summaryrefslogtreecommitdiffstats
path: root/keystore
Commit message (Collapse)AuthorAgeFilesLines
* KeyStore: stop using state()Kenny Root2013-02-143-7/+8
| | | | Change-Id: I721974fd95f8d1ab06a3fd1bbb4c9b4d9d1d7752
* Merge "Track keystore binder changes"Kenny Root2013-02-131-7/+7
|\
| * Track keystore binder changesKenny Root2013-02-131-7/+7
| | | | | | | | Change-Id: Id6133be059a8a0901d16355a9152e40e4a255454
* | KeyChain: return null instead of throwKenny Root2013-02-131-1/+6
|/ | | | | | | | The API documentation says it will return null if the key isn't found. We get null back from the keystore daemon when it can't retrieve the data, so just return null back to the API caller. Change-Id: I42248bd50cbc5f76864bd762aae3faab1c50529d
* am 74637db2: Merge "AndroidKeyStore: return error code on error"Kenny Root2013-02-041-1/+6
|\ | | | | | | | | | | # Via Gerrit Code Review (1) and Kenny Root (1) * commit '74637db21eb0b3c0167378e2b5c866fdc02e51f2': AndroidKeyStore: return error code on error
| * AndroidKeyStore: return error code on errorKenny Root2013-02-041-1/+6
| | | | | | | | | | | | | | Instead of blindly multiplying return value by 1000 to convert to milliseconds, check to see if it's an error condition first. Change-Id: I8eab1e7a86d78c13458fcbbc79d590e452fc9791
* | am 5a720bb9: Merge "AndroidKeyStore: add key wrapping test"Kenny Root2013-02-041-0/+48
|\ \ | |/ | | | | | | | | # Via Gerrit Code Review (1) and Kenny Root (1) * commit '5a720bb9b031d44e593d2054bda586ccc3752aa4': AndroidKeyStore: add key wrapping test
| * AndroidKeyStore: add key wrapping testKenny Root2013-02-041-0/+48
| | | | | | | | Change-Id: Ib21ab37d22689dd87f014eaa1f7919a575367cdd
* | am 133c5f5e: Merge "AndroidKeyStore: fix tests"Kenny Root2013-02-042-13/+7
|\ \ | |/ | | | | | | | | # Via Gerrit Code Review (1) and Kenny Root (1) * commit '133c5f5e91e72cff1a9a3a4903a0efc96b39165b': AndroidKeyStore: fix tests
| * AndroidKeyStore: fix testsKenny Root2013-02-042-13/+7
| | | | | | | | Change-Id: I65fd8ba27af57ea8fd27c8e08c9c1201f32c494d
* | am 2e99d3c9: am ebb61ca2: Merge "Track libcore changes for OpenSSLKey"Kenny Root2013-01-251-6/+3
|\ \ | |/ | | | | | | | | # Via Android Git Automerger (1) and others * commit '2e99d3c9646861ca92faf6708c18e36c7530fd93': Track libcore changes for OpenSSLKey
| * Track libcore changes for OpenSSLKeyKenny Root2013-01-221-6/+3
| | | | | | | | Change-Id: I39f60c34daa9ccc633efb02988ea238a84e6bbf1
* | am 834b0f3c: am 19b17b41: am 38a642e9: am 3e2479dd: Merge "docs: fix broken ↵Scott Main2013-01-031-3/+0
|\ \ | |/ |/| | | | | | | | | links and add new sitemap text file" into jb-mr1-dev * commit '834b0f3cd90679655ac1549cb427fc9475ac4a4b': docs: fix broken links and add new sitemap text file
| * docs: fix broken links and add new sitemap text fileScott Main2013-01-031-3/+0
| | | | | | | | Change-Id: If0f7967a65a6e3a444a565a2e8229a04a5265f56
* | Switch keystore to binderKenny Root2012-11-141-220/+133
| | | | | | | | Change-Id: I9fa1fc05068bee1eed3f618fb32f70cf3d4c05d4
* | am 768d9e1a: Merge "Correct executable bit for source files"Kenny Root2012-11-071-0/+0
|\ \ | |/ |/| | | | | * commit '768d9e1a72ceee7d4a5f608776b87b62d6ce4a04': Correct executable bit for source files
| * Correct executable bit for source filesKenny Root2012-11-071-0/+0
| | | | | | | | | | | | | | | | | | Many media files and source code files were marked as executable in Git. Remove those. Also a shell script and python script were not marked as executable. Change-Id: Ieb51bafb46c895a21d2e83696f5a901ba752b2c5
* | Remove AndroidKeyStore from APIKenny Root2012-09-141-0/+1
| | | | | | | | Change-Id: Ibe09d78e5a5b86604f01144f344525bff94c2dde
* | Tracking upgrade to bouncycastle 1.47Brian Carlstrom2012-09-121-18/+30
| | | | | | | | Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
* | Add some NullPointerExceptions to AndroidKeyStoreKenny Root2012-08-311-2/+39
| | | | | | | | | | | | | | | | | | | | Existing KeyStore implementations throw NullPointerExceptions beacuse the KeyStoreSpi doesn't check these arguments for null. Add in checks so we don't accidentally check some bogus values. Also switch a RuntimeException to a KeyStoreException Change-Id: I18f4d4474d607cb2057ea8069b901e0992275e78
* | Always-on VPN.Jeff Sharkey2012-08-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds support for always-on VPN profiles, also called "lockdown." When enabled, LockdownVpnTracker manages the netd firewall to prevent unencrypted traffic from leaving the device. It creates narrow rules to only allow traffic to the selected VPN server. When an egress network becomes available, LockdownVpnTracker will try bringing up the VPN connection, and will reconnect if disconnected. ConnectivityService augments any NetworkInfo based on the lockdown VPN status to help apps wait until the VPN is connected. This feature requires that VPN profiles use an IP address for both VPN server and DNS. It also blocks non-default APN access when enabled. Waits for USER_PRESENT after boot to check KeyStore status. Bug: 5756357 Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
