationSignal, AuthenticationCallback, int) FingerprintManager.authenticate}. + Such keys can only be generated or imported if at least one fingerprint is enrolled (see {@link android.hardware.fingerprint.FingerprintManager#hasEnrolledFingerprints() FingerprintManager.hasEnrolledFingerprints}). + These keys become permanently invalidated once all fingerprints are unenrolled.</li> +</ul> diff --git a/docs/html/training/articles/security-gms-provider.jd b/docs/html/training/articles/security-gms-provider.jd index 0d3cf1e..59983cc 100644 --- a/docs/html/training/articles/security-gms-provider.jd +++ b/docs/html/training/articles/security-gms-provider.jd @@ -52,8 +52,7 @@ android.net.SSLCertificateSocketFactory android.net.SSLCertificateSocketFactory}. Rather than using this class, we encourage app developers to use high-level methods for interacting with cryptography. Most apps can use APIs like {@link -javax.net.ssl.HttpsURLConnection}, {@link org.apache.http.client.HttpClient}, -and {@link android.net.http.AndroidHttpClient} without needing to set a custom +javax.net.ssl.HttpsURLConnection} without needing to set a custom {@link javax.net.ssl.TrustManager} or create an {@link android.net.SSLCertificateSocketFactory}.</p> diff --git a/docs/html/training/basics/firstapp/creating-project.jd b/docs/html/training/basics/firstapp/creating-project.jd index 4bd92ee..79268a0 100644 --- a/docs/html/training/basics/firstapp/creating-project.jd +++ b/docs/html/training/basics/firstapp/creating-project.jd @@ -24,6 +24,8 @@ next.link=running-app.html <h2>You should also read</h2> <ul> + <li><a href="{@docRoot}sdk/installing/index.html">Installing the +SDK</a></li> <li><a href="{@docRoot}tools/projects/index.html">Managing Projects</a></li> </ul> @@ -32,7 +34,8 @@ next.link=running-app.html </div> <p>An Android project contains all the files that comprise the source code for your Android -app.</p> +app. The Android SDK tools make it easy to start a new Android project with a set of +default project directories and files.</p> <p>This lesson shows how to create a new project either using Android Studio or using the diff --git a/docs/html/training/basics/firstapp/index.jd b/docs/html/training/basics/firstapp/index.jd index 4e3689a..1b6e00f 100644 --- a/docs/html/training/basics/firstapp/index.jd +++ b/docs/html/training/basics/firstapp/index.jd @@ -12,7 +12,7 @@ helpoutsWidget=true <div id="tb-wrapper"> <div id="tb"> -<h2>Dependencies</h2> +<h2>Dependencies and prerequisites</h2> <ul> <li><a href="{@docRoot}sdk/index.html">Android Studio</a></li> @@ -37,11 +37,14 @@ to:</p> <a href="{@docRoot}tools/help/sdk-manager.html">SDK Manager</a>.</li> </ol> -<p class="note"><strong>Note:</strong> Although most of this training class -expects that you're using Android Studio, some procedures include alternative -instructions for using -the SDK tools from the command line instead.</p> +<p class="note"><strong>Note:</strong> Make sure you install the most recent versions of Android +Studio and the Android SDK before you start this class. The procedures described in this class may +not apply to earlier versions.</p> -<p>This class uses a tutorial format to create a small Android app that teaches +<p>If you haven't already done these tasks, start by downloading the + <a href="{@docRoot}sdk/index.html">Android SDK</a> and following the install steps. + Once you've finished the setup, you're ready to begin this class.</p> + +<p>This class uses a tutorial format that incrementally builds a small Android app that teaches you some fundamental concepts about Android development, so it's important that you follow each step.</p> diff --git a/docs/html/training/basics/firstapp/running-app.jd b/docs/html/training/basics/firstapp/running-app.jd index 6e4605f..fdf0d1f 100644 --- a/docs/html/training/basics/firstapp/running-app.jd +++ b/docs/html/training/basics/firstapp/running-app.jd @@ -25,7 +25,7 @@ helpoutsWidget=true <ul> <li><a href="{@docRoot}tools/device.html">Using Hardware Devices</a></li> - <li><a href="{@docRoot}tools/devices/managing-avds.html">Managing AVDs with AVD Manager</a></li> + <li><a href="{@docRoot}tools/devices/index.html">Managing Virtual Devices</a></li> <li><a href="{@docRoot}tools/projects/index.html">Managing Projects</a></li> </ul> @@ -128,6 +128,10 @@ to first create an <a href="{@docRoot}tools/devices/index.html">Android Virtual AVD is a device configuration for the Android emulator that allows you to model a specific device.</p> +<div class="figure" style="width:457px"> + <img src="{@docRoot}images/screens_support/as-mac-avds-config.png" /> + <p class="img-caption"><strong>Figure 1.</strong> The AVD Manager showing a virtual device.</p> +</div> <h3>Create an AVD</h3> <ol> @@ -157,11 +161,19 @@ device.</p> </li> <li>Verify the configuration settings, then click <strong>Finish</strong>. </li> + <li>In the <strong>Android Virtual Device Manager</strong> window, click <strong>Create</strong>.</li> + <li>Enter an <strong>AVD Name</strong>.