In Android 7 Nougat, user installed certificate goes to "User credentials" instead of "Trusted credentials"(which consists of system credential & user credential).
I used to access "Trusted credentials" by:
KeyStore keystore = KeyStore.getInstance("AndroidCAStore");
through the above code I can then access system & user trusted credentials.
But now, in Android 7, user installed certificate goes to a separate place called "User credentials" under Settings --> Security --> User credentials
.
My question is how can I programmatically list the credentials inside User credentials
in Android 7?
To provide a more consistent and more secure experience across the Android ecosystem, beginning with Android Nougat, compatible devices trust only the standardized system CAs
maintained in AOSP.
Previously, the set of pre-installed CAs
bundled with the system could vary from device to device. This could lead to compatibility issues when some devices did not include CAs that apps needed for connections as well as potential security issues if CAs that did not meet our security requirements were included on some devices.
First, be sure that your CA needs to be included in the system. The preinstalled CAs are only for CAs that meet our security requirements because they affect the secure connections of most apps on the device. If you need to add a CA for connecting to hosts that use that CA, you should instead customize your apps and services that connect to those hosts. For more information on Customizing trusted CAs.
In above link you can find all the necessary information for trusting custom CAs with different needs like
So, Basically you need to add a Security Configuration File and Configure a custom CA(For Android 7.0 (API level 24) and higher).
In Your manifest.xml
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config"
... >
...
</application>
</manifest>
In res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">example.com</domain>
<trust-anchors>
<certificates src="@raw/my_ca"/>
</trust-anchors>
</domain-config>
</network-security-config>
Just for Information :- If you operate a CA that you believe should be included in Android, first complete the Mozilla CA Inclusion Process and then file a feature request against Android to have the CA added to the standardized set of system CAs.
Let me know for any further help.
Hope this will help you. Keep Coding!!!