Installing/Accessing Certs for VPN/WIFI programmatically on Android

Here's the situation:

I'm working on an application which allows automated management of network connections. Users are able to configure WiFi/VPN profiles through the application and the application will manage their connectivity to these profiles.

This was all fairly straight forward (well, the VPN side required some reflection hackery) except when I got to the point of managing these connections to networks which required certificate authentication. The trouble is that these networks by and large use self-signed certificates, and as far from what I've been running up against in android it seems to me that these certificates need to be accessible from the root cert store. I tried to create a private app keystore and install the certificates there, but as far as I can tell the WiFi and VPN segments of android can't get access to this.

Is there a way to install a chosen certificate in the application keystore, create profiles based upon this keystore, then send the completed profile to the android wifi/vpn manager to allow the preconfigured connection?

This seems like it should be possible, but I just haven't yet managed to be clever enough to get it to work.

Update:

When I try to create the wifi and vpn configurations I've attempted to reference installed certificates in the local application keystore. It's unable to find them once the configs are pushed to the OS, it seems. To my understanding once a certificate is installed it becomes part of a general keystore, either at the app o开发者_如何学运维r the os level.

I have to keep access to the certificates internal, so I can't push them to the SD card. Even if I were to push them to the SD card I wouldn't be able to require the user to manually install the certificate, I need this to be handled in the background to simplify the configuration. I've been digging through the source and haven't found any obvious solution to this, but I was just hoping someone had stumbled across this before and I was just missing it.

Thanks in advance for the help!

Update 2

For those of you still interested in how to do this, here are the packages/classes which you will need to take a look at.

com.android.certinstaller.* android.security.Credentials

With a little bit of digging you can find the appropriate ways to construct intents to install the certs you need.

Also, as a side note, If the credential storage password has not been set on the device the initial intent you fire to install a certificate will instead only prompt the user to provide a credential storage password. The certificate will not be installed. There may be a way to work around this but I have yet to find it.

---

That's more than one question, consider splitting it. What exactly have you tried? VPN and WiFi don't use regular Java KeyStore's, the access keys and certificates via the keystore daemon. The actual keys and certificates are stored as files in /data/misc/keystore. AFAIK the API for this is not public, but you could probably launch the certificate installer intent, which scans the SD card for certificates and PFX files, and installs them (this is may not be public either). Settings->Location and security->'Install from SD card' does the same thing.

In short, I don't think you can do what you are trying to do using just the SDK APIs, you'll have to look at the source, and take the risk of your app breaking in the next Android version.

Update: the installer intents are now public in ICS, you can access them via the KeyChain class.