PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,063 Commits 1 Branch 0 Tags
0e88f4dd19a80e9e4d759595439773fb3e1f0c50
Commit Graph

5 Commits

Author SHA1 Message Date
Brian Carlstrom
0e88f4dd19 Bulletproof CredentialStorage state handling 
As noted by the class javadoc, CredentialStorage has seen the number
of cases to cope with grow. This change tries to address those cases.

	src/com/android/settings/CredentialStorage.java

Added ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD to coordinate
additional producer and consumer.

    constant declaration here, since its used by callers of
    ChooseLockSettingsHelper.launchConfirmationActivity
	src/com/android/settings/ChooseLockSettingsHelper.java

    old producer
	src/com/android/settings/ConfirmLockPassword.java
    new producer (CredentialStorage wants passwords and patterns)
	src/com/android/settings/ConfirmLockPattern.java
    new consumer
	src/com/android/settings/CredentialStorage.java
    old consumer
	src/com/android/settings/CryptKeeperSettings.java

Made class final and removed protected from method to make it clear
ChooseLockSettingsHelper is not to be used by subclassing.

	src/com/android/settings/ChooseLockSettingsHelper.java

Change-Id: Ib2d65398fe44573168a6267a0376c3b0388b16c8
 2011-06-02 21:06:21 -07:00
Brian Carlstrom
d4023b7cca Integrating keystore with keyguard (Part 4 of 4) 
Summary:

frameworks/base
  keystore rewrite
  keyguard integration with keystore on keyguard entry or keyguard change
  KeyStore API simplification

packages/apps/Settings
  Removed com.android.credentials.SET_PASSWORD intent support
  Added keyguard requirement for keystore use

packages/apps/CertInstaller
  Tracking KeyStore API changes
  Fix for NPE in CertInstaller when certificate lacks basic constraints

packages/apps/KeyChain
  Tracking KeyStore API changes

Details:

frameworks/base

   Move keystore from C to C++ while rewriting password
   implementation. Removed global variables. Added many comments.

	cmds/keystore/Android.mk
	cmds/keystore/keystore.h
	cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
	cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp

   Changed saveLockPattern and saveLockPassword to notify the keystore
   on changes so that the keystore master key can be reencrypted when
   the keyguard changes.

	core/java/com/android/internal/widget/LockPatternUtils.java

   Changed unlock screens to pass values for keystore unlock or initialization

	policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
	policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java

   KeyStore API changes
   - renamed test() to state(), which now return a State enum
   - made APIs with byte[] key arguments private
   - added new KeyStore.isEmpty used to determine if a keyguard is required

	keystore/java/android/security/KeyStore.java

   In addition to tracking KeyStore API changes, added new testIsEmpty
   and improved some existing tests to validate expect values.

	keystore/tests/src/android/security/KeyStoreTest.java

packages/apps/Settings

    Removing com.android.credentials.SET_PASSWORD intent with the
    removal of the ability to set an explicit keystore password now
    that the keyguard value is used. Changed to ensure keyguard is
    enabled for keystore install or unlock. Cleaned up interwoven
    dialog handing into discrete dialog helper classes.

	AndroidManifest.xml
	src/com/android/settings/CredentialStorage.java

    Remove layout for entering new password

	res/layout/credentials_dialog.xml

    Remove enable credentials checkbox

	res/xml/security_settings_misc.xml
	src/com/android/settings/SecuritySettings.java

    Added ability to specify minimum quality key to ChooseLockGeneric
    Activity. Used by CredentialStorage, but could also be used by
    CryptKeeperSettings. Changed ChooseLockGeneric to understand
    minimum quality for keystore in addition to DPM and device
    encryption.

	src/com/android/settings/ChooseLockGeneric.java

    Changed to use getActivePasswordQuality from
    getKeyguardStoredPasswordQuality based on experience in
    CredentialStorage. Removed bogus class javadoc.

	src/com/android/settings/CryptKeeperSettings.java

    Tracking KeyStore API changes

	src/com/android/settings/vpn/VpnSettings.java
	src/com/android/settings/wifi/WifiSettings.java

   Removing now unused string resources

	res/values-af/strings.xml
	res/values-am/strings.xml
	res/values-ar/strings.xml
	res/values-bg/strings.xml
	res/values-ca/strings.xml
	res/values-cs/strings.xml
	res/values-da/strings.xml
	res/values-de/strings.xml
	res/values-el/strings.xml
	res/values-en-rGB/strings.xml
	res/values-es-rUS/strings.xml
	res/values-es/strings.xml
	res/values-fa/strings.xml
	res/values-fi/strings.xml
	res/values-fr/strings.xml
	res/values-hr/strings.xml
	res/values-hu/strings.xml
	res/values-in/strings.xml
	res/values-it/strings.xml
	res/values-iw/strings.xml
	res/values-ja/strings.xml
	res/values-ko/strings.xml
	res/values-lt/strings.xml
	res/values-lv/strings.xml
	res/values-ms/strings.xml
	res/values-nb/strings.xml
	res/values-nl/strings.xml
	res/values-pl/strings.xml
	res/values-pt-rPT/strings.xml
	res/values-pt/strings.xml
	res/values-rm/strings.xml
	res/values-ro/strings.xml
	res/values-ru/strings.xml
	res/values-sk/strings.xml
	res/values-sl/strings.xml
	res/values-sr/strings.xml
	res/values-sv/strings.xml
	res/values-sw/strings.xml
	res/values-th/strings.xml
	res/values-tl/strings.xml
	res/values-tr/strings.xml
	res/values-uk/strings.xml
	res/values-vi/strings.xml
	res/values-zh-rCN/strings.xml
	res/values-zh-rTW/strings.xml
	res/values-zu/strings.xml
	res/values/strings.xml

packages/apps/CertInstaller

  Tracking KeyStore API changes
	src/com/android/certinstaller/CertInstaller.java

  Fix for NPE in CertInstaller when certificate lacks basic constraints
	src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

