diff options
| author | Eran Messeri <eranm@google.com> | 2019-09-10 17:23:48 +0100 |
|---|---|---|
| committer | Eran Messeri <eranm@google.com> | 2019-09-12 16:02:36 +0100 |
| commit | d6ee4aae9bf1ff631f52ba12a105798af614aa06 (patch) | |
| tree | 08b5100dae05ae110f50a246d22115e996b7f4f5 /keystore/java/android/security/Credentials.java | |
| parent | f986b4e9bb3763cad0e318a82908290814826ff0 (diff) | |
KeyChain: Unify manual and programmatic key installation flows
Unify the manual certificate installation flow (via "Install from
storage" in the Settings app) with the programmatic one (using
DevicePolicyManager.installKeyPair).
The unification is achieved by extending the KeyChainService API to take
in the UID for which the key is designated (so WiFi keys can be
installed with the unified flow), and making the CredentialStorage
activity call the KeyChainService rather than poke into Keystore
directly.
Framework-related changes to support this:
* Add new constant for specifying the key alias as an extra to the
install activity, and remove obsolete constants from the Credentials
class.
* Make KeyChainService definition include key destination UID.
* Make the call to KeyChainService.installKeyPair from the
DevicePolicyManagerService specify the "self" UID.
Test: Manual CtsVerifier tests: KeyChain Storage Test, CA Cert Notification Test
Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Bug: 138375478
Change-Id: Ib317f85fa6719c70ee3b1da4255c44754fbfa789
Diffstat (limited to 'keystore/java/android/security/Credentials.java')
| -rw-r--r-- | keystore/java/android/security/Credentials.java | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index 08f417662523..54995ac9d050 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -16,11 +16,12 @@ package android.security; +import android.annotation.UnsupportedAppUsage; + import com.android.org.bouncycastle.util.io.pem.PemObject; import com.android.org.bouncycastle.util.io.pem.PemReader; import com.android.org.bouncycastle.util.io.pem.PemWriter; -import android.annotation.UnsupportedAppUsage; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -90,9 +91,9 @@ public class Credentials { public static final String EXTRA_INSTALL_AS_UID = "install_as_uid"; /** - * Intent extra: name for the user's private key. + * Intent extra: name for the user's key pair. */ - public static final String EXTRA_USER_PRIVATE_KEY_NAME = "user_private_key_name"; + public static final String EXTRA_USER_KEY_ALIAS = "user_key_pair_name"; /** * Intent extra: data for the user's private key in PEM-encoded PKCS#8. @@ -100,21 +101,11 @@ public class Credentials { public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data"; /** - * Intent extra: name for the user's certificate. - */ - public static final String EXTRA_USER_CERTIFICATE_NAME = "user_certificate_name"; - - /** * Intent extra: data for the user's certificate in PEM-encoded X.509. */ public static final String EXTRA_USER_CERTIFICATE_DATA = "user_certificate_data"; /** - * Intent extra: name for CA certificate chain - */ - public static final String EXTRA_CA_CERTIFICATES_NAME = "ca_certificates_name"; - - /** * Intent extra: data for CA certificate chain in PEM-encoded X.509. */ public static final String EXTRA_CA_CERTIFICATES_DATA = "ca_certificates_data"; |