Silently installing certificates and PKCS12 objects
The following code works fine to silently install an X.509 certificate from an application running on the personal side of a Samsung device but when run from within a Knox container the installCertificateToKeystore call throws an exception that says: "Operation not supported, Device permission is not present". This code is executed after establishing the application as a device administrator and after activating both the Samsung enterprise and Knox licenses. The KeyChain install intent approach to installing works fine both inside and outside the container, but prompts the user for each item that gets installed, which is not desirable.
What additional steps or alternative approaches are required to silently install certificates or PKCS12 objects when running inside a Knox container?
byte data = Base64.decode(<base64 encoded certificate>, Base64.DEFAULT); EnterpriseDeviceManager edm = (EnterpriseDeviceManager) getSystemService( EnterpriseDeviceManager.ENTERPRISE_POLICY_SERVICE); SecurityPolicy mSecurityPolicy = edm.getSecurityPolicy(); boolean retValue = mSecurityPolicy.installCertificateToKeystore( SecurityPolicy.TYPE_CERTIFICATE, data, "nickname", null, SecurityPolicy.KEYSTORE_DEFAULT | SecurityPolicy.KEYSTORE_FOR_VPN_AND_APPS | SecurityPolicy.KEYSTORE_FOR_WIFI);