Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / packages / apps / Settings / 5663d5e3bb258195e3152301021079646ad190f6 / . / src / com / android / settings / UserCredentialsSettings.java
blob: b1f9fe74d6fb075b2a10572f98379bfb416706d5 [file] [log] [blame]
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.settings;
18
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]19import android.annotation.LayoutRes;
20import android.annotation.Nullable;
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]21import android.app.Dialog;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]22import android.content.Context;
23import android.content.DialogInterface;
24import android.os.AsyncTask;
25import android.os.Bundle;
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]26import android.os.Parcel;
27import android.os.Parcelable;
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]28import android.os.Process;
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]29import android.os.RemoteException;
Robin Leec421db72016-03-11 16:22:23 +0000[diff] [blame]30import android.os.UserHandle;
31import android.os.UserManager;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]32import android.security.Credentials;
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]33import android.security.IKeyChainService;
34import android.security.KeyChain;
35import android.security.KeyChain.KeyChainConnection;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]36import android.security.KeyStore;
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]37import android.security.keymaster.KeyCharacteristics;
38import android.security.keymaster.KeymasterDefs;
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]39import android.util.Log;
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]40import android.util.SparseArray;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]41import android.view.LayoutInflater;
42import android.view.View;
43import android.view.ViewGroup;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]44import android.widget.TextView;
45
Fan Zhang23f8d592018-08-28 15:11:40 -0700[diff] [blame]46import androidx.appcompat.app.AlertDialog;
47import androidx.fragment.app.DialogFragment;
48import androidx.fragment.app.Fragment;
49import androidx.recyclerview.widget.RecyclerView;
50
Tamas Berghammer265d3c22016-06-22 15:34:45 +0100[diff] [blame]51import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
Ricky Wai95792742016-05-24 19:28:53 +0100[diff] [blame]52import com.android.internal.widget.LockPatternUtils;
Fan Zhang1e516282016-09-16 12:45:07 -0700[diff] [blame]53import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
Robin Leec421db72016-03-11 16:22:23 +0000[diff] [blame]54import com.android.settingslib.RestrictedLockUtils;
55import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
Philip P. Moltmanne3f72112018-08-28 15:01:43 -0700[diff] [blame]56import com.android.settingslib.RestrictedLockUtilsInternal;
Fan Zhangc7162cd2018-06-18 15:21:41 -0700[diff] [blame]57
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]58import java.security.UnrecoverableKeyException;
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]59import java.util.ArrayList;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]60import java.util.EnumSet;
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]61import java.util.List;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]62import java.util.SortedMap;
63import java.util.TreeMap;
64
Robin Leeccaf9c92017-03-24 14:50:05 +0000[diff] [blame]65public class UserCredentialsSettings extends SettingsPreferenceFragment
66 implements View.OnClickListener {
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]67 private static final String TAG = "UserCredentialsSettings";
68
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]69 @Override
Fan Zhang65076132016-08-08 10:25:13 -0700[diff] [blame]70 public int getMetricsCategory() {
Robin Leeb70b3d82016-02-01 12:52:16 +0000[diff] [blame]71 return MetricsEvent.USER_CREDENTIALS;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]72 }
73
74 @Override
75 public void onResume() {
76 super.onResume();
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]77 refreshItems();
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]78 }
79
80 @Override
Robin Leeccaf9c92017-03-24 14:50:05 +0000[diff] [blame]81 public void onClick(final View view) {
82 final Credential item = (Credential) view.getTag();
83 if (item != null) {
84 CredentialDialogFragment.show(this, item);
85 }
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]86 }
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]87
Doris Ling03a3b512017-10-18 14:25:01 -0700[diff] [blame]88 @Override
