commit ecf0f22e5831832afb48c86abfaa81234c8db619
author Eran Messeri <eranm@google.com> Mon Dec 11 12:32:13 2017 +0000
committer Eran Messeri <eranm@google.com> Mon Dec 18 13:26:01 2017 +0000
tree 06616aa20a0ffe77805d314c2b24bae9a3866534
parent 171fec8c356ffa8cd4837092fce3b5cd5e2712fe

DPM: Implement installing certificates for generated keys

Add a new method in the DevicePolicyManager to associate certificates (and
set the user-visibility) with a given key alias.
Conceptually, the new method, setKeyPairCertificate is very similar to
installKeyPair, except it does not install a key, only certificates.

(The new setKeyPairCertificate, together with generateKeyPair is
functionally equivalent to installKeyPair, except the keys are generated
in hardware rather than supplied externally).

Bug: 63388672
Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG
Change-Id: Idbfe151f6e5311766decbc1a010bff78dc60249f

keystore/java/android/security/IKeyChainService.aidl

diff --git a/keystore/java/android/security/IKeyChainService.aidl b/keystore/java/android/security/IKeyChainService.aidl
index eca52cc..7c7417d 100644
--- a/keystore/java/android/security/IKeyChainService.aidl
+++ b/keystore/java/android/security/IKeyChainService.aidl
@@ -35,6 +35,7 @@
 
     boolean generateKeyPair(in String algorithm, in ParcelableKeyGenParameterSpec spec);
     boolean attestKey(in String alias, in byte[] challenge, out KeymasterCertificateChain chain);
+    boolean setKeyPairCertificate(String alias, in byte[] userCert, in byte[] certChain);
 
     // APIs used by CertInstaller and DevicePolicyManager
     String installCaCertificate(in byte[] caCertificate);