I have a central system App that allows user to install CA's which may be used for HTTPS or Wi-Fi Enterprise connection. This App could be viewed as a Certificate manager which would serve multiple applications. (Although it does other things too, mainly configuration)
I am working on Android Pie, and this is my first time working on Android, so pardon my noobness.
Based on excellent discussion in the below links including Nikolai's wonderful blog
Android Central Keystore https://nelenkov.blogspot.com/2011/12/ics-trust-store-implementation.html Programmatically add a certificate authority while keeping Android system SSL certificates
I am attempting to:
1) Make my app as a device owner and then use Device Policy Manager to install the certificate
I did this by (copy rules in my board makefile)
packaging device_policies.xml into /data/system/
packaging device_owner.xml into /data/system/
Modifying the AndroidManifest.xml and implementing device admin class
2) Add the certificates to the central AndroidCaStore using Keystore APis
For this, I
Read certificates from a file
Get keystore instance of "AndroidCStore"
setCertificate()
**Code snippet For (1)**
DevicePolicyManager dpm = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
ComponentName adminComp = new ComponentName(context, ConfigSettingsAdminReceiver.class);
if (dpm.isAdminActive(adminComp))
{
String CERT_FILE_1 = "/data/sam/ca1.crt";
FileInputStream cert1 = new FileInputStream(CERT_FILE_1);
byte [] cert1_contents = new byte[(int)cert1.available()];
cert1.read(cert1_contents);
if (dpm.installCaCert(adminComp, cert1_contents))
{
Plog.d("installCustCertificate | SAM | Installed custom cert 1");
}
else
{
Plog.e("installCustCertificate | SAM | FAIL Cert 1");
}
}
**Code snippet For (2)**
KeyStore keyStoreAndroid = KeyStore.getInstance("AndroidCAStore");
InputStream fis = new BufferedInputStream(inputStream);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert;
keyStoreAndroid.load(null, null);
try{
cert = cf.generateCertificate(fis);
keyStoreAndroid.setCertificateEntry("custcert", cert);
} finally {
cf.close();
}
For (1) above,
I am unable to set my application as a device owner. I could make it a device admin at boot up.
However, I on callig DevicePolicyManager API's installCaCert(), I get error saying
AdminComponentInfo{com.sam.configsettings/com.sam.configsettings.ConfigSettingsAdminReceiver} does not own the profile
On checking /data/system, I see that device_policies.xml is present but there is no sign of device_owner.xml
For (2) above,
I am getting an error as "exception:java.lang.UnsupportedOperationException"
Any idea what I might be missing?