Doris Linged4685f2017-10-25 14:08:57 -0700[diff] [blame]89 public void onCreate(@Nullable Bundle savedInstanceState) {
90 super.onCreate(savedInstanceState);
Doris Ling4a012832017-11-13 17:58:13 -0800[diff] [blame]91 getActivity().setTitle(R.string.user_credentials);
Doris Ling03a3b512017-10-18 14:25:01 -0700[diff] [blame]92 }
93
Robin Lee11fd5502016-05-16 15:42:34 +0100[diff] [blame]94 protected void announceRemoval(String alias) {
Robin Leeccaf9c92017-03-24 14:50:05 +0000[diff] [blame]95 if (!isAdded()) {
96 return;
Robin Lee11fd5502016-05-16 15:42:34 +0100[diff] [blame]97 }
Robin Leeccaf9c92017-03-24 14:50:05 +0000[diff] [blame]98 getListView().announceForAccessibility(getString(R.string.user_credential_removed, alias));
Robin Lee11fd5502016-05-16 15:42:34 +0100[diff] [blame]99 }
100
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]101 protected void refreshItems() {
102 if (isAdded()) {
103 new AliasLoader().execute();
104 }
105 }
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]106
Fan Zhang1e516282016-09-16 12:45:07 -0700[diff] [blame]107 public static class CredentialDialogFragment extends InstrumentedDialogFragment {
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]108 private static final String TAG = "CredentialDialogFragment";
109 private static final String ARG_CREDENTIAL = "credential";
110
111 public static void show(Fragment target, Credential item) {
112 final Bundle args = new Bundle();
113 args.putParcelable(ARG_CREDENTIAL, item);
114
Robin Leef8e2dbf2016-04-07 13:17:24 +0100[diff] [blame]115 if (target.getFragmentManager().findFragmentByTag(TAG) == null) {
116 final DialogFragment frag = new CredentialDialogFragment();
117 frag.setTargetFragment(target, /* requestCode */ -1);
118 frag.setArguments(args);
119 frag.show(target.getFragmentManager(), TAG);
120 }
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]121 }
122
123 @Override
124 public Dialog onCreateDialog(Bundle savedInstanceState) {
125 final Credential item = (Credential) getArguments().getParcelable(ARG_CREDENTIAL);
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]126
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]127 View root = getActivity().getLayoutInflater()
128 .inflate(R.layout.user_credential_dialog, null);
129 ViewGroup infoContainer = (ViewGroup) root.findViewById(R.id.credential_container);
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]130 View contentView = getCredentialView(item, R.layout.user_credential, null,
131 infoContainer, /* expanded */ true);
132 infoContainer.addView(contentView);
Robin Leec421db72016-03-11 16:22:23 +0000[diff] [blame]133
134 AlertDialog.Builder builder = new AlertDialog.Builder(getActivity())
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]135 .setView(root)
136 .setTitle(R.string.user_credential_title)
Robin Leec421db72016-03-11 16:22:23 +0000[diff] [blame]137 .setPositiveButton(R.string.done, null);
138
139 final String restriction = UserManager.DISALLOW_CONFIG_CREDENTIALS;
140 final int myUserId = UserHandle.myUserId();
Philip P. Moltmanne3f72112018-08-28 15:01:43 -0700[diff] [blame]141 if (!RestrictedLockUtilsInternal.hasBaseUserRestriction(getContext(), restriction,
142 myUserId)) {
Robin Leec421db72016-03-11 16:22:23 +0000[diff] [blame]143 DialogInterface.OnClickListener listener = new DialogInterface.OnClickListener() {
144 @Override public void onClick(DialogInterface dialog, int id) {
Philip P. Moltmanne3f72112018-08-28 15:01:43 -0700[diff] [blame]145 final EnforcedAdmin admin = RestrictedLockUtilsInternal
146 .checkIfRestrictionEnforced(getContext(), restriction, myUserId);
Robin Leec421db72016-03-11 16:22:23 +0000[diff] [blame]147 if (admin != null) {
148 RestrictedLockUtils.sendShowAdminSupportDetailsIntent(getContext(),
149 admin);
150 } else {
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]151 new RemoveCredentialsTask(getContext(), getTargetFragment())
152 .execute(item);
Robin Leec421db72016-03-11 16:22:23 +0000[diff] [blame]153 }
154 dialog.dismiss();
155 }
156 };
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]157 if (item.isSystem()) {
158 // TODO: a safe means of clearing wifi certificates. Configs refer to aliases
159 // directly so deleting certs will break dependent access points.
160 builder.setNegativeButton(R.string.trusted_credentials_remove_label, listener);
161 }
Robin Leec421db72016-03-11 16:22:23 +0000[diff] [blame]162 }
163 return builder.create();
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]164 }
165
Fan Zhang1e516282016-09-16 12:45:07 -0700[diff] [blame]166 @Override
167 public int getMetricsCategory() {
168 return MetricsEvent.DIALOG_USER_CREDENTIAL;
169 }
170
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]171 /**
172 * Deletes all certificates and keys under a given alias.
