Use KeyChain instead of Credentials to delete certs

Credentials is a bit too low-level. KeyChain will call into the same API but also arrange deletion of grants, send out STORAGE_CHANGED broadcast and anything else that might be needed in future. Bug: 27335182 Change-Id: I764ffa3c5539ddec2b9a776bd3fec6a78a043248
2016-02-24 17:39:32 +00:00
parent b2e8d34359
commit da7bc51615
1 changed files with 41 additions and 8 deletions
--- a/src/com/android/settings/UserCredentialsSettings.java
+++ b/src/com/android/settings/UserCredentialsSettings.java
@@ -27,8 +27,13 @@ import android.os.AsyncTask;
 import android.os.Bundle;
 import android.os.Parcel;
 import android.os.Parcelable;
+import android.os.RemoteException;
 import android.security.Credentials;
+import android.security.IKeyChainService;
+import android.security.KeyChain;
+import android.security.KeyChain.KeyChainConnection;
 import android.security.KeyStore;
+import android.util.Log;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
@@ -120,21 +125,49 @@ public class UserCredentialsSettings extends InstrumentedFragment implements OnI
                    .setNegativeButton(R.string.trusted_credentials_remove_label,
                            new DialogInterface.OnClickListener() {
                                @Override public void onClick(DialogInterface dialog, int id) {
-                                    final KeyStore ks = KeyStore.getInstance();
-                                    Credentials.deleteAllTypesForAlias(ks, item.alias);
+                                    new RemoveCredentialsTask(getContext(), getTargetFragment())
+                                            .execute(item.alias);
                                    dialog.dismiss();
                                }
                            })
                    .create();
        }

-        @Override
-        public void onDismiss(DialogInterface dialog) {
-            final Fragment target = getTargetFragment();
-            if (target instanceof UserCredentialsSettings) {
-                ((UserCredentialsSettings) target).refreshItems();
+        private class RemoveCredentialsTask extends AsyncTask<String, Void, Void> {
+            private Context context;
+            private Fragment targetFragment;
+
+            public RemoveCredentialsTask(Context context, Fragment targetFragment) {
+                this.context = context;
+                this.targetFragment = targetFragment;
+            }
+
+            @Override
+            protected Void doInBackground(String... aliases) {
+                try {
+                    final KeyChainConnection conn = KeyChain.bind(getContext());
+                    try {
+                        IKeyChainService keyChain = conn.getService();
+                        for (String alias : aliases) {
+                            keyChain.removeKeyPair(alias);
+                        }
+                    } catch (RemoteException e) {
+                        Log.w(TAG, "Removing credentials", e);
+                    } finally {
+                        conn.close();
+                    }
+                } catch (InterruptedException e) {
+                    Log.w(TAG, "Connecting to keychain", e);
+                }
+                return null;
+            }
+
+            @Override
+            protected void onPostExecute(Void result) {
+                if (targetFragment instanceof UserCredentialsSettings) {
+                    ((UserCredentialsSettings) targetFragment).refreshItems();
+                }
            }
-            super.onDismiss(dialog);
        }
    }