* | Add ability to replace chain for PrivateKeyEntryKenny Root2012-08-224-24/+242
| | | | | | | | | | | | | | | | | | For the AndroidKeyStore API, allow entries to have their certificate chain replaced without destroying the underlying PrivateKey. Since entries are backed by unexportable private keys, requiring them to be supplied again doesn't make sense and is impossible. Change-Id: I629ce2a625315c8d8020a082892650ac5eba22ae
* | Add KeyPairGenerator for Android keystoreKenny Root2012-08-228-20/+638
| | | | | | | | | | | | | | | | This allows end-users to generate keys in the keystore without the private part of the key ever needing to leave the device. The generation process also generates a self-signed certificate. Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
* | Add AndroidKeyStore provider for KeyStore APIKenny Root2012-08-203-0/+1880
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces a public API for the Android keystore that is accessible via java.security.KeyStore API. This allows programs to store PrivateKeyEntry and TrustedCertificateEntry items visible only to themselves. Future work should include: * Implement KeyStore.CallbackHandlerProtection parameter to allow the caller to request that the keystore daemon unlock itself via the system password input dialog. * Implement SecretKeyEntry once that support is in keystore daemon Change-Id: I382ffdf742d3f9f7647c5f5a429244a340b6bb0a
* | Add getmtime to Android KeyStore APIKenny Root2012-08-202-0/+68
| | | | | | | | | | | | | | | | java.security.KeyStore requires that you be able to get the creation date for any given entry. We'll approximate that through using the mtime of the file in the keystore. Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f
* | am 1ad8bf56: am f0e87175: Merge "Remove useless TestRunner"Kenny Root2012-08-134-53/+13
|\ \ | |/ | | | | | | * commit '1ad8bf5660281d624759897e0403b35b29641ba2': Remove useless TestRunner
| * Remove useless TestRunnerKenny Root2012-08-104-53/+13
| | | | | | | | | | | | | | InstrumentationTestRunner can enumerate the test cases to run without a special TestRunner. Change-Id: I5a49413440ef191f28a21034a318d9a9e3f8174b
| * Change KeyStore to use Modified UTF-8 to match NativeCryptoBrian Carlstrom2012-08-012-22/+46
| | | | | | | | | | | | | | Bug: http://code.google.com/p/android/issues/detail?id=35141 Bug: 6869713 Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
| * Improve test key names to reproduce public issueBrian Carlstrom2012-07-271-9/+11
| | | | | | | | | | | | | | | | | | | | | | Also fixes other unrelated test failures. Bug: http://code.google.com/p/android/issues/detail?id=34577 Bug: 6837950 (cherry-picked from f4019af04a1fc4b16aa5972cbcbba703caa5d78d) Change-Id: I5b32b5ccac80f04a4d0fd6b21b8caa11e42995a7
* | Use TrustedCertificateStore for chain buildingKenny Root2012-08-071-17/+2
| | | | | | | | | | | | | | Move chain building to TrustedCertificateStore since it has more information about the certificates. Change-Id: I3030e94eb1abb8a2047a4151bdaad9922706dd0f
* | Change KeyStore to use Modified UTF-8 to match NativeCryptoBrian Carlstrom2012-07-302-22/+46
| | | | | | | | | | | | | | Bug: http://code.google.com/p/android/issues/detail?id=35141 Bug: 6869713 Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
* | Improve test key names to reproduce public issueBrian Carlstrom2012-07-171-9/+11
|/ | | | | | | | | Also fixes other unrelated test failures. Bug: http://code.google.com/p/android/issues/detail?id=34577 Bug: 6837950 Change-Id: I2c5ed1cbfbe0ab6f4ddd8619696d6545be0519a8
* Add signing to keystoreKenny Root2012-03-205-17/+352
| | | | | | | | | Change the keystore to keep the private keys in keystore. When returned, it uses the OpenSSL representation of the key to allow users to use it in various operations through the OpenSSL ENGINE that connects to keystore. Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
* Merge "Make the credential storage change action public."Selim Gurun2012-03-151-1/+0
|\
| * Make the credential storage change action public.Selim Gurun2012-02-171-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 6009802 When the credential storage changes, (adding/removing certs, resetting the storage, enabling/disabling trusted CAs, etc), the applications that use the storage has to be made aware of the fact that the storage changed, so they can clear any cached state, close connections or take any other actions. Internally, this applies to webview. However, applications, potentially including 3rd party browsers, also need this information. Change-Id: I765b97a3f38f45247ee3f6e127b490388d373847
* | Remove obsolete KeyChain references to USE_CREDENTIALS (2 of 2)Brian Carlstrom2012-03-011-9/+0
