summaryrefslogtreecommitdiffstats
path: root/keystore/java/android/security/KeyChain.java
Commit message (Collapse)AuthorAgeFilesLines
* Remove DSA support from Android KeyStore and KeyChain.Alex Klyubin2015-01-141-2/+2
| | | | | | | We're switching from OpenSSL to BoringSSL which does not support DSA. Bug: 17409664 Change-Id: Id9b52666ba9ef234076105c925610b5b312988a5
* Track change to ConscryptKenny Root2014-11-261-1/+1
| | | | Change-Id: I8814fd0720acf09332927f184fdd9b2cdac4f413
* Extend IKeyChainService AIDL with CACert retrievalZoltan Szatmary-Ban2014-09-081-1/+2
| | | | | Bug:16029580 Change-Id: I41a3bd2f3bd95550e59f1d0d0acd0e765d7b62d7
* Revert "Revert "Revert "Revert "Revert "Update Trusted Credentials screen in ↵Zoltan Szatmary-Ban2014-08-151-2/+1
| | | | | | | | settings""""" This reverts commit c9249c69813c6fb889d71d84583c67ae2942e6de. Change-Id: I5504fddaf7b18efb73cd6c76678b3b39ce9b0229
* Revert "Revert "Revert "Revert "Update Trusted Credentials screen in ↵Zoltan Szatmary-Ban2014-08-151-1/+2
| | | | | | | | | | settings"""" This reverts commit 87efe74e092236c372d3b6909009641123aa416a. This should be fine now with all the dependency CLs +2-ed Change-Id: I96ad14ad5ff81e6b5391035cb6c5a62339c6cc40
* Revert "Revert "Revert "Update Trusted Credentials screen in settings"""Narayan Kamath2014-08-151-2/+1
| | | | | | This reverts commit 19c8ce291e89a9ef1442a20e1feab421b11536d7. Change-Id: Ie5a5571127311e0a29f314c0566e779cfe940b53
* Revert "Revert "Update Trusted Credentials screen in settings""Zoltan Szatmary-Ban2014-08-151-1/+2
| | | | | | This reverts commit 0f0de0bdd021bad5f85fdb0399a4ea91a1611e25. Change-Id: Ia3d0907e3d7c2ec42d64e45f60e3dfaffb932c3d
* Revert "Update Trusted Credentials screen in settings"Zoltan Szatmary-Ban2014-08-071-2/+1
| | | | | | This reverts commit 4fde5aa9fab931d9becfc49f7d7b8526ad5640d9. Change-Id: I581c38d64e9829b0079bafa42615f2aa0bf64763
* Update Trusted Credentials screen in settingsZoltan Szatmary-Ban2014-07-291-1/+2
| | | | | | | | | | Trusted credentials for both the primary user and its managed profiles are shown on the Trusted Credentials fragment. All functionalities (e.g. disabling/enabling of certificates) remain available. Bug: 16029580 Change-Id: Ia92ae02d8c572bf4a3be172f6c255726cefc0fa1
* Revert "Revert "Publish DevicePolicyManager CA certificate APIs""Robin Lee2014-06-191-3/+14
| | | | | | This reverts commit 792b270dbdc980cfe04e8d461bf00a1f45b5e936. Change-Id: I18c7e0eca39868230cd8e4f4bbeb3c44ff9e8b78
* Revert "Publish DevicePolicyManager CA certificate APIs"Robin Lee2014-06-171-14/+3
| | | | | | This reverts commit 5260bf69946563dc47c17e7441b352adfce384c5. Change-Id: I5e44fdac8a7375576b25171f58e31a1fa0e3c569
* Publish DevicePolicyManager CA certificate APIsRobin Lee2014-06-111-3/+14
| | | | | | | | | | | | | Exposes these methods: - hasCaCertInstalled - hasAnyCaCertsInstalled - installCaCert - uninstallCaCert Allows device and profile owners to perform some certificate management including querying for and enabling/disabling specific CA certificates. Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
* Use the correct package name for CHOOSERKenny Root2014-03-171-1/+6
| | | | | Bug: 13013106 Change-Id: I1f715de18e7108274f5a98234376d48c2d329438
* KeyChain: add explicit package for getPrivateKeyKenny Root2014-02-071-1/+7
| | | | | Bug: 9964538 Change-Id: If67c1938e9506d4fa81b241bcbce2193d1b194ef
* Add argument to binder call to check key typesKenny Root2013-09-051-2/+4
| | | | | | | | | Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. Bug: 10600582 Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb
* Add methods for managing CAs to DevicePolicyManager(Service)Maggie Benthall2013-08-201-1/+4
| | | | | | | | | | | | Guard install/uninstall by enforcing that the caller have the new system-only permission MANAGE_CA_CERTIFICATES. Also include API methods for asking whether there are any User CA certs installed, or if one by a particular name is installed in the keystore. CA certs will be installed via KeyChain into the TrustedCertificateStore. Bug: 8232670 Change-Id: I17b47a452e72eb4fe556dc6db823a46c6e854be8
* Track change in NativeCryptoKenny Root2013-05-071-0/+2
| | | | | | (cherry picked from commit 4b30e3391bda250975b43af43bad58c98fa73f84) Change-Id: I9eed3895d78c6906f7d29d325075cf1df48fd123
