src/com/android/settings/UserCredentialsSettings.java - platform/packages/apps/Settings - Git at Google

 /*
  * Copyright (C) 2015 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.settings;

 import android.app.AlertDialog;
 import android.app.Dialog;
 import android.app.DialogFragment;
 import android.app.Fragment;
 import android.content.Context;
 import android.content.DialogInterface;
 import android.os.AsyncTask;
 import android.os.Bundle;
 import android.os.Parcel;
 import android.os.Parcelable;
 import android.os.RemoteException;
 import android.os.UserHandle;
 import android.os.UserManager;
 import android.security.Credentials;
 import android.security.IKeyChainService;
 import android.security.KeyChain;
 import android.security.KeyChain.KeyChainConnection;
 import android.security.KeyStore;
 import android.util.Log;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
 import android.widget.AdapterView;
 import android.widget.AdapterView.OnItemClickListener;
 import android.widget.ArrayAdapter;
 import android.widget.ListView;
 import android.widget.TextView;

 import com.android.internal.logging.MetricsProto.MetricsEvent;
 import com.android.internal.widget.LockPatternUtils;
 import com.android.settingslib.RestrictedLockUtils;
 import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;

 import java.util.EnumSet;
 import java.util.SortedMap;
 import java.util.TreeMap;

 import static android.view.View.GONE;
 import static android.view.View.VISIBLE;

 public class UserCredentialsSettings extends OptionsMenuFragment implements OnItemClickListener {
     private static final String TAG = "UserCredentialsSettings";

     private View mRootView;
     private ListView mListView;

     @Override
     protected int getMetricsCategory() {
         return MetricsEvent.USER_CREDENTIALS;
     }

     @Override
     public void onResume() {
         super.onResume();
         refreshItems();
     }

     @Override
     public View onCreateView(
             LayoutInflater inflater, ViewGroup parent, Bundle savedInstanceState) {
         mRootView = inflater.inflate(R.layout.user_credentials, parent, false);

         // Set up an OnItemClickListener for the credential list.
         mListView = (ListView) mRootView.findViewById(R.id.credential_list);
         mListView.setOnItemClickListener(this);

         return mRootView;
     }

     @Override
     public void onItemClick(AdapterView<?> parent, View view, int position, long id) {
         final Credential item = (Credential) parent.getItemAtPosition(position);
         CredentialDialogFragment.show(this, item);
     }

     protected void refreshItems() {
         if (isAdded()) {
             new AliasLoader().execute();
         }
     }

     public static class CredentialDialogFragment extends DialogFragment {
         private static final String TAG = "CredentialDialogFragment";
         private static final String ARG_CREDENTIAL = "credential";

         public static void show(Fragment target, Credential item) {
             final Bundle args = new Bundle();
             args.putParcelable(ARG_CREDENTIAL, item);

             if (target.getFragmentManager().findFragmentByTag(TAG) == null) {
                 final DialogFragment frag = new CredentialDialogFragment();
                 frag.setTargetFragment(target, /* requestCode */ -1);
                 frag.setArguments(args);
                 frag.show(target.getFragmentManager(), TAG);
             }
         }

         @Override
         public Dialog onCreateDialog(Bundle savedInstanceState) {
             final Credential item = (Credential) getArguments().getParcelable(ARG_CREDENTIAL);
             View root = getActivity().getLayoutInflater()
                     .inflate(R.layout.user_credential_dialog, null);
             ViewGroup infoContainer = (ViewGroup) root.findViewById(R.id.credential_container);
             View view = new CredentialAdapter(getActivity(), R.layout.user_credential,
                     new Credential[] {item}).getView(0, null, null);
             infoContainer.addView(view);

             UserManager userManager
                     = (UserManager) getContext().getSystemService(Context.USER_SERVICE);