173 *
174 * If the {@link Credential} is for a system alias, all active grants to the alias will be
175 * removed using {@link KeyChain}.
176 */
177 private class RemoveCredentialsTask extends AsyncTask<Credential, Void, Credential[]> {
178 private Context context;
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]179 private Fragment targetFragment;
180
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]181 public RemoveCredentialsTask(Context context, Fragment targetFragment) {
182 this.context = context;
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]183 this.targetFragment = targetFragment;
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]184 }
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]185
186 @Override
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]187 protected Credential[] doInBackground(Credential... credentials) {
188 for (final Credential credential : credentials) {
189 if (credential.isSystem()) {
190 removeGrantsAndDelete(credential);
191 continue;
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]192 }
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]193 throw new UnsupportedOperationException(
194 "Not implemented for wifi certificates. This should not be reachable.");
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]195 }
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]196 return credentials;
197 }
198
199 private void removeGrantsAndDelete(final Credential credential) {
200 final KeyChainConnection conn;
201 try {
202 conn = KeyChain.bind(getContext());
203 } catch (InterruptedException e) {
204 Log.w(TAG, "Connecting to KeyChain", e);
205 return;
206 }
207
208 try {
209 IKeyChainService keyChain = conn.getService();
210 keyChain.removeKeyPair(credential.alias);
211 } catch (RemoteException e) {
212 Log.w(TAG, "Removing credentials", e);
213 } finally {
214 conn.close();
215 }
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]216 }
217
218 @Override
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]219 protected void onPostExecute(Credential... credentials) {
Robin Lee11fd5502016-05-16 15:42:34 +0100[diff] [blame]220 if (targetFragment instanceof UserCredentialsSettings && targetFragment.isAdded()) {
221 final UserCredentialsSettings target = (UserCredentialsSettings) targetFragment;
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]222 for (final Credential credential : credentials) {
223 target.announceRemoval(credential.alias);
Robin Lee11fd5502016-05-16 15:42:34 +0100[diff] [blame]224 }
225 target.refreshItems();
Robin Leeda7bc512016-02-24 17:39:32 +0000[diff] [blame]226 }
227 }
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]228 }
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]229 }
230
231 /**
232 * Opens a background connection to KeyStore to list user credentials.
233 * The credentials are stored in a {@link CredentialAdapter} attached to the main
234 * {@link ListView} in the fragment.
235 */
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]236 private class AliasLoader extends AsyncTask<Void, Void, List<Credential>> {
237 /**
238 * @return a list of credentials ordered:
239 * <ol>
240 * <li>first by purpose;</li>
241 * <li>then by alias.</li>
242 * </ol>
243 */
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]244 @Override
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]245 protected List<Credential> doInBackground(Void... params) {
246 final KeyStore keyStore = KeyStore.getInstance();
247
248 // Certificates can be installed into SYSTEM_UID or WIFI_UID through CertInstaller.
249 final int myUserId = UserHandle.myUserId();
250 final int systemUid = UserHandle.getUid(myUserId, Process.SYSTEM_UID);
251 final int wifiUid = UserHandle.getUid(myUserId, Process.WIFI_UID);
252
253 List<Credential> credentials = new ArrayList<>();
254 credentials.addAll(getCredentialsForUid(keyStore, systemUid).values());
255 credentials.addAll(getCredentialsForUid(keyStore, wifiUid).values());
256 return credentials;
257 }
258
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]259 private boolean isAsymmetric(KeyStore keyStore, String alias, int uid)
260 throws UnrecoverableKeyException {
261 KeyCharacteristics keyCharacteristics = new KeyCharacteristics();
262 int errorCode = keyStore.getKeyCharacteristics(alias, null, null, uid,
263 keyCharacteristics);
264 if (errorCode != KeyStore.NO_ERROR) {
265 throw (UnrecoverableKeyException)
266 new UnrecoverableKeyException("Failed to obtain information about key")
267 .initCause(KeyStore.getKeyStoreException(errorCode));
268 }
269 Integer keymasterAlgorithm = keyCharacteristics.getEnum(
