summaryrefslogtreecommitdiffstats
path: root/keystore
Commit message (Collapse)AuthorAgeFilesLines
* Make the KeyChain handled its own grants rather than havingFred Quintana2011-07-132-118/+19
| | | | | | AccountManagerService handle them. Change-Id: I89d272b22766f85019c1f947153d69e6dbb74c68
* Merge "New KeyChain API for credential installation"Brian Carlstrom2011-07-061-10/+9
|\
| * New KeyChain API for credential installationBrian Carlstrom2011-06-291-10/+9
| | | | | | | | | | Bug: 3497064 Change-Id: Ie5c20e87a436b7ab66258d08b719ab8bb1f1d86d
* | Build cert chain in KeyChain.getCertificateChainBrian Carlstrom2011-07-011-1/+19
|/ | | | | Bug: 4970298 Change-Id: Id91391233528edc2a4da5ebe92ec85d381f170de
* KeyChain API for credential installationBrian Carlstrom2011-06-292-21/+94
| | | | | Bug: 3497064 Change-Id: I4ac4d8b5559496b1632d63c2129e2bafd240893f
* Add KeyStoreTest.testGetBrian Carlstrom2011-06-271-0/+12
| | | | | | Now that system user can read keystore, add KeyStoreTest.testGet and update other tests to use KeyStore.get Change-Id: I364866d52c2ecf550ff26aadc6e85126318889fa
* Moving ssl_certificate layout, resources, and helper code to SslCertificateBrian Carlstrom2011-06-271-0/+1
| | | | | | Add IKeyChainService.deleteCaCertificate Change-Id: If42341bc732efcfe4f958c00cdd6c0fec11a3c75
* Replace KeyChainActivity placeholder UI with more polished dialog (1 of 5)Brian Carlstrom2011-06-252-9/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frameworks/base Extended KeyChain.chooserPrivateKeyAlias to allow caller to supply preferred choice to be selected in chooser. This allows Email settings to highlight the current choice when allowing user to change settings. keystore/java/android/security/KeyChain.java api/current.txt Implemented KeyChain functionality to pass host and port information to KeyChainActivity for display. keystore/java/android/security/KeyChain.java KeyChain now sends a PendingIntent as part of the Intent it sends to the KeyChainActivity which can be used to identify the caller in reliable way. keystore/java/android/security/KeyChain.java Moved .pfx/.p12/.cer/.crt constants to Credentials for reuse. Added Credentials.install variant with no value for use from KeyChainActivity keystore/java/android/security/Credentials.java packages/apps/CertInstaller Source of extension constants now in Credentials src/com/android/certinstaller/CertFile.java packages/apps/Browser Have browser supply host and port information to KeyChain.choosePrivateKeyAlias Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/browser/Tab.java packages/apps/Email Tracking KeyChain.choosePrivateKeyAlias API change src/com/android/email/view/CertificateSelector.java packages/apps/KeyChain KeyChain now depends on bouncycastle X509Name for formatting X500Principals, since the 4 X500Principal formatting options could not format emailAddress attributes in a human readable way and its the most important attribute to display for client certificates in most cases. Android.mk Changing the UI to a dialog, make the activity style transparent. AndroidManifest.xml res/values/styles.xml Layout for chooser dialog res/layout/cert_chooser.xml Layout for list items in chooser res/layout/cert_item.xml New resources for dialog including comments for translators. res/values/strings.xml New dialog based KeyChainActivity. Now also shows requesting app and requesting server. Now can preselect a specified alias. New link directly to CertInstaller. src/com/android/keychain/KeyChainActivity.java Fix KeyChainTestActivity to work with TestKeyStore changes that were causing network activity on the UI to look up the name of localhost. Also track KeyChain.choosePrivateKeyAlias API change. tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I07128fba8750f9a6bcb9c6be5da04df992403d69
* New KeyChain API for application access to keystore credentialsBrian Carlstrom2011-06-103-6/+0
| | | | | | | The KeyChain API is Currently in use by Browser and validated by Email for client certificate authentication. Change-Id: Ifeab416be594457a05747406e31656e71795cb53
* KeyChain API refinementsBrian Carlstrom2011-06-094-15/+186
| | | | Change-Id: I177ab4642e6cd1aa13526c14f0a707175fd79655
* Change KeyChain to assume PEM encoded keystore entriesBrian Carlstrom2011-06-072-6/+50
