New KeyChain API for credential installation
Bug: 3497064
Change-Id: Ie5c20e87a436b7ab66258d08b719ab8bb1f1d86d
diff --git a/api/current.txt b/api/current.txt
index f21a4f3..597daf7 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -17505,8 +17505,12 @@
public final class KeyChain {
ctor public KeyChain();
method public static void choosePrivateKeyAlias(android.app.Activity, android.security.KeyChainAliasCallback, java.lang.String[], java.security.Principal[], java.lang.String, int, java.lang.String);
+ method public static android.content.Intent createInstallIntent();
method public static java.security.cert.X509Certificate[] getCertificateChain(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
method public static java.security.PrivateKey getPrivateKey(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
+ field public static final java.lang.String EXTRA_CERTIFICATE = "CERT";
+ field public static final java.lang.String EXTRA_NAME = "name";
+ field public static final java.lang.String EXTRA_PKCS12 = "PKCS12";
}
public abstract interface KeyChainAliasCallback {
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index b567207..49ae583 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -77,6 +77,13 @@
* avoid prompting the user with {@link #choosePrivateKeyAlias
* choosePrivateKeyAlias} on subsequent connections. If the alias is
* no longer valid, null will be returned on lookups using that value
+ *
+ * <p>An application can request the installation of private keys and
+ * certificates via the {@code Intent} provided by {@link
+ * #createInstallIntent}. Private keys installed via this {@code
+ * Intent} will be accessible via {@link #choosePrivateKeyAlias} while
+ * Certificate Authority (CA) certificates will be trusted by all
+ * applications through the default {@code X509TrustManager}.
*/
// TODO reference intent for credential installation when public
public final class KeyChain {
@@ -131,8 +138,6 @@
/**
* Optional extra to specify a {@code String} credential name on
* the {@code Intent} returned by {@link #createInstallIntent}.
- *
- * @hide TODO make public
*/
// Compatible with old com.android.certinstaller.CredentialHelper.CERT_NAME_KEY
public static final String EXTRA_NAME = "name";
@@ -146,8 +151,6 @@
*
* <p>{@link #EXTRA_NAME} may be used to provide a default alias
* name for the installed certificate.
- *
- * @hide TODO make public
*/
// Compatible with old android.security.Credentials.CERTIFICATE
public static final String EXTRA_CERTIFICATE = "CERT";
@@ -157,7 +160,7 @@
* {@link #createInstallIntent} to specify a PKCS#12 key store to
* install. The extra value should be a {@code byte[]}. The bytes
* may come from an external source or be generated with {@link
- * KeyStore#store} on a "PKCS12" instance.
+ * java.security.KeyStore#store} on a "PKCS12" instance.
*
* <p>The user will be prompted for the password to load the key store.
*
@@ -167,8 +170,6 @@
*
* <p>{@link #EXTRA_NAME} may be used to provide a default alias
* name for the installed credentials.
- *
- * @hide TODO make public
*/
// Compatible with old android.security.Credentials.PKCS12
public static final String EXTRA_PKCS12 = "PKCS12";
@@ -182,15 +183,13 @@
* <p>Alternatively, {@link #EXTRA_CERTIFICATE} or {@link
* #EXTRA_PKCS12} maybe used to specify the bytes of an X.509
* certificate or a PKCS#12 key store for installation. These
- * extras may be combined with {@link EXTRA_NAME} to provide a
+ * extras may be combined with {@link #EXTRA_NAME} to provide a
* default alias name for credentials being installed.
*
* <p>When used with {@link Activity#startActivityForResult},
* {@link Activity#RESULT_OK} will be returned if a credential was
* successfully installed, otherwise {@link
* Activity#RESULT_CANCELED} will be returned.
- *
- * @hide TODO make public with createInstallIntent, EXTRA_NAME, EXTRA_CERTIFICATE, EXTRA_PKCS12
*/
public static Intent createInstallIntent() {
Intent intent = new Intent(ACTION_INSTALL);