Unify manual and programmatic key installation flows
This is part of the work to unify the manual certificate
installation flow (via "Install from storage" in the Settings
app) with the programmatic one (using
DevicePolicyManager.installKeyPair).
The CertInstaller is changed as follows:
* Installation of CA certificates no longer invokes the Keystore
installation flow. Previously, CA certificates installed manually
ended up with an entry created in Keystore, which was completely
pointless (and confusing).
Instead, it happens after the "name credentials" dialog, once the user
has assigned a name for the credential, and is mutually exclusive of
installation of user key.
* Rather than passing the individual Keystore names for the user key,
user certificate and associated certificate chain, only the
user-assigned name is passed as an extra to the installation intent.
To do at a future date: Break down the dialog for CA certificate
installation from that of a user credentials naming.
First, there's no need to "name" a CA certificate.
Second, a different, and scary, warning should be shown for that case.
Test: Manual CtsVerifier tests: KeyChain Storage Test, CA Cert Notification Test
Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Bug: 138375478
Change-Id: I2ae5bf2ac3b21a0c4c44ad290e3f65c88cb5213c
2 files changed