| | | | | | | | | Summary: - Changed KeyChain to assume PEM encoded keystore entries - Moved convertToPem from CertInstaller for reuse with other Credentials helpers - Added convertFromPem for use decoding keystore entries Change-Id: I340168b88aefa458d01e81324824e2e08b1d7c4e
* Restore ResponseCodes for use with getLastErrorBrian Carlstrom2011-06-011-10/+10
| | | | Change-Id: I41b5bc9cbb6c05672c92d5864e889fd2b0186141
* Integrating keystore with keyguard (Part 1 of 4)Brian Carlstrom2011-06-012-61/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summary: frameworks/base keystore rewrite keyguard integration with keystore on keyguard entry or keyguard change KeyStore API simplification packages/apps/Settings Removed com.android.credentials.SET_PASSWORD intent support Added keyguard requirement for keystore use packages/apps/CertInstaller Tracking KeyStore API changes Fix for NPE in CertInstaller when certificate lacks basic constraints packages/apps/KeyChain Tracking KeyStore API changes Details: frameworks/base Move keystore from C to C++ while rewriting password implementation. Removed global variables. Added many comments. cmds/keystore/Android.mk cmds/keystore/keystore.h cmds/keystore/keystore.c => cmds/keystore/keystore.cpp cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp Changed saveLockPattern and saveLockPassword to notify the keystore on changes so that the keystore master key can be reencrypted when the keyguard changes. core/java/com/android/internal/widget/LockPatternUtils.java Changed unlock screens to pass values for keystore unlock or initialization policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java KeyStore API changes - renamed test() to state(), which now return a State enum - made APIs with byte[] key arguments private - added new KeyStore.isEmpty used to determine if a keyguard is required keystore/java/android/security/KeyStore.java In addition to tracking KeyStore API changes, added new testIsEmpty and improved some existing tests to validate expect values. keystore/tests/src/android/security/KeyStoreTest.java packages/apps/Settings Removing com.android.credentials.SET_PASSWORD intent with the removal of the ability to set an explicit keystore password now that the keyguard value is used. Changed to ensure keyguard is enabled for keystore install or unlock. Cleaned up interwoven dialog handing into discrete dialog helper classes. AndroidManifest.xml src/com/android/settings/CredentialStorage.java Remove layout for entering new password res/layout/credentials_dialog.xml Remove enable credentials checkbox res/xml/security_settings_misc.xml src/com/android/settings/SecuritySettings.java Added ability to specify minimum quality key to ChooseLockGeneric Activity. Used by CredentialStorage, but could also be used by CryptKeeperSettings. Changed ChooseLockGeneric to understand minimum quality for keystore in addition to DPM and device encryption. src/com/android/settings/ChooseLockGeneric.java Changed to use getActivePasswordQuality from getKeyguardStoredPasswordQuality based on experience in CredentialStorage. Removed bogus class javadoc. src/com/android/settings/CryptKeeperSettings.java Tracking KeyStore API changes src/com/android/settings/vpn/VpnSettings.java src/com/android/settings/wifi/WifiSettings.java Removing now unused string resources res/values-af/strings.xml res/values-am/strings.xml res/values-ar/strings.xml res/values-bg/strings.xml res/values-ca/strings.xml res/values-cs/strings.xml res/values-da/strings.xml res/values-de/strings.xml res/values-el/strings.xml res/values-en-rGB/strings.xml res/values-es-rUS/strings.xml res/values-es/strings.xml res/values-fa/strings.xml res/values-fi/strings.xml res/values-fr/strings.xml res/values-hr/strings.xml res/values-hu/strings.xml res/values-in/strings.xml res/values-it/strings.xml res/values-iw/strings.xml res/values-ja/strings.xml res/values-ko/strings.xml res/values-lt/strings.xml res/values-lv/strings.xml res/values-ms/strings.xml res/values-nb/strings.xml res/values-nl/strings.xml res/values-pl/strings.xml res/values-pt-rPT/strings.xml res/values-pt/strings.xml res/values-rm/strings.xml res/values-ro/strings.xml res/values-ru/strings.xml res/values-sk/strings.xml res/values-sl/strings.xml