Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to delete user installed certificate programmatically?

I had installed a certificate programmatically.

I am able to uninstall it manually by going Settings -> Security -> Trusted Credentials -> User -> Choose the certificate and click the remove button

I want to remove the certificate programmatically.

Here is the code that I tried but it didn't work.

javax.security.cert.X509Certificate x509 = javax.security.cert.X509Certificate.getInstance(caRootCertBytes);

KeyStore ks = KeyStore.getInstance("AndroidCAStore")
if (ks != null) 
{
    ks.load(null, null);
    Enumeration<String> aliases = ks.aliases();
    while (aliases.hasMoreElements()) 
    {
        String alias = (String) aliases.nextElement();
        java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) ks.getCertificate(alias);
        String name = x509.getIssuerDN().getName();                             
        if (cert.getIssuerDN().getName().contains(name)) 
        {
            ks. deleteEntry(alias)
        }
    }
}

Ref for why I chose deleteEntry

Here is the error log that I got

05-19 18:27:40.789: W/System.err(14588): java.lang.UnsupportedOperationException
05-19 18:27:40.792: W/System.err(14588):    at com.android.org.conscrypt.TrustedCertificateKeyStoreSpi.engineDeleteEntry(TrustedCertificateKeyStoreSpi.java:82)
05-19 18:27:40.792: W/System.err(14588):    at java.security.KeyStore.deleteEntry(KeyStore.java:410)
05-19 18:27:40.792: W/System.err(14588):    at com.proj.test.MyActivity$4.onClick(MyActivity.java:336)
05-19 18:27:40.792: W/System.err(14588):    at com.android.internal.app.AlertController$ButtonHandler.handleMessage(AlertController.java:162)
05-19 18:27:40.792: W/System.err(14588):    at android.os.Handler.dispatchMessage(Handler.java:102)
05-19 18:27:40.792: W/System.err(14588):    at android.os.Looper.loop(Looper.java:135)
05-19 18:27:40.793: W/System.err(14588):    at android.app.ActivityThread.main(ActivityThread.java:5254)
05-19 18:27:40.793: W/System.err(14588):    at java.lang.reflect.Method.invoke(Native Method)
05-19 18:27:40.794: W/System.err(14588):    at java.lang.reflect.Method.invoke(Method.java:372)
05-19 18:27:40.794: W/System.err(14588):    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
05-19 18:27:40.794: W/System.err(14588):    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698)

This question is somewhat related to my other question

Any help is appreciated !

like image 972
Durai Amuthan.H Avatar asked May 19 '15 13:05

Durai Amuthan.H


People also ask

How do I remove a certificate from the store?

Press Windows Key + R Key together, type certmgr. msc and hit enter. You will get a new window with the list of Certificates installed on your computer. Locate for the certificate you want to delete and then click on Action button then, click on Delete.


2 Answers

Looks like that implementation of the KeyStoreSpi interface just doesn't support removal:

@Override
public void engineDeleteEntry(String alias) {
    throw new UnsupportedOperationException();
}

https://android.googlesource.com/platform/external/conscrypt/+/master/src/platform/java/org/conscrypt/TrustedCertificateKeyStoreSpi.java#81

like image 62
Buddy Avatar answered Oct 15 '22 20:10

Buddy


You can do this in Android 5.x with a device owner using the uninstallCaCert() method. A device owner can be installed only before the device is provisioned though.

https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#uninstallCaCert(android.content.ComponentName, byte[])

like image 32
Nikolay Elenkov Avatar answered Oct 15 '22 21:10

Nikolay Elenkov