| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb
|
|
|
|
|
|
|
|
|
|
|
|
| |
Guard install/uninstall by enforcing that the caller have the new system-only permission MANAGE_CA_CERTIFICATES.
Also include API methods for asking whether there are any User CA certs
installed, or if one by a particular name is installed in the keystore.
CA certs will be installed via KeyChain into the TrustedCertificateStore.
Bug: 8232670
Change-Id: I17b47a452e72eb4fe556dc6db823a46c6e854be8
|
|
|
|
|
|
| |
(cherry picked from commit 4b30e3391bda250975b43af43bad58c98fa73f84)
Change-Id: I9eed3895d78c6906f7d29d325075cf1df48fd123
|
|\
| |
| |
| | |
Change-Id: I06c05d637613215b6d83df3e29cd495f6a5a0176
|
| |
| |
| |
| | |
Change-Id: I35e824e47ad758ab6408e91e2ba5dcda053a82f5
|
| |
| |
| |
| |
| |
| |
| | |
Late-breaking comments on API name. Revised.
Bug: 7095660
Change-Id: I7224d9c8a4f84a272360ede78a18bfb72d8aeb77
|
|/
|
|
|
| |
Bug: 7095660
Change-Id: Ia87caaa33bc01b032130811833f0a3c4f75b62d4
|
|
|
|
|
|
|
|
| |
The API documentation says it will return null if the key isn't found.
We get null back from the keystore daemon when it can't retrieve the
data, so just return null back to the API caller.
Change-Id: I42248bd50cbc5f76864bd762aae3faab1c50529d
|
|
|
|
|
|
|
| |
Move chain building to TrustedCertificateStore since it has more
information about the certificates.
Change-Id: I3030e94eb1abb8a2047a4151bdaad9922706dd0f
|
|
|
|
|
|
|
|
|
| |
Change the keystore to keep the private keys in keystore. When returned,
it uses the OpenSSL representation of the key to allow users to use it
in various operations through the OpenSSL ENGINE that connects to
keystore.
Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bug: 6009802
When the credential storage changes, (adding/removing certs,
resetting the storage, enabling/disabling trusted CAs, etc), the
applications that use the storage has to be made aware of the
fact that the storage changed, so they can clear any cached state,
close connections or take any other actions. Internally, this
applies to webview. However, applications, potentially including
3rd party browsers, also need this information.
Change-Id: I765b97a3f38f45247ee3f6e127b490388d373847
|
|/
|
|
| |
Change-Id: Ic8a22ce3a9010b8378af044e611bf787e15f6227
|
|
|
|
|
|
|
|
|
| |
Bug: 6009802
Cherry pick fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
Listen to credential storage updates and clean state when necessary.
Change-Id: I2c63e6771e9373da8b39781fdcf3d21583c4e3b2
|
|
|
| |
This reverts commit fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
|
|
|
|
|
|
|
|
| |
Bug: 6009802
Listen to credential storage updates and clean state when necessary.
Change-Id: I48f2e7d6e036882c2b4a29fbd357ca018fd4e4c7
|
|
|
|
|
|
| |
AccountManagerService handle them.
Change-Id: I89d272b22766f85019c1f947153d69e6dbb74c68
|
|\ |
|
| |
| |
| |
| |
| | |
Bug: 3497064
Change-Id: Ie5c20e87a436b7ab66258d08b719ab8bb1f1d86d
|
|/
|
|
|
| |
Bug: 4970298
Change-Id: Id91391233528edc2a4da5ebe92ec85d381f170de
|
|
|
|
|
| |
Bug: 3497064
Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
frameworks/base
Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply
preferred choice to be selected in chooser. This allows Email
settings to highlight the current choice when allowing user to
change settings.
keystore/java/android/security/KeyChain.java
api/current.txt
Implemented KeyChain functionality to pass host and port
information to KeyChainActivity for display.
keystore/java/android/security/KeyChain.java
KeyChain now sends a PendingIntent as part of the Intent it sends
to the KeyChainActivity which can be used to identify the caller
in reliable way.
keystore/java/android/security/KeyChain.java
Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse.
Added Credentials.install variant with no value for use from KeyChainActivity
keystore/java/android/security/Credentials.java
packages/apps/CertInstaller
Source of extension constants now in Credentials
src/com/android/certinstaller/CertFile.java
packages/apps/Browser
Have browser supply host and port information to KeyChain.choosePrivateKeyAlias
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/browser/Tab.java
packages/apps/Email
Tracking KeyChain.choosePrivateKeyAlias API change
src/com/android/email/view/CertificateSelector.java
packages/apps/KeyChain
KeyChain now depends on bouncycastle X509Name for formatting
X500Principals, since the 4 X500Principal formatting options could
not format emailAddress attributes in a human readable way and its
the most important attribute to display for client certificates in
most cases.
Android.mk
Changing the UI to a dialog, make the activity style transparent.
AndroidManifest.xml
res/values/styles.xml
Layout for chooser dialog
res/layout/cert_chooser.xml
Layout for list items in chooser
res/layout/cert_item.xml
New resources for dialog including comments for translators.
res/values/strings.xml
New dialog based KeyChainActivity. Now also shows requesting app
and requesting server. Now can preselect a specified alias. New
link directly to CertInstaller.
src/com/android/keychain/KeyChainActivity.java
Fix KeyChainTestActivity to work with TestKeyStore changes that
were causing network activity on the UI to look up the name of
localhost. Also track KeyChain.choosePrivateKeyAlias API change.
tests/src/com/android/keychain/tests/KeyChainTestActivity.java
Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
|
|
|
|
|
|
|
| |
The KeyChain API is Currently in use by Browser and validated by Email
for client certificate authentication.
Change-Id: Ifeab416be594457a05747406e31656e71795cb53
|
|
|
|
| |
Change-Id: I177ab4642e6cd1aa13526c14f0a707175fd79655
|
|
|
|
|
|
|
|
|
| |
Summary:
- Changed KeyChain to assume PEM encoded keystore entries
- Moved convertToPem from CertInstaller for reuse with other Credentials helpers
- Added convertFromPem for use decoding keystore entries
Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
|
|
|
|
| |
Change-Id: I97bb9db06978f6dc039d22bfee116671d7b3e336
|
|
|
|
| |
Change-Id: Ic3c6e0e9be9bcfdc882cf97cec38cca70b23d0a1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
frameworks/base
Remove getCaCertificates and findIssuer from IKeyChainService,
these are now done via libcore's TrustedCertificateStore (as part
of the default TrustManager implementation)
keystore/java/android/security/IKeyChainService.aidl
Simplify KeyChain API. Now that the CA certificates are visible
through the default TrustManager, the KeyChain is solely focused on
retrieving PrivateKeys and their associated certificates. The
calling API for KeyChain to simply a single KeyChain.get() call
that returns a KeyChainResult, removing the need for a KeyChain
instance that needs to be closed.
keystore/java/android/security/KeyChain.java
keystore/java/android/security/KeyChainResult.java
master/libcore
Remove getDefaultIndexedPKIXParameters and
getIndexedPKIXParameters which was used as part of the prototype
of looking up CAs via the KeyChain but is obsoleted by the new
default TrustManager implementation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
packages/apps/KeyChain
Tracking simplified IKeyChainService, removing now unneeded
implementation, updating tests.
src/com/android/keychain/KeyChainService.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
tests/src/com/android/keychain/tests/KeyChainTestActivity.java
Change-Id: I847b28c2f467c85f24d2b693a2fecc1cb46426b4
|
|
Change-Id: Id3eaa2d1315481f199777b50e875811e3532988a
|