diff options
| author | Rubin Xu <rubinxu@google.com> | 2020-07-15 15:49:42 +0100 |
|---|---|---|
| committer | Rubin Xu <rubinxu@google.com> | 2020-07-15 15:50:14 +0100 |
| commit | ac51bf8a40d24e23e09974cbd0da2d0ecd32fde9 (patch) | |
| tree | 4649ff9f94510b428e181cbbda4b113b8c432c45 /keystore | |
| parent | 944082eca5feede79e0dd0c6e8a892ef835c6872 (diff) | |
[DO NOT MERGE] Rollup changes from R related to CertInstaller and KeyChain
This change includes the following commits that are related to
CertInstaller and KeyChain:
7a5c8fe4afd KeyChain: Unify manual and programmatic key installation flows
a894225c7da Added functionality to select type of certificate to be installed from the Settings app
a9131939a35 Add KeyChain.KEY_ALIAS_SELECTION_DENIED constant.
485be505f19 Fix KeyChain.KEY_ALIAS_SELECTION_DENIED
Bug: 161347472
Test: builds & manual testing
Change-Id: I560bade479b41a5b88f81ea6dfdecba689c2f4ad
Diffstat (limited to 'keystore')
| -rw-r--r-- | keystore/java/android/security/Credentials.java | 26 | ||||
| -rw-r--r-- | keystore/java/android/security/IKeyChainService.aidl | 3 | ||||
| -rw-r--r-- | keystore/java/android/security/KeyChain.java | 10 |
3 files changed, 27 insertions, 12 deletions
diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index 7282bcfe4445..62194d84f4f5 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -74,6 +74,15 @@ public class Credentials { /** Key containing suffix of lockdown VPN profile. */ public static final String LOCKDOWN_VPN = "LOCKDOWN_VPN"; + /** Name of CA certificate usage. */ + public static final String CERTIFICATE_USAGE_CA = "ca"; + + /** Name of User certificate usage. */ + public static final String CERTIFICATE_USAGE_USER = "user"; + + /** Name of WIFI certificate usage. */ + public static final String CERTIFICATE_USAGE_WIFI = "wifi"; + /** Data type for public keys. */ public static final String EXTRA_PUBLIC_KEY = "KEY"; @@ -94,19 +103,19 @@ public class Credentials { public static final String EXTRA_INSTALL_AS_UID = "install_as_uid"; /** - * Intent extra: name for the user's private key. + * Intent extra: type of the certificate to install */ - public static final String EXTRA_USER_PRIVATE_KEY_NAME = "user_private_key_name"; + public static final String EXTRA_CERTIFICATE_USAGE = "certificate_install_usage"; /** - * Intent extra: data for the user's private key in PEM-encoded PKCS#8. + * Intent extra: name for the user's key pair. */ - public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data"; + public static final String EXTRA_USER_KEY_ALIAS = "user_key_pair_name"; /** - * Intent extra: name for the user's certificate. + * Intent extra: data for the user's private key in PEM-encoded PKCS#8. */ - public static final String EXTRA_USER_CERTIFICATE_NAME = "user_certificate_name"; + public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data"; /** * Intent extra: data for the user's certificate in PEM-encoded X.509. @@ -114,11 +123,6 @@ public class Credentials { public static final String EXTRA_USER_CERTIFICATE_DATA = "user_certificate_data"; /** - * Intent extra: name for CA certificate chain - */ - public static final String EXTRA_CA_CERTIFICATES_NAME = "ca_certificates_name"; - - /** * Intent extra: data for CA certificate chain in PEM-encoded X.509. */ public static final String EXTRA_CA_CERTIFICATES_DATA = "ca_certificates_data"; diff --git a/keystore/java/android/security/IKeyChainService.aidl b/keystore/java/android/security/IKeyChainService.aidl index b3cdff7eedf7..97da3cc6f80f 100644 --- a/keystore/java/android/security/IKeyChainService.aidl +++ b/keystore/java/android/security/IKeyChainService.aidl @@ -43,7 +43,8 @@ interface IKeyChainService { String installCaCertificate(in byte[] caCertificate); // APIs used by DevicePolicyManager - boolean installKeyPair(in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias); + boolean installKeyPair( + in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias, int uid); boolean removeKeyPair(String alias); // APIs used by Settings diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 1829d2f406b4..254456cea536 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -343,6 +343,16 @@ public final class KeyChain { public static final int KEY_ATTESTATION_FAILURE = 4; /** + * Used by DPC or delegated app in + * {@link android.app.admin.DeviceAdminReceiver#onChoosePrivateKeyAlias} or + * {@link android.app.admin.DelegatedAdminReceiver#onChoosePrivateKeyAlias} to identify that + * the requesting app is not granted access to any key, and nor will the user be able to grant + * access manually. + */ + public static final String KEY_ALIAS_SELECTION_DENIED = + "android:alias-selection-denied"; + + /** * Returns an {@code Intent} that can be used for credential * installation. The intent may be used without any extras, in * which case the user will be able to install credentials from |