             AlertDialog.Builder builder = new AlertDialog.Builder(getActivity())
                     .setView(root)
                     .setTitle(R.string.user_credential_title)
                     .setPositiveButton(R.string.done, null);

             final String restriction = UserManager.DISALLOW_CONFIG_CREDENTIALS;
             final int myUserId = UserHandle.myUserId();
             if (!RestrictedLockUtils.hasBaseUserRestriction(getContext(), restriction, myUserId)) {
                 DialogInterface.OnClickListener listener = new DialogInterface.OnClickListener() {
                     @Override public void onClick(DialogInterface dialog, int id) {
                         final EnforcedAdmin admin = RestrictedLockUtils.checkIfRestrictionEnforced(
                                 getContext(), restriction, myUserId);
                         if (admin != null) {
                             RestrictedLockUtils.sendShowAdminSupportDetailsIntent(getContext(),
                                     admin);
                         } else {
                             new RemoveCredentialsTask(getContext(), getTargetFragment())
                                     .execute(item.alias);
                         }
                         dialog.dismiss();
                     }
                 };
                 builder.setNegativeButton(R.string.trusted_credentials_remove_label, listener);
             }
             return builder.create();
         }

         private class RemoveCredentialsTask extends AsyncTask<String, Void, Void> {
             private Context context;
             private Fragment targetFragment;

             public RemoveCredentialsTask(Context context, Fragment targetFragment) {
                 this.context = context;
                 this.targetFragment = targetFragment;
             }

             @Override
             protected Void doInBackground(String... aliases) {
                 try {
                     final KeyChainConnection conn = KeyChain.bind(getContext());
                     try {
                         IKeyChainService keyChain = conn.getService();
                         for (String alias : aliases) {
                             keyChain.removeKeyPair(alias);
                         }
                     } catch (RemoteException e) {
                         Log.w(TAG, "Removing credentials", e);
                     } finally {
                         conn.close();
                     }
                 } catch (InterruptedException e) {
                     Log.w(TAG, "Connecting to keychain", e);
                 }
                 return null;
             }

             @Override
             protected void onPostExecute(Void result) {
                 if (targetFragment instanceof UserCredentialsSettings) {
                     ((UserCredentialsSettings) targetFragment).refreshItems();
                 }
             }
         }
     }

     /**
      * Opens a background connection to KeyStore to list user credentials.
      * The credentials are stored in a {@link CredentialAdapter} attached to the main
      * {@link ListView} in the fragment.
      */
     private class AliasLoader extends AsyncTask<Void, Void, SortedMap<String, Credential>> {
         @Override
         protected SortedMap<String, Credential> doInBackground(Void... params) {
             // Create a list of names for credential sets, ordered by name.
             SortedMap<String, Credential> credentials = new TreeMap<>();
             KeyStore keyStore = KeyStore.getInstance();
             for (final Credential.Type type : Credential.Type.values()) {
                 for (final String alias : keyStore.list(type.prefix)) {
                     // Do not show work profile keys in user credentials
                     if (alias.startsWith(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT) ||
                             alias.startsWith(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT)) {
                         continue;
                     }
                     Credential c = credentials.get(alias);
                     if (c == null) {
                         credentials.put(alias, (c = new Credential(alias)));
                     }
                     c.storedTypes.add(type);
                 }
             }
             return credentials;
         }

         @Override
         protected void onPostExecute(SortedMap<String, Credential> credentials) {
             // Convert the results to an array and present them using an ArrayAdapter.
             mListView.setAdapter(new CredentialAdapter(getContext(), R.layout.user_credential,
                     credentials.values().toArray(new Credential[0])));
         }
     }

     /**
      * Helper class to display {@link Credential}s in a list.
      */
     private static class CredentialAdapter extends ArrayAdapter<Credential> {
         public CredentialAdapter(Context context, int resource,  Credential[] objects) {
             super(context, resource, objects);
         }

         @Override
         public View getView(int position, View view, ViewGroup parent) {
             if (view == null) {
                 view = LayoutInflater.from(getContext())
                         .inflate(R.layout.user_credential, parent, false);
             }
             Credential item = getItem(position);
             ((TextView) view.findViewById(R.id.alias)).setText(item.alias);
             view.findViewById(R.id.contents_userkey).setVisibility(
                     item.storedTypes.contains(Credential.Type.USER_PRIVATE_KEY) ? VISIBLE : GONE);
             view.findViewById(R.id.contents_usercrt).setVisibility(
                     item.storedTypes.contains(Credential.Type.USER_CERTIFICATE) ? VISIBLE : GONE);
             view.findViewById(R.id.contents_cacrt).setVisibility(
                     item.storedTypes.contains(Credential.Type.CA_CERTIFICATE) ? VISIBLE : GONE);
             return view;
         }
     }

     static class Credential implements Parcelable {
         static enum Type {
             CA_CERTIFICATE (Credentials.CA_CERTIFICATE),
             USER_CERTIFICATE (Credentials.USER_CERTIFICATE),
             USER_PRIVATE_KEY (Credentials.USER_PRIVATE_KEY),
             USER_SECRET_KEY (Credentials.USER_SECRET_KEY);

             final String prefix;

