Snap for 5636702 from f5eff66a3a40895b59b730c963c5933f766832c8 to qt-c2f2-release
Change-Id: I372d29526b54d610036414fce3a51900802d24dc
diff --git a/src/com/android/certinstaller/CertInstaller.java b/src/com/android/certinstaller/CertInstaller.java
index 31f5fd3..8b381cb 100644
--- a/src/com/android/certinstaller/CertInstaller.java
+++ b/src/com/android/certinstaller/CertInstaller.java
@@ -95,13 +95,18 @@
toastErrorAndFinish(R.string.no_cert_to_saved);
finish();
} else {
- if (mCredentials.hasCaCerts()) {
+ // Confirm credentials if there's _only_ a CA certificate
+ // NOTE: This will affect WiFi CA certificates - those should not require
+ // confirming the lock screen credentials but the code currently cannot skip the
+ // confirmation for WiFi CA certificates because the user designates the certificate
+ // to a UID only after this stage.
+ if (mCredentials.hasCaCerts() && !mCredentials.hasPrivateKey() &&
+ !mCredentials.hasUserCertificate()) {
KeyguardManager keyguardManager = getSystemService(KeyguardManager.class);
Intent intent = keyguardManager.createConfirmDeviceCredentialIntent(null, null);
if (intent == null) { // No screenlock
extractPkcs12OrInstall();
} else {
- // TODO(b/134057817): only do it when installing CA cert as a trust anchor.
startActivityForResult(intent, REQUEST_CONFIRM_CREDENTIALS);
}
} else {