res/values-sr/strings.xml res/values-sv/strings.xml res/values-sw/strings.xml res/values-th/strings.xml res/values-tl/strings.xml res/values-tr/strings.xml res/values-uk/strings.xml res/values-vi/strings.xml res/values-zh-rCN/strings.xml res/values-zh-rTW/strings.xml res/values-zu/strings.xml res/values/strings.xml packages/apps/CertInstaller Tracking KeyStore API changes src/com/android/certinstaller/CertInstaller.java Fix for NPE in CertInstaller when certificate lacks basic constraints src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Tracking KeyStore API changes src/com/android/keychain/KeyChainActivity.java src/com/android/keychain/KeyChainService.java support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java tests/src/com/android/keychain/tests/KeyChainServiceTest.java Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
* Remove need for onActivityResult from KeyChain APIBrian Carlstrom2011-05-255-113/+205
| | | | Change-Id: I97bb9db06978f6dc039d22bfee116671d7b3e336
* Move to KeyChain.bindBrian Carlstrom2011-05-171-25/+57
| | | | Change-Id: Ic3c6e0e9be9bcfdc882cf97cec38cca70b23d0a1
* Simplify KeyChain API by removing now unneeded CA certificate lookup (1 of 3)Brian Carlstrom2011-05-173-265/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | frameworks/base Remove getCaCertificates and findIssuer from IKeyChainService, these are now done via libcore's TrustedCertificateStore (as part of the default TrustManager implementation) keystore/java/android/security/IKeyChainService.aidl Simplify KeyChain API. Now that the CA certificates are visible through the default TrustManager, the KeyChain is solely focused on retrieving PrivateKeys and their associated certificates. The calling API for KeyChain to simply a single KeyChain.get() call that returns a KeyChainResult, removing the need for a KeyChain instance that needs to be closed. keystore/java/android/security/KeyChain.java keystore/java/android/security/KeyChainResult.java master/libcore Remove getDefaultIndexedPKIXParameters and getIndexedPKIXParameters which was used as part of the prototype of looking up CAs via the KeyChain but is obsoleted by the new default TrustManager implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParametersImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java packages/apps/KeyChain Tracking simplified IKeyChainService, removing now unneeded implementation, updating tests. src/com/android/keychain/KeyChainService.java tests/src/com/android/keychain/tests/KeyChainServiceTest.java tests/src/com/android/keychain/tests/KeyChainTestActivity.java Change-Id: I847b28c2f467c85f24d2b693a2fecc1cb46426b4
* Make CertInstaller installed CA certs trusted by applications via default ↵Brian Carlstrom2011-05-141-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TrustManager (1 of 6) frameworks/base Adding IKeyChainService APIs for CertInstaller and Settings use keystore/java/android/security/IKeyChainService.aidl libcore Improve exceptions to include more information luni/src/main/java/javax/security/auth/x500/X500Principal.java Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods. Added support for adding user CAs in a separate directroy for system. Added support for removeing system CAs by placing a copy in a sytem directory luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash to make sure the implementing algortims doe not change since TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to 1.0.0) luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java Extensive test of new TrustedCertificateStore behavior luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java TestKeyStore improvements - Refactored TestKeyStore to provide simpler createCA method (and internal createCertificate) - Cleaned up to remove use of BouncyCastle specific X509Principal in the TestKeyStore API when the public X500Principal would do. - Cleaned up TestKeyStore support methods to not throw Exception to remove need for static blocks for catch clauses in tests. support/src/test/java/libcore/java/security/TestKeyStore.java luni/src/test/java/libcore/java/security/KeyStoreTest.java luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java packages/apps/CertInstaller Change CertInstaller to call