             Type(String prefix) {
                 this.prefix = prefix;
             }
         }

         /**
          * Main part of the credential's alias. To fetch an item from KeyStore, prepend one of the
          * prefixes from {@link CredentialItem.storedTypes}.
          */
         final String alias;

         /**
          * Should contain some non-empty subset of:
          * <ul>
          *   <li>{@link Credentials.CA_CERTIFICATE}</li>
          *   <li>{@link Credentials.USER_CERTIFICATE}</li>
          *   <li>{@link Credentials.USER_PRIVATE_KEY}</li>
          *   <li>{@link Credentials.USER_SECRET_KEY}</li>
          * </ul>
          */
         final EnumSet<Type> storedTypes = EnumSet.noneOf(Type.class);

         Credential(final String alias) {
             this.alias = alias;
         }

         Credential(Parcel in) {
             this(in.readString());

             long typeBits = in.readLong();
             for (Type i : Type.values()) {
                 if ((typeBits & (1L << i.ordinal())) != 0L) {
                     storedTypes.add(i);
                 }
             }
         }

         public void writeToParcel(Parcel out, int flags) {
             out.writeString(alias);

             long typeBits = 0;
             for (Type i : storedTypes) {
                 typeBits |= 1L << i.ordinal();
             }
             out.writeLong(typeBits);
         }

         public int describeContents() {
             return 0;
         }

         public static final Parcelable.Creator<Credential> CREATOR
                 = new Parcelable.Creator<Credential>() {
             public Credential createFromParcel(Parcel in) {
                 return new Credential(in);
             }

             public Credential[] newArray(int size) {
                 return new Credential[size];
             }
         };
     }
 }
	/*
	* Copyright (C) 2015 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.settings;

	import android.app.AlertDialog;
	import android.app.Dialog;
	import android.app.DialogFragment;
	import android.app.Fragment;
	import android.content.Context;
	import android.content.DialogInterface;
	import android.os.AsyncTask;
	import android.os.Bundle;
	import android.os.Parcel;
	import android.os.Parcelable;
	import android.os.RemoteException;
	import android.os.UserHandle;
	import android.os.UserManager;
	import android.security.Credentials;
	import android.security.IKeyChainService;
	import android.security.KeyChain;
	import android.security.KeyChain.KeyChainConnection;
	import android.security.KeyStore;
	import android.util.Log;
	import android.view.LayoutInflater;
	import android.view.View;
	import android.view.ViewGroup;
	import android.widget.AdapterView;
	import android.widget.AdapterView.OnItemClickListener;
	import android.widget.ArrayAdapter;
	import android.widget.ListView;
	import android.widget.TextView;

	import com.android.internal.logging.MetricsProto.MetricsEvent;
	import com.android.internal.widget.LockPatternUtils;
	import com.android.settingslib.RestrictedLockUtils;
	import com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;

	import java.util.EnumSet;
	import java.util.SortedMap;
	import java.util.TreeMap;

	import static android.view.View.GONE;
	import static android.view.View.VISIBLE;

	public class UserCredentialsSettings extends OptionsMenuFragment implements OnItemClickListener {
	private static final String TAG = "UserCredentialsSettings";

	private View mRootView;
	private ListView mListView;

	@Override
	protected int getMetricsCategory() {
	return MetricsEvent.USER_CREDENTIALS;
	}

	@Override
	public void onResume() {
	super.onResume();
	refreshItems();
	}

	@Override
	public View onCreateView(
	LayoutInflater inflater, ViewGroup parent, Bundle savedInstanceState) {
	mRootView = inflater.inflate(R.layout.user_credentials, parent, false);