270 KeymasterDefs.KM_TAG_ALGORITHM);
271 if (keymasterAlgorithm == null) {
272 throw new UnrecoverableKeyException("Key algorithm unknown");
273 }
274 return keymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_RSA ||
275 keymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_EC;
276 }
277
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]278 private SortedMap<String, Credential> getCredentialsForUid(KeyStore keyStore, int uid) {
279 final SortedMap<String, Credential> aliasMap = new TreeMap<>();
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]280 for (final Credential.Type type : Credential.Type.values()) {
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]281 for (final String prefix : type.prefix) {
282 for (final String alias : keyStore.list(prefix, uid)) {
283 if (UserHandle.getAppId(uid) == Process.SYSTEM_UID) {
284 // Do not show work profile keys in user credentials
285 if (alias.startsWith(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT) ||
286 alias.startsWith(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT)) {
287 continue;
288 }
289 // Do not show synthetic password keys in user credential
290 if (alias.startsWith(LockPatternUtils.SYNTHETIC_PASSWORD_KEY_PREFIX)) {
291 continue;
292 }
293 }
294 try {
295 if (type == Credential.Type.USER_KEY &&
296 !isAsymmetric(keyStore, prefix + alias, uid)) {
297 continue;
298 }
299 } catch (UnrecoverableKeyException e) {
300 Log.e(TAG, "Unable to determine algorithm of key: " + prefix + alias, e);
Rubin Xu52221d82017-02-09 11:09:11 +0000[diff] [blame]301 continue;
302 }
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]303 Credential c = aliasMap.get(alias);
304 if (c == null) {
305 c = new Credential(alias, uid);
306 aliasMap.put(alias, c);
Rubin Xu52221d82017-02-09 11:09:11 +0000[diff] [blame]307 }
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]308 c.storedTypes.add(type);
Ricky Wai95792742016-05-24 19:28:53 +0100[diff] [blame]309 }
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]310 }
311 }
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]312 return aliasMap;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]313 }
314
315 @Override
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]316 protected void onPostExecute(List<Credential> credentials) {
Robin Leeccaf9c92017-03-24 14:50:05 +0000[diff] [blame]317 if (!isAdded()) {
318 return;
319 }
320
321 if (credentials == null || credentials.size() == 0) {
322 // Create a "no credentials installed" message for the empty case.
323 TextView emptyTextView = (TextView) getActivity().findViewById(android.R.id.empty);
324 emptyTextView.setText(R.string.user_credential_none_installed);
325 setEmptyView(emptyTextView);
326 } else {
327 setEmptyView(null);
328 }
329
330 getListView().setAdapter(
331 new CredentialAdapter(credentials, UserCredentialsSettings.this));
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]332 }
333 }
334
335 /**
336 * Helper class to display {@link Credential}s in a list.
337 */
Robin Leeccaf9c92017-03-24 14:50:05 +0000[diff] [blame]338 private static class CredentialAdapter extends RecyclerView.Adapter<ViewHolder> {
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]339 private static final int LAYOUT_RESOURCE = R.layout.user_credential_preference;
340
Robin Leeccaf9c92017-03-24 14:50:05 +0000[diff] [blame]341 private final List<Credential> mItems;
342 private final View.OnClickListener mListener;
343
344 public CredentialAdapter(List<Credential> items, @Nullable View.OnClickListener listener) {
345 mItems = items;
346 mListener = listener;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]347 }
348
349 @Override
Robin Leeccaf9c92017-03-24 14:50:05 +0000[diff] [blame]350 public ViewHolder onCreateViewHolder(ViewGroup parent, int viewType) {
351 final LayoutInflater inflater = LayoutInflater.from(parent.getContext());
352 return new ViewHolder(inflater.inflate(LAYOUT_RESOURCE, parent, false));
353 }
354
355 @Override
356 public void onBindViewHolder(ViewHolder h, int position) {
357 getCredentialView(mItems.get(position), LAYOUT_RESOURCE, h.itemView, null, false);
358 h.itemView.setTag(mItems.get(position));
359 h.itemView.setOnClickListener(mListener);
360 }
361
362 @Override
363 public int getItemCount() {
364 return mItems.size();
365 }
366 }
367
368 private static class ViewHolder extends RecyclerView.ViewHolder {
369 public ViewHolder(View item) {
370 super(item);
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]371 }
372 }
373
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]374 /**
375 * Mapping from View IDs in {@link R} to the types of credentials they describe.