|/ | | | Change-Id: Ic8a22ce3a9010b8378af044e611bf787e15f6227
* Act on credential storage updates.Selim Gurun2012-02-161-1/+17
| | | | | | | | | Bug: 6009802 Cherry pick fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1 Listen to credential storage updates and clean state when necessary. Change-Id: I2c63e6771e9373da8b39781fdcf3d21583c4e3b2
* Revert "Act on credential storage updates."Selim Gurun2012-02-151-17/+1
| | | This reverts commit fcd93b72a3dde2b20fa0d8b04d3f47311b0856a1
* Act on credential storage updates.Selim Gurun2012-02-151-1/+17
| | | | | | | | Bug: 6009802 Listen to credential storage updates and clean state when necessary. Change-Id: I48f2e7d6e036882c2b4a29fbd357ca018fd4e4c7
* Make the KeyChain handled its own grants rather than havingFred Quintana2011-07-132-118/+19
| | | | | | AccountManagerService handle them. Change-Id: I89d272b22766f85019c1f947153d69e6dbb74c68
* Merge "New KeyChain API for credential installation"Brian Carlstrom2011-07-061-10/+9
|\
| * New KeyChain API for credential installationBrian Carlstrom2011-06-291-10/+9
| | | | | | | | | | Bug: 3497064 Change-Id: Ie5c20e87a436b7ab66258d08b719ab8bb1f1d86d
* | Build cert chain in KeyChain.getCertificateChainBrian Carlstrom2011-07-011-1/+19
|/ | | | | Bug: 4970298 Change-Id: Id91391233528edc2a4da5ebe92ec85d381f170de
* KeyChain API for credential installationBrian Carlstrom2011-06-292-21/+94
| | | | | Bug: 3497064 Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
* Add KeyStoreTest.testGetBrian Carlstrom2011-06-271-0/+12
| | | | | | Now that system user can read keystore, add KeyStoreTest.testGet and update other tests to use KeyStore.get Change-Id: I364866d52c2ecf550ff26aadc6e85126318889fa
* Moving ssl_certificate layout, resources, and helper code to SslCertificateBrian Carlstrom2011-06-271-0/+1
| | | | | | Add IKeyChainService.deleteCaCertificate Change-Id: If42341bc732efcfe4f958c00cdd6c0fec11a3c75
* Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5)Brian Carlstrom2011-06-252-9/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frameworks/base Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply preferred choice to be selected in chooser. This allows Email settings to highlight the current choice when allowing user to change settings. keystore/java/android/security/KeyChain.java api/current.txt Implemented KeyChain functionality to pass host and port information to KeyChainActivity for display. keystore/java/android/security/KeyChain.java KeyChain now sends a PendingIntent as part of the Intent it sends to the KeyChainActivity which can be used to identify the caller in reliable way. keystore/java/android/security/KeyChain.java Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse. Added Credentials.install variant with no value for use from KeyChainActivity keystore/java/android/security/Credentials.java packages/apps/CertInstaller Source of extension constants now in Credentials src/com/android/certinstaller/CertFile.java packages/apps/Browser Have browser supply host and port information to KeyChain.choosePrivateKeyAlias Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/browser/Tab.java packages/apps/Email Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/email/view/CertificateSelector.java packages/apps/KeyChain KeyChain now depends on bouncycastle X509Name for formatting X500Principals, since the 4 X500Principal formatting options could not format emailAddress attributes in a human readable way and its the most important attribute to display for client certificates in most cases. Android.mk Changing the UI to a dialog, make the activity style transparent. AndroidManifest.xml res/values/styles.xml Layout for chooser dialog res/layout/cert_chooser.xml Layout for list items in chooser res/layout/cert_item.xml New resources for dialog including comments for translators. res/values/strings.xml New dialog based KeyChainActivity. Now also shows requesting app and requesting server. Now can preselect a specified alias. New link directly to CertInstaller. src/com/android/keychain/KeyChainActivity.java Fix KeyChainTestActivity to work with TestKeyStore changes that were causing network activity on the UI to look up the name of localhost. Also track KeyChain.choosePrivateKeyAlias API change. tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
* New KeyChain API for application access to keystore credentialsBrian Carlstrom2011-06-103-6/+0
| | | | | | | The KeyChain API is Currently in use by Browser and validated by Email for client certificate authentication. Change-Id: Ifeab416be594457a05747406e31656e71795cb53
* KeyChain API refinementsBrian Carlstrom2011-06-094-15/+186
| | | | Change-Id: I177ab4642e6cd1aa13526c14f0a707175fd79655
* Change KeyChain to assume PEM encoded keystore entriesBrian Carlstrom2011-06-072-6/+50
| | | | | | | | | Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
generated by cgit v1.1 at 2025-01-18 19:53:07 +0000