  Tracking KeyStore API changes
	src/com/android/keychain/KeyChainActivity.java
	src/com/android/keychain/KeyChainService.java
	support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
	support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
	tests/src/com/android/keychain/tests/KeyChainServiceTest.java

Change-Id: I80533bf8986a92b0b99cd5fb1c4943e0f23fc1c8
 2011-06-01 10:47:42 -07:00
Brian Carlstrom
435e45e616 Move to KeyChain.bind 
Change-Id: Ic12e84bdc2e391c4a08a0f854d0e0f7315fc31a3
 2011-05-17 16:22:06 -07:00
Brian Carlstrom
9815429821 Make CertInstaller installed CA certs trusted by applications via default TrustManager (5 of 6) 
frameworks/base

        Adding IKeyChainService APIs for CertInstaller and Settings use
    	keystore/java/android/security/IKeyChainService.aidl

    libcore

        Improve exceptions to include more information
    	luni/src/main/java/javax/security/auth/x500/X500Principal.java

        Move guts of RootKeyStoreSpi to TrustedCertificateStore, leaving only KeyStoreSpi methods.
        Added support for adding user CAs in a separate directory for system.
        Added support for removing system CAs by placing a copy in a sytem directory
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/RootKeyStoreSpi.java
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStore.java

        Formerly static methods on RootKeyStoreSpi are now instance methods on TrustedCertificateStore
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java

        Added test for NativeCrypto.X509_NAME_hash_old and X509_NAME_hash
        to make sure the implementing algorithms doe not change since
        TrustedCertificateStore depend on X509_NAME_hash_old (OpenSSL
        changed the algorithm from MD5 to SHA1 when moving from 0.9.8 to
        1.0.0)

    	luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

        Extensive test of new TrustedCertificateStore behavior
    	luni/src/test/java/org/apache/harmony/xnet/provider/jsse/TrustedCertificateStoreTest.java

        TestKeyStore improvements
        - Refactored TestKeyStore to provide simpler createCA method (and
          internal createCertificate)
        - Cleaned up to remove use of BouncyCastle specific X509Principal
          in the TestKeyStore API when the public X500Principal would do.
        - Cleaned up TestKeyStore support methods to not throw Exception
          to remove need for static blocks for catch clauses in tests.

    	support/src/test/java/libcore/java/security/TestKeyStore.java
    	luni/src/test/java/libcore/java/security/KeyStoreTest.java
    	luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java

        Added private PKIXParameters contructor for use by
        IndexedPKIXParameters to avoid wart of having to lookup and pass
        a TrustAnchor to satisfy the super-class sanity check.

    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/IndexedPKIXParameters.java
    	luni/src/main/java/java/security/cert/PKIXParameters.java

    packages/apps/CertInstaller

        Change CertInstaller to call IKeyChainService.installCertificate
        for CA certs to pass them to the KeyChainServiceTest which will
        make them available to all apps through the
        TrustedCertificateStore. Change PKCS12 extraction to use AsyncTask.

    	src/com/android/certinstaller/CertInstaller.java

        Added installCaCertsToKeyChain and hasCaCerts accessor for use by
        CertInstaller. Use hasUserCertificate() internally. Cleanup coding
        style.

    	src/com/android/certinstaller/CredentialHelper.java

    packages/apps/KeyChain

        Added MANAGE_ACCOUNTS so that IKeyChainService.reset
        implementation can remove KeyChain accounts.

    	AndroidManifest.xml

        Implement new IKeyChainService methods:
        - Added IKeyChainService.installCaCertificate to install certs
          provided by CertInstaller using the TrustedCertificateStore.
        - Added IKeyChainService.reset to allow Settings to remove the
          KeyChain accounts so that any app granted access to keystore
          credentials are revoked when the keystore is reset.

    	src/com/android/keychain/KeyChainService.java

    packages/apps/Settings

        Changed com.android.credentials.RESET credential reset action to
        also call IKeyChainService.reset to remove any installed user CAs
        and remove KeyChain accounts to have AccountManager revoke
        credential granted to private keys removed during the RESET.

    	src/com/android/settings/CredentialStorage.java

        Added toast text value for failure case

    	res/values/strings.xml

    system/core

        Have init create world readable /data/misc/keychain to allow apps
        to access user added CA certificates installed by the CertInstaller.

    	rootdir/init.rc

Change-Id: Ie329aafe88f6ebe108d25382f587c933f3244e55
 2011-05-16 18:03:58 -07:00
Chia-chi Yeh
91d65a20af Extract credential storage dialogs to a new activity. 
Since now SecuritySettings is a fragment, not an activity, reacting
to intents is not easier anymore. The new activity is transparent,
and it works just like a dialog. This change also refactor'ed
SecuritySettings by moving some preference construction into
security_settings_misc.xml.

Bug: 3120992
Bug: 2117436
Change-Id: I8bd3fc7faa2a31d100b8d67310f9266260cfc31d
 2011-01-20 19:45:04 +08:00