	// Set up an OnItemClickListener for the credential list.
	mListView = (ListView) mRootView.findViewById(R.id.credential_list);
	mListView.setOnItemClickListener(this);

	return mRootView;
	}

	@Override
	public void onItemClick(AdapterView<?> parent, View view, int position, long id) {
	final Credential item = (Credential) parent.getItemAtPosition(position);
	CredentialDialogFragment.show(this, item);
	}

	protected void refreshItems() {
	if (isAdded()) {
	new AliasLoader().execute();
	}
	}

	public static class CredentialDialogFragment extends DialogFragment {
	private static final String TAG = "CredentialDialogFragment";
	private static final String ARG_CREDENTIAL = "credential";

	public static void show(Fragment target, Credential item) {
	final Bundle args = new Bundle();
	args.putParcelable(ARG_CREDENTIAL, item);

	if (target.getFragmentManager().findFragmentByTag(TAG) == null) {
	final DialogFragment frag = new CredentialDialogFragment();
	frag.setTargetFragment(target, /* requestCode */ -1);
	frag.setArguments(args);
	frag.show(target.getFragmentManager(), TAG);
	}
	}

	@Override
	public Dialog onCreateDialog(Bundle savedInstanceState) {
	final Credential item = (Credential) getArguments().getParcelable(ARG_CREDENTIAL);
	View root = getActivity().getLayoutInflater()
	.inflate(R.layout.user_credential_dialog, null);
	ViewGroup infoContainer = (ViewGroup) root.findViewById(R.id.credential_container);
	View view = new CredentialAdapter(getActivity(), R.layout.user_credential,
	new Credential[] {item}).getView(0, null, null);
	infoContainer.addView(view);

	UserManager userManager
	= (UserManager) getContext().getSystemService(Context.USER_SERVICE);

	AlertDialog.Builder builder = new AlertDialog.Builder(getActivity())
	.setView(root)
	.setTitle(R.string.user_credential_title)
	.setPositiveButton(R.string.done, null);

	final String restriction = UserManager.DISALLOW_CONFIG_CREDENTIALS;
	final int myUserId = UserHandle.myUserId();
	if (!RestrictedLockUtils.hasBaseUserRestriction(getContext(), restriction, myUserId)) {
	DialogInterface.OnClickListener listener = new DialogInterface.OnClickListener() {
	@Override public void onClick(DialogInterface dialog, int id) {
	final EnforcedAdmin admin = RestrictedLockUtils.checkIfRestrictionEnforced(
	getContext(), restriction, myUserId);
	if (admin != null) {
	RestrictedLockUtils.sendShowAdminSupportDetailsIntent(getContext(),
	admin);
	} else {
	new RemoveCredentialsTask(getContext(), getTargetFragment())
	.execute(item.alias);
	}
	dialog.dismiss();
	}
	};
	builder.setNegativeButton(R.string.trusted_credentials_remove_label, listener);
	}
	return builder.create();
	}

	private class RemoveCredentialsTask extends AsyncTask<String, Void, Void> {
	private Context context;
	private Fragment targetFragment;

	public RemoveCredentialsTask(Context context, Fragment targetFragment) {
	this.context = context;
	this.targetFragment = targetFragment;
	}

	@Override
	protected Void doInBackground(String... aliases) {
	try {
	final KeyChainConnection conn = KeyChain.bind(getContext());
	try {
	IKeyChainService keyChain = conn.getService();
	for (String alias : aliases) {
	keyChain.removeKeyPair(alias);
	}
	} catch (RemoteException e) {
	Log.w(TAG, "Removing credentials", e);
	} finally {
	conn.close();
	}
	} catch (InterruptedException e) {
	Log.w(TAG, "Connecting to keychain", e);
	}
	return null;
	}

	@Override
	protected void onPostExecute(Void result) {
	if (targetFragment instanceof UserCredentialsSettings) {
	((UserCredentialsSettings) targetFragment).refreshItems();
	}
	}
	}
	}

