Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "KeyChain: Unify manual and programmatic key installation flows"

Browse Source
This commit is contained in:
Eran Messeri
2019-09-18 12:16:58 +00:00
committed by Android (Google) Code Review
parent e02001e298 d6ee4aae9b
commit f646df167a
3 changed files with 7 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
keystore/java/android/security/Credentials.java
View File

@@ -16,11 +16,12 @@
package android.security;
import android.annotation.UnsupportedAppUsage;
import com.android.org.bouncycastle.util.io.pem.PemObject;
import com.android.org.bouncycastle.util.io.pem.PemReader;
import com.android.org.bouncycastle.util.io.pem.PemWriter;
import android.annotation.UnsupportedAppUsage;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -90,30 +91,20 @@ public class Credentials {
public static final String EXTRA_INSTALL_AS_UID = "install_as_uid";
/**
* Intent extra: name for the user's private key.
* Intent extra: name for the user's key pair.
*/
public static final String EXTRA_USER_PRIVATE_KEY_NAME = "user_private_key_name";
public static final String EXTRA_USER_KEY_ALIAS = "user_key_pair_name";
/**
* Intent extra: data for the user's private key in PEM-encoded PKCS#8.
*/
public static final String EXTRA_USER_PRIVATE_KEY_DATA = "user_private_key_data";
/**
* Intent extra: name for the user's certificate.
*/
public static final String EXTRA_USER_CERTIFICATE_NAME = "user_certificate_name";
/**
* Intent extra: data for the user's certificate in PEM-encoded X.509.
*/
public static final String EXTRA_USER_CERTIFICATE_DATA = "user_certificate_data";
/**
* Intent extra: name for CA certificate chain
*/
public static final String EXTRA_CA_CERTIFICATES_NAME = "ca_certificates_name";
/**
* Intent extra: data for CA certificate chain in PEM-encoded X.509.
*/

3
keystore/java/android/security/IKeyChainService.aidl
View File

@@ -43,7 +43,8 @@ interface IKeyChainService {
String installCaCertificate(in byte[] caCertificate);
// APIs used by DevicePolicyManager
boolean installKeyPair(in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias);
boolean installKeyPair(
in byte[] privateKey, in byte[] userCert, in byte[] certChain, String alias, int uid);
boolean removeKeyPair(String alias);
// APIs used by Settings

2
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
View File

@@ -5645,7 +5645,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid));
try {
IKeyChainService keyChain = keyChainConnection.getService();
if (!keyChain.installKeyPair(privKey, cert, chain, alias)) {
if (!keyChain.installKeyPair(privKey, cert, chain, alias, KeyStore.UID_SELF)) {
return false;
}
if (requestAccess) {