commit da7bc51615000469cda841637538476edbb7502f
author Robin Lee <rgl@google.com> Wed Feb 24 17:39:32 2016 +0000
committer Robin Lee <rgl@google.com> Wed Feb 24 18:58:31 2016 +0000
tree b3114f821c130e66abea9a00d90217216aedcbdb
parent b2e8d34359f8272f8214d16b09288505e2570d10

Use KeyChain instead of Credentials to delete certs

Credentials is a bit too low-level. KeyChain will call into the same API
but also arrange deletion of grants, send out STORAGE_CHANGED broadcast
and anything else that might be needed in future.

Bug: 27335182
Change-Id: I764ffa3c5539ddec2b9a776bd3fec6a78a043248

src/com/android/settings/UserCredentialsSettings.java

diff --git a/src/com/android/settings/UserCredentialsSettings.java b/src/com/android/settings/UserCredentialsSettings.java
index 41bcf43..e688450 100644
--- a/src/com/android/settings/UserCredentialsSettings.java
+++ b/src/com/android/settings/UserCredentialsSettings.java
@@ -27,8 +27,13 @@
 import android.os.Bundle;
 import android.os.Parcel;
 import android.os.Parcelable;
+import android.os.RemoteException;
 import android.security.Credentials;
+import android.security.IKeyChainService;
+import android.security.KeyChain;
+import android.security.KeyChain.KeyChainConnection;
 import android.security.KeyStore;
+import android.util.Log;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
@@ -120,21 +125,49 @@
                     .setNegativeButton(R.string.trusted_credentials_remove_label,
                             new DialogInterface.OnClickListener() {
                                 @Override public void onClick(DialogInterface dialog, int id) {
-                                    final KeyStore ks = KeyStore.getInstance();
-                                    Credentials.deleteAllTypesForAlias(ks, item.alias);
+                                    new RemoveCredentialsTask(getContext(), getTargetFragment())
+                                            .execute(item.alias);
                                     dialog.dismiss();
                                 }
                             })
                     .create();
         }
 
-        @Override
-        public void onDismiss(DialogInterface dialog) {
-            final Fragment target = getTargetFragment();
-            if (target instanceof UserCredentialsSettings) {
-                ((UserCredentialsSettings) target).refreshItems();
+        private class RemoveCredentialsTask extends AsyncTask<String, Void, Void> {
+            private Context context;
+            private Fragment targetFragment;
+
+            public RemoveCredentialsTask(Context context, Fragment targetFragment) {
+                this.context = context;
+                this.targetFragment = targetFragment;
             }
-            super.onDismiss(dialog);
+
+            @Override
+            protected Void doInBackground(String... aliases) {
+                try {
+                    final KeyChainConnection conn = KeyChain.bind(getContext());
+                    try {
+                        IKeyChainService keyChain = conn.getService();
+                        for (String alias : aliases) {
+                            keyChain.removeKeyPair(alias);
+                        }
+                    } catch (RemoteException e) {
+                        Log.w(TAG, "Removing credentials", e);
+                    } finally {
+                        conn.close();
+                    }
+                } catch (InterruptedException e) {
+                    Log.w(TAG, "Connecting to keychain", e);
+                }
+                return null;
+            }
+
+            @Override
+            protected void onPostExecute(Void result) {
+                if (targetFragment instanceof UserCredentialsSettings) {
+                    ((UserCredentialsSettings) targetFragment).refreshItems();
+                }
+            }
         }
     }