Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid NPE on certificates that cannot be read

Browse Source 
Skip certificates in a DirectoryCertificateSource that cannot be read to
due IOExceptions or CertificateExceptions, this prevents a NPE but
connections will still fail due to the certificate being unusable and no
valid trust-anchor existing.

This also logs the error since this really shouldn't happen.
Bug: 29997695

Change-Id: I9f7327efc302a259fb951f1f61f7fc4d647821fa
This commit is contained in:
Chad Brubaker
2016-07-07 10:17:24 -07:00
parent 3c75a0380d
commit 01e9682cab
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/java/android/security/net/config/DirectoryCertificateSource.java
View File

@@ -19,6 +19,7 @@ package android.security.net.config;
import android.os.Environment;
import android.os.UserHandle;
import android.util.ArraySet;
import android.util.Log;
import android.util.Pair;
import java.io.BufferedInputStream;
import java.io.File;
@@ -44,6 +45,7 @@ import javax.security.auth.x500.X500Principal;
* @hide
*/
abstract class DirectoryCertificateSource implements CertificateSource {
private static final String LOG_TAG = "DirectoryCertificateSrc";
private final File mDir;
private final Object mLock = new Object();
private final CertificateFactory mCertFactory;
@@ -149,6 +151,9 @@ abstract class DirectoryCertificateSource implements CertificateSource {
continue;
}
X509Certificate cert = readCertificate(fileName);
if (cert == null) {
continue;
}
if (!subj.equals(cert.getSubjectX500Principal())) {
continue;
}
@@ -173,6 +178,9 @@ abstract class DirectoryCertificateSource implements CertificateSource {
continue;
}
X509Certificate cert = readCertificate(fileName);
if (cert == null) {
continue;
}
if (!subj.equals(cert.getSubjectX500Principal())) {
continue;
}
@@ -194,6 +202,7 @@ abstract class DirectoryCertificateSource implements CertificateSource {
is = new BufferedInputStream(new FileInputStream(new File(mDir, file)));
return (X509Certificate) mCertFactory.generateCertificate(is);
} catch (CertificateException | IOException e) {
Log.e(LOG_TAG, "Failed to read certificate from " + file, e);
return null;
} finally {
IoUtils.closeQuietly(is);