376 */
377 private static final SparseArray<Credential.Type> credentialViewTypes = new SparseArray<>();
378 static {
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]379 credentialViewTypes.put(R.id.contents_userkey, Credential.Type.USER_KEY);
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]380 credentialViewTypes.put(R.id.contents_usercrt, Credential.Type.USER_CERTIFICATE);
381 credentialViewTypes.put(R.id.contents_cacrt, Credential.Type.CA_CERTIFICATE);
382 }
383
384 protected static View getCredentialView(Credential item, @LayoutRes int layoutResource,
385 @Nullable View view, ViewGroup parent, boolean expanded) {
386 if (view == null) {
387 view = LayoutInflater.from(parent.getContext()).inflate(layoutResource, parent, false);
388 }
389
390 ((TextView) view.findViewById(R.id.alias)).setText(item.alias);
391 ((TextView) view.findViewById(R.id.purpose)).setText(item.isSystem()
392 ? R.string.credential_for_vpn_and_apps
393 : R.string.credential_for_wifi);
394
395 view.findViewById(R.id.contents).setVisibility(expanded ? View.VISIBLE : View.GONE);
396 if (expanded) {
397 for (int i = 0; i < credentialViewTypes.size(); i++) {
398 final View detail = view.findViewById(credentialViewTypes.keyAt(i));
399 detail.setVisibility(item.storedTypes.contains(credentialViewTypes.valueAt(i))
400 ? View.VISIBLE : View.GONE);
401 }
402 }
403 return view;
404 }
405
406 static class AliasEntry {
407 public String alias;
408 public int uid;
409 }
410
Robin Leee2680422016-01-25 12:24:27 +0000[diff] [blame]411 static class Credential implements Parcelable {
412 static enum Type {
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]413 CA_CERTIFICATE (Credentials.CA_CERTIFICATE),
414 USER_CERTIFICATE (Credentials.USER_CERTIFICATE),
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]415 USER_KEY(Credentials.USER_PRIVATE_KEY, Credentials.USER_SECRET_KEY);
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]416
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]417 final String[] prefix;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]418
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]419 Type(String... prefix) {
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]420 this.prefix = prefix;
421 }
422 }
423
424 /**
425 * Main part of the credential's alias. To fetch an item from KeyStore, prepend one of the
426 * prefixes from {@link CredentialItem.storedTypes}.
427 */
428 final String alias;
429
430 /**
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]431 * UID under which this credential is stored. Typically {@link Process#SYSTEM_UID} but can
432 * also be {@link Process#WIFI_UID} for credentials installed as wifi certificates.
433 */
434 final int uid;
435
436 /**
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]437 * Should contain some non-empty subset of:
438 * <ul>
439 * <li>{@link Credentials.CA_CERTIFICATE}</li>
440 * <li>{@link Credentials.USER_CERTIFICATE}</li>
Janis Danisevskisb705e1a2017-04-19 16:23:02 -0700[diff] [blame]441 * <li>{@link Credentials.USER_KEY}</li>
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]442 * </ul>
443 */
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]444 final EnumSet<Type> storedTypes = EnumSet.noneOf(Type.class);
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]445
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]446 Credential(final String alias, final int uid) {
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]447 this.alias = alias;
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]448 this.uid = uid;
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]449 }
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]450
451 Credential(Parcel in) {
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]452 this(in.readString(), in.readInt());
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]453
454 long typeBits = in.readLong();
455 for (Type i : Type.values()) {
456 if ((typeBits & (1L << i.ordinal())) != 0L) {
457 storedTypes.add(i);
458 }
459 }
460 }
461
462 public void writeToParcel(Parcel out, int flags) {
463 out.writeString(alias);
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]464 out.writeInt(uid);
Robin Lee04046a12016-01-19 11:42:57 +0000[diff] [blame]465
466 long typeBits = 0;
467 for (Type i : storedTypes) {
468 typeBits |= 1L << i.ordinal();
469 }
470 out.writeLong(typeBits);
471 }
472
473 public int describeContents() {
474 return 0;
475 }
476
477 public static final Parcelable.Creator<Credential> CREATOR
478 = new Parcelable.Creator<Credential>() {
479 public Credential createFromParcel(Parcel in) {
480 return new Credential(in);
481 }
482
483 public Credential[] newArray(int size) {
484 return new Credential[size];
485 }
486 };
Robin Leee68d9572016-07-19 16:10:39 +0100[diff] [blame]487
488 public boolean isSystem() {
489 return UserHandle.getAppId(uid) == Process.SYSTEM_UID;
490 }
Robin Leebaefdcf2015-08-26 10:57:44 +0100[diff] [blame]491 }
492}