Has anyone out there attempted to use the new KeyChain APIs? They don't seem to work the way I would expect.
I am able to install a certificate easily enough using KeyChain.createInstallIntent(), and passing it a PEM formatted certificate. The documentation indicates that you need the USE_CREDENTIALS permission in order to read any certificate data back. So, I have enabled that. However, once I go back and try to read out the certificate data with KeyChain.getCertificateChain() I get the exception "java.lang.IllegalStateException: uid 10040 doesn't have permission to access the requested alias". Looking at the documentation indicates that you need the USE_CREDENTIALS permission. Has anybody made something like this work? In trying to figure this out, I dug a little deeper to see what I could find. When I got a shell to the emulator, I found that my certificate had been installed in two places. One was in /data/misc/ keystore, and the other was in /data/misc/keychain/cacerts-added. The new certificate also shows up in the Settings->Security->Trusted Credentials->User. So, the certificate appears to have been installed correctly. Digging around a little more found the database in /data/data/ com.android.keychain/databases. This database looks like it is supposed to handle the permission mapping for certificates that are installed. So, for fun, I added an entry to the database that I thought should give uid 10040 access to the certificate with the alias of "Testing". ("Testing" is the alias I used to install the certificate in the first place.) When I run my test app, I no longer get the "uid 10040 doesn't have permission..." error. However, I now get this error : "java.lang.IllegalArgumentException: bytes == null". This change in errors would seem to indicate that my theory about the permissions is correct, but even when it is fixed the certificate still won't be returned to me. Any help would be appreciated. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en