</li> + <li>Select a <strong>Device</strong> type. + <p>When you select a device type, most of the fields auto-populate.</p> + <li>For <strong>Skin</strong> select <strong>HVGA</strong>.</li> + <li>For <strong>SD Card</strong>, enter something small, like 10 MiB. + <p>It really doesn't matter what you enter here since you're not using any storage. But if you + reuse this AVD, you might have to adjust this setting.</p></li> + <li>Ignore the <strong>Emulation Options</strong> and click <strong>OK</strong>.</li> + <li>In the <strong>Result</strong> screen, click <strong>OK</strong>.</li> + <li>Close the <strong>Android Virtual Device Manager</strong> window.</li> </ol> -<p>For more information about using AVDs, see -<a href="{@docRoot}tools/devices/managing-avds.html">Managing AVDs with AVD Manager</a>.</p> - <h3>Run the app from Android Studio</h3> <ol> <li>In <strong>Android Studio</strong>, select your project and click <strong>Run</strong> diff --git a/docs/html/training/basics/network-ops/connecting.jd b/docs/html/training/basics/network-ops/connecting.jd index 1452ded..0601480 100644 --- a/docs/html/training/basics/network-ops/connecting.jd +++ b/docs/html/training/basics/network-ops/connecting.jd @@ -50,8 +50,8 @@ application manifest must include the following permissions:</p> <h2 id="http-client">Choose an HTTP Client</h2> <p>Most network-connected Android apps use HTTP to send and receive data. -Android includes two HTTP clients: {@link java.net.HttpURLConnection} and Apache - {@link org.apache.http.client.HttpClient}. Both support HTTPS, streaming uploads and downloads, configurable +Android includes two HTTP clients: {@link java.net.HttpURLConnection} and the Apache HTTP client. +Both support HTTPS, streaming uploads and downloads, configurable timeouts, IPv6, and connection pooling. We recommend using {@link java.net.HttpURLConnection} for applications targeted at Gingerbread and higher. For more discussion of this topic, see the blog post <a diff --git a/docs/html/training/location/location-testing.jd b/docs/html/training/location/location-testing.jd index 5021fc0..8f73d51 100644 --- a/docs/html/training/location/location-testing.jd +++ b/docs/html/training/location/location-testing.jd @@ -79,7 +79,7 @@ trainingnavtop=true <h2 id="TurnOnMockMode">Turn On Mock Mode</h2> <p> To send mock locations to Location Services in mock mode, a test app must request the permission - {@link android.Manifest.permission#ACCESS_MOCK_LOCATION}. In addition, you must enable mock + android.Manifest.permission#ACCESS_MOCK_LOCATION. In addition, you must enable mock locations on the test device using the option <b>Enable mock locations</b>. To learn how to enable mock locations on the device, see <a href="{@docRoot}tools/device.html#setting-up">Setting up a Device for Development</a>. diff --git a/docs/html/training/sync-adapters/creating-stub-provider.jd b/docs/html/training/sync-adapters/creating-stub-provider.jd index b8190d1..e9e18ef 100644 --- a/docs/html/training/sync-adapters/creating-stub-provider.jd +++ b/docs/html/training/sync-adapters/creating-stub-provider.jd @@ -85,11 +85,11 @@ public class StubProvider extends ContentProvider { return true; } /* - * Return an empty String for MIME type + * Return no type for MIME type */ @Override - public String getType() { - return new String(); + public String getType(Uri uri) { + return null; } /* * query() always returns no results diff --git a/docs/html/training/volley/requestqueue.jd b/docs/html/training/volley/requestqueue.jd index 6858d91..5e892bf 100644 --- a/docs/html/training/volley/requestqueue.jd +++ b/docs/html/training/volley/requestqueue.jd @@ -39,14 +39,14 @@ as a singleton, which makes the {@code RequestQueue} last the lifetime of your a of the requests, and a cache to handle caching. There are standard implementations of these available in the Volley toolbox: {@code DiskBasedCache} provides a one-file-per-response cache with an in-memory index, and {@code BasicNetwork} provides a network transport based -on your choice of {@link android.net.http.AndroidHttpClient} or {@link java.net.HttpURLConnection}.</p> +on your choice of the Apache HTTP client {@code android.net.http.AndroidHttpClient} or +{@link java.net.HttpURLConnection}.</p> <p>{@code BasicNetwork} is Volley's default network implementation. A {@code BasicNetwork} must be initialized with the HTTP client your app is using to connect to the network. -Typically this is {@link android.net.http.AndroidHttpClient} or -{@link java.net.HttpURLConnection}:</p> +Typically this is a {@link java.net.HttpURLConnection}:</p> <ul> -<li>Use {@link android.net.http.AndroidHttpClient} for apps targeting Android API levels +<li>Use {@code android.net.http.AndroidHttpClient} for apps targeting Android API levels lower than API Level 9 (Gingerbread). Prior to Gingerbread, {@link java.net.HttpURLConnection} was unreliable. For more discussion of this topic, see <a href="http://android-developers.blogspot.com/2011/09/androids-http-clients.html"> |