	/**
	* Opens a background connection to KeyStore to list user credentials.
	* The credentials are stored in a {@link CredentialAdapter} attached to the main
	* {@link ListView} in the fragment.
	*/
	private class AliasLoader extends AsyncTask<Void, Void, SortedMap<String, Credential>> {
	@Override
	protected SortedMap<String, Credential> doInBackground(Void... params) {
	// Create a list of names for credential sets, ordered by name.
	SortedMap<String, Credential> credentials = new TreeMap<>();
	KeyStore keyStore = KeyStore.getInstance();
	for (final Credential.Type type : Credential.Type.values()) {
	for (final String alias : keyStore.list(type.prefix)) {
	// Do not show work profile keys in user credentials
	if (alias.startsWith(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT) \|\|
	alias.startsWith(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT)) {
	continue;
	}
	Credential c = credentials.get(alias);
	if (c == null) {
	credentials.put(alias, (c = new Credential(alias)));
	}
	c.storedTypes.add(type);
	}
	}
	return credentials;
	}

	@Override
	protected void onPostExecute(SortedMap<String, Credential> credentials) {
	// Convert the results to an array and present them using an ArrayAdapter.
	mListView.setAdapter(new CredentialAdapter(getContext(), R.layout.user_credential,
	credentials.values().toArray(new Credential[0])));
	}
	}

	/**
	* Helper class to display {@link Credential}s in a list.
	*/
	private static class CredentialAdapter extends ArrayAdapter<Credential> {
	public CredentialAdapter(Context context, int resource, Credential[] objects) {
	super(context, resource, objects);
	}

	@Override
	public View getView(int position, View view, ViewGroup parent) {
	if (view == null) {
	view = LayoutInflater.from(getContext())
	.inflate(R.layout.user_credential, parent, false);
	}
	Credential item = getItem(position);
	((TextView) view.findViewById(R.id.alias)).setText(item.alias);
	view.findViewById(R.id.contents_userkey).setVisibility(
	item.storedTypes.contains(Credential.Type.USER_PRIVATE_KEY) ? VISIBLE : GONE);
	view.findViewById(R.id.contents_usercrt).setVisibility(
	item.storedTypes.contains(Credential.Type.USER_CERTIFICATE) ? VISIBLE : GONE);
	view.findViewById(R.id.contents_cacrt).setVisibility(
	item.storedTypes.contains(Credential.Type.CA_CERTIFICATE) ? VISIBLE : GONE);
	return view;
	}
	}

	static class Credential implements Parcelable {
	static enum Type {
	CA_CERTIFICATE (Credentials.CA_CERTIFICATE),
	USER_CERTIFICATE (Credentials.USER_CERTIFICATE),
	USER_PRIVATE_KEY (Credentials.USER_PRIVATE_KEY),
	USER_SECRET_KEY (Credentials.USER_SECRET_KEY);

	final String prefix;

	Type(String prefix) {
	this.prefix = prefix;
	}
	}

	/**
	* Main part of the credential's alias. To fetch an item from KeyStore, prepend one of the
	* prefixes from {@link CredentialItem.storedTypes}.
	*/
	final String alias;

	/**
	* Should contain some non-empty subset of:
	* <ul>
	* <li>{@link Credentials.CA_CERTIFICATE}</li>
	* <li>{@link Credentials.USER_CERTIFICATE}</li>
	* <li>{@link Credentials.USER_PRIVATE_KEY}</li>
	* <li>{@link Credentials.USER_SECRET_KEY}</li>
	* </ul>
	*/
	final EnumSet<Type> storedTypes = EnumSet.noneOf(Type.class);

	Credential(final String alias) {
	this.alias = alias;
	}

	Credential(Parcel in) {
	this(in.readString());

	long typeBits = in.readLong();
	for (Type i : Type.values()) {
	if ((typeBits & (1L << i.ordinal())) != 0L) {
	storedTypes.add(i);
	}
	}
	}

	public void writeToParcel(Parcel out, int flags) {
	out.writeString(alias);

	long typeBits = 0;
	for (Type i : storedTypes) {
	typeBits \|= 1L << i.ordinal();
	}
	out.writeLong(typeBits);
	}

	public int describeContents() {
	return 0;
	}

	public static final Parcelable.Creator<Credential> CREATOR
	= new Parcelable.Creator<Credential>() {
	public Credential createFromParcel(Parcel in) {
	return new Credential(in);
	}

	public Credential[] newArray(int size) {
	return new Credential[size];
	}
	};
	}
	}