Add KeyChain Test API for the credential manager

* Add setCredentialManagementApp and removeCredentialManagementApp to KeyChain * Add permission to manage credential management app, which is to be used in CTS tests Bug: 165641221 Test: atest android.devicepolicy.cts.CredentialManagementAppTest Change-Id: I8487ebc13758a31639d55c8e380faa51d1cfd843
author: Alex Johnston <acjohnston@google.com> 2021-01-11 10:13:54 +0000
committer: Alex Johnston <acjohnston@google.com> 2021-01-12 14:26:56 +0000
commit: ad53ef61e7d183a2600b1e69edd0eb7c18bd5144 (patch)
tree: 54d7381edec3c8c8b92585198c467b28a05ae438 /keystore/java/android/security/KeyChain.java
parent: 8bf124b0d1b767bbd47ac2440c0f408da516e8a6 (diff)
1 files changed, 58 insertions, 0 deletions
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index 2f444b34ce81..97819c56fd5a 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -17,10 +17,13 @@ package android.security;
 
 import static android.security.Credentials.ACTION_MANAGE_CREDENTIALS;
 
+import android.Manifest;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
+import android.annotation.RequiresPermission;
 import android.annotation.SdkConstant;
 import android.annotation.SdkConstant.SdkConstantType;
+import android.annotation.TestApi;
 import android.annotation.WorkerThread;
 import android.app.Activity;
 import android.app.PendingIntent;
@@ -41,6 +44,7 @@ import android.os.UserManager;
 import android.security.keystore.AndroidKeyStoreProvider;
 import android.security.keystore.KeyPermanentlyInvalidatedException;
 import android.security.keystore.KeyProperties;
+import android.util.Log;
 
 import com.android.org.conscrypt.TrustedCertificateStore;
 
@@ -105,6 +109,11 @@ import javax.security.auth.x500.X500Principal;
 public final class KeyChain {
 
     /**
+     * @hide
+     */
+    public static final String LOG = "KeyChain";
+
+    /**
      * @hide Also used by KeyChainService implementation
      */
     public static final String ACCOUNT_TYPE = "com.android.keychain";
@@ -579,6 +588,55 @@ public final class KeyChain {
         activity.startActivity(intent);
     }
 
+    /**
+     * Set a credential management app. The credential management app has the ability to manage
+     * the user's KeyChain credentials on unmanaged devices.
+     *
+     * <p>There can only be one credential management on the device. If another app requests to
+     * become the credential management app, then the existing credential management app will
+     * no longer be able to manage credentials.
+     *
+     * @param packageName The package name of the credential management app
+     * @param authenticationPolicy The authentication policy of the credential management app. This
+     *                             policy determines which alias for a private key and certificate
+     *                             pair should be used for authentication.
+     * @return {@code true} if the credential management app was successfully added.
+     * @hide
+     */
+    @TestApi
+    @RequiresPermission(Manifest.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP)
+    public static boolean setCredentialManagementApp(@NonNull Context context,
+            @NonNull String packageName, @NonNull AppUriAuthenticationPolicy authenticationPolicy) {
+        try (KeyChainConnection keyChainConnection = KeyChain.bind(context)) {
+            keyChainConnection.getService()
+                    .setCredentialManagementApp(packageName, authenticationPolicy);
+            return true;
+        } catch (RemoteException | InterruptedException e) {
+            Log.w(LOG, "Set credential management app failed", e);
+            Thread.currentThread().interrupt();
+            return false;
+        }
+    }
+
+    /**
+     * Remove the user's KeyChain credentials on unmanaged devices.
+     *
+     * @return {@code true} if the credential management app was successfully removed.
+     * @hide
+     */
+    @TestApi
+    @RequiresPermission(Manifest.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP)
+    public static boolean removeCredentialManagementApp(@NonNull Context context) {
+        try (KeyChainConnection keyChainConnection = KeyChain.bind(context)) {
+            keyChainConnection.getService().removeCredentialManagementApp();
+            return true;
+        } catch (RemoteException | InterruptedException e) {
+            Log.w(LOG, "Remove credential management app failed", e);
+            Thread.currentThread().interrupt();
+            return false;
+        }
+    }
+
     private static class AliasResponse extends IKeyChainAliasCallback.Stub {
         private final KeyChainAliasCallback keyChainAliasResponse;
         private AliasResponse(KeyChainAliasCallback keyChainAliasResponse) {
author	Alex Johnston <acjohnston@google.com>	2021-01-11 10:13:54 +0000
committer	Alex Johnston <acjohnston@google.com>	2021-01-12 14:26:56 +0000
commit	ad53ef61e7d183a2600b1e69edd0eb7c18bd5144 (patch)
tree	54d7381edec3c8c8b92585198c467b28a05ae438 /keystore/java/android/security/KeyChain.java
parent	8bf124b0d1b767bbd47ac2440c0f408da516e8a6 (diff)