* resolved conflicts for merge of 1f6e789b to jb-mr2-dev-plus-aospKenny Root2013-04-291-2/+2
|\ | | | | | | Change-Id: I06c05d637613215b6d83df3e29cd495f6a5a0176
| * Track change to JSSE providerKenny Root2013-04-291-2/+2
| | | | | | | | Change-Id: I35e824e47ad758ab6408e91e2ba5dcda053a82f5
* | Add API to query KeyChain algorithm support, pt. 2Kenny Root2013-04-021-3/+3
| | | | | | | | | | | | | | Late-breaking comments on API name. Revised. Bug: 7095660 Change-Id: I7224d9c8a4f84a272360ede78a18bfb72d8aeb77
* | Add API to query KeyChain algorithm supportKenny Root2013-04-021-0/+24
|/ | | | | Bug: 7095660 Change-Id: Ia87caaa33bc01b032130811833f0a3c4f75b62d4
* KeyChain: return null instead of throwKenny Root2013-02-131-1/+6
| | | | | | | | The API documentation says it will return null if the key isn't found. We get null back from the keystore daemon when it can't retrieve the data, so just return null back to the API caller. Change-Id: I42248bd50cbc5f76864bd762aae3faab1c50529d
* Use TrustedCertificateStore for chain buildingKenny Root2012-08-071-17/+2
| | | | | | | Move chain building to TrustedCertificateStore since it has more information about the certificates. Change-Id: I3030e94eb1abb8a2047a4151bdaad9922706dd0f
* Add signing to keystoreKenny Root2012-03-201-15/+13
| | | | | | | | | Change the keystore to keep the private keys in keystore. When returned, it uses the OpenSSL representation of the key to allow users to use it in various operations through the OpenSSL ENGINE that connects to keystore. Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
* Merge "Make the credential storage change action public."Selim Gurun2012-03-151-1/+0
|\
| * Make the credential storage change action public.Selim Gurun2012-02-171-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 6009802 When the credential storage changes, (adding/removing certs, resetting the storage, enabling/disabling trusted CAs, etc), the applications that use the storage has to be made aware of the fact that the storage changed, so they can clear any cached state, close connections or take any other actions. Internally, this applies to webview. However, applications, potentially including 3rd party browsers, also need this information. Change-Id: I765b97a3f38f45247ee3f6e127b490388d373847
* | Remove obsolete KeyChain references to USE_CREDENTIALS (2 of 2)Brian Carlstrom2012-03-011-9/+0
|/ | | | Change-Id: Ic8a22ce3a9010b8378af044e611bf787e15f6227
* Act on credential storage updates.Selim Gurun2012-02-161-1/+17
| | | | | | | | | Bug: 6009802 Cherry pick fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1 Listen to credential storage updates and clean state when necessary. Change-Id: I2c63e6771e9373da8b39781fdcf3d21583c4e3b2
* Revert "Act on credential storage updates."Selim Gurun2012-02-151-17/+1
| | | This reverts commit fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
* Act on credential storage updates.Selim Gurun2012-02-151-1/+17
| | | | | | | | Bug: 6009802 Listen to credential storage updates and clean state when necessary. Change-Id: I48f2e7d6e036882c2b4a29fbd357ca018fd4e4c7
* Make the KeyChain handled its own grants rather than havingFred Quintana2011-07-131-116/+13
| | | | | | AccountManagerService handle them. Change-Id: I89d272b22766f85019c1f947153d69e6dbb74c68
* Merge "New KeyChain API for credential installation"Brian Carlstrom2011-07-061-10/+9
|\
| * New KeyChain API for credential installationBrian Carlstrom2011-06-291-10/+9
| | | | | | | | | | Bug: 3497064 Change-Id: Ie5c20e87a436b7ab66258d08b719ab8bb1f1d86d
* | Build cert chain in KeyChain.getCertificateChainBrian Carlstrom2011-07-011-1/+19
|/ | | | | Bug: 4970298 Change-Id: Id91391233528edc2a4da5ebe92ec85d381f170de
* KeyChain API for credential installationBrian Carlstrom2011-06-291-1/+87
| | | | | Bug: 3497064 Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
* Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5)Brian Carlstrom2011-06-251-9/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frameworks/base Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply preferred choice to be selected in chooser. This allows Email settings to highlight the current choice when allowing user to change settings. keystore/java/android/security/KeyChain.java api/current.txt Implemented KeyChain functionality to pass host and port information to KeyChainActivity for display. keystore/java/android/security/KeyChain.java KeyChain now sends a PendingIntent as part of the Intent it sends to the KeyChainActivity which can be used to identify the caller in reliable way. keystore/java/android/security/KeyChain.java Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse. Added Credentials.install variant with no value for use from KeyChainActivity keystore/java/android/security/Credentials.java packages/apps/CertInstaller Source of extension constants now in Credentials src/com/android/certinstaller/CertFile.java packages/apps/Browser Have browser supply host and port information to KeyChain.choosePrivateKeyAlias Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/browser/Tab.java packages/apps/Email Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/email/view/CertificateSelector.java packages/apps/KeyChain KeyChain now depends on bouncycastle X509Name for formatting X500Principals, since the 4 X500Principal formatting options could not format emailAddress attributes in a human readable way and its the most important attribute to display for client certificates in most cases. Android.mk Changing the UI to a dialog, make the activity style transparent. AndroidManifest.xml res/values/styles.xml Layout for chooser dialog res/layout/cert_chooser.xml Layout for list items in chooser res/layout/cert_item.xml New resources for dialog including comments for translators. res/values/strings.xml New dialog based KeyChainActivity. Now also shows requesting app and requesting server. Now can preselect a specified alias. New link directly to CertInstaller. src/com/android/keychain/KeyChainActivity.java Fix KeyChainTestActivity to work with TestKeyStore changes that were causing network activity on the UI to look up the name of localhost. Also track KeyChain.choosePrivateKeyAlias API change. tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
* New KeyChain API for application access to keystore credentialsBrian Carlstrom2011-06-101-2/+0
| | | | | | | The KeyChain API is Currently in use by Browser and validated by Email for client certificate authentication. Change-Id: Ifeab416be594457a05747406e31656e71795cb53
* KeyChain API refinementsBrian Carlstrom2011-06-091-10/+114
| | | | Change-Id: I177ab4642e6cd1aa13526c14f0a707175fd79655
* Change KeyChain to assume PEM encoded keystore entriesBrian Carlstrom2011-06-071-5/+4
| | | | | | | | | Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
* Remove need for onActivityResult from KeyChain APIBrian Carlstrom2011-05-251-39/+144
| | | | Change-Id: I97bb9db06978f6dc039d22bfee116671d7b3e336
* Move to KeyChain.bindBrian Carlstrom2011-05-171-25/+57
| | | | Change-Id: Ic3c6e0e9be9bcfdc882cf97cec38cca70b23d0a1
* Simplify KeyChain API by removing now unneeded CA certificate lookup (1 of 3)Brian Carlstrom2011-05-171-262/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frameworks/base Remove getCaCertificates and findIssuer from IKeyChainService, these are now done via libcore's TrustedCertificateStore (as part of the default TrustManager implementation) keystore/java/android/security/IKeyChainService.aidl Simplify KeyChain API. Now that the CA certificates are visible through the default TrustManager, the KeyChain is solely focused on retrieving PrivateKeys and their associated certificates. The calling API for KeyChain to simply a single KeyChain.get() call that returns a KeyChainResult, removing the need for a KeyChain instance that needs to be closed. keystore/java/android/security/KeyChain.java keystore/java/android/security/KeyChainResult.java master/libcore Remove getDefaultIndexedPKIXParameters and getIndexedPKIXParameters which was used as part of the prototype of looking up CAs via the KeyChain but is obsoleted by the new default TrustManager implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java packages/apps/KeyChain Tracking simplified IKeyChainService, removing now unneeded implementation, updating tests. src/com/android/keychain/KeyChainService.java tests/src/com/android/keychain/tests/KeyChainServiceTest.java tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I847b28c2f467c85f24d2b693a2fecc1cb46426b4
* Adding KeyChain API and IKeyChainServiceBrian Carlstrom2011-04-201-0/+372
Change-Id: Id3eaa2d1315481f199777b50e875811e3532988a
generated by cgit v1.1 at 2025-11-26 11:45:21 +0000