IKeyChainService.installCertificate for CA certs to pass them to the KeyChainServiceTest which will make them available to all apps through the TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask. src/com/android/certinstaller/CertInstaller.java Added installCaCertsToKeyChain and hasCaCerts accessor for use by CertInstaller. Use hasUserCertificate() internally. Cleanup coding style. src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Added MANAGE_ACCOUNTS so that IKeyChainService.reset implementation can remove KeyChain accounts. AndroidManifest.xml Implement new IKeyChainService methods: - Added IKeyChainService.installCaCertificate to install certs provided by CertInstaller using the TrustedCertificateStore. - Added IKeyChainService.reset to allow Settings to remove the KeyChain accounts so that any app granted access to keystore credentials are revoked when the keystore is reset. src/com/android/keychain/KeyChainService.java packages/apps/Settings Changed com.android.credentials.RESET credential reset action to also call IKeyChainService.reset to remove any installed user CAs and remove KeyChain accounts to have AccountManager revoke credential granted to private keys removed during the RESET. src/com/android/settings/CredentialStorage.java Added toast text value for failure case res/values/strings.xml system/core Have init create world readable /data/misc/keychain to allow apps to access user added CA certificates installed by the CertInstaller. rootdir/init.rc Change-Id: I2e4b169cbb35d32d97f5d6a00d988fa389eadcb2
* Expose Credentials.UNLOCK_ACTION for callers that want to use ↵Brian Carlstrom2011-04-221-1/+3
| | | | | | startActivityForResult Change-Id: I729b2d8257bda3e7ff7858741ebd5415404880e7
* Adding KeyChain API and IKeyChainServiceBrian Carlstrom2011-04-202-0/+403
| | | | Change-Id: Id3eaa2d1315481f199777b50e875811e3532988a
* Tolerate missing AccountManager resource, not just missing resource nameBrian Carlstrom2011-04-071-13/+6
| | | | | | In addition to the primary change in the subject, also some minor cleanup of javadoc, typos, CloseGuard warning, etc found while working on a new AbstractAccountAuthenticator. Change-Id: I73f3408773a43a0021a15f8d051fd3dbbdf898a5
* Update the path of the intent to unlock keystore.Chia-chi Yeh2011-01-201-13/+1
| | | | Change-Id: Ia81d0c172f2be6d04cba4db6e6798058f321605d
* Use deliberately public API rather than org.apache cruft.Elliott Hughes2010-11-111-6/+3
| | | | | | | InputStreamHelper is scheduled for deletion. As a bonus, the new code is more efficient. Change-Id: Ied8b87fa24f8506cf748b0d4c99ee7e2ae201483
* Work on issue #3101415: Crespo apps seem to have their UID changed over time.Dianne Hackborn2010-10-151-0/+1
| | | | | | fsync! Change-Id: Ie6c5397202579935ac69bf61d3e7b3081ecf269c
* Use explicit intent for installing credentials.Hung-ying Tyan2010-10-081-3/+10
| | | | | | http://b/issue?id=3020049 Change-Id: I429c5b2c9f3b876e6197894a9437952d71d5c472
* Remove the use of FileInputStream.available()Rich Cannings2010-09-091-12/+7
| | | | | Bug: 2976294 Change-Id: I34b13cedbf1d2338163ef74454817c318a3a24f5
* Don't rely on the system locale for converting to/from bytes.Nick Kralevich2010-03-102-11/+41
| | | | | | | | | | | | | | | | | | | | By default, when java converts Strings to bytes, it uses the default system locale. This can be specified by the -Dfile.encoding option. If no file encoding is specified, java uses ISO8859_1. Unfortunately, not all unicode characters can be mapped to ISO8859_1. Unmappable characters may be replaced by a byte within ISO8859_1, which may change the meaning of the String. This is especially problematic for password strings, and has been used to compromise the security of passwords in the past. Thankfully, Android uses UTF-8 by default, so this bug doesn't effect Android devices. However, it's recommended to explicitly list the character set when converting to/from bytes to avoid the potential ambiguity. Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8
* Better file permissions enforcement on system keystore.Oscar Montemayor2010-02-221-0/+3
|
* Fix for bug 2427961 ↵Oscar Montemayor2010-02-091-2/+3
| | | | | | android.security.tests.SystemKeyStoreTest:testBasicAccess is failing. Fixed issues in test.
