Shulou(Shulou.com)06/02 Report--

This article mainly introduces "what is the method of installing Android certificate". In daily operation, I believe that many people have doubts about the method of installing Android certificate. The editor consulted all kinds of materials and sorted out a simple and easy-to-use method of operation. I hope it will be helpful for you to answer the doubt of "what is the method of installing Android certificate?" Next, please follow the editor to study!

one。 Path of the certificate in the source code

5.1 system certificate (named openssl x509-subject_hash_old-in filename)

Libcore/luni/src/main/files/cacerts

7.1 and later system certificates

/ system/ca-certificates/files

two。 The path of the certificate in the firmware

/ system/etc/security/cacerts

three。 Manual installation proc

Set-- > Security-- > install the certificate from the SD card:

In AndroidManif.xml

Packages/apps/CertInstaller

CertInstallerMain, open the Document, select the certificate file, and then select it. Start CerInstaller

Then distinguish between createPkcs12PasswordDialog and createNameCredentialDialog according to the certificate type, and look at a simple createNameCredentialDialog

Try {startActivityForResult (mCredentials.createSystemInstallIntent (), / / Intent intent = new Intent ("com.android.credentials.INSTALL"); REQUEST_SYSTEM_INSTALL_CODE);} catch (ActivityNotFoundException e) {Log.w (TAG, "systemInstall ():" + e); toastErrorAndFinish (R.string.cert_not_saved);}

Look at intent, it's Settings's CredentialStorage again.

Settings/src/com/android/settings/CredentialStorage.java installIfAvailable

Add certificate: Settings/src/com/android/settings/CredentialStorage.java installIfAvailable ()

Delete certificate: Settings/src/com/android/settings/TrustedCredentialsSettings.java AliasOperation#doInBackground

Show certificate: Settings/src/com/android/settings/TrustedCredentialsSettings.java AdapterData#AliasLoader#doInBackground

Certificate content: Settings/src/com/android/settings/TrustedCredentialsSettings.java CertHolder SslCertificate

There are two types of installation: userKey and Ca certificates (pk12 handles passwords)

CertInstaller\ src\ com\ android\ certinstaller\ CredentialHelper.java

Exception code:

The machine does not have a password lock

The machine is not unlocked

The lock screen mode does not meet the requirements or is the packages/apps/CertInstaller/CertInstallerMain,startActivityForResult result callback?

If (requestCode = = REQUEST_SYSTEM_INSTALL_CODE) {if (resultCode = = RESULT_OK) {Log.d (TAG, "credential is added:" + mCredentials.getName ()); Toast.makeText (this, getString (R.string.cert_is_added, mCredentials.getName (), Toast.LENGTH_LONG) .show () If (mCredentials.hasCaCerts ()) {/ / more work to do, don't finish just yet new InstallCaCertsToKeyChainTask (). Execute (); return;} setResult (RESULT_OK);} else {Log.d (TAG, "credential not saved, err:" + resultCode); toastErrorAndFinish (R.string.cert_not_saved);}}

If it is CaCerts, do new InstallCaCertsToKeyChainTask (). Execute ()-- > mCredentials.installCaCertsToKeyChain-- > keyChainService.installCaCertificate

KeyChainService is implemented in packages/apps/KeyChain mTrustedCertificateStore.installCertificate.

External/conscrypt/src/platform/java/org/conscrypt/TrustedCertificateStore installCertificate-- > writeCertificate

IV. C layer

System/security/keystore/keystore.cpp

Add certificate installIfAvailable-> mKeyStore.put-> mBinder.insert (here is also the java layer)

-> KeyStoreProxy::insert-> KeyStore::put (here getEncryptionKey uses an AESkey, where did it come from?)

five。 Why lock the screen password?

Take setting a password as an example

Settings/src/com/android/settings/ChooseLockPassword.java mLockPatternUtils.saveLockPassword

Frameworks/base/core/java/com/android/internal/widget/LockPatternUtils.java getLockSettings () setLockPassword

Frameworks/base/services/core/java/com/android/server/LockSettingsService.java setLockPassword-> maybeUpdateKeystore-> ks.passwordUid

-> password_uid to keystore.cpp

Password_uid has three states, of which both STATE_UNINITIALIZED and STATE_LOCKED call setupMasterKeys, and the password is set to AESkey through the lock screen

Here is the answer to where the AESKey came from when adding the certificate.

This is based on Android5.1 analysis, the high version may have different file names, but know the approximate location, search, it should not be difficult

At this point, the study on "what is the method of installing Android certificates" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.