* KeyStore: minor improvements.Chia-chi Yeh2010-02-061-20/+21
| | | | | Make constants final. Only converts ArrayLists to arrays when necessary.
* Apps on SD card.Oscar Montemayor2010-01-151-1/+1
| | | | | Added support for retrieving and generating keys as Hex Strings. Using keys to mount encrypted FS.
* Apps on SD card.Oscar Montemayor2010-01-152-1/+39
| | | | Added support for retrieving and generating keys as Hex Strings.
* Apps on SD card project.Oscar Montemayor2010-01-063-0/+188
| | | | A simple keystore to store system-only key material, by leveraging file system access permissions.
* Add unit test for the new keystore.Chung-yih Wang2009-09-294-0/+226
| | | | | | Since we need to test the keystore with user system in order to test the reset(), password(), lock() and unlock(), we have to take advantage of the ActivityUnitTestCase to run the test with the user 'system'.
* KeyStore: remove classes used by old keystore.Chia-chi Yeh2009-09-242-229/+0
|
* KeyStore: return null when response code indicates an error.Chia-chi Yeh2009-09-241-3/+5
|
* Remove old keystore and related files.Hung-ying Tyan2009-09-246-1207/+0
|
* KeyStore: rename scan() to saw().Chia-chi Yeh2009-09-221-3/+3
|
* KeyStore: add java interface.Chia-chi Yeh2009-09-212-3/+224
|
* Add a helper class to send out credentials.Chia-chi Yeh2009-09-181-0/+98
| | | | Change-Id: I9a550c6edc55d5c2c601223c011922b183cb4d30
* Fix a minor bug in is_alnum_string()...Hung-ying Tyan2009-09-171-4/+0
| | | | and remove some verbose logging
* Add tests and misc fixes on keystore.Hung-ying Tyan2009-09-112-14/+21
| | | | | | | | | * Refactor netkeystore.c to make client and server code testable. * Add a client test for setting new passwd and changing passwd. * Exclude "." and ".." from reset_keystore(). * Change ServerCommand.executeCommand() to accept variable length of arguments and add convert() to marshalling the args to bytes. * Keystore.java is revised accordingly.
* Add two CertTool helper classes.Hung-ying Tyan2009-09-102-44/+186
| | | | Also add the unlock action string to Keystore.
* keystore: remove "#include <openssl/engine.h>".Chia-chi Yeh2009-09-101-1/+0
|
* Replace the delimiter whitespace with '\0'.Chung-yih Wang2009-09-091-5/+4
| | | | | | | | + Use '\0' as the delimiter. + Allow whitespace character for keystore password. In previous implementation, we use space as the delimiter. That will stop user from using passphrase with whitespace character.
* Print error message if the buffer size is too small.Chung-yih Wang2009-09-021-1/+4
|
* Store CA certificate chain into one single key entry with PEM format.Chung-yih Wang2009-09-012-17/+17
| | | | Extract all CA certificates in a PKCS12 keystore into a single entry in keystore with multiple PEMs.
* Merge change 21259 into eclairAndroid (Google) Code Review2009-08-261-4/+9
|\ | | | | | | | | * changes: Make certificate-handling-related constants public
| * Make certificate-handling-related constants publicHung-ying Tyan2009-08-141-4/+9
| |
* | am c8ab08aa: Merge change 21124 into donutJean-Baptiste Queru2009-08-182-0/+190
|\ \ | |/ |/| | | | | | | | | Merge commit 'c8ab08aa86aea3b693f731c9e817eeb71ab4c1cd' into eclair * commit 'c8ab08aa86aea3b693f731c9e817eeb71ab4c1cd': Add license-related files
| * Add license-related filesJean-Baptiste Queru2009-08-132-0/+190
| | | | | | | | BUG=1573996
generated by cgit v1.1 at 2025-01-12 18:36:17 +0000